Week 1 Flashcards
List all the security services?
- passive setting
- Active attack
- Confidentiality
- Data integrity
- Data Origin Authentication
- Entity authentication
- Non-Repudiation
What is a Passive setting?
Unauthorized access to data.
What is an active attack?
unauthorized alteration, deletion, transmission, or access prevention to data.
what is confidentiality?
The assurance that the data cannot be viewed by an unauthorized user.
What is data integrity?
Assurance that the data has not been altered in an unauthorized way.
What is data origin Authentication?
Assurance that a given entity was the original source of data.
what is Entity Authentication?
The assurance that a given entity is involved and currently active in a communication session
What is Non-Repudiation?
The assurance that an entity cannot deny a previous commitment or action
What is stronger, Data Origin Authenticaion or Data integrity?
Data Origin authentication requires data integrity
What is stronger Non-Repudiation of a Source or Data Origin Authenticaion?
Non-Repudiation of a source requires Data Origin authenticaion.
Does confidentiality imply data origin authentication?
No it doesn’t, and adversary can re-arrange the encrypted message, so that they decrypt to a legit message, which wasn’t sent by the sender.
What is a Cryptographic primitive?
A cryptographic service which provides a number of specified security services.
What is a cryptographic algorithm?
the specification of a cryptographic primitve
what is a cryptographic protocol?
the implementation of some cryptographic primitve and their infrastructure.
What is the keyspace?
the collection of all possible decryption keys
How is encryption different to access control?
Access control is a mechanism that prevents unauthorized users from accessing data, However, it is related to data location and difficult to implement when data is “communicated”
How is encryption different from Steganography?
Stegangraphy is about data hiding, the attacker wonte even know there is information there.
You can combine them to provide multiple layers of security.
What is Symmetric key cryptosystems?
- the E and D key are essentially the same
What is public key cryptosystems?
- computationally impossible to determine the D key from the E key.
What is Kerckhoff’s principle?
The cryptographic algorithm should be required to be secret.
What are the reasons for publicly known algorithms?
- Scrutiny: studied by wide range of experts
- Interoperability: easier to adopt
- Transparency: Easier to convince trading partner to use their secuirty techniques.
What assumptions do we have in a cryptosystem?
The attacker knows:
- All transmitted ciphertext
- some corresponding plaintext-ciphertext paris
- details of the encryption algorithm
What is a Ciphertext-only attack?
Attacker only knows the encryption algorithm and some ciphertext.
What is a known-plaintext attack?
attacker knows some plaintext-ciphertexdt pairs
What is a chosen plaintext attack?
attacks with some plaintext ciphertext pairs where the pairs correspond to plaintext chosen by the attacker.