Unit 2 CyberSecurity

Data Security & Privacy Study Guide

Cryptography Basics

  • Cryptography is the art and science of hiding information using mathematical & computational  means.

  • Who uses cryptography, and for what purpose?

    • Any person or organization who wants to keep something confidential

  • A cipher is one of the simplest and easiest forms of cryptography, and is a code that’s used to transform language.

  • Using logic and analysis techniques to break codes is known as cryptanalysis.

Encryption

  • Transforming information such that it is hidden, but can still be decoded, is referred to as encryption.

  • Cryptography protects us against confidentiality & integrity threats in the CIA triad.

  • Data exists in three states:

    • Data at rest

    • Data in transit

    • Data in use

  • What’s an example of each?

    • Data at rest - information sitting in a database

    • Data in transit - sending emails to your teacher

    • Data in use - powerpoints

  • Types of encryption:

    • Symmetric encryption, which uses a single key.

    • Asymmetric encryption, which uses two keys.

  • The most common symmetric encryption algorithm is AES.(ends in s, symmetric)

  • Steganography is the practice of concealing information in an image or object.

  • Symmetric encryption is typically used to store data at rest.

  • The most common asymmetric encryption algorithm is RSA. (ends in a, asymmetric)

  • Asymmetric encryption is typically used to store data in transit.

  • How does asymmetric encryption work?

    • The sender creates and encrypts a ciphertext using the recipient’s public key and then the recipient decrypts the ciphertext using the recipients private key

Hashing

  • A hash, also known as a checksum, is a one-way function.

  • The avalanche effect is best described as a change to the data that drastically changes the output of the hash.

  • Why do I want a fingerprint of data?

    • To validate files and identities

  • The most common hashing algorithm is SHA-256. (ends in ha,  hashing)

  • How are passwords stored and checked in a database?

    • They compare the users password to date stored in their database. They never keep their password in plain text

  • Random data added to a password prior to hashing is known as a salt.

  • Cryptographic attacks:

    • A dictionary attack, or an attack where a common wordlist of passwords are used to guess passwords

    • A rainbow table attack, or where it uses a precomputed list of common passwords that’ve been run through a hashing algorithm, it then compares password hashes against that table..

    • A collision attack, or when you manipulate a file to make it have the same hash as another file