Self-study|IT|Int|Lesson 3: Cryptography

pic1_SS|IT|Pre-Int|L1


Choose the correct questions for the answers


pic1_SS|IT|Pre-Int|L1

Do the test

Before doing the test, study the following words and their definitions:

Glossary

ciphertext or encrypted text — the result of encryption performed on plaintext

plain text — a term used in cryptography that refers to a message before encryption or after decryption

pic1_SS|IT|Pre-Int|L1

Read the article excerpt and mark the sentences as True or False

Types of modern cryptosystems

Fundamentally, there are two types of cryptosystems based on the manner in which encryption-decryption is carried out in the system: Symmetric and Asymmetric Key Encryption. The main difference between these cryptosystems is the relationship between the encryption and the decryption key.

Symmetric-key encryption

In symmetric-key encryption, the same key is used to both encrypt and decrypt data.

Its main features:

  • People using symmetric-key encryption must share a common key prior to exchange of information.
  • Keys are recommended to be changed regularly to prevent any attack on the system.
  • A robust mechanism needs to exist to exchange the key between the communicating parties. As keys are required to be changed regularly, this mechanism becomes expensive and cumbersome.
  • Length of Key (number of bits) in this encryption is smaller, and hence, the process of encryption-decryption is faster than asymmetric-key encryption.
  • Processing power of computer system required to run symmetric algorithm is less.

Asymmetric-key (public-key) encryption

Public-key cryptography uses separate keys for the encryption and decryption processes. These are the public key, which is shared openly, and the private key, which must be kept secret.

Its main features:

  • Every user in this system needs to have a pair of dissimilar keys, private key and public key. These keys are mathematically related − when one key is used for encryption, the other can decrypt the ciphertext back to the original plain text.
  • It requires to put the public key in public repository and the private key as a well-guarded secret. Hence, this scheme of encryption is also called Public Key Encryption.
  • Though public and private keys of the user are related, it is computationally not feasible to find one from another. This is a strength of this scheme.
  • When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository, encrypts the data, and transmits.
  • Host2 uses his private key to extract the plain text.
  • Length of Keys (number of bits) in this encryption is large, and hence, the process of encryption-decryption is slower than symmetric-key encryption.
  • Processing power of computer system required to run asymmetric algorithm is higher.

Skimming: Reading technique for speeding up your reading

Skimming is reading a text quickly to get a general idea of the text. When you use the skimming technique, you don’t read the whole text word for word. You should use as many clues as possible to give you some background information. There might be pictures or images related to the topic, or an eye-catching title. Let your eyes skim over the surface of the text and look out for key words while thinking about any clues you’ve found about the subject.

Tips:

  • Before you start skimming, ask yourself what you want to get from the book or article. Think of two or three terms that describe what you want to know, and as you skim, keep an eye out for those two or three terms.
  • Read the title, subtitles and subheadings to find out what the text is about.
  • Pay great attention to formatting elements, e.g. bold and italic text, bullet lists, ordered lists, indenting, etc.
  • Do not stop for unfamiliar words. Keep your eyes moving. You goal is to get a general understanding of the text, NOT specific understanding of some words.

You can read the 🔗full article here and try the skimming technique in action.

Scan the article excerpt above and choose which kind of cryptosystems the following statements belong to

pic1_SS|IT|Pre-Int|L1

Complete the chart of the two cryptosystems


Read the situation. Make your notes using some of the words and phrases from the lists below

Imagine that you have to train summer interns and explain to them the difference between the two major types of encryption. Plan what you are going to say and write your notes in the text area below.

Useful language

  • encryption
  • decryption
  • a public key
  • a private key
  • symmetric-key encryption
  • asymmetric-key encryption
  • to encrypt the data
  • to decrypt the data

Comparing and contrasting

  • The most obvious/important/apparent similarity/difference between… and… is…
  • …, whereas/while …
  • Both… and…
  • … In contrast, …

pic1_SS|IT|Pre-Int|L1

Read the text quickly and choose the appropriate subtitle for each paragraph

Before reading the text, study the following words and their definitions:

Glossary

  • brute force — a method used by application programs to crack encrypted data, such as passwords or Data Encryption Standard keys, through exhaustive effort (using brute force) rather than employing intellectual strategies
  • sensitive data — data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization

pic1_SS|IT|Pre-Int|L1

Before listening, study the following words and their definitions:

Glossary

scalable — able to be changed in size or scale

password cracking — various measures used to discover computer passwords

Talking about safety, it’s important to note encryption also has a downside. It’s become so ubiquitous, it’s making it impossible for law enforcement to gain access to certain information. According to FBI Director James Comey, technology has become a tool of choice for some very dangerous people. Unfortunately, the law hasn’t kept pace with technology. So, this disconnect has created the significant public safety problem that has long been described as «going dark».

You might have heard about this «going dark» problem in relation to one particular work iPhone belonging to Syed Farook, the San Bernardino gunman who, with his wife, killed 14 people in December 2015. The FBI needed Apple’s help because the security settings on the phone lock the device if the password is entered incorrectly too many times. It may even erase all the data on the phone. The FBI wanted Apple to upload software that would let its analysts get around the security features and take as many shots at the passcode as necessary.

So, the FBI had a dead terrorist’s cellphone that they couldn’t get into. It was running a version of Apple’s operating system where the data was fully encrypted and could only be accessed by unlocking the passcode. However, even Apple couldn’t get into the phone.



