Security Flashcards

1
Q

What types of security issues exist?

A

Eavesdrop: intercept messages
Actively insert messages: corruption
Impersonation: can fake source address in packet (or any field in packet)
Hijacking: take over, ongoing connection by inserting self in place of sender/receiver
Denial of service: prevent service from being used by others (eg. overloading)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain eavesdropping

A

Interception of messages - could insert messages causing corruption or could just read

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain impersonation

A

Faking a field within a packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain hijacking

A

insert self in place of sender/receiver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain denial of service

A

prevent service being used by others (eg.overloading)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why do we use cryptography?

A

Encryption is very hard to break

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a weakness of cryptography?

A

Usually this is the people aware of the details screwing it up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is cryptography?

A

We take a message, encrypt it, send the ciphertext and it is decrypted by the receiver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe symmetric key cryptography

A

(aka secret key cryptography) Encrypting using a key, k, sending the ciphertext, then decrypting again with the key k.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an intruder?

A

Someone trying to break security rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What types of intruders are there?

A

Passive and active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does a passive intruder do?

A

Just reads message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does an active intruder do?

A

Tries to make changes to message, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What issues arise with secret key cryptography?

A

Both sender and receiver must agree on secret key - meet in advance. How does this work if we don’t meet the receiver?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is AES

A

Advanced Encryption Standard. Algorithm must be asymmetric block cipher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is brute force decryption?

A

Exhaustive key search strategy

17
Q

Explain the purpose of public key cryptography

A

In the case where the sender and receiver don’t know each other, they can still encrypt and decrypt messages

18
Q

Explain public key cryptography

A

The receiver generates 2 keys. A public key, E, used for encrypting and a private key, D, used for decrypting. The receiver publishes the public key and keeps private key secret

19
Q

Explain secret key cryptography

A

Sender generates a secret key. They encrypt a message with the secret key, then encrypt their secret key using the receiver’s public key. Then they send encrypted message and encrypted key. Receiver decrypts the private key using receiver’s own private key. Then uses the private key belonging to the sender to decrypt the message

20
Q

What advantages does secret key cryptography have?

A

Provides hierarchical level of additional security

21
Q

Compare symmetric and public key crypto

A

Key distribution is harder with symmetric, but runtime is faster with symmetric (for lots of messages, symmetric may be better)

22
Q

What is a digital signature?

A

Mathematical link between particular message and particular public key

23
Q

How do digital signatures work in symmetric key crypto?

A

Has a big brother in the middle of Alice and Bob that verifies that message was sent by Alice, encrypting this such that Bob can read it. Big brother must know keys.

24
Q

How do digital signatures work in public key cryptography?

A

Big brother not needed. Alice encrypts message with her private key, then Bob’s public key. Transmits. Bob decrypts with his private key and Alice’s public key.

25
Q

What does a hash algorithm do?

A

Takes message and produces fixed length digest

26
Q

What is a collision?

A

Two messages being hashed to same value

27
Q

What is confidentiality?

A

Only sender and intended receiver can see message

28
Q

What’s authentication?

A

Sender and receiver want to confirm identity of each other

29
Q

What’s message integrity?

A

Sender and receiver want to ensure message isn’t altered

30
Q

What’s access and availability?

A

Services must be accessible and available to users

31
Q

What is the RSA algorithm?

A

D(E(p)) = p