internet services security past paper questions Flashcards
(8 cards)
What is symmetric key cryptography? Use an example to explain your
answer.
a symmetric key cryptography uses a shared key for encrypting and decrypting
In the context of network security explain briefly what a cryptographic key is
String of bit used to encrypt and decrypt data over a network
uses symmetric key and public key
cryptography
ensures confidentiality, integrity and authentication (so data change cannot be accessed or altered)
cryptographic key
A cryptographic key is a secret, fixed-size string of bits that algorithms use to encrypt or decrypt data.
In symmetric cryptography, the same key both scrambles (encrypts) and descrambles (decrypts) the message.
In asymmetric cryptography, a matched pair of keys is used: one public key to encrypt (or verify) and one private key to decrypt (or sign).
The security of encrypted data hinges on keeping keys secret, random, and sufficiently long to resist brute-force attacks.
Example: AES uses a 128-bit key shared by sender and receiver, while RSA uses a public/private key pair for secure key exchange.
i. What is public key cryptography? Use an example to explain your answer
Public key cryptography, also known as asymmetric cryptography, is a method of encrypting and securing digital communications using two mathematically linked keys: a public key and a private key. The public key is shared openly, allowing others to encrypt data, while the private key is kept secret by the owner and used to decrypt the information.
Public key cryptography is widely used for secure websites (HTTPS), email encryption
. What is symmetric key cryptography? Use an example to explain your
answer.
Symmetric key cryptography, also known as private key cryptography, is a method of encryption where the same key is used for both encrypting and decrypting data. This means that both the sender and receiver must have access to the same secret key to securely communicate.
Symmetric encryption is widely used in Wi-Fi security (WPA2), banking transactions (AES encryption), and file protection. It’s generally faster than public key cryptography but requires a secure method to share the secret key.
In the context of network security, what are the differences between message confidentiality and message integrity? Can we have one without the
other? Explain your answer
Message confidentiality ensures that data remains private and inaccessible to unauthorized parties, typically through encryption methods such as AES or RSA. Message integrity, on the other hand, guarantees that data is not altered during transmission, using techniques like hash functions or digital signatures. While confidentiality and integrity are related, one can exist without the other. For example, encrypted data (confidential) might still be modified without detection if no integrity checks are in place. Likewise, a message could maintain its integrity but still be visible to unauthorized users if not encrypted. Both aspects are crucial for secure communication.”
Man-in-the-middle is a form of security attack. Use an example to explain
what it is.
A man-in-the-middle (MITM) attack is a cyber attack where an attacker secretly intercepts and alters communication between two parties without their knowledge. The attacker positions themselves between the sender and receiver to steal, modify, or manipulate data.
To protect against MITM attacks: ✅ Use HTTPS websites (look for the 🔒 padlock in the browser). ✅ Avoid public Wi-Fi for sensitive transactions unless using a VPN (Virtual Private Network). ✅ Enable two-factor authentication (2FA) for extra security. ✅ Verify Wi-Fi networks before connecting, especially in public places.
example lets say person A goes into a cafe and tries to use a card payment they connect to the instore wifi howver on the other hand person b is trying to steal her data so ne could easily set up a rogue wifi hotspot which looks legitimate and the person a connects to this wifi thinking they are safe. person b captures the data such as card number and stuff person a complete the transaction unaware of her financial data being stolen to overcome this dont connect to public wifi and if you have to use a vpn
