Documente Academic
Documente Profesional
Documente Cultură
Ans:
Information security, sometimes shortened to InfoSec, is the practice of defending
information from unauthorized access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction. It is a general term that can be used
regardless of the form the data may take.
Q. What are the fundamental properties of security?
Ans:
The fundamental properties of information security are described in brief below:
Integrity
In information security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. This means that data cannot be modified in an
unauthorized or undetected manner. Information security systems typically provide
message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it
is needed. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it
must be functioning correctly. High availability systems aim to remain available at all times,
preventing service disruptions due to power outages, hardware failures, and system
upgrades.
Authenticity
In computing and information security, it is necessary to ensure that the data, transactions,
communications or documents (electronic or physical) are genuine. It is also important for
authenticity to validate that both parties involved are who they claim to be. Some
information security systems incorporate authentication features such as "digital
signatures", which give evidence that the message data is genuine and was sent by someone
possessing the proper signing key.
Non-repudiation
In law, non-repudiation denotes one's intention to fulfill their obligations to a contract. It
also implies that one party of a transaction cannot deny having received a transaction nor
can the other party deny having sent a transaction.
Block ciphers are important elementary components in the design of many cryptographic
protocols, and are widely used to implement encryption of bulk data.
Q. Describe One time pad and two time pad encryption.
One time pad:
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked
if used correctly. In this technique, a plaintext is paired with a random secret key (also
referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by
combining it with the corresponding bit or character from the pad using modular addition.
If the key is truly random, is at least as long as the plaintext, is never reused in whole or in
part, and is kept completely secret, then the resulting ciphertext will be impossible to
decrypt or break. It has also been proven that any cipher with the perfect secrecy property
must use keys with effectively the same requirements as OTP keys. However, practical
problems have prevented one-time pads from being widely used
Two time pad:
Q. Describe Shanons perfect secrecy.
Answer: No:2 Slide ,page 8.
Q. What is MAC in cryptography?
Answer:
In cryptography, a message authentication code (MAC) is a short piece of information used
to authenticate a message and to provide integrity and authenticity assurances on the
message. Integrity assurances detect accidental and intentional message changes, while
authenticity assurances affirm the message's origin.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input
a secret key and an arbitrary-length message to be authenticated, and outputs a MAC
(sometimes known as a tag). The MAC value protects both a message's data integrity as well
as its authenticity, by allowing verifiers (who also possess the secret key) to detect any
changes to the message content.
Q. What do you know about OTTP?
Answer:
In cryptography, a trusted third party (TTP) is an entity which facilitates interactions
between two parties who both trust the third party; The Third Party reviews all critical
transaction communications between the parties, based on the ease of creating fraudulent
digital content. In TTP models, the relying parties use this trust to secure their own
interactions.
An example
Suppose Alice and Bob wish to communicate securely they may choose to use
cryptography. Without ever having met Bob, Alice may need to obtain a key to use to encrypt
messages to him. In this case, a TTP is a third party who may have previously seen Bob (in
person), or is otherwise willing to vouch that this key (typically in an identity certificate)
belongs to the person indicated in that certificate, in this case, Bob. In discussions, this third
person is often called Trent. Trent gives it to Alice, who then uses it to send secure messages
to Bob. Alice can trust this key to be Bob's if she trusts Trent. In such discussions, it is simply
assumed that she has valid reasons to do so (of course there is the issue of Alice and Bob
being able to properly identify Trent as Trent and not someone impersonating Trent).