Security Part 1 Flashcards
What does encryption do?
renders a message unreadable so anyone seeing it won’t be able to determine the original message
What does decryption do?
retrieves the original message
What impacts the strength of an encryption?
the number of possible keys
What is the number of possible keys a function of?
The length of the key
What is symmetric key encryption?
the same key is used to encrypt and decrypt the message and both parties must know the key
What is the key distribution problem?
both parties must know the key
What type of encryption does the key distribution problem affect and what is the solution to the problem?
Affects symmetric key encryption
Solved by public key encryption
What is brute force search?
trying every possible key to find the actual key
What does it mean to be computationally secure?
an encryption method is computationally secure if it will take the a very long time to crack the message using the best tech
What is an implication of Moore’s Law in regard to encryption?
what is secure today may not be secure years from now
What is a hash function?
a computer function that maps input of any size onto an output of a fixed size
What is public key encryption?
The use of two keys, a public key, and a private key, that are mathematically related in order to encrypt a message
What does a digital signature do?
shows the message came from the sender (not an imposter) and has not been tampered with (has data integrity)
How does a digital signature work (4 characteristics)?
uses a hash function to convert the message, m, to a number, ℎ()
each letter is associated with a number and they’re added together mod1000
sender and receiver agree on a hash function
only the sender could encrypt, anyone can decrypt
What are the steps for a digital signature from the sending side?
- Calculate the hash function, h(m)
- Encrypt h(m) with the sender’s private key h(m)_c
- Send m and h(m)_c
What are the steps for a digital signature from the receiving side?
- Receive m and calculate the hash function of m, h(m)
2. Receive and decrypt h(m)_c using the sender’s public key and check to see if it equals h(m)
What do the symbols m, h(m) and h(m)_c signify in encryption?
m: plain text
h(m): hash of m
h(m)_c: cypher text
When using a digital signature, how do you know if the message came from the sender and has not been tampered with?
The message m came from the sender if when h(m)_c is decrypted, it equals h(m)
How do you find out the sender’s public key in a reliable way?
Through a certificate of authority
What do certificates have?
The digital signature of a known certificate authority
What is a certificate authority?
A small number of trusted organizations
What can your browser verify in regards to secure communication?
- The legitimacy of the digital signature
- Legitimacy of the certificate
- The public key of the certificate holder
What is HTTPS based on?
Using certificate authorities and certificates
How do you acquire certificates?
A list of them and their public keys are included in a browser
What are Secure Hash Algorithms (SHA)?
A family of hashing functions
What effect does slightly changing the input have on SHA?
changes the hash value (the output) considerably
What does SHA256 do?
Maps any message to a 32 byte (256 bit) number
How many different output values are there for SHA256?
2^256
What are 3 ways people cause security problems?
- People are careless and make mistakes
- People are lazy (i.e. simple passwords)
- People can be tricked into divulging confidential information
What are the top 3 sources of data breaches?
- Fraud or scam
- Stolen laptop
- Document found in trash or unattended
What is a trait of all complex pieces of hardware or software?
They contain bugs and many points of vulnerability
What is wire tapping?
Eavesdropping on telephone lines
What is sniffing?
Eavesdropping on a computer network to obtain propriety information
What is radiation?
Wires give off an electrical signal that can be easily intercepted without damaging the wires
What is web scraping?
When a computer program rather than a person surfs the web looking for information
What is the estimated global cost of cybercrime?
Between $375 billion and $500 billion
What is malware?
Malicious software, software designed to cause damage to or loss of control of a computer or network
What are 9 types of malware?
- computer virus
- worm
- torjan horse
- phishing
- denial of service attack
- sniffing
- spam
- botnet
- ransomware
What is a computer virus?
software that attaches to other programs or
data in order to be executed and can copy itself from file to file
What can a computer virus harm?
Data Program Machines The network Can open a backdoor to hackers
What is a worm?
Similar to viruses but run on their own (don’t need to attach to other programs)
What damage can worms cause?
Same as a virus
How do worms spread?
Using a computer network
What is a trojan horse?
A software program that appears to be benign, but then does something unexpected behind the scenes
What harm can Trojan horses cause?
Same as a virus
How do trojan horses attack?
The user has to launch them
What is phishing?
an email or text that:
- pretends to come from a trusted source
- asks for confidential information
What is a denial of service attack?
many computers overwhelm a website requestion service in attempt to block others from using the website
What harm does a denial of service attack cause?
Loss of business (no data is lost)
What is spam?
junk email
What is a botnet?
A collection of computers that are used together for a common purpose
What is ransomware?
software that threatens to publish the victim’s files or prevents the victim from accessing their files unless a ransom is paid
Why is public/private key encryption so secure?
Because when you encrypt with either one, the only way to decrypt is using the other key (other than brute force)
What is generally exchanged in public/private key encryption?
a shared key or digital signature rather than the whole message
