CCY2001 Introduction to Cybersecurity Exam

Introduction to Cybersecurity

• The course is offered by the Arab Academy for Science, Technology, and Maritime Transport (AAST-MT) and is part of the College of Computing and Information Technology.
• The course covers the basics of cybersecurity, including cryptographic fundamentals, cybersecurity threats, and risk management.

Cryptography Basics

• Cryptography is about secure communication in the presence of adversaries.
• It ensures confidentiality, integrity, and authenticity of messages.
• Confidentiality is ensured through encryption, which prevents unauthorized access to the message.
• Integrity is ensured through hashing, which verifies that the message has not been modified during transmission.
• Authenticity is ensured through digital certificates, which verify the identity of the sender.

Types of Cryptography

• Symmetric cryptography: uses the same key for encryption and decryption.
• Asymmetric cryptography: uses a pair of keys, one for encryption and one for decryption.
• Hashing: a one-way transformation that creates a fixed-size output from a variable-size input.

Symmetric Algorithms

• DES (Data Encryption Standard): a 56-bit key algorithm, considered outdated.
• 3DES (Triple Data Encryption Standard): a 112-bit key algorithm, considered more secure than DES.
• AES (Advanced Encryption Standard): a 128-bit key algorithm, widely used and considered secure.
• RC2 (Rivest Cipher 2), RC4 (Rivest Cipher 4), and RC6 (Rivest Cipher 6): a set of symmetric-key encryption algorithms.

Asymmetric Algorithms

• RSA (Rivest-Shamir-Adleman): a widely used asymmetric algorithm.
• Elliptic Curve Cryptography (ECC): a type of asymmetric cryptography that uses elliptic curves.

One-Way Functions

• A mathematical operation that is easy to perform in one direction but difficult to reverse.
• Used in public-key cryptosystems.
• Examples: multiplication vs. factorization.

Hashing Algorithms

• Message digests: a summary of a message's content.
• Impossible to derive a message from an ideal hash function.
• Used to ensure integrity of messages.
• Examples: MD5 (Message-Digest Algorithm 5), SHA (Secure Hash Algorithm), and HMAC (Hashed Message Authentication Code).

Digital Signatures

• A digital signature is a hashing technique that employs a string of numbers to establish authenticity and verify identification.
• Typically used to authenticate documents or emails.
• Provides non-repudiation, ensuring the sender cannot deny having sent the message.

Public Key Infrastructure (PKI)

• A system of policies, procedures, and technologies that enable the creation, distribution, and verification of digital certificates.
• Digital certificates verify the authenticity of a public key used to encrypt an online asset.

Certificate Authority (CA)

• A trusted third-party organization that issues and verifies digital certificates.
• Ensures the authenticity of a public key and its corresponding private key.

SSL/TLS

• A protocol that uses PKI to establish encrypted and authenticated connections between a client and a server.
• Uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit.

Pretty Good Privacy (PGP)

• A security program used to decrypt and encrypt email and authenticate email messages through digital signatures and file encryption.
• Combines private-key and public-key cryptography to encrypt data.
• Provides confidentiality, integrity, authentication, and non-repudiation in the sending of email.