Cybersecurity Terms Quiz
21 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following accurately describes the Data Encryption Standard (DES)?

  • It is a block cipher with 8-byte input and a 56-bit key. (correct)
  • It encrypts data in a stream format.
  • It employs non-linear confusion through a reverse permutation.
  • It uses a variable key length.
  • What is the primary goal of diffusion in cipher design?

  • To spread the influence of each input bit across many output bits. (correct)
  • To obscure the key used in encryption.
  • To ensure the input and output relationship is simple.
  • To reduce the computational time for encryption.
  • Which statement best describes collision-resistant hashing algorithms?

  • They simplify the process of data recovery after hashing.
  • They make it hard to find two distinct items that hash to the same value. (correct)
  • They are easy to invert and decode.
  • They ensure that two different inputs will always result in the same hash.
  • What are two key principles of cipher design emphasized in cryptography?

    <p>Confusion and Diffusion.</p> Signup and view all the answers

    What distinguishes Advanced Encryption Standard (AES) from DES?

    <p>AES uses variable key lengths and is more efficient.</p> Signup and view all the answers

    What term describes the entity attempting to bypass security measures?

    <p>Adversary</p> Signup and view all the answers

    Which of the following is NOT a goal of Information Security?

    <p>Stop all unauthorized attempts</p> Signup and view all the answers

    What is an example of a systematic artifact that exposes a user or system to a threat?

    <p>Vulnerability</p> Signup and view all the answers

    What does the CIA model stand for in Information Security?

    <p>Confidentiality, Integrity, Availability</p> Signup and view all the answers

    What type of cipher uses a fixed shift to encode messages?

    <p>Caesar cipher</p> Signup and view all the answers

    Which of the following is a source of vulnerability?

    <p>Bad design</p> Signup and view all the answers

    In shared key cryptography, what is essential for both parties?

    <p>Knowledge of the same key</p> Signup and view all the answers

    What is NOT a strategy for dealing with attacks in Information Security?

    <p>Creation</p> Signup and view all the answers

    What does cryptography primarily focus on?

    <p>Developing and using cryptosystems</p> Signup and view all the answers

    Which statement best describes a chosen-plaintext attack?

    <p>The attacker can obtain the encryption of any plaintext they choose</p> Signup and view all the answers

    What distinguishes unconditional security from conditional security?

    <p>Unconditional security is independent of any computational assumptions</p> Signup and view all the answers

    What type of attack involves the adversary only having access to ciphertext?

    <p>Ciphertext-only attack</p> Signup and view all the answers

    How does HMAC enhance the security of MAC?

    <p>HMAC requires a key to compute a secure digest</p> Signup and view all the answers

    What does a digital signature provide in relation to a document?

    <p>Links a private key to the authenticity of the document</p> Signup and view all the answers

    What is the main flaw in traditional MAC implementations?

    <p>They allow adding new content easily through block hash algorithms</p> Signup and view all the answers

    What is the purpose of an encryption algorithm?

    <p>To transform plaintext into ciphertext for secure communication</p> Signup and view all the answers

    Study Notes

    Security Terms

    • Adversary: Any entity attempting to bypass security measures, varying in goals and expertise.
    • Risk: Valuable resources susceptible to misuse, including data, time, confidence, trust, and reputation.
    • Threat: A specific way an attacker can compromise a system, such as an attacker's ability or objective.
    • Threat Model: A compilation of threats deemed significant for a specific environment.
    • Vulnerability: A system flaw exposing users, data, or the system itself to a threat. This can arise from faulty software/hardware, poor design, inadequate policy/configuration, system misuse, or unintended use.
    • Attack: An attempt to exploit a vulnerability.
    • Compromise: A successful attack.
    • Trust: The level of anticipated appropriate behavior from an entity.
    • Trust Model: Defines who can perform what actions within a specific environment.
    • CIA Model (Confidentiality, Integrity, Availability): Ensures:
      • Confidentiality: Information is accessible solely to authorized individuals.
      • Integrity: System data remains accurate, free from unauthorized modifications.
      • Availability: Information or services are accessible when needed.

    Information Security Goals

    • To prevent misuse, but not hinder legitimate actions.
    • Strategies to manage attacks:
      • Prevention: Prohibit attacks (e.g., firewalls).
      • Detection: Identify ongoing attacks and generate alerts (e.g., intrusion detection).
      • Recovery: Restore from attacks (e.g., backups).

