Security Questions Flashcards
Define Encryption.
The process of turning plain text into cypher text.
Explain the term Public Key
Key widely available that is used to encrypt messages, which only the owner of the Private key can decrypt
Explain the term Private key.
Key needed to decrypt data that was encrypted by a public key,
It is used in Asymmetric encryption and is not shared.
What are the similarities and differences between Private key and Public key?
Similarities:
1)Both used in asymmetric encryption
as a pair of keys are required, one is used to encrypt data and the other is used to decrypt the data.
Differences:
1)Private key is only known to the owner of the key pair while Public key is widely distributed.
2)When messages are sent to the owner of public key, they are encrypted by the owners public key, So they can only be decrypted by the owners private key.
Explain how Public and Private keys are used to ensure that only a particular person recievces the email.
Senders computer will encrypt the email using recievers public key before sending.
Reciever will decrypt the data using their private key.
As the Private key is only known to the reciever, only she can understand it.
What is a protocol?
A set of rules which governs how two devices communicate.
Describe what happens when setting up a secure connection using SSL.
1)Client requests that server identifies itself.
2)Server sends a copy of its digital certificate along with its Public key.
3)Client checks the certificate against a list of trusted Certificate Authorities.
4)If the client trusts the certificate, it creates, encrypts and sends the server a symmetric session key using the server’s public key.
5)Server decrypts the the symmetric session key using its private key.
6)Server sends the browser an acknowledgement, encrypted with the session key.
State and explain the two layers of Transport Layer Security (TLS).
Record Layer: Can be used with or without encryption, it contains the data being transmitted over the network.
Handshake Protocol: Permits the server and client to authenticate each other and to make use of encryption algorithm.
What are the difference between SSL and TLS?
1) It is possible to extend TSL by adding new authentication methods unlike SSL.
2)TLS makes use of session caching which improves the overall performance of the communication.
3)TLS seperates the handshaking protocol from the Record protocol where the data is held.
What is the purpose of TLS?
1)Its purpose is to provide a secure communication over a netwrok, it maintains data integrity and has a additional layer of security.
2)It provides improved security over SSL.
3)It is composed of two layers Handshake and Record protocol.
What are the applicaitons of TLS ?
Online Banking
Private Email
Online Shopping
Secure file transfer
What are the problems that SSL and TLS overcome?
Security
Privacy
Authentication
What security parameters are agreed between server and client during hand shake?
1)Which Protocol will be used (As there are different versions of the two protocols)
2)Session Type (Reusable or Not)
3)Encryption Method ( Asymmetric or Symmetric)
Explain how asymmetric encryption uses the contents of the digital certificates to ensure that the message has not been altered during transmission.
1)Senders message is encrypted with recievers public key provided by recievers digital certificate.
2)Agreed Hashing algorithm mentioned in the digital certificate is used on the message to produce message digest
3)The message digest is encrypted with senders private key to produce digital signature
4)Both digital signature and encrypted message is sent
4)The message is decrypted recievers private key
5)Senders digital signature is decrypted with sendes public key to obtain the message digest.
6) Reciever recreates the message digest using the same hashing algorithm
7)If both copies of message digest matchup then data has not been altered.
Explain how Asymmetric encryption is used to ensure it is a verified message. [3]
The sender creates the message digest.
Reciever recreates the message digest
If both copies of message digest match then data has not been altered
How is a digital signature produced?
1)A message is put on a agreed hashing algorithm to produce a message digest
2)The message digest is encrypted with senders private key
This is how digital signature is produced
How is a digital certificate obtained?
Organization applied to an issuing Certificate Authority (CA) with some proof of identity.
For example: name and address of organization.
So their identity can be checked by an organizational registration authority.
So that a digital certificate will only be issued to a trusted organization
What are the items present in a digital Certificate?
1)Public Key (To encrypt data)
2) Agreed Hashing ALgorithm (To produce message digest)
3)Name of organization
4)Serial Number
5)Date Valid to
What is the purpose of Quantum Cryptography?
Its purpose is to provide method of secure communication that uses principles of physics to ensure data cannot be read by hackers without detection.
What are the benifits of using Quantum Cryptography?
Any eavesdroping can be identified
Integrity of the key once transfered, can be guranteed.
More secure keys can be exchanged.
What are the drawbacks of using Quantum Cryptography?
1)It requires dedicated line and specialized hardware, which can be expensive to implement.
2)It still has limited range.
3)It is possible for the polarization of light to be altered due to various conditions while travelling down fibre optic cable.
4)Terrorists can use this technology to hide their activities from the Goverment.
What is the purpose of digital signature?
To ensure document is Authentic ( came from a trusted source)
To ensure document has not been altered
Non repudiation
