COMP607 - Week 3 Basic cryptography continued

What is cryptography?

The practice of securing information by transforming it into an unreadable format, only to be deciphered by those who possess a key.

What are the main types of cryptographic algorithms?

Hash, symmetric, and asymmetric cryptographic algorithms.

How do symmetric and asymmetric cryptographic algorithms differ?

Symmetric algorithms use the same key for encryption and decryption, while asymmetric algorithms use a pair of keys: a public key for encryption and a private key for decryption.

What is the principle of symmetric-key encryption?

It uses the same secret key for both encryption and decryption, with similar functions for both processes.

What is a key distribution problem in symmetric cryptography?

The challenge of securely sharing a secret key between parties over an insecure communication channel.

What is nonrepudiation in cryptography?

The assurance that someone cannot deny the validity of their signature on a message, often achieved through asymmetric cryptography.

What is the analogy used to explain symmetric encryption?

A safe with a strong lock where only the parties involved (e.g., Alice and Bob) have keys to access the contents.

What is the analogy for public-key encryption?

A mailbox where anyone can deposit a letter (encrypt) but only the person with the private key can retrieve it (decrypt).

What is the role of public and private keys in asymmetric cryptography?

The public key is shared openly for encrypting messages, while the private key is kept secret for decrypting them.

What are some main security mechanisms of public-key algorithms?

Key establishment, nonrepudiation, identification, and encryption.

What is the significance of key pairs in asymmetric cryptography?

Asymmetric cryptography requires two keys: a public key that can be shared and a private key that must remain confidential.

How can asymmetric keys work in both directions?

A document encrypted with a public key can be decrypted with the corresponding private key, and vice versa.

What is the purpose of digital signatures in asymmetric cryptography?

To verify the sender, prove message integrity, and prevent the sender from disowning the message.

What are some common use cases for cryptography?

Securing communications, protecting sensitive information, and ensuring data integrity.

What is the Diffie-Hellman key exchange?

A method for securely establishing a shared secret key over an insecure channel.

What is RSA in the context of cryptography?

A widely used asymmetric cryptographic algorithm for secure data transmission.

What does it mean for public keys to be designed to be public?

Public keys can be freely distributed and do not require protection.

What is a potential issue with key management in asymmetric cryptography?

Managing the security and distribution of private keys can be complex and challenging.

What is the role of timestamps and nonces in asymmetric cryptography?

They provide assurance that parties are communicating in real-time and help prevent replay attacks.

What is the primary advantage of using asymmetric cryptography over symmetric cryptography?

It allows secure communication without the need for a secure channel to share keys.

What is RSA?

RSA is the most common asymmetric cryptography algorithm, published in 1977 and patented by MIT in 1983.

What does RSA use to generate keys?

RSA uses two large prime numbers, p and q, to compute their product (n = pq) and derive public and private keys.

How is the public key defined in RSA?

The public key in RSA is defined as the pair (n, e), where n is the product of two primes and e is a number less than n that is coprime to (p - 1)(q - 1).

What is the private key in RSA?

The private key in RSA is defined as (n, d), where d is calculated so that (ed - 1) is divisible by (p - 1)(q - 1).

What is elliptic curve cryptography (ECC)?

ECC is an asymmetric cryptography method that uses elliptic curves and requires less computing power than prime number-based methods like RSA.

What is a digital certificate?

A digital certificate is a technology used to associate a user's identity with a public key, digitally signed by a trusted third party.

What information does a digital certificate contain?

A digital certificate contains the owner's name or alias, the owner's public key, the issuer's name, the issuer's digital signature, the certificate's serial number, and expiration date.

What is the purpose of a digital signature?

A digital signature provides electronic verification of the sender by encrypting a hash digest of a document with the sender's private key.

What is a weakness of digital signatures?

Digital signatures only prove the owner of the private key used to create them, not the true identity of the sender.

What are cryptographic protocols?

Cryptographic protocols are methods that use cryptographic algorithms to protect data in transit across a network.

What is Secure Sockets Layer (SSL)?

SSL is an early cryptographic protocol developed by Netscape in 1994 to create an encrypted data path between a client and a server.

What is Transport Layer Security (TLS)?

TLS is a cryptographic protocol that replaces SSL and addresses several vulnerabilities in SSL v3.0.

What is Secure Shell (SSH)?

SSH is an encrypted protocol used to securely access remote computers, providing a command interface and utilities for secure logins and file transfers.

What is Hypertext Transport Protocol Secure (HTTPS)?

