Security

Question 1

What types of security issues exist?

Answer 1

Eavesdrop: intercept messages
Actively insert messages: corruption
Impersonation: can fake source address in packet (or any field in packet)
Hijacking: take over, ongoing connection by inserting self in place of sender/receiver
Denial of service: prevent service from being used by others (eg. overloading)

Question 2

Explain eavesdropping

Answer 2

Interception of messages - could insert messages causing corruption or could just read

Question 3

Explain impersonation

Answer 3

Faking a field within a packet

Question 4

Explain hijacking

Answer 4

insert self in place of sender/receiver

Question 5

Explain denial of service

Answer 5

prevent service being used by others (eg.overloading)

Question 6

Why do we use cryptography?

Answer 6

Encryption is very hard to break

Question 7

What is a weakness of cryptography?

Answer 7

Usually this is the people aware of the details screwing it up

Question 8

What is cryptography?

Answer 8

We take a message, encrypt it, send the ciphertext and it is decrypted by the receiver

Question 9

Describe symmetric key cryptography

Answer 9

(aka secret key cryptography) Encrypting using a key, k, sending the ciphertext, then decrypting again with the key k.

Question 10

What is an intruder?

Answer 10

Someone trying to break security rules

Question 11

What types of intruders are there?

Answer 11

Passive and active

Question 12

What does a passive intruder do?

Answer 12

Just reads message

Question 13

What does an active intruder do?

Answer 13

Tries to make changes to message, etc

Question 14

What issues arise with secret key cryptography?

Answer 14

Both sender and receiver must agree on secret key - meet in advance. How does this work if we don’t meet the receiver?

Question 15

What is AES

Answer 15

Advanced Encryption Standard. Algorithm must be asymmetric block cipher.

Question 16

What is brute force decryption?

Answer 16

Exhaustive key search strategy

Question 17

Explain the purpose of public key cryptography

Answer 17

In the case where the sender and receiver don’t know each other, they can still encrypt and decrypt messages

Question 18

Explain public key cryptography

Answer 18

The receiver generates 2 keys. A public key, E, used for encrypting and a private key, D, used for decrypting. The receiver publishes the public key and keeps private key secret

Question 19

Explain secret key cryptography

Answer 19

Sender generates a secret key. They encrypt a message with the secret key, then encrypt their secret key using the receiver’s public key. Then they send encrypted message and encrypted key. Receiver decrypts the private key using receiver’s own private key. Then uses the private key belonging to the sender to decrypt the message

Question 20

What advantages does secret key cryptography have?

Answer 20

Provides hierarchical level of additional security

Question 21

Compare symmetric and public key crypto

Answer 21

Key distribution is harder with symmetric, but runtime is faster with symmetric (for lots of messages, symmetric may be better)

Question 22

What is a digital signature?

Answer 22

Mathematical link between particular message and particular public key

Question 23

How do digital signatures work in symmetric key crypto?

Answer 23

Has a big brother in the middle of Alice and Bob that verifies that message was sent by Alice, encrypting this such that Bob can read it. Big brother must know keys.

Question 24

How do digital signatures work in public key cryptography?

Answer 24

Big brother not needed. Alice encrypts message with her private key, then Bob’s public key. Transmits. Bob decrypts with his private key and Alice’s public key.

Question 25

What does a hash algorithm do?

Answer 25

Takes message and produces fixed length digest

Question 26

What is a collision?

Answer 26

Two messages being hashed to same value

Question 27

What is confidentiality?

Answer 27

Only sender and intended receiver can see message

Question 28

What’s authentication?

Answer 28

Sender and receiver want to confirm identity of each other

Question 29

What’s message integrity?

Answer 29

Sender and receiver want to ensure message isn’t altered

Question 30

What’s access and availability?

Answer 30

Services must be accessible and available to users

Question 31

What is the RSA algorithm?

Answer 31

D(E(p)) = p