What is the CIA triad?
- Confidentiality
Prevention of unauthorized disclosure of information
- Integrity
Prevention of unauthorized modification of information
- Availability
Prevention of unauthorized withholding of services & resources
What is vulnerability, threat and attack?
Vuln: weakness in system that can be exploited
Threat: potential exploitation of vuln
Attack: attempted exploitation of vuln
What are the 3 types of cryptography?
Symmetric, Asymmetric, Hashing
What are examples of symmetric cryptography?
Substitution: replace character with another according to pattern
Transposition: character shifted in regular pattern to different positions
How to ensure cryptography works?
Ensure secrecy is in the key only.
What is the problem with symmetric cryptography?
Need to share key between sender & receiver.
What is asymmetric cryptography?
- Uses one key pair for encryption & decryption
- One as private, one public.
- Key generation is 1-way, not possible to derive private from public key.
What are two ways of asymmetric authentication?
- Public key encrypts, private key decrypts -> confidentiality
- Private key encrypts, public key decrypts -> authentication
What are one-way functions?
One way functions are when it is computationally infeasible to get private key from the public key.
What are three techniques to break ciphers?
Bruteforce -> try all possible keys
Frequency analysis -> based on English text structure, focus on digraphs & trigraphs
Known plaintext -> need access to crypto engine (side channels), inject known plaintext and observe output cipher text.
What are hashing functions?
One way function that takes arbitrary length input and convert them into fixed length outputs.
Same input always result in same hash.
What are the properties of secure hashes?
- One-way property where it is computationally infeasible to find a message given a hash code.
- Strong collision resistance where it is computationally infeasible to find two different messages that hash to the same hash value.
What is a digital signature system?
Hash of a document encrypted with sender’s private key (signed/authenticated) and recipient decrypt the encrypted hash and check it against the hash of the document to see if it matches.
