Introduction to Security

Question 1

What is information security?

Answer 1

The protection of information and information systems

Question 2

What is confidentiality?

Answer 2

the assurance that data cannot be viewed by an unauthorised user

Question 3

What is data integrity?

Answer 3

the assurance that data has not been altered in an unauthorised manner (including accidental errors)

Question 4

What is data origin authentication?

Answer 4

assurance that a given entity was the original source of a data

Question 5

Another term for data origin authentication?

Answer 5

message authentication

Question 6

What is entity authentication?

Answer 6

the assurance that a given entity is involved and currently active in a communication session

Question 7

What is non-repudiation?

Answer 7

the assurance that an entity cannot deny a previous commitment or action (to a “third party”)

Question 8

What is cryptography?

Answer 8

design and analysis of mechanisms based
on mathematical techniques that provide fundamental security services

Question 9

What is cryptography primitive?

Answer 9

a cryptographic process that provides a number of specified security services

Question 10

What is plaintext?

Answer 10

the raw data to be protected during transmission from sender to receiver

Question 11

What is ciphertext?

Answer 11

the encrypted version of the plaintext that results from applying the encryption algorithm & the encryption key to the plaintext

Question 12

What is an encryption algorithm?

Answer 12

the set of rules that determines, for any given plaintext and encryption key, a ciphertext

Question 13

What is a decryption algorithm?

Answer 13

the set of rules that determines, for any given ciphertext and decryption key, a unique plaintext

Question 14

What is an encryption key?

Answer 14

a value that the sender inputs into the encryption algorithm along with the plaintext in order to compute the ciphertext

Question 15

What is a decryption key?

Answer 15

a value that the receiver inputs into the decryption algorithm along with the ciphertext in order to compute the plaintext

Question 16

What is a keyspace?

Answer 16

the collection of all possible decryption keys

Question 17

What is an interceptor?

Answer 17

an entity other than the sender or receiver who attempts to determine the plaintext

Question 18

What is the difference between symmetric and public key encryption?

Answer 18

the encryption key and the decryption key are fundamentally different i.e., it is computationally infeasible to determine the decryption key from the encryption key

Question 19

What is the difference between passive and active message interception?

Answer 19

Passive interception involves the unauthorised access to data e.g. eavesdropping or copying restricted files whereas passive interception includes the unauthorised alteration, deletion, transmission or access prevention to data

Question 20

What does AES stand for?

Answer 20

Advanced Encryption Standard

Question 21

What is the difference regarding plaintext with steganography compared to encyption?

Answer 21

the adversary should not even notice that there is a plaintext at all, in contrast to encryption, where he knows there is a plaintext, but cannot compute it

Question 22

What is Kerchoff’s principle?

Answer 22

the cryptographic algorithm should not be required to be secret (it should stay secure even if the detail of the algorithm is revealed)

Question 23

What are the two ways to break an encryption algorithm?

Answer 23

1. determining the decryption key directly
2. deducing a plaintext from the corresponding ciphertext without first determining the decryption key

Question 24

What is a ciphertext-only attack?

Answer 24

where the attacker only knows the encryption algorithm and some ciphertext

Question 25

What is a known-plaintext attack?

Answer 25

attacks that assume the attacker knows the encryption algorithm and some arbitrary
plaintext/ciphertext pairs

Question 26

What is a chosen-plaintext attack?

Answer 26

attacks that assume the attacker knows the encryption algorithm and some arbitrary
plaintext/ciphertext pairs

Question 27

What is a chosen-ciphertext attack?

Answer 27

attacks that assume the attacker knows the encryption algorithm and some plaintext/ciphertext pairs that correspond either to plaintexts or to ciphertexts chosen by the attacker

Question 28

Examples of historical cryptosystems (4)

Answer 28

• Caesar cipher
• Simple substitution cipher
• Playfair cipher
• Vigenere cipher

Question 29

What is the keyspace of the Caesar cipher?

Answer 29

26

Question 30

What is the keyspace of the simple substitution cipher?

Answer 30

26!

Question 31

What makes historical cryptosystems unsuitable (3)

Answer 31

1. They are all symmetric cryptosystems
2. They are designed to provide confidentiality only
3. They operate on alphabetic characters

Question 32

What can be used to break the simple substitution cipher?

Answer 32

Single-letter frequency analysis

Question 33

What can make an exhaustive key search impractical?

Answer 33

A large keyspace

Question 34

What are the classes of attack? (4)

Answer 34

1. Generic attack - applies to a wide range of cryptographic primitives and do not require knowledge of the working promotive
2. Primitive-specific attack - apply to a specific clas of cryptographic pimitives
3. Algorithm-specific attack - designed for use against a specific cryptographic algorithm
4. Side-channel attack - not directed against the theoretical design of a cryptographic primitive, but rather the way in which the primitive is implemented

Question 35

What is the aim of homophonic encoding?

Answer 35

to design a cryptosystem whose ciphertext alphabet histogram is close to being ‘flat’ (in other words, every ciphertext symbol occurs approximately equally often).

Question 36

Disadvantage of homophonic encoding?

Answer 36

Message expansion - it becomes more expensive to send messages across communication channel (more bits are needed to encode one of 1000 ciphertext symbols compared to one of 26 alphabetic characters)

Question 37

Why is the vignere cipher a more favoured defence against single-letter frequency analysis compared to homophonic encoding?

Answer 37

It does not involve message expansion

Question 38

What is positional dependency?

Answer 38

the characteristic of a cipher where the position or order of characters in the plaintext directly influences the position or order of characters in the corresponding ciphertext

Question 39

What is another name for confidentiality?

Answer 39

Secrecy

Question 40

How does homophonic encoding work?

Answer 40

Each character in the plaintext is mapped to one or more characters in the ciphertext and common characters in the plaintext may have multiple representations in the ciphertext, while less common characters may have fewer or even single representations

Question 41

What is another name for authentication?

Answer 41

Identification

Question 42

Which cipher takes advantage of positional dependency?

Answer 42

Vignere cipher

Question 43

How does the vignere cipher work?

Answer 43

Each letter of the plain text is shifted based on the corresponding letter of the keyword to which it is matched up

Question 44

How can the vignere cipher be broken?

Answer 44

If the length of the keyword is known, the ciphertext can be split into sections of the length of the keyword and single-letter frequency analysis can be used