Systems Design Fundamentals > Security and HTTPS > Flashcards

Security and HTTPS Flashcards

(6 cards)

Study These Flashcards
1
Q

Man-In-The-Middle-Attack (MITM attack)

A
  • An attack where the attacker intercepts a line of communication that is thought to be private by its two communicating parties
  • MITM attacks are the primary threat that encryption and HTTPS aim to defend against
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Symmetric Encryption

A
  • It relies on a single key to encrypt/decrypt data
  • The key must be known to all communication parties and therefore be shared between them
  • The symmetric-key algorithm tends to be faster than the asymmetric ones. The most widely used are part of the Advanced Encryption Standard (AES)
  • AES:
    - It’s a widely used standard that has three symmetric-key algorithms: AES-128, AES-192, and AES-256
    - It’s considered the “gold standard” in encryption and is even used by the NSA to encrypt top-secret information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Asymmetric Encryption

A
  • Also known as public-key encryption. It relies on two keys (a public key and a private key) to encrypt/decrypt data
  • The keys are generated using cryptographic algorithms and are mathematically connected such that data encrypted with the public key can only be decrypted with the private key
  • The public key can be openly shared. The private key must be kept secure
  • Asymmetric-key algorithms tend to be slower than their symmetric ones
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HTTPS (Hypertext Transfer Protocol Secure)

A
  • An extension of HTTP used for secure communication online
  • Requires servers to have trusted certificates (usually SSL certificates)
  • Uses TLS (Transport Layer Security), a security protocol built on top of TCP, to encrypt data transferred between a client and a server
  • HTTP over TLS is also known as HTTPS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SSL Certificate

A
  • A digital certificate granted to a server by a certificate authority
  • Contains the servers’ public key, to be used in the TLS handshake process in an HTTPS connection
  • Effectively confirms that a public key belongs to the server that claims so
  • Certificate Authority:
    - It’s a trusted entity that signs digital certificates
    - Browsers usually have all public keys of all certificate authorities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TLS Handshake

A
  • The process through which a client and a server using HTTPS communication exchange encryption-related information and establish a secure communication
  • Typical steps:
    - The client sends a “client hello” (a string of random bytes) to the server
    - The server responds with a “server hello” (another string of random bytes) as well as its SSL certificate, which contains its public key
    - The client verifies that the certificate was issued by a CA and sends a premaster secret to the server. This key is another string of random bytes encrypted with the server’s public key
    - The client and the server use the “client hello”, the “server hello”, and the “premaster secret” to generate the same symmetric-encryption session keys, to be used to encrypt/decrypt all data transferred during the remainder of the connection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
Systems Design Fundamentals
flashcards
Decks in class (7)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions