CSE 4380 Exam 1 Flashcards (1)

Information Security

The protection of information from accidental or intentional misuse by persons inside or outside an organization

Key Security Concepts

Confidentiality, integrity, availability

Confidentiality

Assurance that confidential information is not disclosed to unauthorized individuals

Integrtiy

Assures that information and programs changes only in an authorized or specified manor. Maintains trustworthiness of the data.

Availability

Assures that data works promptly and service is not denied to authorized users.

Types of attacks

-Passive: Learn about the system

-Active: Attempt to alter system

-Insider: Initiated by someone inside security perimeter

-Outside: Initiated outside the perimeter

Attack surface

Consists of the reachable and exploitable vulnerabilities in a system (Network, Software, and Human Attack)

Countermeasures

Prevent, Detect, Recover

Cryptographic tools

-Symmetric Encryption (Confidentiality)

-Secure Hash Functions (Integrity)

-Asymmetric Encryption (Confidentiality & Integrity)

Symmetric Encryption

the same key is used to encode and decode

Block Ciphers

-encrypt data in blocks and most common symmetric encryption algorithms

-Good for when you are sending blocks of data such as email, file transfer, etc.

Data Encryption Standard (DES)

A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks.

Triple DES

Repeats basic DES algorithm three times using either two or three unique keys, using a key size of 112 or 168 bits. More secure than DES but slower

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST as a replacement for DES. Efficiency and security. Supports key lengths of 128 and 256 bits

Two requirements for secure use of symmetric encryption

-Need strong encryption algorithm

-Sender and receiver must have obtained copies of secret keys in a secure fashion

Cryptanalysis Attack

-Rely on nature of the algorithm and knowledge of the plain text

-If successful all future and past messages are jeopardized

Brute Force attack

An attack on passwords or encryption that tries every possible password or encryption key.

Average time required for exhaustive key search

AES takes more time than DES and triple DES

Stream Cipher

-An encryption method that encrypts a single bit at a time.

-Good for when data is sent over a communications channel such as a web links.

Stream Cipher vs Block Cipher

Stream Ciphers have higher throughput

Advantages of a block cipher

You can reuse keys

Message authentication

-Protects against active attacks

-Verifies received message is authentic

-Can use conventional encryption

Replay Attack

An attack where the data is captured and replayed. Attacker resends message since they have the hash and the receiver could potentially send information back.

Hash Function

Accepts a variable size message M as input and produces a fixed size message digest h= H(M) as output.

Hash Function Properties

-Applied to any size data

-H produces a fixed-length

-H(x) easy to compute for a given x

-One-way resistant (Infeasible to reverse hash)

-Weak collision resistance

-Strong Collision resistance (Prevents the same hash from being found)

Attacking Hash Functions

-Exploit weaknesses in algorithm

-Strength of hash code depends on length of code

Public Key Encryption

uses two keys: a public key that everyone can have and a private key for only the recipient

Misconceptions of Public Key Encryption

-Public Key is more secure from cryptanalysis attacks than symmetric encryption

-Public-Key has made symmetric encryption obsolete

-Key distribution is trivial

Public-Key for confidentiality

If someone sends a message using another person's public key, then only that person can decrypt the message using their private key.

Public-Key for Integrity and Authentication

If someone uses their private key to send a message to someone else. Then that other person can decrypt using the senders public key and verify that the message was sent from them.

Digital Signature

Asymmetric encryption of a hash of message

What is the purpose of a hash function in a digital signature?

Makes the signature faster to compute

Public key for both integrity and confidentiality

Sender encrypts hash using private key as the digital signature. Receiver decrypts message using their own private key. After decrypting the digital signature of the sender then if the result is equal to the hash function ,then integrity is validated.

Public Key Certificates

Used to validate if a public key belongs to a certain person. Certificate Authority is passed in a message.

Digital Envelope

a technique that uses symmetric encryption for large documents, but public key encryption to encrypt and send the symmetric key

RSA Encryption

The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.

What makes it hard for hackers to generate private key for RSA?

-Easy to compute modulus if chi(n) is known, but they do not have it

-If p and q are big enough then it is very hard to factorize n

Security of RSA

-Brute force attacks that try all possible keys

-Mathematical approach with figuring out the prime factorization