establishes the identity of a subject

specifies and enforces that each object is accessed correctly and only by those that are allowed to do so

to enforce a specified security policy

to emphasize encryption

data, resources

AC policy

functions such as grant, deny

decisions

data, resources

AC policy

functions such as grant, deny

decisions

data, resources

AC policy

granting and denying access

decisions

an active entity requesting for resource access

a passive entity and target of the protection

an access control decision function

an access control information function

an active entity requesting for resource access

a passive entity and target of the protection

an access control decision function

an access control information function

1

2

3

4

1

2

3

4

invalid operations should be permitted

every actions should be checked

unnecessary access should not be allowed

all the above mentioned

Specifies a given subject can perform what operations on what objects

Subjects does not grant rights to other subjects

Users have only one ticket

Access rights given to a subject are valid for forever

Objects are encapsulated, permitting only certain specified accesses via program execution

Specifies a given subject can perform what operations on what objects

Access rights given to a subject are valid for forever

Users have only one ticket

Enforces accesses to an object be done through a trusted interface

Specifies a given subject can perform what operations on what objects

Access rights given to a subject are valid for forever

Users have only one ticket

Classification of information by the level of importance and permission of access by users with different security clearance

Classification of information by date and permission of access by users with different security clearance

Classification of information by the level of importance and permission of access by users name

Classification of information by date and permission of access by users name

1

2

3

4

A subject can only read an object of less or equal security level

A subject can only write into an object of greater or equal security level

A subject can only read an object of more or equal security level

A subject can only write into an object of less or equal security level

A subject can only read an object of less or equal security level

A subject can only write into an object of greater or equal security level

A subject can only read an object of more or equal security level

A subject can only write into an object of less or equal security level

Malicious software causes data compromises

A browser helper object that detects changes to URL and logs

Users are tricked by fraudulent messages into giving out information

The lookup of host names is altered to send users to a fraudulent server

1

2

3

4

All data sent/received by software that uses SSL

used to carry handshake messages

used to indicates a change in the encryption and authentication of records

used to indicate when the connection is about to close

All data sent/received by software that uses SSL

used to carry handshake messages

used to indicates a change in the encryption and authentication of records

used to indicate when the connection is about to close

i only

none

All the mentioned

iii only

One way property

Collision free property

Second way property

Collision property

One wayness

Preimage resistance

Strong collision resistance

Long, unfixed output

1

2

3

4

128

160

512

314

512

2014

160

314

Schnorr

Diffie-Hellman

Merkle-Damgard

Alice & Bob

50

60

70

80

1

2

3

4

10

20

80

79

Merkle-Damgard

Feistel

Schnorr

Diffie-Hellman

1

2

3

4

64

80

512

160

Preimage resistance

Second preimage resistance

Collision resistance

High Computational Load

Create a message

Compress a message

Divide a message

Conquer a message

1

2

3

4

Must be relatively hard to produce

Must be relatively hard to recognize

Must depend on the message verified

Must to be computationally infeasible to forge

Must be relatively hard to produce

Must be relatively hard to recognize

Must depend on the message verified

Must to be practical to save digital signature in storage

Assumed receiver has sender’s private key

Involves only sender

Can encrypt using receiver’s public key

Assumed sender has receiver’s private key

Private/public is generated by receiver

A durable private/public key pair

A disposable private/public key pair

Signature is two numbers, depending on message hash and secret information

1

2

3

4

Encryption provides no confidence of sender

Encryption provides with some level of confidence of sender

Encryption provides fully confidence of sender

Encryption does not provided at all

Public key

Shared key

Private key

Third key

Private key

Public key

Single key

Key

The process of verifying a claimed identity

Identification of user

Access control

Accounting of service

Access After Anyone

Authentication Authorization Accounting

Authentication Authorization Access

Authentication Access Accounting

The user identity is a parameter in access control decisions

The user identity is recorded when logging security

The process of verifying a claimed identity

Accounting of service

The user identity is a parameter in access control decisions

The user identity is recorded when logging security

The process of verifying a claimed identity

Accounting of service

Something you have

Something you know

Something you are

Combined method

Something you have

Something you know

Something you are

Combined method

Something you have

Something you know

Something you are

Combined method

Lower level assurance

Medium level assurance

Higher level assurance

Not used at all

1

2

3

4

1988

1888

1887

1987

Time

comparisons of one print with another can be made

comparison of eyes

comparison of palms

TTP certifies trustworthiness of binding public key with its rightful owner’s identity

TTP certifies trustworthiness of binding private key with its rightful owner’s

To enable the validation and to give legal meaning to digital signature

Answers for supporting encryption/decryption algorithms

TTP certifies trustworthiness of binding public key with its rightful owner’s identity

TTP certifies trustworthiness of binding private key with its rightful owner’s identity

To enable the validation and to give legal meaning to digital signature

Answers for supporting encryption/decryption algorithms

Trusted third party authentication system and makes no use of public key cryptography

TTP certifies trustworthiness of binding private key with its rightful owner’s identity

