Chapter 1 Flashcards by salsabeel harahsheh

What are the three security goals?

Confidentiality, Integrity, Availability

How well did you know this?

Not at all

Perfectly

What are security attacks?

Threats that compromise the three security goals

How well did you know this?

Not at all

Perfectly

What are security services?

Mechanisms implemented to achieve security goals

How well did you know this?

Not at all

Perfectly

What are security mechanisms?

Tools or processes used to provide security services

How well did you know this?

Not at all

Perfectly

What two techniques are introduced to implement security mechanisms?

Cryptography, Steganography

How well did you know this?

Not at all

Perfectly

Define computer security according to NIST.

Protection of an automated information system to preserve integrity, availability, and confidentiality

How well did you know this?

Not at all

Perfectly

What are the three fundamental questions in computer security?

What assets do we need to protect? * How are those assets threatened? * What can we do to counter those threats?

How well did you know this?

Not at all

Perfectly

What does network security refer to?

Measures to protect data during transmission and to prevent unauthorized access

How well did you know this?

Not at all

Perfectly

What is Internet security?

Protection of data during transmission over interconnected networks

How well did you know this?

Not at all

Perfectly

True or False: Nothing is ever completely or truly secure.

True

How well did you know this?

Not at all

Perfectly

What is the CIA triad?

Confidentiality, Integrity, Availability

How well did you know this?

Not at all

Perfectly

What does confidentiality mean in information security?

Protection of confidential information from unauthorized access

How well did you know this?

Not at all

Perfectly

What does integrity mean in the context of information?

Changes to information must be made only by authorized entities

How well did you know this?

Not at all

Perfectly

What does availability signify in information security?

Information must be accessible to authorized entities

How well did you know this?

Not at all

Perfectly

What is snooping?

Unauthorized access to or interception of data

How well did you know this?

Not at all

Perfectly

Define modification in the context of security attacks.

Interception and alteration of a message by an attacker

How well did you know this?

Not at all

Perfectly

What is masquerading or spoofing?

When an attacker impersonates someone else

How well did you know this?

Not at all

Perfectly

What does replaying mean in security attacks?

Obtaining a copy of a message and re-sending it

How well did you know this?

Not at all

Perfectly

What is repudiation in security context?

Sender or receiver denies having sent or received a message

How well did you know this?

Not at all

Perfectly

What is a denial of service (DoS) attack?

An attack that slows down or interrupts service

How well did you know this?

Not at all

Perfectly

What does ITU-T provide in terms of security?

Security services and mechanisms

How well did you know this?

Not at all

Perfectly

What is cryptography?

The science and art of transforming messages to secure them

How well did you know this?

Not at all

Perfectly

What does the term steganography mean?

Covered writing, in contrast to secret writing

How well did you know this?

Not at all

Perfectly

What is encryption?

Transformation of intelligible information into unintelligible form

How well did you know this?

Not at all

Perfectly

What is decryption?

Transformation of encrypted information back into intelligible form

What is cryptanalysis?

Analyzing encrypted information to recover the original message

What is cryptology?

The field encompassing both cryptography and cryptanalysis

What is the study of principles and methods of deciphering ciphertext without knowing the key called?

Cryptology ## Footnote Cryptology encompasses both cryptography and cryptanalysis.

What is the original message before encryption called?

Plain text

What is the algorithm used to transform plaintext into unintelligible form called?

Encryption Algorithm

What is the encrypted text referred to as?

Cipher text

What is the key used in the encryption process called?

Encryption key

What is the algorithm used to transform cipher text back to plaintext called?

Decryption Algorithm

What is the key used in the decryption process called?

Decryption key

In a cryptosystem, what must be public while the keys remain secret?

All algorithms

What type of intruder listens to communications without modification?

Passive intruder

What type of intruder modifies messages and re-inserts them?

Active intruder

What does cryptography ensure regarding the knowledge of transferred information?

Confidentiality

What does cryptography ensure regarding the integrity of a message during transmission?

Integrity

What does authenticity in cryptography confirm?

You can verify that you are talking to the entity you think you are talking to

What does identity in cryptography allow you to verify?