HTTPS is the secure version of HTTP, using TLS or SSL to encrypt communications between a browser and a web server.

What is Secure/Multipurpose Internet Mail Extensions (S/MIME)?

S/MIME is a protocol for securing email messages using cryptographic techniques.

How does ECC differ from RSA in terms of key size?

ECC uses smaller key sizes than RSA for the same level of security, making it more efficient.

What is the mathematical equation for an elliptic curve?

The equation for an elliptic curve typically looks like y² = x³ + ax + b.

What is the role of a trusted third party in digital certificates?

The trusted third party verifies the owner's identity and digitally signs the certificate to confirm the public key belongs to that owner.

What happens when a user accesses a secure webpage?

The user's browser sends an unsecured HTTP request, the server responds with a redirect to a secure page, and then the browser sends a secure HTTPS request to establish a secure session.

What is the significance of the numbers p and q in RSA?

The numbers p and q are large prime numbers used to compute the product n and derive the public and private keys, but they can be discarded after key generation.

What is the purpose of the number e in RSA?

The number e is chosen to be less than n and must be coprime to (p - 1)(q - 1) to ensure the public key is valid.

What does a digital signature not do?

A digital signature does not encrypt the message itself; it only verifies the sender's identity.

What is an imposter public key?

An imposter public key is a fraudulent key that may mislead users into thinking it belongs to a legitimate sender.

What does S/MIME stand for and what is its purpose?

S/MIME stands for Secure/Multipurpose Internet Mail Extensions; it describes how encryption information and digital certificates can be included in email messages to allow for encrypted and digitally signed communications.

What is the main function of the Secure Real-time Transport Protocol (SRTP)?

SRTP provides security for Voice over IP (VoIP) communications by adding features like message authentication and confidentiality.

How does IP Security (IPsec) secure Internet Protocol communications?

IPsec encrypts and authenticates each IP packet in a session between hosts or networks, providing protection for a wider range of applications than TLS or SSL.

What are the three areas of protection provided by IPsec?

Authentication, confidentiality, and key management.

What is the difference between Transport mode and Tunnel mode in IPsec?

Transport mode encrypts only the data portion of a packet, while Tunnel mode encrypts both the header and the data portion.

What is file system cryptography?

File system cryptography is the process of encrypting files or folders, which can be performed using third-party software or operating system features.

Name two operating systems that provide native encryption support.

Microsoft's Encrypting File System (EFS) and Apple's FileVault.

What is whole disk encryption?

Whole disk encryption protects all data on a hard drive, ensuring that all files are encrypted.

What is the role of a Trusted Platform Module (TPM)?

TPM is a chip on a computer's motherboard that provides cryptographic services, including a true random number generator and protection against software attacks.

What is a Hardware Security Module (HSM)?

An HSM is a secure cryptographic processor that performs accelerated symmetric and asymmetric encryption and can provide services to multiple devices over a LAN.

How does hardware encryption enhance security compared to software encryption?

Hardware encryption is embedded in devices and provides a higher degree of security, making it less susceptible to attacks that exploit software vulnerabilities.

What is the purpose of blockchain technology in business transactions?

Blockchain serves as a shared, tamper-evident ledger that facilitates the recording of transactions and tracking of assets across a business network.

What is the significance of hashing in cryptography?

Hashing creates a unique digital fingerprint of the original material, which is used for comparison and ensures data integrity.

What is symmetric cryptography?

Symmetric cryptography uses a single key for both encryption and decryption of messages.

What is asymmetric cryptography?

Asymmetric cryptography, or public key cryptography, uses two keys: a public key for encryption and a private key for decryption.

What is the purpose of a digital signature in cryptography?

A digital signature verifies the authenticity and integrity of a message or document.

What are some examples of third-party software tools for encryption?

Examples include GNU Privacy Guard (GnuPG), AxCrypt, Folder Lock, and VeraCrypt.

What is the function of self-encrypting hard disk drives?

Self-encrypting hard disk drives protect all files stored on them and perform authentication during power-up to ensure data security.

How does USB device encryption enhance security?

Encrypted USB devices require a correct password to connect to a computer, automatically encrypt all data copied to them, and can be remotely controlled or disabled.

What is the main advantage of using a shared ledger in blockchain?

A shared ledger reduces errors and speeds up transaction times by eliminating the need for multiple entities to maintain separate records.

What happens if a hard disk drive fails authentication during power-up?

If authentication fails, the drive can deny access or delete encryption keys, making all data permanently unreadable.