You are on page 1of 4

Answer to Tutorial 10 Information Security

1. What are cryptography, cryptanalysis, and cryptology? Answer: Cryptography is the study of mathematical techniques to provide the security of information over insecure channels. Cryptanalysis is the study of mathematical techniques for attempting to defeat information security services. Cryptology is the study of cryptography and cryptanalysis. 2. What were some of the rst uses of cryptography? Answer: Concealing military and political secrets while they were transported from place to place. 3. What is a key, and what is it used for? Answer: The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext; the key can be a series of bits used by a computer program, or it can be a passphrase used by humans that is then converted into a series of bits for use in the computer program. 4. What is a hash function, and what can it be used for? Answer: Hash functions are mathematical algorithms that generate a message summary or digest (sometimes called a ngerprint) to conrm the identity of a specic message and to conrm that there have not been any changes to the content. 5. What is the fundamental dierence between symmetric and asymmetric encryption?

Answer: Asymmetric encryption is also known as public key encryption. It uses two dierent keys to encrypt messages, the public key and the private key. The public key is stored in a public location where anyone can use it. Symmetric encryption is dierent because it uses only one key to encrypt and decrypt messages. Symmetric encryption is much faster for the computer to process, however it raises the costs of key management. Symmetric encryption, also called private key encryption, is where the same key is used to conduct both the encryption and decryption of the message. Both the sender and receiver must own encryption of the key. The problem with symmetric encryption is getting a copy of the key to the sender. 6. What are the ve components of PKI? Answer:

(i) A certicate authority (CA), which issues, manages, authenticates, signs, and revokes users digital certicates, which typically contain the users name, public key, and other identifying information. (ii) A registration authority (RA), which operates under the trusted collaboration of the certicate authority and can be delegated day-to-day certication functions, such as verifying registration information about new registrants, generating end-user keys, revoking certicates, and validating that users possess a valid certicate. (iii) Certicate directories, which are central locations for certicate storage that provide a single access point for administration and distribution. (iv) Management protocols, which organize and manage the communications between CAs, RAs, and end users. This includes the functions and procedures for setting up new users, issuing keys, recovering keys, updating keys, revoking keys, and enabling the transfer of certicates and status information among the parties involved in the PKIs area of authority. (v) Policies and procedures that assist an organization in the application and management of certicates, the formalization of legal liabilities and limitations, and actual business practice use. 7. What is the dierence between digital signatures and digital certicates? Answer: A certicate is a wrapper for a key value. A signature is a combination of a message digest and other information used to assure non-repudiation.

8. What is steganography, and what may it be used for? Answer: Steganography is a process used to hide messages within digital encoding of pictures and graphics. This is a concern for the security professional because hidden messages are not easily detected and can contain sensitive information that needs to be protected. 9. What security protocols are predominantly used in Web-based electronic commerce? Answer: S-HTTP, SET, SSL, SSH-2, and IPSec. 10. What security protocols are used to protect e-mail? Answer: S/MIME, PEM and PGP. 11. IPSec can be used in two modes. What are they? Answer: Transport and tunnel modes. 12. Which kind of attack on cryptosystems involves using a collection of pre-identied terms? Answer: A dictionary attack uses pre-identied terms. 13. Which kind of attack involves sequential guessing of all possible key combinations? Answer: A brute-force attack tries all possible combinations.

14. What is the average key size of a strong encryption system in use today? answer: Web-based SSL has standardized on 128 bits as of late 2004. 15. What is the standard for encryption currently recommended by NIST? Answer: AES, the Advanced Encryption Standard.