What are the four principles of security?
- Confidentiality
- Authentication
- Integrity
- Availability
What is the “Confidentiality” principle of security?
Only sender and intended receiver should understand the message contents
What is the “Authentication” principle of security?
Sender and receiver want to confirm each other’s identity
What is the “Integrity” principle of security?
Sender and receiver want to ensure that the message is not altered without detection
What is the “Availability” principle of security?
Services must be accessible and available to users
What are the four actions an intruder can take?
- Eavesdrop: Intercept message
- Impersonation: Can fake source address in packet
- Hijacking: Take over ongoing connection by removing sender or receiver, inserting themselves in place
- Denial of Service: prevent service from being used by others
What does an encryption algorithm comprise of?
- A method for encrypting the data
- A method for decrypting the data
- A secret key used in the decryption / encryption method
What are three methods for breaking an encryption scheme?
- Ciphertext-only attack
- Known-plaintext attack
- Chosen-plaintext attack
Describe the Ciphertext-only attack
- Intruder has ciphertext but not plaintext
- Option 1: brute force, search through all keys
- Option 2: statistical analysis (look for patterns)
Describe the Known-Plaintext Attack
Intruder has some ciphertext with its plaintext, wants to break other ciphertexts
Describe the Chosen-Plaintext Attack
Intruder has the ability to encrypt any plaintext but doesn’t have the key for decryption
