Security Flashcards
What types of security issues exist?
Eavesdrop: intercept messages
Actively insert messages: corruption
Impersonation: can fake source address in packet (or any field in packet)
Hijacking: take over, ongoing connection by inserting self in place of sender/receiver
Denial of service: prevent service from being used by others (eg. overloading)
Explain eavesdropping
Interception of messages - could insert messages causing corruption or could just read
Explain impersonation
Faking a field within a packet
Explain hijacking
insert self in place of sender/receiver
Explain denial of service
prevent service being used by others (eg.overloading)
Why do we use cryptography?
Encryption is very hard to break
What is a weakness of cryptography?
Usually this is the people aware of the details screwing it up
What is cryptography?
We take a message, encrypt it, send the ciphertext and it is decrypted by the receiver
Describe symmetric key cryptography
(aka secret key cryptography) Encrypting using a key, k, sending the ciphertext, then decrypting again with the key k.
What is an intruder?
Someone trying to break security rules
What types of intruders are there?
Passive and active
What does a passive intruder do?
Just reads message
What does an active intruder do?
Tries to make changes to message, etc
What issues arise with secret key cryptography?
Both sender and receiver must agree on secret key - meet in advance. How does this work if we don’t meet the receiver?
What is AES
Advanced Encryption Standard. Algorithm must be asymmetric block cipher.