Security Part 1

Question 1

What does encryption do?

Answer 1

renders a message unreadable so anyone seeing it won’t be able to determine the original message

Question 2

What does decryption do?

Answer 2

retrieves the original message

Question 3

What impacts the strength of an encryption?

Answer 3

the number of possible keys

Question 4

What is the number of possible keys a function of?

Answer 4

The length of the key

Question 5

What is symmetric key encryption?

Answer 5

the same key is used to encrypt and decrypt the message and both parties must know the key

Question 6

What is the key distribution problem?

Answer 6

both parties must know the key

Question 7

What type of encryption does the key distribution problem affect and what is the solution to the problem?

Answer 7

Affects symmetric key encryption

Solved by public key encryption

Question 8

What is brute force search?

Answer 8

trying every possible key to find the actual key

Question 9

What does it mean to be computationally secure?

Answer 9

an encryption method is computationally secure if it will take the a very long time to crack the message using the best tech

Question 10

What is an implication of Moore’s Law in regard to encryption?

Answer 10

what is secure today may not be secure years from now

Question 11

What is a hash function?

Answer 11

a computer function that maps input of any size onto an output of a fixed size

Question 12

What is public key encryption?

Answer 12

The use of two keys, a public key, and a private key, that are mathematically related in order to encrypt a message

Question 13

What does a digital signature do?

Answer 13

shows the message came from the sender (not an imposter) and has not been tampered with (has data integrity)

Question 14

How does a digital signature work (4 characteristics)?

Answer 14

uses a hash function to convert the message, m, to a number, ℎ()

each letter is associated with a number and they’re added together mod1000

sender and receiver agree on a hash function

only the sender could encrypt, anyone can decrypt

Question 15

What are the steps for a digital signature from the sending side?

Answer 15

1. Calculate the hash function, h(m)
2. Encrypt h(m) with the sender’s private key h(m)_c
3. Send m and h(m)_c

Question 16

What are the steps for a digital signature from the receiving side?

Answer 16

1. Receive m and calculate the hash function of m, h(m)

2. Receive and decrypt h(m)_c using the sender’s public key and check to see if it equals h(m)

Question 17

What do the symbols m, h(m) and h(m)_c signify in encryption?

Answer 17

m: plain text
h(m): hash of m
h(m)_c: cypher text

Question 18

When using a digital signature, how do you know if the message came from the sender and has not been tampered with?

Answer 18

The message m came from the sender if when h(m)_c is decrypted, it equals h(m)

Question 19

How do you find out the sender’s public key in a reliable way?

Answer 19

Through a certificate of authority

Question 20

What do certificates have?

Answer 20

The digital signature of a known certificate authority

Question 21

What is a certificate authority?

Answer 21

A small number of trusted organizations

Question 22

What can your browser verify in regards to secure communication?

Answer 22

• The legitimacy of the digital signature
• Legitimacy of the certificate
• The public key of the certificate holder

Question 23

What is HTTPS based on?

Answer 23

Using certificate authorities and certificates

Question 24

How do you acquire certificates?

Answer 24

A list of them and their public keys are included in a browser

Question 25

What are Secure Hash Algorithms (SHA)?

Answer 25

A family of hashing functions

Question 26

What effect does slightly changing the input have on SHA?

Answer 26

changes the hash value (the output) considerably

Question 27

What does SHA256 do?

Answer 27

Maps any message to a 32 byte (256 bit) number

Question 28

How many different output values are there for SHA256?

Answer 28

2^256

Question 29

What are 3 ways people cause security problems?

Answer 29

1. People are careless and make mistakes 2. People are lazy (i.e. simple passwords) 3. People can be tricked into divulging confidential information

Question 30

What are the top 3 sources of data breaches?

Answer 30

1. Fraud or scam 2. Stolen laptop 3. Document found in trash or unattended

Question 31

What is a trait of all complex pieces of hardware or software?

Answer 31

They contain bugs and many points of vulnerability

Question 32

What is wire tapping?

Answer 32

Eavesdropping on telephone lines

Question 33

What is sniffing?

Answer 33

Eavesdropping on a computer network to obtain propriety information

Question 34

What is radiation?

Answer 34

Wires give off an electrical signal that can be easily intercepted without damaging the wires

Question 35

What is web scraping?

Answer 35

When a computer program rather than a person surfs the web looking for information

Question 36

What is the estimated global cost of cybercrime?

Answer 36

Between $375 billion and $500 billion

Question 37

What is malware?

Answer 37

Malicious software, software designed to cause damage to or loss of control of a computer or network

Question 38

What are 9 types of malware?

Answer 38

1. computer virus 2. worm 3. torjan horse 4. phishing 5. denial of service attack 6. sniffing 7. spam 8. botnet 9. ransomware

Question 39

What is a computer virus?

Answer 39

software that attaches to other programs or | data in order to be executed and can copy itself from file to file

Question 40

What can a computer virus harm?

Answer 40

``` Data Program Machines The network Can open a backdoor to hackers ```

Question 41

What is a worm?

Answer 41

Similar to viruses but run on their own (don't need to attach to other programs)

Question 42

What damage can worms cause?

Answer 42

Same as a virus

Question 43

How do worms spread?

Answer 43

Using a computer network

Question 44

What is a trojan horse?

Answer 44

A software program that appears to be benign, but then does something unexpected behind the scenes

Question 45

What harm can Trojan horses cause?

Answer 45

Same as a virus

Question 46

How do trojan horses attack?

Answer 46

The user has to launch them

Question 47

What is phishing?

Answer 47

an email or text that: 1. pretends to come from a trusted source 2. asks for confidential information

Question 48

What is a denial of service attack?

Answer 48

many computers overwhelm a website requestion service in attempt to block others from using the website

Question 49

What harm does a denial of service attack cause?

Answer 49

Loss of business (no data is lost)

Question 50

What is spam?

Answer 50

junk email

Question 51

What is a botnet?

Answer 51

A collection of computers that are used together for a common purpose

Question 52

What is ransomware?

Answer 52

software that threatens to publish the victim's files or prevents the victim from accessing their files unless a ransom is paid

Question 53

Why is public/private key encryption so secure?

Answer 53

Because when you encrypt with either one, the only way to decrypt is using the other key (other than brute force)

Question 54

What is generally exchanged in public/private key encryption?

Answer 54

a shared key or digital signature rather than the whole message