To enable the validation and to give legal meaning to digital signature

Answers for supporting encryption/decryption algorithms

Impeccability

Containment

Transparency

Viciousness

Подписываемся на мой инстаграм @beketoo

The protection of information assets through the use of technology, processes, and training

The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks

Occurs when a system is compromised based on a vulnerability by an unknown exploit

Ensures that computer-related assets are accessed only by authorized parties

The protection of information assets through the use of technology, processes, and training

The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attack

Occurs when a system is compromised based on a vulnerability by an unknown exploit

Ensures that computer-related assets are accessed only by authorized parties

The protection of information assets through the use of technology, processes, and training

Written to take advantage of a vulnerability; could be a piece of software; a technology; or data that can cause damage or change the behavior of a computer

The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks.

Occurs when a system is compromised based on a vulnerability by an unknown exploit

Interception, Interruption, Modification, Fabrication

Method, Opportunity, Motive

Confidentiality, Integrity, Availability, Authentication

Non-repudiation, Authorisation/Access control, Destruction

Encryption, Software control, Hardware control, Policies and Procedures,Physical control

Method, Opportunity, Motive

Confidentiality, Integrity, Availability, Authentication

Non-repudiation, Authorisation/Access control, Destruction

Asset lost, unusable,unavailable

Unauthorized access

Unauthorized change, tamper of data

Ex. Unauthorized add data to a DB

CIA

CEA

CLA

CDD

messages exchanged across network remains private

contents of messages are not modified while in transit

determining the identity of entities involved in message exchanges

determining the resources that an entities are allowed to access and in what manner

Punishment makes attackers think twice –Examples include laws and organisational policy

Reduce likelihood and save cost of incidents ◦ ( Ex.: Firewalls, router access control list, spam filters, virus scanners)

Need alert if breach occurs –Collection of evidence ◦ ( ex.: Audit logs, intrusion detection system, network traffic monitoring)

Punishment by taking money

Punishment makes attackers think twice –Examples include laws and organisational policy

Reduce likelihood and save cost of incidents ◦ ( Ex.: Firewalls, router access control list, spam filters, virus scanners)

Need alert if breach occurs –Collection of evidence ◦ ( ex.: Audit logs, intrusion detection system, network traffic monitoring)

Punishment by taking money

Punishment makes attackers think twice –Examples include laws and organisational policy

Reduce likelihood and save cost of incidents ◦ ( Ex.: Firewalls, router access control list, spam filters, virus scanners)

Need alert if breach occurs –Collection of evidence ◦ ( ex.: Audit logs, intrusion detection system, network traffic monitoring)

Punishment by taking money

messages exchanged across network remains private

contents of messages are not modified while in transit

determining the identity of entities involved in message exchanges

determining the resources that an entities are allowed to access and in what manner

messages exchanged across network remains private

contents of messages are not modified while in transit

determining the identity of entities involved in message exchanges

determining the resources that an entities are allowed to access and in what manner

messages exchanged across network remains private

contents of messages are not modified while in transit

determining the identity of entities involved in message exchanges

ensures that parties cannot deny having sent messages

Demand Encryption Standard

Data Encryption Standard

Digital Encryption Standard

Database Encryption Standard

1977

1974

1960

1965

Shannon

Feistal

Lucifer

Rijndael

16

8

32

4

block ciphers

stream ciphers

mode ciphers

code ciphers

study about how hacker should behave

study of encryption principles/methods

study about message transformation

study of the computer system

Playfair Cipher

Vigenere Cipher

Caesar Cipher

Kerberos

Substitution and Transposition

Single-key or Private key

Two- key or Public

Block and Stream

3x3

4x4

5x5

9x9

Stay hungry, stay foolish

Never give up

Dance as if no one sees

With the great power comes great responsibility

Defence, Deterrence, Detection

Data, Development, Device

Database, Data, Deadline

Demand, Design, Decision

Method, Opportunity, Motive

Modification, Operation, Motto

Malfunction, Opinion, Management

Messages, Opportunity, Monitoring

256-bits

128-bits

64-bits

32-bits

Advanced Encryption Standard

Advanced Encryption System

American Encryption Standard

Alias Encryption Standard

Rassul

Rijndael

Feistel

David Shannon

Andre Shannon

Petre Shannon

Claude Shannon

1949

1948

1950

1951

Original Message

Coded Message

Algorithm for transforming text

Secret key

conventional / private-key / single-key

sender and recipient share a common key

all classical encryption algorithms are private-key

was only type prior to invention of public- key in 1982’s

algorithm for transforming plaintext to ciphertext

coded message

original message

study of encryption principles/methods

algorithm for transforming plaintext to cipher text

study of principles/methods of deciphering cipher text without knowing key

original message

study of encryption principles/methods

field of both cryptography & cryptanalysis

original message

study of encryption principles/methods

algorithm for transforming plaintext to cipher text

cryptanalytic attack/brute force attack

substitution/transposition

permutation/transposition

substitution/permutation

attacker knows suspects plaintext/ciphertext

only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext

attacker selects plaintext and gets ciphertext

attacker selects ciphertext and gets plaintext

1

2

3

4

messages exchanged across network remains private

contents of messages are not modified while in transit

defining the identity of entities involved in message exchanges

determining the resources that an entities are allowed to access and in what manner

