Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Networks > Security > Flashcards

Security Flashcards

1
Q

Symmetric key cryptography

A

sender n receiver keys identical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

public key cryptography

A

encryption key is public

decryption key is private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

block ciphers / transposition ciphers

A

the plaintext is divided into fixed-size blocks and encrypted one block at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DES (Data Encryption Standard)

A

-symmetric key
-64-bit block size
-56-bit key
-19 stages
(3 stages of transposition)
(16 stages of:
Exclusive ORing with a key (derived from input key)
substitution function
transposition function,
permutation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AES (Advanced Encryption Standard)

A
  • symmetric key
  • safer than DES
  • 128-bit block size
  • more bits in key
  • brute force would take trillions of years
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IDEA (International Data Encryption Algorithm)

A
  • symmetric key
  • 64-bit block size
  • 128-bit keys
-8-iteration encryption
iterations are:
addition
multiplications
exclusive ORing
permutation
using different key derived from input key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RSA steps (6)

A

Public key
SLOW

1) Choose 2 "large" primes: 'p' and 'q'
2)
Let n = p*q
Let z = (p-1) * (q-1)
3) Let 'e' < n, relatively prime to z
4) Find a number d s.t: e*d = 1 mod z
(e*d / z = ? + 1) find d.

5) public key = (e,n)
6) private key = (d, n)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A is relatively prime to Z

A

A and Z share no common positive factors except for 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

public key: (e,n)
private key: (d,n)

How to encrypt plaintext block M < n to a Ciphertext block C?

A

C = M^e mod n

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

public key: (e,n)
private key: (d,n)

How to decrypt a ciphertext block C < n to a plaintext block M?

A

M = C^d mod n

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How to provide confidentiality AND authentication?

Alice has private key and wants to send to Bob

A

1) Alice encodes message with private key (Anyone w/ public key can decode this)
2) Alice encodes THIS with public key (Only someone w/ private key can decode this)
3) Bob decodes message with private key
4) Bob decodes THIS with public key. If he gets the message, then it was Alice who sent it (because only she could have encoded something w/ her private key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hash function H

A

-Accepts a message M of any size and produces a fixed size block H(M) [digest of M]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hash function must be: (3)

A
  • Computationally efficient
  • For any digest d, it must be computational infeasible to find an M’ s.t. H(M’) = d
  • For any message M, it must be computationally infeasible to find M’ s.t. H(M’) = H(M)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Message Integrity using a Hash Function and Public Key

A

Encrypt digest with private key.

Decrypt digest with public key

So only small piece of data is using RSA, better performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Key Distribution Center (KDC)

A

shares different secret key with each registered user.
Alice and Bob know their own symmetric keys for communicating with KDC

-KDC sends Alice a session key (R1) AND R1 encrypted with Bob’s key
Bob decrypts R1 and knows to use that to communicate with Alice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Certification Authority (CA)

A

-binds public key to particular entity E (person, router)

  • E registers its public key with CA.
  • CA creates certificate binding E to its public key and digitally signs it (encrypt)

-When Alice wants Bob’s public key, she gets Bob’s certificate and apply’s CA’s public key to it to get Bob’s public key

17
Q

packet sniffing

A
  • broadcast media

- promiscuous NIC reads all packets passing by (unencrypted data)

18
Q

packet sniffing countermeasures

A
  • all hosts run software that checks if host interface is in promiscuous mode
  • one host per segment of broadcast media (switched Ethernet at hub)
19
Q

IP spoofing

A

cangenerate raw IP packets directly from application, putting any value into IP source address field (pretending to be another thing)

-receiver can’t’ tell if source is spoofed

20
Q

IP spoofing countermeasures

A

ingress filtering: routers shouldn’t forward outgoing packets with source addresses not in router’s network
(can’t be done with all networks)

21
Q

Denial of Service countermeasures

A
  • filter out flooded packets before reaching host: throw out good with bad
  • traceback to source of floods (but most likely an innocent, compromised machine)
22
Q

Pretty Good Privacy (PGP)

A

complete email security package that provides:

  • secrecy
  • authentication
  • digital signatures
  • compression (ie. zip)
  • free (not contrlled by gov’t)
23
Q

Secure Socket layer (SSL) transport layer security services (3)

A
  • server authentication
  • data encryption
  • client authentication (with client certificates)
24
Q

server authentication with SSL

A
  • SSL-enabled browser includes public keys for trusted CA’s
  • Browser requests server certificate that was issued by trusted CA
  • Browser uses CA’s public key to extract server’s public key from certificate
25
Q

Encrypted SSL Session

A
  • Browser generates a symmetric session key, encrypts it with server’s public key, sends it to server
  • Using private key, server decrypts session key
  • Browser and server know session key now (all data sent into TCP socket is encrypted with session key)
26
Q

IPsec (Network layer security) services (2)

A
  • Network-layer secrecy
  • Network-layer authentication

Two protocols:
AH (Authentication Header protocol)
ESP (Encapsulation security payload protocol)

27
Q

IPsec Network layer secrecy

A
  • sending host encrypts the data in IP datagram

- TCP and UDP segments; ICMP (Internet Control Message Protocol) and SNMP (Simple Network Management Protocol) messages

28
Q

IPsec Network layer authentication

A

destination host can authenticate source IP address

29
Q

Security Association (SA)

A
  • a network-layer logical channel created by AH and ESP in IPsec
  • unidirectional
-uniquely determined by:
security protocol (AH or ESP), source IP addr, 32-bit connection ID
30
Q

AH (Authentication Header) protocol

includes 3 things

A

provides source authentication, data integrity, but no confidentiality. Inserted header between IP header and data field

  • connection identifier
  • authentication data (source-signed message digest calculated over original IP datagram)
  • next header field (specifies type of data- TCP or UDP or ICMP)
31
Q

ESP (Encapsulation security payload protocol)

A

provides secrecy, host authentication, data integrity

-authentication data +header + trailer (source signed message digest calculated over original IP datagram)

data + ESP trailer are encrypted

ESP trailer contains next header field

Networks (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions