Security Fundamentals

Question 1

What does AAA stand for?

Answer 1

Authentication, Authorization, Accounting

Question 2

What does CIA stand for?

Answer 2

Confidentiality, Integrity, Availability

Question 3

Explain Confidentiality

Answer 3

Information NOT available or disclosed to unauthorized parties

Question 4

Explain integrity

Answer 4

Information NOT modified by unauthorized parties or in an unauthorized manner

Question 5

Explain Availability

Answer 5

Information available when needed

Question 6

Explain Authentication

Answer 6

Assurance of identity claim.
Ex login, digital certificates, location, token/phone, ID cards

Something you know, something you have, something you are, somewhere you are

Question 7

Explain Authorization

Answer 7

Grant or deny access to resource operations over resources (once authenticated)

Question 8

Explain Accounting

Answer 8

Keeping track of information, users or data. (Building & storing log data)

Important for auditing

Question 9

Explain ”Cryptography” and ”Encryption”

Answer 9

Cryptography is the science of concealing messages with a secret code

Encryption (method) is the way to encrypt and decrypt data

Question 10

Explain Symmetric encryption

Answer 10

Uses the same key for encryption and decryption

Amount of keys formula:
(n^2 - n)/2

Question 11

Explain Asymmetric encryption

Answer 11

Uses a public key for encryption and a private key for decryption

Amount of keys formula:
2n

Question 12

Explain Symmetric authenticated encryption

Answer 12

The same as symmetric encryption but also an extra private one to sign

Amount of keys formula:
(n^2-n)/2 + n

Question 13

What is digital certificates

Answer 13

A file or electronical password that proves the authenticity of a device, server or user through the use of cryptography and public key infrastructure

Question 14

What do authenticated encryption provide:

Answer 14

Confidentiality & integrity

(& authentication ofc)

Question 15

Types of digital certificates

Answer 15

Domain validation -> least secure
Organization validation
Extended validation -> most secure, most requrenments

Question 16

What is the problem with digital certificates

Answer 16

Everyone can get a certificate. But people think that it is authentication. It is only to secure connection, not act as authentication. People will think that a sketchy site is a good site because of the lock

Question 17

Explain Pretty Good Privacy

Answer 17

When a user wants to send a message, PGP generates a random symmetric key, often referred to as a session key. This symmetric key is used to encrypt the actual message using a symmetric encryption algorithm. Next, PGP uses the recipient’s public key to encrypt the symmetric key. Both the encrypted message and the encrypted symmetric key are then sent to the recipient.

Upon receiving the message, the recipient uses their private key to decrypt the symmetric key. Once the symmetric key is decrypted, it is used to decrypt the actual message. This combination of symmetric and asymmetric encryption in PGP provides a secure and efficient way to transmit private messages

Question 18

Explain Authenticated symmetric encryption

Answer 18

Bob and Alice agree upon two shared keys. First one is used to encrypt and the second one is used to provide authentication (hash the encrypted message)

When Bob receives the encrypted message and digest from Alice, he also uses the second key to hash the encrypted message and compares his digest with the received digest from Alice. If they match Bob knows the message is from Alice.