Who is the specific individual behind that entity

What does non-repudiation ensure in cryptography?

The individual behind that asset cannot deny being associated with it

What is the classification of cryptography based on the number of keys used?

Symmetric key cryptography and Asymmetric key cryptography

What type of cryptography uses the same key for encryption and decryption?

Symmetric key cryptography

What type of cryptography uses two mathematically related keys?

Asymmetric key cryptography

What is an example of symmetric encryption?

DES (Data Encryption Standard)

What must both sender and receiver possess in a symmetric encryption system?

The same key

What are two requirements for secure use of symmetric encryption?

A strong encryption algorithm and a secret key known only to sender/receiver

What is the mathematical representation of encryption in symmetric cryptography?

C = E_K(M)

What is the mathematical representation of decryption in symmetric cryptography?

M = D_K(C)

What is a substitution cipher?

Replaces the actual bits, character, or block of characters with substitutes

What is a transposition cipher?

Rearranges the order of the bits, characters, or blocks of characters

What is a product cipher?

Combination between transposition cipher and substitution cipher

What is a key characteristic of asymmetric key cryptography?

The relation between the two keys is unknown

What can messages encrypted with the public key be decrypted with?

The private key

What can messages encrypted with the private key be decrypted with?

The public key

What are the essential steps in the asymmetric encryption model?

* Each entity generates a pair of keys * Each entity publishes its public key * User A encrypts a message using User B's public key * User B decrypts the message using their private key

What are examples of asymmetric ciphers?

* RSA * Rabin * ElGamal * Elliptic curve cryptography

What is a digital signature?

Data appended to, or a cryptographic transformation of, a data unit that allows a recipient to prove the source and integrity of the data unit

What are the two fundamental assumptions upon which digital signatures depend?

* The private key is secure * The only way to produce a digital signature is to use the private key

What must a digital signature be verifiable by?

Third parties to resolve disputes

What must be possible to verify regarding a digital signature?

* The author * The date * The time

What is a key property of digital signatures?

The signature must be verifiable by third parties to resolve disputes. ## Footnote This ensures that the authenticity of the signature can be confirmed by someone other than the signer.

What must be possible to verify regarding a digital signature?

The author, the date, and time of the signature. ## Footnote This verification is crucial for establishing the context and legitimacy of the signature.

What must be authenticated at the time of a digital signature?

The contents. ## Footnote This ensures that the information being signed has not been altered after the signature was created.

Name one standard associated with digital signatures.

DSS (Digital Signature Standard). ## Footnote DSS is a federal information processing standard for digital signatures.

What is one example of a digital signature algorithm?

RSA (Rivest-Shamir-Adleman). ## Footnote RSA is widely used for secure data transmission.

What is a key advantage of symmetric-key cryptography?

High rates of data throughput. ## Footnote This allows for faster encryption and decryption processes compared to asymmetric-key methods.

What is a disadvantage of symmetric-key cryptography?

The key must remain secret in two-party communication. ## Footnote This requirement complicates the secure exchange of keys between parties.

What challenge arises in large networks with symmetric-key cryptography?

Many key pairs must be managed. ## Footnote This leads to a significant increase in the number of keys required as the number of users grows.

How many keys does a cryptosystem with n users require?

n*(n-1)/2 keys. ## Footnote This formula arises from the need for each user to have a unique key with every other user.

What is a key advantage of asymmetric-key cryptography?

Only the private key must be kept secret. ## Footnote This simplifies key management since the public key can be shared openly.

What problem does asymmetric-key cryptography aim to solve?

Key distribution and digital signature. ## Footnote These issues are critical in ensuring secure communications and verifying identities.

What is a disadvantage of asymmetric-key cryptography?

Slower than the best-known symmetric key schemes. ## Footnote The computational complexity of asymmetric algorithms leads to longer processing times.

What is typically larger in asymmetric-key cryptography compared to symmetric-key cryptography?

Key sizes. ## Footnote Larger key sizes are necessary to achieve comparable security levels.

Chapter 1 Flashcards

(75 cards)