Cryptography

Question 1

symmetric key, uses, features and examples

Answer 1

key used for both encryption and decryption

used for bulk data, fast and efficient but faces key distribution challenges

a and b uses shared key
a encrypts with aes using same key
b decrypts using same key

Question 2

public key, uses, features and examples

Answer 2

freely shared and used to encrypt messages, with the corresponding private key used to decrypt them

enables secure key exchange, no distribution challenges, but slow

a wants to send data to b
b sends public key to a
a encrypts using b’s key
b decrypts using his private key

Question 3

message confidentiality, uses and examples

Answer 3

ensures data is not readable by unauthorized party

uses encryption (AES)

sending encrypted email

Question 4

message integrity uses and examples

Answer 4

ensures data is not altered

uses hash functions, MACS, or digital signatures

detecting if a file was modified during transfer

Question 5

can we have without confidentially or integrity

Answer 5

yes but insecure:

Confidentiality without Integrity:

An attacker could modify ciphertext causing gibberish on decryption. No guarantee the message is untampered.

Integrity without Confidentiality:

A checksum ensures no changes, but the message remains readable.

Question 6

cryptographic key

Answer 6

piece of data used in encryption and decryption algorithms to secure information. It determines how plaintext is transformed into ciphertext (scrambled data) and vice versa.

ensures:
confidentiality by scrambling data
authentication using verifying identities
integrity through digital signatures/macs

types:
symmetric key: single shared key
asymmetric key: public/private key pairs

example:
website uses public key that encrypts data only its private key can decrypt

Question 7

types of attacks

Answer 7

interruption: disrupts or blocks communication or services, making resources unavailable to legitimate users. It targets availability. (Dos attac)

fabrication: inserts fake data or entities into a system, often impersonating legitimate sources. It targets authenticity. (IP spoofing)

Modification: alters data without authorisation, corrupting data and violating integrity. Targets integrity (Data tampering)

Question 8

What is the purpose of a nonce in an authentication protocol? Use an example to explain your answer.

Answer 8

random value generated for single use in cryptographic communications.

Prevents replay attacks, ensures freshness and protects against predictability.

You enter your username (e.g., “Alice”).
The server sends back a random number (nonce), like 7429.
You take your password (e.g., “cat123”) and combine it with the nonce, creating “cat1237429”.
You send back a hashed/scrambled version (e.g., H(“cat1237429”)).
The server checks if your response matches its own calculation.

Question 9

message authentication, uses and examples

Answer 9

Uses a shared secret key to generate a tag (e.g., HMAC).

Sender computes MAC = HMAC(key, message).
Receiver recomputes the MAC and verifies it matches.

Used in JWT tokens, API security.

Question 10

persistent tcp

Answer 10

single TCP connection reused for multiple requests/responses

steps
Client opens TCP connection (3-way handshake).
Sends multiple requests (e.g., HTML + CSS + images).
Server sends multiple responses over the same connection.
Connection stays open (until timeout or Connection: close header).

example: modern browsers reuse TCP connections to load all resources on a webpage faster .

lower latency, better throughput

Question 11

non persistent tcp

Answer 11

new TCP connection is opened each request/response and closed immediately

Steps:
Client opens TCP connection (3-way handshake).
Sends one request (e.g., HTTP GET for a webpage).
Server sends one response.
Connection closes (FIN/ACK).

example:
early HTTP/1.0: each image/file on webpage required a separate TCP connection

high overhead; slow