Define each of the following security terms, and give an example of how it is used:

a) Secret-key cryptography.
b) Public-key cryptography.
c) Digital signature.
d) Digital certificate.
e) Hash function.
f) SSL.
g) Kerberos.
h) Firewall.

---

a) Secret-key cryptography.
ANS: Secret-key cryptography is symmetric encryption in which each party shares a
key for encryption and decryption. An example of secret-key cryptography is DES,
used in the protection of sensitive data communications.
b) Public-key cryptography.
ANS: Public-key cryptography is asymmetric encryption in which each party has a private and public key. Messages encrypted with the private key can be decrypted only by the appropriate public key and vice versa. Public-key cryptography, such as PGP, secures e-mails and file transfer.
c) Digital signature.
ANS: Digital signatures are the electronic equivalent of written signatures. An example
of digital-signature use is an e-mail that uses DSA to generate a digital signature to
verify the identification of the sender.
d) Digital certificate.
ANS: A digital certificate is granted by a certificate authority and used in PKI. A digital certificate provides a user’s public key as well as information such as name and organization to whom the certificate has been issued.
e) Hash function.
ANS: A hash function is a calculation performed on a message digest to create the message used in a digital signature.
f) SSL.
ANS: The Secure Sockets Layer protocol; SSL secures point-to-point connections
between a client and a server. An application of SSL is securing connections for
transactions for e-business over the Internet.
g) Kerberos.
ANS: Kerberos is a system for authenticating users and managing network security.
Kerberos would be used in a network to authorize different levels of access for different users.
h) Firewall.
ANS: A firewall keeps attackers and unwanted traffic from accessing a network. An
example of firewall use would be disallowing all data flow from a particular
machine to a network.