CCY2001 Introduction to Cybersecurity Exam

Questions and Answers

Which encryption method is used to establish a secure session between a client and a server in SSL/TLS?

Symmetric encryption

Private key encryption

Public key encryption

Asymmetric encryption (correct)

What is a Digital Certificate?

A Digital Certificate is an X.509 defined data structure with a Digital Signature that represents who owns the certificate, who signed the certificate, and other relevant information.

PGP provides all four aspects of security: privacy, integrity, authentication, and non-repudiation in sending emails.

True

PGP uses a combination of ________ and ________ to provide privacy in email communication.

secret key encryption, public key encryption

What is cryptography's purpose in the presence of adversaries?

Communications

What are the three main problems that Cryptography solves?

Authenticity

What does Hashing ensure in message transmission?

Integrity

The Caesar Cipher was used by Julius Caesar for encrypted communication with his generals.

True

Match the Symmetric Encryption Algorithm with its Key length:

DES = 56 3DES = 112 and 168 AES = 128, 192, and 256

The main purpose of a Digital Certificate is to prove the authenticity of a public ___ for encryption.

key

What are the main functions of a Digital Signature?

All of the above

What does PKI stand for?

Public Key Infrastructure

Public-Key Encryption typically uses a single key for encryption and decryption.

False

Study Notes

Introduction to Cybersecurity

• The course is offered by the Arab Academy for Science, Technology, and Maritime Transport (AAST-MT) and is part of the College of Computing and Information Technology.
• The course covers the basics of cybersecurity, including cryptographic fundamentals, cybersecurity threats, and risk management.

Cryptography Basics

• Cryptography is about secure communication in the presence of adversaries.
• It ensures confidentiality, integrity, and authenticity of messages.
• Confidentiality is ensured through encryption, which prevents unauthorized access to the message.
• Integrity is ensured through hashing, which verifies that the message has not been modified during transmission.
• Authenticity is ensured through digital certificates, which verify the identity of the sender.

Types of Cryptography

• Symmetric cryptography: uses the same key for encryption and decryption.
• Asymmetric cryptography: uses a pair of keys, one for encryption and one for decryption.
• Hashing: a one-way transformation that creates a fixed-size output from a variable-size input.

Symmetric Algorithms

• DES (Data Encryption Standard): a 56-bit key algorithm, considered outdated.
• 3DES (Triple Data Encryption Standard): a 112-bit key algorithm, considered more secure than DES.
• AES (Advanced Encryption Standard): a 128-bit key algorithm, widely used and considered secure.
• RC2 (Rivest Cipher 2), RC4 (Rivest Cipher 4), and RC6 (Rivest Cipher 6): a set of symmetric-key encryption algorithms.

Asymmetric Algorithms

• RSA (Rivest-Shamir-Adleman): a widely used asymmetric algorithm.
• Elliptic Curve Cryptography (ECC): a type of asymmetric cryptography that uses elliptic curves.

One-Way Functions

• A mathematical operation that is easy to perform in one direction but difficult to reverse.
• Used in public-key cryptosystems.
• Examples: multiplication vs. factorization.

Hashing Algorithms

• Message digests: a summary of a message's content.
• Impossible to derive a message from an ideal hash function.
• Used to ensure integrity of messages.
• Examples: MD5 (Message-Digest Algorithm 5), SHA (Secure Hash Algorithm), and HMAC (Hashed Message Authentication Code).

Digital Signatures

• A digital signature is a hashing technique that employs a string of numbers to establish authenticity and verify identification.
• Typically used to authenticate documents or emails.
• Provides non-repudiation, ensuring the sender cannot deny having sent the message.

Public Key Infrastructure (PKI)

• A system of policies, procedures, and technologies that enable the creation, distribution, and verification of digital certificates.
• Digital certificates verify the authenticity of a public key used to encrypt an online asset.

Certificate Authority (CA)

• A trusted third-party organization that issues and verifies digital certificates.
• Ensures the authenticity of a public key and its corresponding private key.

SSL/TLS

• A protocol that uses PKI to establish encrypted and authenticated connections between a client and a server.
• Uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit.

Pretty Good Privacy (PGP)

• A security program used to decrypt and encrypt email and authenticate email messages through digital signatures and file encryption.
• Combines private-key and public-key cryptography to encrypt data.
• Provides confidentiality, integrity, authentication, and non-repudiation in the sending of email.

Description

Practice quiz for CCY2001 Introduction to Cybersecurity course at Arab Academy for Science, Technology, and Maritime Transport. Covers course material, including practical work and project assignments.