cryptography intro

Question 1

what is cryptography

Answer 1

what it means to be mathematically secure and designing systems to achieve this

Question 2

what are security services

Answer 2

specific security goals we want to acheive

Question 3

what are some examples of security services

Answer 3

confidentiality
data integrity
data origin authentication
non-repudiation
authentication
accountability
anonymity
verifyability

Question 4

confidentiality

Answer 4

data cannot be viewed by unauthorised users

Question 5

data integrity

Answer 5

data cannot be altered without permissions and you can determine when data is being altered

Question 6

data origin authentication

Answer 6

can verify the person who created the data

Question 7

non-repudiation

Answer 7

a user cannot deny previous action

Question 8

kerckhoff’s principle

Answer 8

a cryptographic system should be secure even if everything about it except the key is public

Question 9

passive attacks

Answer 9

the attacker doesnt change the data or processes

Question 10

what are two examples of passive attacks

Answer 10

unauthorised access to data
traffic analysis

Question 11

traffic analysis

Answer 11

can notice patterns on how entities are communicating

Question 12

active attacks

Answer 12

altering the system information in some way usually changing the data or processes that act on the data

Question 13

what are four examples of active attacks

Answer 13

masquerade
replay
modification
denial of service

Question 14

masquerade (active attacks)

Answer 14

pretending to be the sender

Question 15

replay (active attacks)

Answer 15

the attacker intercepts the message then passes it on at some point

Question 16

how can we prevent replay (active attacks)

Answer 16

digital signatures
time stamps

Question 17

modification (active attacks)

Answer 17

intercepts and changes the message

Question 18

how can we prevent modification passive attacks

Answer 18

confidentiality and integrity mechanisms

Question 19

what are the 3 types of cryptosystems

Answer 19

encryption systems
digital signatures
hashing

Question 20

what do encryption systems aim to provide

Answer 20

plaintext confidentiality

Question 21

how can the attacker discover the decryption key

Answer 21

through an exhaustive key search

Question 22

exhaustive key search

Answer 22

trying to decrypt the cipher text using every possible key until you find the right one

Question 23

how can we prevent attackers discovering the decryption key via an exhaustive key search

Answer 23

making the key so long that its computationally impractical to discover

Question 24

how is the exhaustive key search used as a bench mark for security

Answer 24

every other attack should take longer than the time it would take to complete

Question 25

what are the 4 forms of plaintext message recovery

Answer 25

ciphertext only attack known plaintext attack chosen plaintext attack chosen ciphertext attack

Question 26

ciphertext only attack

Answer 26

the passive attacker only knows the ciphertext

Question 27

known plaintext attack

Answer 27

knows some plain and ciphertext pairs

Question 28

in which two ways could the attacker get the plaintext

Answer 28

careless sender or receiver guesses the correct decryption

Question 29

chosen plaintext attack

Answer 29

the attacker knows the pairs when they have chosen the plaintext

Question 30

chosen ciphertext attack

Answer 30

knows the plain and ciphertext pairs when theyve chosen both has access to encryption and decryption services

Question 31

what are the security aims of digital signatures

Answer 31

data integrity, origin authentication, and non-repudiation

Question 32

what does it mean for the attacker to make a forgery

Answer 32

creating a valid digital signature without the key

Question 33

selective forgery

Answer 33

outputting a signature for a specific message

Question 34

existential unforgeability

Answer 34

without having the secret key, you shouldnt be able to forge a valid signature

Question 35

what are some criteria for hash functions

Answer 35

must be a compression function must be easy to compute(efficient computation) should be infeasible to go the other way

Question 36

compression function

Answer 36

for any length input the output should be the same length

Question 37

what are some of the security criteria for hash functions

Answer 37

preimage resistance second preimage resistance collision resistance

Question 38

preimage resistance

Answer 38

one a message has been hashed it should be computationally infeasible to get the original message hash functions should be one way

Question 39

second preimage resistance

Answer 39

it should be computationally infeasibly to find another message with the same hash as a specific message

Question 40

collision resistance

Answer 40

it should be computationally infeasible to find two messages with the same hash

Question 41

birthday attacks

Answer 41

how many messages do we need to randomly select before there is a greater than 50% chance of collision