What is cryptography?

Cryptography is a science that involves integrity, confidentiality, authenticitty and non-repudiation.

What is an intrusion detection system?

An IDS is a system that analyzs a network (it is a packet sniffer) for for suspicious activity in order to detect intrusions. It raises an alarm to the administrator in ase it detects something suspicious. It is generally connected to a whole LAN or a segment.
What are honey pots?
Honey pots are systems used to lure hackers into. Ideally, the hacker thinks that the honey pot is a real system so that there is enough time to identify the hacker.
Is authentication and authenticity the same?
Authentication is the process of establishing and verifying with a valid station. And a station is authentic when it is what it claims to be.
What is the difference between authenticity and integrity?
What are the advantage of symmetric- over asymmetric encryption?
What is non-repudiation?
Non-repudiation is the ensurance that nobody can deny the validity of something, nor its authorship.
What is the difference of a worm and a virus?
Unlike a virus, worms are independently executable. Worms are injected into the network and life on their own. A virus nomally reside in files or programs.
What is a firewall?
A firewall is a program or hardware that monitors outgoing and incoming traffic inorder to control he access between networks/intranets. Packets are either blocked or allowed according to a defined set of security rules. Packets can for example be filtered by the port numbers, protocol, source and destination addresses.

What is a DMZ?

A Demilitarized Zone is a logical or physical subnet that separates an inernal LAN from other networks to achieve an additional layer of security to the LAN. Services that communicate with the extranet are located in the DMZ while the internal LAN remains unreachable. Often two firewall are used (one destined only to the DMZ and an one for the internal LAN).
What is a PKI?
A Public Key Infrastructure consists of a certification authority (CA), a registration authority, a repository and an archive.

What is symmetric encryption?

Symmetric encryption uses a single key to both encrypt and decrypt data. The station encrypting and the station decryption know both the secret key and which encryption algorithm was used to encrypt the message. Symmetric encryption provides confidentiality and authentication of the communication partner (if only the authorized principles have the key and nobody else).
What is the advantage of symmetric encryption?
Symmetric encryption is a lot faster (it requires a lot less process pwoer).
What are the weaknesses of symmetric encryption?
The distribution of the secure key is problematic and it has scalability problems as a lot of keys are required when the number of people grow. Furthermore, it provides only confidentiliaty.
What are the two main types of symmetric encryption?
  • Stream ciphers is a byte-per-byte process that combines one byte (or bit) of the plaintext with one byte of the key to create the ciphertext.
  • Block ciphers applies a symmetric key to a block of bytes. As the block block is fixed in size, a padding is added if the length doesn't add up.
What are the 6 aspects of security?
Authentication, Confidentiality, Integrity, Non-Repudiation, Access Control, Availability
What is understood by the process 'signing'?
Signing is used to verify the information source. A message is encoded with the private key and can be easily decrypted by anyone with the public key.
What are trapdoor permutations and how are they used in public key cryptography?
A trapdoor function is easy to compute in one direction, but hard to find its inverse. In asymmetric encryption for example, we can give the the public key safely to the user as it will not help him to invert the function.

What is asymmetric encryption used for?

Digital signatures and key exchange.
When is a cryptosystem semantically secure?
It is considered semantically secure when we can not retrieve any useful information from the ciphertext about the plaintext. This is normally the case if the encryption algorithm is non-deterministic or when we add a padding to it. A cryptosystem is considered perfectly secret when no information at all can be retrieved from the ciphertext about the plaintext.
What is a certification authority (CA)?
A Certification authority issues digital certificates that are used to verify the ownership of a pulbic key. Both, the owner of the certificate and the other party have to trust the CA. Therefore a CA is also called a 'trusted third party'. A public key can be relied on if the certificate is signed by a trusted CA.
What is a digital signature used for?
To prove the authenticity of an entity.
Why is a CA (certification authority) needed?
With this trusted third party, the owners of the public key can verify that they can trust the public key that is used for encryption. With CAs the user can check the valifity of the provider.
How can asymmetry in public-key cryptosystems be achieved using factorization?
The asymmetry is usually achieved by using prime factorization which takes a long time for large prime numbers. Only the person who knows the prime factors (the one with the private key) can decrypt the message. The parties with the public key would first have to factor the number which takes too long.
What is X.509?
X.509 is a standard used by TLS, etc. for defining the format of public key certificates.
What is a certificate chain?
Digital certificates are verified with a chain of trust. The user can verify the certificate issuer with the certificate hierarchy. The chain terminates with the root CA certificate that is signed by the CA itself. For increased security, intermeidate certificates are used. The CA signs the intermediate certificate with the private key.
What are examples of social engineering attacks?
Social Engineering involes manipulation of people to get access to confidential information. For example Baiting (give them something they want - like a new movie), Phising (imitation of a trusted source)

What is spear phishing?

Spear phising is a type of phishing where a specific individual is targeted. This is done by gathering or/and using personal information of the target.
When does it make sense to encrypt a message with the private key?
To prove authenticity.
What are the TLS (Transport Layer Security) protocols?
  1. Handshake protocol and change cipher spec. protocol: to negotiate the ciphersuite and establish the keys.
  2. Record protocol: uses the keys from the handshake to provide confidentiality, integrity (using a MAC) and authenticity of application layer data. It provides end-to-end encryption using symmetric encryption. It does encrypt, calculate a checksum (MAC), compress and transmit the data to the peer. On the receiver side the inverse is done (decrypt, decompress, verify checksum, reassemble fragments and finally delivering the message to upper protocol layers.
  3. Alert protocol: used for warnings and errors.

