Security
(A Level)
HFLS CAL The Developers
Discussion
Point
How would you say that
transmission of data on a
computer system is secure?
Fields of security
• Authenticity: The message comes from who the sender
is claiming to be.
• Confidentiality: The message is only visible to the
designed parties.
• Integrity: The message is transmitted correctly
• Non-repudiation: Neither the sender nor receiver can
deny that they are involved
By the end of this lesson you should be able
to:
Syllabus Link
Cambridge A Level
Computer Science (9618)
Paper 3
(a)
Show
understanding
of how
encryption
works
Discussion Point
• What is encryption?
• What are the occasions on which people would choose to encrypt their
data?
Scenario
• Suppose you are passing a ‘top secret’ message on a piece of note to
your classmate that is sitting on the other corner of the classroom. But
you don’t want the message to be understood by anyone else.
• You decide to shift every letter one place to the front so that A
becomes Z, B becomes A, C becomes B and so on.
• So “Hello world” becomes “Gdkkn vnqkc”.
Analysis
• In the Scenario on the last page, you have done encryption.
• You have turned the plaintext of “Hello world” to cyphertext of “Gdkkn
vnqkc”.
• You’ve use an simple encryption algorithm, which is to shift letters of the
alphabet. The encryption key in this case is 1.
• The encryption method you have used can be described as symmetric key
encryption. Your classmate can simply apply the reverse of the encryption
algorithm, with the same key, to decrypt.
Note that a key is simply the parameter(s) passing to the pre-designed
encryption and decryption algorithms.
Problems?
• Suppose your classmate knows that he needs to shift letters.
• However, he does not know to how far and to which direction to shift the
alphabet. In this case, you have to transmit the key to your classmate. You
decide to speak to him in advance. As you do this, there is a chance that the
key would be intercepted.
• Therefore, a safer way to do this is through asymmetric key cryptography.
• At the same time, the encryption algorithm must be complexified to avoid
cracking with brutal force.
Asymmetric Key Cryptography
• With an asymmetric encryption algorithm, it is not possible to decrypt
the message by simply reversing the encryption algorithm and using
the same key. Instead, a different key must be passed to the decrypting
algorithm.
• Such algorithms are by nature, complex and we would not enter
discussion to these algorithms at this time. You may research into RSA
algorithms if you gave spare time.
• Asymmetric encryption uses a set of keys. Encrypting with key A
would require decrypting with key B, and vice versa.
Alternative name: Public Key Cryptography
• Long before the transmission, your classmate has given you his public key. You encrypt the
message with this key.
• The matching key is your classmate’s private key. Your classmate can then use his private key to
decrypt the message.
• Since the public key itself cannot decrypt the message, even though it is intercepted, the
eavesdropper may not know the secret. As long as the private key has not been leaked, the
message is private.
• The key to be shared to others is called the public key while a private key is meant to be kept with the
designed owner. In practice, oftentimes the public key is shared with a public key infrastructure
(PKI).
Note that you may also encrypt the message with your private key and ask your classmate to decrypt
with your public key, but in this case, it makes no sense to do so.
Alternative use of Asymmetric Key
Cryptography
• Asymmetric encryption can also be used to verify the source.
• If your message is not a secret, but your classmate would like to verify
that it is actually from you, you may decide to encrypt the message
with your private key, so that only your public key can decrypt it.
Since your private key is not available to anyone else, being able to
decrypt with your public key shows that the message is from you.
Quick check
• Explain why encryption is needed.
To ensure that data can only be understood by the desired party to ensure data privacy.
• Describe two differences between symmetric key cryptography and
asymmetric key cryptography.
1. Symmetric key cryptography uses only one key for encryption and decryption while
asymmetric key cryptography uses two.
2. For symmetric key cryptography, decryption is simply the reverse of encryption, while
for asymmetric key cryptography, a different process must be used. (Hence their
names!)
(b) Digital
Certification
Discussion Point
• When you make an online payment on a website, why are
you willing to offer the website your banking card details?
(Suppose you are doing it this way)
‘I am who I am claiming to be’: Digital
Certificates
• You may say that ‘the brand is trustworthy and it would not leak my
credit card details’.
• However, there is a chance that someone else would pretend to be
that ‘trustworthy brand’ by hijacking your computer and redirecting
you to their own website, so that your information would be stolen. This
technique is called ‘pharming’.
• Digital Certificates are there to prove the website is who it claims to
be.
Miscellaneous
Digital Certificates
Serial Numb er
Certificate
Signat ure Algorit hm
Version
*.cambridgeinternational.org
DigiCert TLS RSA SHA256
2020 CA1
DigiCert Global
Root CA
Dow nload
Count ry
GB
Localit y
Cambridge
Common Name
• A digital certificate is issued by
a Certification Authority (CA).