Complete the text with the missing words and phrases

pic1_SS|IT|Pre-Int|L1

Complete the collocations with words given


Read the task and talk about the key pros and cons of encryption

You have been invited to speak at a conference about the advantages and disadvantages of encryption. Prepare a short speech covering the points below and be ready to answer some follow-up questions.


Answer the questions:

1. Can you encrypt any data?

2. In what ways is encryption used in your personal life or at work?

3. Do you think it’s important to encrypt your devices? Why (not)?

4. How do you protect your data online?

Use the voice recorder.

pic4|ss|IT|Pre-int|L1

Match the IT terms to their definitions


Watch the video about the history of encryption and mark the sentences as True or False

Video: 🔗History of Cryptography


Listen to the recording about cryptographic attacks and complete the summary

Nowadays, almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from malicious activities such as attacks. There are dozens of different types of attacks that have been developed against different types of cryptosystems with varying levels of effectiveness. Some are easily understandable while others may require an advanced degree in mathematics to comprehend.

One attack against a number of different cryptographic methods is called the known-plaintext attack, or KPA. During known-plaintext attacks, the attacker has an access to the ciphertext and its corresponding plain text. His goal is to guess the secret key (or a number of secret keys) or to develop an algorithm which would allow him to decrypt any further messages. Known-plaintext attacks were commonly used during the Second World War to break the cryptography used with the Enigma cipher. It was easier to break this cipher if one had a little bit of the plain text to work with.

Another type of attacks is called ciphertext-only attacks. During ciphertext-only attacks, the attacker has access to a number of encrypted messages. He has no idea what the plain text data or the secret key may be. The goal is to recover as many plain text messages as possible or to guess the secret key. After discovering the encryption key, it will be possible to break all the other messages which have been encrypted by this key.

If the attacker knows the ciphertext and the algorithm, they may use the brute-force attack. During the brute-force attack, the intruder tries all possible keys (or passwords) and checks which one of them returns the correct plain text. For breaking ciphers using brute-force attacks, very fast specially designed supercomputers are often used. They are owned by big research laboratories or government agencies, and they contain tens or hundreds of processors. Alternatively, large networks of thousands of regular computers working together may be used to break the same cipher.



You can read more about cryptographic attacks 🔗here and 🔗here.

pic1_SS|IT|Pre-Int|L1

Detailed reading

Skimming is reading for understanding the main idea.

Scanning is reading for specific information (that is what you trained in previous lessons and did in the exercise above).

Detailed reading speaks for itself and allows you to understand the text deeper.

How to read in detail:

1. Use underlining and highlighting to pick out what seem to you the most central or important words and phrases.

2. Use keywords to record the main headings and points as you read. Use one or two keywords for each main point.

3. Use questions to encourage you to take an active approach to your reading. Record your questions as you read. They can also be used as prompts for follow-up work.

4. Use summaries to check you have understood what you have read. Pause after a section of text and put what you have read in your own words. Skim over the text to check the accuracy of your summary, filling in any significant gaps.

Read the text carefully paying attention to details and then mark the sentences as True or False

Cybersecurity

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. Cyberattacks are an evolving danger to organizations, employees, and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage people’s financial and personal lives.

There are many types of cyberthreats that can attack your devices and networks, but they generally fall into three categories: attacks on confidentiality, integrity, and availability. And hackers use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and other methods.

Cybersecurity Breaches of 2019

Toyota’s Second Data Breach Affects Millions Of Drivers

Toyota revealed the issue on its official website on March 29, 2019, saying the breach potentially affected 3.1 million people. The company is still looking into whether the cybercriminals could access and read the data but says the compromised server did not contain credit card details.

February was a disruptive month for Toyota, too, but in the Australian market. On February 21, 2019, Toyota stated it experienced an attempted cyberattack. The news came via a similarly brief press statement consisting of only five sentences.

The company said it did not believe the hackers accessed private customer or employee data in that instance. It also confirmed Toyota’s IT team communicated with international cybersecurity experts for advice on getting to the bottom of the matter.

The Citrix Breach

On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cybercriminals gained access to the internal Citrix network, according to Stan Black, CISSP and the CSIO of Citrix.

While the FBI is still investigating the details, thehackernews.com reported that the Iranian-backed Iridium hacker group hit Citrix in December last year and again this time, stealing at least 6 terabytes of sensitive internal files, including emails, blueprints, and other documents.

The Iranian-linked hacking group was also behind recent cyberattacks against more than 200 government agencies worldwide, oil and gas companies, technology companies and other targets.

The hacker group’s proprietary techniques include bypassing multi-factor authentications for critical applications and services for further unauthorized access to VPN channels and SSO (Single Sign-On).


You can read more about cyberattacks in 2019 🔗here and try the new reading technique.

pic1_SS|IT|Pre-Int|L1

Fill in the missing letters in the words and phrases


Read the task and write a Q&A section

Imagine that you’re preparing the Q&A section for your website. In this section, you want to focus on cryptography and cryptosystems and provide information on frequent questions or concerns your readers may have. Write up to 5 questions with the answers in the text area below.

You can study some examples 🔗here and 🔗here.

Урок Homework Курс
  • Introduction
  • Modern cryptography
  • Cryptosystems
  • Making a comparison
  • Advantages of encryption
  • Encryption downsides
  • Pros and cons
  • Homework 1
  • Homework 2
  • Homework 3