Cryptography Flashcards
(11 cards)
symmetric key, uses, features and examples
key used for both encryption and decryption
used for bulk data, fast and efficient but faces key distribution challenges
a and b uses shared key
a encrypts with aes using same key
b decrypts using same key
public key, uses, features and examples
freely shared and used to encrypt messages, with the corresponding private key used to decrypt them
enables secure key exchange, no distribution challenges, but slow
a wants to send data to b
b sends public key to a
a encrypts using b’s key
b decrypts using his private key
message confidentiality, uses and examples
ensures data is not readable by unauthorized party
uses encryption (AES)
sending encrypted email
message integrity uses and examples
ensures data is not altered
uses hash functions, MACS, or digital signatures
detecting if a file was modified during transfer
can we have without confidentially or integrity
yes but insecure:
Confidentiality without Integrity:
An attacker could modify ciphertext causing gibberish on decryption. No guarantee the message is untampered.
Integrity without Confidentiality:
A checksum ensures no changes, but the message remains readable.
cryptographic key
piece of data used in encryption and decryption algorithms to secure information. It determines how plaintext is transformed into ciphertext (scrambled data) and vice versa.
ensures:
confidentiality by scrambling data
authentication using verifying identities
integrity through digital signatures/macs
types:
symmetric key: single shared key
asymmetric key: public/private key pairs
example:
website uses public key that encrypts data only its private key can decrypt
types of attacks
interruption: disrupts or blocks communication or services, making resources unavailable to legitimate users. It targets availability. (Dos attac)
fabrication: inserts fake data or entities into a system, often impersonating legitimate sources. It targets authenticity. (IP spoofing)
Modification: alters data without authorisation, corrupting data and violating integrity. Targets integrity (Data tampering)
What is the purpose of a nonce in an authentication protocol? Use an example to explain your answer.
random value generated for single use in cryptographic communications.
Prevents replay attacks, ensures freshness and protects against predictability.
You enter your username (e.g., “Alice”).
The server sends back a random number (nonce), like 7429.
You take your password (e.g., “cat123”) and combine it with the nonce, creating “cat1237429”.
You send back a hashed/scrambled version (e.g., H(“cat1237429”)).
The server checks if your response matches its own calculation.
message authentication, uses and examples
Uses a shared secret key to generate a tag (e.g., HMAC).
Sender computes MAC = HMAC(key, message).
Receiver recomputes the MAC and verifies it matches.
Used in JWT tokens, API security.
persistent tcp
single TCP connection reused for multiple requests/responses
steps
Client opens TCP connection (3-way handshake).
Sends multiple requests (e.g., HTML + CSS + images).
Server sends multiple responses over the same connection.
Connection stays open (until timeout or Connection: close header).
example: modern browsers reuse TCP connections to load all resources on a webpage faster .
lower latency, better throughput
non persistent tcp
new TCP connection is opened each request/response and closed immediately
Steps:
Client opens TCP connection (3-way handshake).
Sends one request (e.g., HTTP GET for a webpage).
Server sends one response.
Connection closes (FIN/ACK).
example:
early HTTP/1.0: each image/file on webpage required a separate TCP connection
high overhead; slow