SHA- 25 6
SHA- 1
3
PEM (cert) PEM (chain)
BF:DB:83:8D:34:64:7A:8E:87:08:AF:2E:0C:95:44 :F7:E1:9B:C…
CB:97:BF:16:C6:A8:AE:A0:5D:2B:DE:06:99:84:DF:2C:58:92:E…
Cambridge Assessment
*.cambridgeinternational.org
Basic Const r aint s
Cer t if icat e Aut horit y
No
Issuer Nam e
Count ry
Organisat ion
Common Name
• They verify the information
provided by the subject of the
website to produce a digital
certificate. As long as the CA
can be trusted, the authenticity
of the website can be verified.
SHA- 256 with RSA Encryption
Finger pr int s
Sub ject Nam e
Organisat ion
04:82:BF:C3:6C:36:B0:C3:58:A7:CB:5C:4E:4F:71:AA
US
DigiCert Inc
DigiCert TLS RSA SHA256 2020 CA1
Validit y
Not Bef ore
Not Af t er
Thu, 01 Sep 2022 00:00:00 GMT
Fri, 01 Sep 2023 23:59:59 GMT
Sub jec t Alt Nam es
Key Usages
Purposes
Digital Signature, Key Encipherment
Ext ended Key
Usages
Purposes
Server Authentication, Client Authentication
Sub ject Key ID
DNS Name
*.cambridgeinternational.org
DNS Name
cambridgeinternational.org
Key ID
1C:1A:65:C4 :C9:10:F0:91:4E:E8:AE:FC:C1:4 F:30:C4:8F:4E:93:…
Aut hor it y Key ID
Public Key Inf o
Key ID
Algorit hm
Key Size
Exponent
Modulus
B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4 :DA:0F:98:B2:C5:95:76:B…
RSA
2048
65537
CRL End point s
C8:5C:5D:7A:23:F6:F0:45:C0:2F:70:C3:AB:1C:B4:A2:2B:C3:0…
Dist ribut ion Point
Screenshot of the digital certificate
http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1- 4.crl
How a digital certificate is produced
What’s in a digital
certificate?
• We have seen some of the fields in
Cambridge International’s digital
certificate. Here is the full list.
‘I confirm I agree’: Digital Signatures
• When you make a payment with a banking card, sign a contract or issue a
certificate, it’s normal that you are asked to sign your name.
• The signature is to confirm that you have agreed with the
contract/transaction/certificate, and it is actually you who had agreed, as
everyone has a unique handwriting, and anyone else may not copy it
correctly.
• When it comes to ‘digital’ signatures, the uniqueness comes from the fact that
you have a unique private key.
In practice, a CA would sign the digital certificates it issues.
The Operation of a
Digital Signature
•
The sender uses an agreed hashing
algorithm* to hash the data to create a
digest, then encrypts the digest with
their private key to generate a digital
signature.
•
Once the receiver gets a copy of the
plain text, they can then hash it with the
same hashing algorithm and compare it
with the results when of decrypting the
digital signature with the sender’s
public key. If they two match the data is
verified.
* A hashing algorithm creates a “summary”
of the data, and the process is unreversible.
A digital signature ensures
• Non-repudiation: Any party may not deny the fact they were involved in
the data if they have signed it.
• The data actually comes from the correct sender.
• The data has not been altered.
A Level Question
Quick Check
9608/03/SP/15 Q6
[5]
[2]
[3]
(c) SSL and
TLS Protocols
Preliminary: What is a protocol?
• In the context of computer science, a protocol is a set of rules that
defines how data is exchanged and transmitted.
• Examples are HTTP (to transmit web pages), POP3/IMAP (to download
emails), BitTorrent (to transmit files over a peer-to-peer network), and
SSL/TLS, which adds security to internet connections.
Why use SSL and TLS?
• Suppose, again, you are providing your credit card details to a online
shopping website. To keep your money secure, your data should be:
• Sent to exactly the online shopping website, and not anyone else
• Not able to be understood by anyone who intercept the message
• Those are the purpose of SSL (secure socket layer) and TLS (transport
layer security) protocols:
• To authenticate the server
• To provide a method of encryption for any data transmitted
* TLS is a updated version of SSL
Operation of SSL
Discussion Point
Why is symmetric
cryptography used?
What’s added to TLS
• TLS separates record (deals with data encoding and transmission) and
handshake (deals with authentication and encryption) layers, so if
wanted, it is possible to send public data over TLS unencrypted to save
time.
• TLS allows session catching, i.e., resuming a previous session,
reducing latency.
Description of TLS
How to ensure that you have used SSL/TLS?
Modern browsers would force websites to use
SSL/TLS so that a warning of “your
connection is not secure” would not pop up.
The use of SSL/TLS is also shown by a
padlock in the address bar. The screenshots
are from Firefox and Safari, respectively.
Common applications of TLS
Quick Check
A Level Question
9608/32/O/N/18 Q6
Continued