Confidentiality, invalid, availability

Confidentiality, interact, access

Certain, integrity,availability

Confidentiality, integrity, availability

The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks. A weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

Typical threats include unauthorised access, destruction, system overrun and takeover, propagation of malicious code, data thieving and fabrication;

Written to take advantage of a vulnerability; could be a piece of software; a technology; or data that can cause damage or change the behavior of a computer

Occurs when a system is compromised based on a vulnerability by an unknown exploit

coded message

original message

algorithm for transforming plaintext to ciphertext

info used in cipher known only to sender/receiver

converting plaintext to ciphertext

recovering ciphertext from

info used in cipher known only to sender/receiver

algorithm for transforming plaintext to ciphertext

study of encryption principles/methods

study of principles/ methods of deciphering ciphertext without knowing key

original message

converting plaintext to ciphertext

converting plaintext to ciphertext

recovering ciphertext from plaintext

coded message

original message

recovering plaintext from ciphertext

AES

DES

RSA

SHA-1

128 156 198

128 192 256

128 184 228

128 164 256

1

2

3

4

two keys - private & publiс

one key - only private

one key - only public

no correct answer

selecting two large primes at random: p, q

selecting two small primes at random: p, q

selecting three large primes at random: p, q, r

selecting only one number at random: p

large enough, easy, hard

small enough, hard, easy

small enough, easy, hard

large enough, hard, easy

Data Size

Round Size

Key Size

Encryption Size

RSA

Karberos

Caesar

AES

sender

receiver

sender and receiver

all the connected devices to the network

none of these

Dr.Tahir El-Gamal

Diffie-Hellman

Shannon

Rivest, Shamir, Adleman

C = Me mod N

M=Cd mod N

Ya=Xa mod Q

C=Km mod Q

1975

1976

1977

1974

C=Me mod N

M=Cd mod N

Ya=Xa mod Q

C=Km mod Q

n = 33, φ = 20

n = 20, φ = 33

n = 33, φ = 33

n = 33, φ = 22

n = 187, φ = 160

n = 160, φ = 187

n = 187, φ = 187

n = 187, φ = 170

C = 29

C = 3

C = 22

C = 2

M = 2

M = 29

M = 30

M = 1

192

164

128

256

10

12

14

16

192

128

164

256

1971

1976

1981

1986

Participants

Keys

Message

Algorithm

Same

Different

Private

Public

cannot be used to exchange an arbitrary message

rather it can establish a common key

known only to the two participants

all of above

1977

1978

1979

none of them

RSA

Caesar

Vigenere

Playfair

only to the recipient

only to the sender

none of them

to everyone

needed security

encryption and decryption

encryption

decryption

man-in-the-middle

ciphertext attack

plaintext attack

none of the above

Caesar Cipher

RSA

DES

Steganography

Playfair Cipher

Transposition Cipher

Route Cipher

Steganography

P

Q

n

r

shаrеd

Different

Two keys are used

None

One Party

Multi Party

Third Party

Both Party

Rivеst, Shаmir,, Аdlеmаn

Roger, Shamir, Adrian

Robert, Shamir, Anthoney

Rivest, Shaw, Adleman

Diffiе & Hеllmаn

Elgamal

RSA

AES

1976

1975

1980

1990

XА < q

generated randomly

given by user B

none

YА= а mod q

BA = a + b

CA = a – b

DA = a * b

K = (YА)^X А mod q

S = a + b

D = a * b

L = a * b + 2

1 < XА < q-1

generated randomly

given by user

none

YА = аXА mod q

K = YАk mod q

K = (YА)^X А mod q

YА= а mod q

K = YАk mod q

S = a + b + 1

D = a * b + 2

L = a * b + 3

C1 = аk mod q

C3 = a mod b

C = z + 2 + 5

C5 = a * b +2

C2 = KM mod q

C = MK

C3 = AK

C4 = AA

attacker knows suspects plaintext/ciphertext

only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext

attacker selects plaintext and gets ciphertext

attacker selects ciphertext and gets plaintext

Attacker selects plaintext or ciphertext to en/decrypt

attacker knows suspects plaintext/ciphertext

only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext

attacker selects plaintext and gets ciphertext

attacker selects ciphertext and gets plaintext

Attacker selects plaintext or ciphertext to en/decrypt

attacker knows suspects plaintext/ciphertext

only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext

attacker selects plaintext and gets ciphertext

attacker selects ciphertext and gets plaintext

Attacker selects plaintext or ciphertext to en/decrypt

attacker knows suspects plaintext/ciphertext

only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext

attacker selects plaintext and gets ciphertext

attacker selects ciphertext and gets plaintext

attacker selects plaintext or ciphertext to en/decrypt