Network Security Study Notes

  • Cryptography can provide five services. Four of these are related to the message
    exchange between Alice and Bob. The fifth is related to the entity trying to access a
    system for using its resources.
  • Message confidentiality means that the sender and the receiver expect privacy.
  • Message integrity means that the data must arrive at the receiver exactly as sent.
  • Message authentication means that the receiver is ensured that the message is coming
    from the intended sender, not an imposter.
  • Nonrepudiation means that a sender must not be able to deny sending a message
    that he sent.
  • Entity authentication means to prove the identity of the entity that tries to access
    the system’s resources.
  • A message digest can be used to preserve the integrity of a document or a message.
    A hash function creates a message digest out of a message.
  • A hash function must meet three criteria: one-wayness, resistance to weak collision,
    and resistance to strong collision.
  • A keyless message digest is used as a modification detection code (MDC). It guarantees the integrity of the message. To authenticate the data origin, one needs a
    message authentication code (MAC).
  • MACs are keyed hash functions that create a compressed digest from the message
    added with the key. The method has the same basis as encryption algorithms.
  • A digital signature scheme can provide the same services provided by a conventional signature. A conventional signature is included in the document; a digital
    signature is a separate entity.
  • Digital signature provides message integrity, authentication, and nonrepudiation.
    Digital signature cannot provide confidentiality for the message. If confidentiality
    is needed, a cryptosystem must be applied over the scheme.
  • A digital signature needs an asymmetric-key system.
  • In entity authentication, a claimant proves her identity to the verifier by using one of the three kinds of witnesses: something known, something possessed, or something inherent.
  • In password-based authentication, the claimant uses a string of characters as something she knows.
  • Password-based authentication can be divided into two broad categories: fixed and one-time.
  • In Challenge-response authentication, the claimant proves that she knows a secret without actually sending it.
  • Challenge-response authentication can be divided into four categories: symmetrickey ciphers, keyed-hash functions, asymmetric-key ciphers, and digital signature.
  • A key distribution center (KDC) is a trusted third party that assigns a symmetric key to two parties.
  • KDC creates a secret key only between a member and the center. The secret key between members needs to be created as a session key when two members contact KDC.
  • Kerberos is a popular session key creator protocol that requires an authentication server and a ticket-granting server.
  • A certification authority (CA) is a federal or state organization that binds a public key to an entity and issues a certificate.
  • A public-key infrastructure (PKI) is a hierarchical system to answer queries about key certification.


Try Now – Data Communication and Networking MCQs
Practice Now – Data Communication and Networking Online Tests
Practice Now – Internet Network Security online Tests