Chapter 7 Security

Question 1

5 properties of secure communication

Answer 1

1. Secery: no one else can read message
2. Integrity: msg not altered
3. Authentication: verify senders identity
4. Nonrepudiation: Ensuring sender cannot deny composing msg
5. Availability: services remain accessible

Question 2

Cryptography

Answer 2

Ensures all the security properties using keys

Question 3

Difference of plaintext and Ciphertext

Answer 3

Plaintext: Original MSG
Ciphertext: Encrypted version

Question 4

Two main types of cryptography

Answer 4

Symmetric Key Cryptography
Public key cryptopgraphy

Question 5

Symmetric key Cyrptography

Answer 5

Both sender and reciever share the same secret key (Ke = Kd)

Question 6

Public Key Cryptography

Answer 6

Each user has their own key pai and the publick ey is disclosed so that anyone can encrypt messages that the user can decrypt

Question 7

How is symmetric key cyptograhpy made?

Answer 7

Based on complex combinations of bit or byte level subsititions and transpositions

Question 8

Substituition Cipher

Answer 8

Preserves order of plaintext symbols but disgusing them through replacmenet with others

Question 9

Transpoisiton Cipher

Answer 9

Leaves plaintext symbols unchanged but reorders them

Question 10

DES

Answer 10

Data Encryption Standard: Encrypts 64-bit blocks using 56-bit key

Question 11

Triple DES

Answer 11

Address the problem of keys being too short encrypt with K1 then apply K2 and then encrypt with K1 again

Question 12

AES

Answer 12

Advanced Encrpytion Standard: Encrypts 128-bit blocks

Question 13

ECB mode

Answer 13

Electronic Code Block: Independently encrypt each block of bits from plaintext

Question 14

CBC

Answer 14

Cipher block chaining mode: encrypt by finding the bitwise OR of the first plaintext block and a vector. This is too complicated

Question 15

Stream Cipher

Answer 15

Use key and IV to generate a sequence of bits called keystrean which is XOR’d with plaintext

Question 16

One-Time Pad

Answer 16

Key is a random bit string of length >= to that of the plain text.

Question 17

Quantum Cryptography

Answer 17

Transmitting a one-time pad over a network in a secure manner using photon polarization

Question 18

RSA Algorithm

Answer 18

Public Key aglorithm where = m^e mod n

Question 19

What makes RSA Secure

Answer 19

Difficulty of factoring large composite numbers

Question 20

Why do we use padding in RSA

Answer 20

To never produce the same cipher text

Question 21

RSA used for digital signatures

Answer 21

Sender signs with private key D and verifeir checks with a public key

Question 22

Message Digest

Answer 22

A fixed-length hash of a messaged used for signing instead of a full message

Question 23

Secure Public Key Distribution is important because?

Answer 23

If an attacker provides a fake key, they could decrypt or impersonate messages

Question 24

DNS + DNSSEC help with public key distribution how?

Answer 24

Keys are stored in DNS records and signed using DNSSEC to prevent forgery

Question 25

DKIM

Answer 25

DomainKeys Identified Email: uses DNS to store public keys verifying email signatures by domain

Question 26

PKI

Answer 26

Public key infrastructure: Trusted CA signs a certificate that bind a public key to a specific indentity

Question 27

How is a CA (certification authority) verified

Answer 27

Verifier uses the CA's public key usually built into the software by a higher CA

Question 28

3 certificate validation levels

Answer 28

DV: Domain Validation OV: Organization Validation EV: Extended Validation

Question 29

How can a certificate be revoked prior to expiration date

Answer 29

Use OCSP or CRL protocols to check revvocation status

Question 30

OCSP stapling

Answer 30

Server sends a signed OCSP repsonse along with a certificte, reducing lookup overhead

Question 31

Certificate Transparency

Answer 31

A system of public auditable logs to detect fake certificates

Question 32

Web of Trust

Answer 32

Users sign each other certificates, no CA's

Question 33

Pretty Good Privacy

Answer 33

Technology used for encrypting and signing email

Question 34

Leap of Faith

Answer 34

Used in e.g in ssh. When ssh is used to connect host to a computer never signed on prior to it asks whether the public key has been sent by the host

Question 35

Why use symmetric keys for sessions

Answer 35

Faster than public key, ideal for bulk data encryption

Question 36

How to securely exhange a session key over an insecure channel

Answer 36

Use public key encryption and nonces to verify

Question 37

Nonces

Answer 37

Random values used once, prevent replay attack and conform liveness

Question 38

Limitations of session key using public key protocol

Answer 38

Lacks perfect forward secrecy

Question 39

How do you achieve perfect forward secrey

Answer 39

Diffie Hellman key exhange in the session key setup

Question 40

Diffie-Hellmen

Answer 40

Two parties securely generate a shared secret key over an insecure channel

Question 41

Public values used in Diffie-Hellmen

Answer 41

Large prime n and generator g

Question 42

How Deffie Hellman work?

Answer 42

Alice sends g^x mod n Bob sends g^y mod n both compute g^xy mod n as the shared key

Question 43

What does Kerberos use to manage authentication

Answer 43

Used in many operating systems Trusted Authentication Server and Ticket Granting Server

Question 44

What is TLS

Answer 44

Transport Layer Security: Successor to Sockets Layer, it operates above the transport. Provides encrypted communicated over TCP

Question 45

TLS Handshake Steps

Answer 45

1. Client sends preferences + nonce 2. Server replied with chosen algorithmsm, nonce and cert 3. Client encrypts premaster key with servers public key 4. Both derive session key from the nonces and premaster key

Question 46

PFS

Answer 46

Perfect Forward Secrecy: Even if private keys are leaked later, old sessions stay secure

Question 47

IPsec

Answer 47

a network-layer security framework providing authenticaton, integrity and optional encryption

Question 48

Two main aspects of IP-Sec

Answer 48

Transport Mode: Secures paylaod only Tunnel Mode: Secures entire IP Pakcet

Question 49

IPSec Tunnel-Mode packet contains?

Answer 49

- New Outer IP HEADER - ESP Header - Encrypted Payload and ESP tralier - HMAC for authentication

Question 50

ESP Header in IPsec

Answer 50

Encapsulating security payload, includes - Session identifer - MSG sequence numbers, never reused

Question 51

HMAC allows?

Answer 51

Vertification by computing a cyptographic hash on a combination of the message