2A - Data transmission using the web

Question 1

Applications of Web Programming

Answer 1

1. Interactivite web pages (e.g. buttons, animations)
2. E-commerce (e.g. shopping cart)
3. Progressive Web Apps (Websites like mobile apps -> incl. push notifs, offline)

Question 2

Debugging Techniques/Tools

Answer 2

1. Breakpoints
2. Single line stepping
3. Watches (monitor specific variables)
4. Debugging output statements
5. Adjusting values

Question 3

Packets

Answer 3

Small amounts of information sent over a network that’s then recombined when received

Benefits: Faster transmission (can’t be sent on different routes) + not everything has to be resent if one packet corrupts.

Question 4

IP addresses

Answer 4

Internet Protocol addressses: Unique identifier for a device on a network. 4 digits from 0-255.

Question 5

DNS

Answer 5

Domain Name System: converts a domain name into the IP of the server (device) holding the site.

Question 6

Port

Answer 6

A virtual location where a connections starts and ends.

Question 7

HTTP/HTTPS

Answer 7

Hypertext transfer protocol defines client-server interactions and how webpages are passed between browsers and web servers.

HTTPS is secure and uses the TLS encryption protocol.

Question 8

SSL/TLS

Answer 8

Cryptographic protocols (used to encrypt). SSL (secure socket layer) was renamed to TLS (transport layer security) with stronger encryption algorithms.

If a HTTP/S connection is intercepted, because of TLS (which uses the shared session key to encrypt/decrypt), the attacker will see encrypted (jumbled) text.

Before the session key is created/shared, TLS handles the handshake. The client says “I’d like to use TLS; here are the ciphers I support.” The server responds with its SSL/TLS certificate (and public key).

Question 9

TCP/IP

Answer 9

TCP: Communication standard for how data is transferred.

TCP/IP: These 2 standard protocols work together to 1. find the address data is being sent to (IP) and 2. ensure data is sent there (TCP).

Question 10

FTP/SFTP

Answer 10

(secure) file transfer protocol: Enables the transfer of computer files over the internet. client-server model.

Used for data backups, file sharing, website management

Question 11

SMTP/POP3/IMAP

Answer 11

Simple Mail Transfer Protocol: sending emails

Post office protocol version 3: retrieving emails. Allows the user to download to store locally, and then deletes email from server.

Internet Message Access Protocol: retrieving emails, but keeps them on servers for online access and syncing across client devices.

Question 12

SSL certificate

Answer 12

Digital certificate that authenticates a website’s identity

Question 13

Encryption algorithms

Answer 13

E.g. substitution cipher - each character of plaintext is replaced with another according to a fixed system - not secure (brute force vulnerability) (e.g. Caesar cipher)

Question 14

Plain text vs Cipher Text

Answer 14

Cipher text is unreadable to both humans and computers and require a key.

Question 15

Authentication vs Authorisation

Answer 15

Authentication proves someone is who they say they are and authorisation verifies what the user is allowed to do.

Question 16

Hash values

Answer 16

Hashing creates a unique fixed-length value from the original data. No 2 inputs have the same hash and the hash is random. E.g. hash value of inputted password is checked against the hash of the actual password.

Question 17

Digital signatures

Answer 17

Use public key encryption the opposite way - only the sender has the private key and receivers have the public key to verify the identity of the sender.

Question 18

Effects of big data

Answer 18

Big Data: large volumes of structured and unstructured data that’s too large or complex to be handled by traditional data processing.

Data mining: using computers / automation to search for patterns in big data (e.g. netflix algorithm)

Metadata: Data that defines data (eg author, date created, file size); e.g. alt text when images don’t load.

Streaming service management: Data is processed and analysed in real-time with the goal of low-latency. Essential for streaming services like spotify (e.g. auto next-song). Use tools like Apache Kafka to collect user data (eg skips, searches) and Apache Flink to analyse data and recommend in real time.

Question 19

Private key encryption

Answer 19

Symmetric encryption; same key for encrypting and decrypting

Question 20

Public key encryption

Answer 20

Asymmetric encryption; public key for encryption, private key for decryption.

e.g. RSA - Generates a public and private key that are mathematically linked. Relies on 2 large prime numbers which are multiplied together to create a modulus

Question 21

How does a HTTP/S connection work?

Answer 21

1. Client (browser) requests a HTTP/S connection with a server.
2. The server sends its SSL/TLS certificate which contains the server’s public key (for asymmetric encryption) and is verified by a trusted CA
3. The client and server agree on an encryption key (encryption/session key is generated by the client safely sent to the server as its encrypted by the server’s public key and only the server has access to the respective private key). Now both have the session key.

Question 22

Session/encryption key

Answer 22

A temporary symmetric key used to encrypt a specific communication session between two parties, like a website and a browser