Security Flashcards
What types of security issues exist?
Eavesdrop: intercept messages
Actively insert messages: corruption
Impersonation: can fake source address in packet (or any field in packet)
Hijacking: take over, ongoing connection by inserting self in place of sender/receiver
Denial of service: prevent service from being used by others (eg. overloading)
Explain eavesdropping
Interception of messages - could insert messages causing corruption or could just read
Explain impersonation
Faking a field within a packet
Explain hijacking
insert self in place of sender/receiver
Explain denial of service
prevent service being used by others (eg.overloading)
Why do we use cryptography?
Encryption is very hard to break
What is a weakness of cryptography?
Usually this is the people aware of the details screwing it up
What is cryptography?
We take a message, encrypt it, send the ciphertext and it is decrypted by the receiver
Describe symmetric key cryptography
(aka secret key cryptography) Encrypting using a key, k, sending the ciphertext, then decrypting again with the key k.
What is an intruder?
Someone trying to break security rules
What types of intruders are there?
Passive and active
What does a passive intruder do?
Just reads message
What does an active intruder do?
Tries to make changes to message, etc
What issues arise with secret key cryptography?
Both sender and receiver must agree on secret key - meet in advance. How does this work if we don’t meet the receiver?
What is AES
Advanced Encryption Standard. Algorithm must be asymmetric block cipher.
What is brute force decryption?
Exhaustive key search strategy
Explain the purpose of public key cryptography
In the case where the sender and receiver don’t know each other, they can still encrypt and decrypt messages
Explain public key cryptography
The receiver generates 2 keys. A public key, E, used for encrypting and a private key, D, used for decrypting. The receiver publishes the public key and keeps private key secret
Explain secret key cryptography
Sender generates a secret key. They encrypt a message with the secret key, then encrypt their secret key using the receiver’s public key. Then they send encrypted message and encrypted key. Receiver decrypts the private key using receiver’s own private key. Then uses the private key belonging to the sender to decrypt the message
What advantages does secret key cryptography have?
Provides hierarchical level of additional security
Compare symmetric and public key crypto
Key distribution is harder with symmetric, but runtime is faster with symmetric (for lots of messages, symmetric may be better)
What is a digital signature?
Mathematical link between particular message and particular public key
How do digital signatures work in symmetric key crypto?
Has a big brother in the middle of Alice and Bob that verifies that message was sent by Alice, encrypting this such that Bob can read it. Big brother must know keys.
How do digital signatures work in public key cryptography?
Big brother not needed. Alice encrypts message with her private key, then Bob’s public key. Transmits. Bob decrypts with his private key and Alice’s public key.
What does a hash algorithm do?
Takes message and produces fixed length digest
What is a collision?
Two messages being hashed to same value
What is confidentiality?
Only sender and intended receiver can see message
What’s authentication?
Sender and receiver want to confirm identity of each other
What’s message integrity?
Sender and receiver want to ensure message isn’t altered
What’s access and availability?
Services must be accessible and available to users
What is the RSA algorithm?
D(E(p)) = p
