Week 1

Question 1

List all the security services?

Answer 1

• passive setting
• Active attack
• Confidentiality
• Data integrity
• Data Origin Authentication
• Entity authentication
• Non-Repudiation

Question 2

What is a Passive setting?

Answer 2

Unauthorized access to data.

Question 3

What is an active attack?

Answer 3

unauthorized alteration, deletion, transmission, or access prevention to data.

Question 4

what is confidentiality?

Answer 4

The assurance that the data cannot be viewed by an unauthorized user.

Question 5

What is data integrity?

Answer 5

Assurance that the data has not been altered in an unauthorized way.

Question 6

What is data origin Authentication?

Answer 6

Assurance that a given entity was the original source of data.

Question 7

what is Entity Authentication?

Answer 7

The assurance that a given entity is involved and currently active in a communication session

Question 8

What is Non-Repudiation?

Answer 8

The assurance that an entity cannot deny a previous commitment or action

Question 9

What is stronger, Data Origin Authenticaion or Data integrity?

Answer 9

Data Origin authentication requires data integrity

Question 10

What is stronger Non-Repudiation of a Source or Data Origin Authenticaion?

Answer 10

Non-Repudiation of a source requires Data Origin authenticaion.

Question 11

Does confidentiality imply data origin authentication?

Answer 11

No it doesn’t, and adversary can re-arrange the encrypted message, so that they decrypt to a legit message, which wasn’t sent by the sender.

Question 12

What is a Cryptographic primitive?

Answer 12

A cryptographic service which provides a number of specified security services.

Question 13

What is a cryptographic algorithm?

Answer 13

the specification of a cryptographic primitve

Question 14

what is a cryptographic protocol?

Answer 14

the implementation of some cryptographic primitve and their infrastructure.

Question 15

What is the keyspace?

Answer 15

the collection of all possible decryption keys

Question 16

How is encryption different to access control?

Answer 16

Access control is a mechanism that prevents unauthorized users from accessing data, However, it is related to data location and difficult to implement when data is “communicated”

Question 17

How is encryption different from Steganography?

Answer 17

Stegangraphy is about data hiding, the attacker wonte even know there is information there.

You can combine them to provide multiple layers of security.

Question 18

What is Symmetric key cryptosystems?

Answer 18

• the E and D key are essentially the same

Question 19

What is public key cryptosystems?

Answer 19

• computationally impossible to determine the D key from the E key.

Question 20

What is Kerckhoff’s principle?

Answer 20

The cryptographic algorithm should be required to be secret.

Question 21

What are the reasons for publicly known algorithms?

Answer 21

• Scrutiny: studied by wide range of experts
• Interoperability: easier to adopt
• Transparency: Easier to convince trading partner to use their secuirty techniques.

Question 22

What assumptions do we have in a cryptosystem?

Answer 22

The attacker knows:
- All transmitted ciphertext
- some corresponding plaintext-ciphertext paris
- details of the encryption algorithm

Question 23

What is a Ciphertext-only attack?

Answer 23

Attacker only knows the encryption algorithm and some ciphertext.

Question 24

What is a known-plaintext attack?

Answer 24

attacker knows some plaintext-ciphertexdt pairs

Question 25

What is a chosen plaintext attack?

Answer 25

attacks with some plaintext ciphertext pairs where the pairs correspond to plaintext chosen by the attacker.