What is PGP (Pretty Good Privacy)?

PGP is a security method to encrypt and sign messages often used for e-mail security. PGP uses asymmetric encryption for the exchange of keys and symmetric encryption for the actual message. PGP offers services for authentication and confidentiality.
In PGP, which steps are involved for the authentication?
Authentication is done with digital signatures.
  1. The sender creates a message.
  2. A hash code of the message is generated using SHA-1.
  3. The sender crypts the hash code with his private key using RSA.
  4. The encrypted hash code is prepended to the plaintext message.
  5. The receiver decrypts the hash code using the sender's public key.
  6. Finally, the receiver generates a new hash code of the message and compares it with the the decrypted hash code. The message is authentic if the two hash codes are the same.
How does PGP achieve confidentiality?
For the encryption of messages symmetric encryption with a session key that is bound to the message is used.
  1. The sender genrerates for every message a unique session key. Then, the message is encrypted using the session key.
  2. The public key is used to encrypt the session key, which then is prepended to the message.
  3. The receiver can then decrypt the session key using his private key (RSA).
  4. The session key is then used to decrypt the original message.
Can the service for confidentiality and authentication be used simultanously in PGP - if yes, how?
  1. A signature is generated with the private key and prepended to the message (message gets signed).
  2. The plaintext and the signature is then ecrypted using the session key.
  3. The session key is encrypted using RSA with the public key of the recipient.
How does PGP achieve email compatbility?
The bytes of the cipertext are encoded to ASCII with the Raidx-64 encoding.

What is RSA?

RSA (Rivest–Shamir–Adleman) is a asymmetric cryptosystem used for data transmission. The asymmetry in RSA is achieved by using prime factorization.
What are the vulnerabilities of RSA and can they be fixed?
  • RSA is a deterministic algorithm (without a random component). Therefore, the attacker can launch a plaintext attack in which he tries to guess the plaintext by encrypting it and then check if it is 'similar' to the ciphertext.
  • RSA is a homomorphic algorithm
  • Side channel attacks such as the timing attack which exploits timing variability of the implementation
The first two problems can be fixed by introducing a randomized padding.
What is MD5?
MD5 is a one-way hashing algorithm that is often used for verifying the integrity of a file.
What is a VPN?
A Virtual Private Network interconnect networks or hosts in a secure way accross a public network. The most popular are TLS based VPNs and IPSec VPN.
What is confidentiality (network security)?
Limted access to information. For example an encrypted message where only the authorized parties have the key needed for the decryption is confidential.
What role does Zero Knowledge Proof (ZKP) play in the authentication and which properties must be satisfied?
In ZKP the goal is to proof that you have the valid credentials without having to give the verifier the credential details. A ZKP has the following three properties:
  • Completeness: If the statement of the prover is true then the verifier must be convinced that the prover is honest.
  • Soundness: A honest verifier must only be convinced that a prover is honest when the statement is correct.
  • Zero-knowledge: The verifier must never learn about the secret of the prover (only whether true or false).
What is Advanced Encryption Standard?
AES is a symmetric-key block cipher algorithm. AES replaces DES (Data Encryption Standard). Both are symmetric block ciphers. AES has a key-length of 128, 192, or 256 bits and is considered secure.
What is the Extensible Authentication Protocol?
EAP offers several types of authentication. EAP-TLS for example is based on a Public Key Infrastructure (PKI).

What is Wired Equivalent Privacy?

WEP (Wired Equivalent Privacy) is a security protocol for wireless networks that aims to provide similar security as wired (Ethernet) networks have. With WEP data transmission is protected from the station up to the access point. WEP requires a pre-shared key (PSK).
What is the main weakness of WEP?
WEP is not safe against the Known Plainttext Attack. The keystream can be determined if the attacker knows plaintext for a given ciphertext.
What are the two authentication methods that WEP provides?
  • Open System authentication: a client is automatically authenticated regardless of whether he has the shared secret.
  • Shared Key authentication:
  • Open System authentication: the access point sends a clear text challenge that the client has to encrypt. The client is only authenticated if the clear text challenge is correctly encrypted.
Why is WEP Shared authentication considered worse than Open authentication?
In shared authentication mode, it is easy for the client to find the key as he can just analyze enough challenge frames to detect the WEP key.

What is WiFi Protected Access?

The WPA security protocol was designed to replace WEP. It implements the TKIP (Temporal Key Integrity Protocol) and Message Integrity Check to verify messages and keys. For every packet the key changes. WPA also uses longer key and better encryption methods. WPA2 also uses a pre shared key, but uses AES to encrypt data.
What is the difference between WPA2 Personal and WPA2 Enterprise?
Personal uses a shared key whereas enterprise uses unique credentials for every user. In enterprise mode, the AP verifies each login with a database using a RADIUS server.With RADIUS authentication with LDAP, Active Directory and certificates are possible.
How is WPA's MAC better than WEP's CRC?
The MAC (Message Authentication Code) of WPA provides authenticity and data integrity.
What is Opportunistic Wireless Encryption?
OWE is a new feature in WPA3 that offers encryption without authentication. This makes mainly sense for networks that don't use passwords such as guest hotspots.
Why is the primary security vulnerability of WPA2?
The four-way handshake that is used to connect with a PSK.