    Cryptography

    • Caesar Cipher (ROT13): A simple substitution cipher where each letter is shifted thirteen positions down the alphabet. It's breakable due to its fixed shift pattern.
    • Substitution Cipher: Replaces each letter with a different character or symbol. Breakable by analyzing letter frequencies and patterns.
    • Polyalphabetic Cipher (Vigenere): Uses a keyword to shift letters by different amounts, making it more robust.
    • Shared Key Cryptography (Symmetric Key Cryptography): Both sender and receiver utilize the same key for encryption and decryption.
    • "Unbreakable" Cipher (One-Time Pad): Theoretically provides perfect security, but requires a unique random key as long as the message, making it impractical for everyday use.
    • Kerckhoffs' Principles: These principles state that the security of a cryptosystem should rely on the secrecy of the key, not the algorithm itself.

    DES and AES

    • DES (Data Encryption Standard): A block cipher using an 8-byte input and an 8-byte key (56 bits + 8 parity bits).
    • AES (Advanced Encryption Standard): A replacement for DES, a widely accepted symmetric key cipher. Features:
      • Variable key lengths for flexibility.
      • Compact code and memory footprint.

    Cipher Types

    • Block Ciphers: Process input in fixed-size blocks.
    • Stream Ciphers: Encrypt input as a continuous stream, typically bitwise.

    Cipher Design Principles

    • Confusion: Make the relationship between input and output as complex (non-linear) as possible, often achieved through substitution (e.g., S-box).
    • Diffusion: Spread the influence of each input bit across multiple output bits, achieved through permutation (e.g., Feistel structure).

    Birthday Attacks

    • A class of brute-force attacks exploiting the likelihood of collisions in hash functions.

    Hashing Algorithms

    • One Way: Computationally difficult to reverse (h()) - meaning it's virtually impossible to go from the hash output back to the original input.
    • Collision Resistant: Difficult to find two distinct inputs (x1 and x2) that produce the same hash output (h(x1) == h(x2)).

    Hash Functions as Authenticators

    • Hash functions can be used to verify data integrity. Any change to the data will result in a different hash, indicating tampering.

    Cryptography Basics

    • Cryptography: The art and science of creating and using cryptosystems.
    • Cryptosystem: A method for disguising (encrypting) plain text messages so only authorized individuals can decipher them (decrypt).
    • Cryptanalysis: The art and science of breaking cryptosystems.
    • Cryptology: The combined study of cryptography and cryptanalysis.
    • Encryption Algorithm: An algorithm for making content unreadable to unauthorized users.
      • E(plaintext, key) = ciphertext (encryption)
      • D(ciphertext, key) = plaintext (decryption)
      • The algorithm is typically public knowledge, while the key is private, adhering to the "principle of open design."
    • Unconditional Security: A system that provides provable guarantees of security regardless of an attacker's computational power.
    • Conditional/Computational Security: Security relies on limitations of an attacker's computational resources or certain hardness assumptions.
    • Ciphertext-Only Attack: An attacker only has access to ciphertext and attempts to deduce the underlying plaintext.
    • Known-Plaintext Attack: The attacker knows one or more pairs of ciphertext/plaintext encrypted with the same key, trying to determine the plaintext of other ciphertext.
    • Chosen-Plaintext Attack: The attacker can obtain the encryption of any plaintext and attempts to determine the plaintext of different ciphertext.
    • Chosen-Ciphertext Attack: The attacker can obtain the plaintext of any ciphertext except the one they want to decrypt.
    • Hash Chain: Chains together multiple hash values to offer enhanced security.
    • MAC (Message Authentication Code): Used to authenticate content and verify data integrity, but is susceptible to attacks where attackers might add new content.
    • HMAC (Hash-based Message Authentication Code): A collision-resistant MAC where an attacker cannot compute a correct digest without knowing the key (K).

    Encryption and Digital Signatures

    • Private Key Encryption (Symmetric Key Encryption):* Both the sender and receiver use the same key for encryption and decryption.
    • Digital Signatures:* Digitally replicate physical signatures, associating a private key with a document. They ensure authenticity and non-repudiation (proof of origin).

    Secret Key vs. Public Key Cryptography

    • Secret Key Cryptography (Symmetric Key Cryptography): Both sender and receiver use the same key.
    • Public Key Cryptography (Asymmetric Key Cryptography): Uses two separate but mathematically related keys:
      • A public key: Used to encrypt data, meaning anyone can encrypt data.
      • A private key: Used to decrypt data, meaning only the owner of the private key can decrypt.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    CS642 Midterm 1 PDF

    Description

    Test your knowledge on essential cybersecurity terminology. This quiz covers important concepts like adversaries, vulnerabilities, threats, and the CIA model. Understand the language of security and how these terms relate to protecting information and systems.

    More Like This

    Cybersecurity Threats and Attacks Quiz
    10 questions
    Cybersecurity Terminology Quiz
    3 questions
    Cybersecurity Terminology Quiz
    10 questions
    Use Quizgecko on...
    Browser
    Browser