Security and Cryptography Flashcards
can reformat and transform our data, making it safer on its trip between computers
Cryptography
This type of attack involves trying every possible combination of characters until the correct one is found
Brute-Force Attacks
is malicious software that can infect computers and steal data, install backdoors, or perform other harmful actions.
Malware
Types of Malware
Viruses, Worms, Trojans
is a type of social engineering attack where attackers try to trick people into revealing sensitive information by posing as a legitimate entity, such as a
bank or email provider.
Phishing
This type of attack involves intercepting communication between two parties and modifying or eavesdropping on the data being transmitted
Man-in-the-Middle Attacks
exploit weaknesses in the physical implementation of cryptographic algorithms, such as power consumption or electromagnetic radiation, to extract sensitive information.
Side-Channel Attacks
Are weaknesses or vulnerabilities in cryptographic algorithms or protocols that can be exploited by attackers to compromise security
Cryptographic Flaws
are security risks that come from within an organization, such as employees or contractors with access to sensitive information who may intentionally or unintentionally disclose it.
Insider Threats
involve overwhelming a system or network with traffic or requests, causing it to crash or become unavailable
Denial-of-Service Attacks (DoS)
can lead to the compromise of cryptographic keys, making it possible for attackers to decrypt data or impersonate authorized users.
Key Management Failures
involve unauthorized access to physical devices or systems, such as stealing a laptop or breaking into a data center
Physical Security Breaches
is the practice of securing digital communications by converting plain text into a secret code that can only be read by the intended recipient.
Cryptography
is the process of converting plain text into an unreadable format using a cryptographic algorithm and a secret key.
Encryption
is the process of converting the encrypted data (ciphertext) back into its original form (plaintext) using the secret key
Decryption
An asymmetric encryption algorithm that uses a pair of public and private keys for encryption and decryption
Rivest-Shamir-Adleman (RSA)
A symmetric encryption algorithm widely used in secure communications that uses a shared secret key for encryption and decryption.
Advanced Encryption Standard (AES)
A symmetric encryption algorithm that is popular in software and hardware encryption applications
Blowfish
A family of cryptographic hash functions used to ensure data integrity and authenticity.
Secure Hash Algorithm (SHA)
is a form of encryption that uses the same secret key for both encryption and decryption of data
Symmetric Key Cryptography
also known as secret key cryptography
Symmetric Key Cryptography
Symmetric Key Cryptography is also known as ______
Secret Key Cryptography
is a shared secret between the sender and the recipient of the message, which is used to scramble the original message into ciphertext and then unscramble it back into its original form.
Key
Three steps of symmetric key cryptography
Key Generation
Encryption
Decryption
A widely used encryption algorithm that uses a 56-bit key and operates on 64-bit blocks of data.
Data Encryption Standard (DES)
A more secure encryption algorithm that uses a 128-bit, 192-bit, or 256-bit key and operates on 128-bit blocks of data.
Advanced Encryption Standard (AES)
Another widely used encryption algorithm that uses a variable-length key of up to 448 bits and operates on 64-bit blocks of data.
Blowfish
is a cryptographic system that uses two separate keys for encryption and decryption.
Public Key Cryptography
Also known as asymmetric cryptography
Public Key Cryptography
Public Key Cryptography is also known as _____
asymmetric cryptography
This is one of the most widely used public key encryption algorithms.
Rivest-Shamir-Adleman (RSA)
Who invented the Rivest-Shamir-Adleman (RSA)
Ron Rivest
Adi Shamir
Leonard Adleman
This algorithm is used for key
exchange and is often used in combination with other algorithms for encryption and authentication.
Diffie-Hellman
This is a newer algorithm that is gaining popularity due to its smaller
key sizes and faster performance
Elliptic Curve Cryptography (ECC)
This algorithm is used for digital signatures and is often used in conjunction with other encryption algorithms
Digital Signature Algorithm (DSA)
is a cryptographic technique used in cybersecurity to ensure the authenticity and integrity of digital documents or messages.
Digital Signatures
serves as a tamper-proof seal that verifies the identity of the sender and confirms that the document or message has not been altered in transit.
Digital Signature
Two Keys
private key and public key
is kept secret and only known to
the owner of the signature
private key
is freely distributed and can be used by anyone to verify the signature
public key
a widely-used public-key encryption algorithm that can also be used for digital signatures
Rivest-Shamir-Adleman (RSA)
a public-key algorithm specifically designed for creating and verifying digital signatures.
Digital Signature Algorithm (DSA)
a variant of DSA that uses elliptic curve cryptography.
Elliptic Curve Digital Signature Algorithm (ECDSA)
another variant of DSA that uses Edwards-curve cryptography.
Edwards-curve Digital Signature Algorithm (EdDSA)
refers to the processes and techniques used to generate, distribute, store, use, and revoke cryptographic keys.
Key Management
are essential for ensuring the confidentiality, integrity, and authenticity of data, and key management is critical to the security of cryptographic systems.
Cryptographic Keys
This approach involves manually generating, distributing, and revoking keys.
Manual Key Management
In this approach, a trusted third party is responsible for storing and managing cryptographic keys.
Key Escrow
is a variant of key escrow where the encrypted keys are stored in a way that allows authorized individuals to recover them if they are lost or stolen.
Key Recovery
This approach involves the use of automated systems to generate, distribute, and manage keys.
Automated Key Management
This approach combines different key management techniques to create a customized solution that meets the specific security requirements of an organization.
Hybrid Key Management
Best Practices for Security
- Use Strong Passwords
- Keep Software Up-to-date
- Install Anti-Virus Software
- Use Two-Factor Authentication
- Limit Access
- Educate Employees
- Backup Data
- Monitor Activity
- Encrypt Sensitive Data
- Conduct Regular Security Assessments