Self-study|IT|Int|Lesson 3: Cryptography

Do the test

Before doing the test, study the following words and their definitions:

Glossary

ciphertext or encrypted text — the result of encryption performed on plaintext

plain text — a term used in cryptography that refers to a message before encryption or after decryption

Read the article excerpt and mark the sentences as True or False

Types of modern cryptosystems

Fundamentally, there are two types of cryptosystems based on the manner in which encryption-decryption is carried out in the system: Symmetric and Asymmetric Key Encryption. The main difference between these cryptosystems is the relationship between the encryption and the decryption key.

Symmetric-key encryption

In symmetric-key encryption, the same key is used to both encrypt and decrypt data.

Its main features:

• People using symmetric-key encryption must share a common key prior to exchange of information.
• Keys are recommended to be changed regularly to prevent any attack on the system.
• A robust mechanism needs to exist to exchange the key between the communicating parties. As keys are required to be changed regularly, this mechanism becomes expensive and cumbersome.
• Length of Key (number of bits) in this encryption is smaller, and hence, the process of encryption-decryption is faster than asymmetric-key encryption.
• Processing power of computer system required to run symmetric algorithm is less.

Asymmetric-key (public-key) encryption

Public-key cryptography uses separate keys for the encryption and decryption processes. These are the public key, which is shared openly, and the private key, which must be kept secret.

Its main features:

• Every user in this system needs to have a pair of dissimilar keys, private key and public key. These keys are mathematically related − when one key is used for encryption, the other can decrypt the ciphertext back to the original plain text.
• It requires to put the public key in public repository and the private key as a well-guarded secret. Hence, this scheme of encryption is also called Public Key Encryption.
• Though public and private keys of the user are related, it is computationally not feasible to find one from another. This is a strength of this scheme.
• When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository, encrypts the data, and transmits.
• Host2 uses his private key to extract the plain text.
• Length of Keys (number of bits) in this encryption is large, and hence, the process of encryption-decryption is slower than symmetric-key encryption.
• Processing power of computer system required to run asymmetric algorithm is higher.

Skimming: Reading technique for speeding up your reading

Skimming is reading a text quickly to get a general idea of the text. When you use the skimming technique, you don’t read the whole text word for word. You should use as many clues as possible to give you some background information. There might be pictures or images related to the topic, or an eye-catching title. Let your eyes skim over the surface of the text and look out for key words while thinking about any clues you’ve found about the subject.

Tips:

• Before you start skimming, ask yourself what you want to get from the book or article. Think of two or three terms that describe what you want to know, and as you skim, keep an eye out for those two or three terms.
• Read the title, subtitles and subheadings to find out what the text is about.
• Pay great attention to formatting elements, e.g. bold and italic text, bullet lists, ordered lists, indenting, etc.
• Do not stop for unfamiliar words. Keep your eyes moving. You goal is to get a general understanding of the text, NOT specific understanding of some words.

You can read the 🔗full article here and try the skimming technique in action.

Scan the article excerpt above and choose which kind of cryptosystems the following statements belong to

Complete the chart of the two cryptosystems

Read the situation. Make your notes using some of the words and phrases from the lists below

Imagine that you have to train summer interns and explain to them the difference between the two major types of encryption. Plan what you are going to say and write your notes in the text area below.

Useful language

• encryption
• decryption
• a public key
• a private key
• symmetric-key encryption
• asymmetric-key encryption
• to encrypt the data
• to decrypt the data

Comparing and contrasting

• The most obvious/important/apparent similarity/difference between… and… is…
• …, whereas/while …
• Both… and…
• … In contrast, …

Read the text quickly and choose the appropriate subtitle for each paragraph

Before reading the text, study the following words and their definitions:

Glossary

• brute force — a method used by application programs to crack encrypted data, such as passwords or Data Encryption Standard keys, through exhaustive effort (using brute force) rather than employing intellectual strategies
• sensitive data — data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization

Before listening, study the following words and their definitions:

Glossary

scalable — able to be changed in size or scale

password cracking — various measures used to discover computer passwords

Complete the text with the missing words and phrases

Complete the collocations with words given

Read the task and talk about the key pros and cons of encryption

You have been invited to speak at a conference about the advantages and disadvantages of encryption. Prepare a short speech covering the points below and be ready to answer some follow-up questions.

Answer the questions:

1. Can you encrypt any data?

2. In what ways is encryption used in your personal life or at work?

3. Do you think it’s important to encrypt your devices? Why (not)?

4. How do you protect your data online?

Use the voice recorder.

Match the IT terms to their definitions

Watch the video about the history of encryption and mark the sentences as True or False

Video: 🔗History of Cryptography

Listen to the recording about cryptographic attacks and complete the summary

You can read more about cryptographic attacks 🔗here and 🔗here.

Detailed reading

Skimming is reading for understanding the main idea.

Scanning is reading for specific information (that is what you trained in previous lessons and did in the exercise above).

Detailed reading speaks for itself and allows you to understand the text deeper.

How to read in detail:

1. Use underlining and highlighting to pick out what seem to you the most central or important words and phrases.

2. Use keywords to record the main headings and points as you read. Use one or two keywords for each main point.

3. Use questions to encourage you to take an active approach to your reading. Record your questions as you read. They can also be used as prompts for follow-up work.

4. Use summaries to check you have understood what you have read. Pause after a section of text and put what you have read in your own words. Skim over the text to check the accuracy of your summary, filling in any significant gaps.

Read the text carefully paying attention to details and then mark the sentences as True or False

Cybersecurity

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. Cyberattacks are an evolving danger to organizations, employees, and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage people’s financial and personal lives.

There are many types of cyberthreats that can attack your devices and networks, but they generally fall into three categories: attacks on confidentiality, integrity, and availability. And hackers use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and other methods.

Cybersecurity Breaches of 2019

Toyota’s Second Data Breach Affects Millions Of Drivers

Toyota revealed the issue on its official website on March 29, 2019, saying the breach potentially affected 3.1 million people. The company is still looking into whether the cybercriminals could access and read the data but says the compromised server did not contain credit card details.

February was a disruptive month for Toyota, too, but in the Australian market. On February 21, 2019, Toyota stated it experienced an attempted cyberattack. The news came via a similarly brief press statement consisting of only five sentences.

The company said it did not believe the hackers accessed private customer or employee data in that instance. It also confirmed Toyota’s IT team communicated with international cybersecurity experts for advice on getting to the bottom of the matter.

The Citrix Breach

On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cybercriminals gained access to the internal Citrix network, according to Stan Black, CISSP and the CSIO of Citrix.

While the FBI is still investigating the details, thehackernews.com reported that the Iranian-backed Iridium hacker group hit Citrix in December last year and again this time, stealing at least 6 terabytes of sensitive internal files, including emails, blueprints, and other documents.

The Iranian-linked hacking group was also behind recent cyberattacks against more than 200 government agencies worldwide, oil and gas companies, technology companies and other targets.

The hacker group’s proprietary techniques include bypassing multi-factor authentications for critical applications and services for further unauthorized access to VPN channels and SSO (Single Sign-On).

You can read more about cyberattacks in 2019 🔗here and try the new reading technique.

Fill in the missing letters in the words and phrases

Read the task and write a Q&A section

Imagine that you’re preparing the Q&A section for your website. In this section, you want to focus on cryptography and cryptosystems and provide information on frequent questions or concerns your readers may have. Write up to 5 questions with the answers in the text area below.

You can study some examples 🔗here and 🔗here.