17.1 Encryption & Digital Certificates
A Level · 20 questions found
What this topic covers
Section titled “What this topic covers”- Encryption: public/private key, plain text, cipher text, symmetric vs asymmetric cryptography
- Sending a private message and a verified message using public/private keys
- Quantum cryptography: purpose, benefits and drawbacks
- SSL/TLS: purpose, client-server use, appropriate situations
- Digital certificates: how acquired; how used to produce digital signatures
Past paper questions
Section titled “Past paper questions”(a) Identify two items commonly found within a digital certificate. 2 marks
1
2
(b) Explain why a digital certificate is required to validate a digital signature. 3 marks
Show mark scheme
5(a) [2 marks]
Two from : • Name of certificate holder // Subject • Serial number • Version number • Expiration date // Start date // Validity (not before/not after) • Certificate holder’s public key // Subject public key • Subject digital signature • Certificate Issuer // Digital signature of CA
5(b) [3 marks]
One mark per mark point ( Max 3 ) MP1 A digital certificate provides a public key MP2 … which validates the private key used to create the digital signature MP3 It makes a digital signature virtually impossible to spoof // Provides evidence of signer identity that the document was not altered and the signatures are valid MP4 Non repudiation.
(a) Asymmetric encryption is a type of cryptography. 1 mark
Identify one other type of cryptography.
(b) An organisation holds two asymmetric encryption keys, which they intend to use to receive secure transmissions. 4 marks
Explain how the organisation makes use of the two keys to receive a secure transmission.
Show mark scheme
7(a) [1 mark]
One from Symmetric (cryptography / encryption) Quantum (cryptography)
7(b) [4 marks]
One mark per mark point ( Max 4 ) MP1 The two keys held by the organisation are a private key and a public key MP2 The organisation makes the public key available to anyone who wishes to send them secure transmissions // The sender obtains the organisation’s public key MP3 The sender uses the organisation’s public key to encrypt the message / plain text // The organisation’s public key to turn the message into cipher text MP4 The organisation uses its private key to decrypt the message.
A company requires a digital certificate to ensure the authenticity of its online communications.
Outline the process followed to acquire a digital certificate. 4 marks
Show mark scheme
9 [4 marks]
One mark per mark point ( Max 4 ) MP1 the company generates a public and private key pair locally using a web browser and an RSA key generator tool, which may be part of the CA’s web page MP2 the company requests a digital certificate from a Certificate Authority (CA) MP3 the CA responds with its public key and digital certificate, MP4 … signed with its private key MP5 the company gathers authentication information e.g. its public key MP6 … and sends it to the CA signed with the company’s private key and encrypted with the CA’s public key MP7 the CA verifies the received information and generates/issues the digital certificate.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are two protocols.
(a) State two functions of SSL/TLS. 2 marks
1
2
(b) Give two examples of situations where the use of SSL/TLS would be appropriate. 2 marks
1
2
Show mark scheme
9(a) [2 marks]
One mark for each mark point ( Max 2 ) MP1 Ensure security/privacy when using the internet MP2 Data encryption MP3 Identification / authentication of client and server
9(b) [2 marks]
One mark for each mark point ( Max 2 ) MP1 When transmitting authentication data e.g. passwords, session cookies MP2 When transmitting data that must be protected from modification on its way to or from a server e.g. user input, or results from the server MP3 When transmitting data classified as non-public.
Identify the two main protocols that form Transport Layer Security (TLS) and state the purpose of each.
Protocol 1
Purpose
Protocol 2
Purpose 4 marks
Show mark scheme
10 [4 marks]
One mark for identifying a protocol and one mark for stating its purpose MP1 Handshake protocol MP2 To establish a secure and reliable connection between two devices, systems or networks // Permits the web server and client to authenticate each other to make use of encryption algorithms MP3 Record protocol MP4 Provides a secure and reliable way to send and receive data over a network // To exchange records between the client and server // Responsible for securing application data end ensuring its integrity and authenticity during transmission // Encrypts and authenticates data exchanged between a client and a server // Deals with the format for data transmission.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are two protocols.
Explain how SSL/TLS is used when client-server communication is initiated. 4 marks
Show mark scheme
7 [4 marks]
( Max 4 ) One mark for each correct marking point MP1 An SSL/TLS connection is initiated by an application/client. MP2 Every new session begins with a handshake as defined by the SSL/TLS protocols. MP3 The client requests the digital certificate from the server // The server sends the digital certificate to the client. MP4 The client verifies the server’s digital certificate MP5 … and obtains the server’s public key. MP6 The encryption algorithms are agreed. // The symmetric session keys are generated/defined. MP7 A secure session is established between client and server.
(a) Describe what is meant by a digital certificate. 3 marks
(b) Explain the role of a digital certificate in creating a digital signature. 2 marks
Show mark scheme
7(a) [3 marks]
mark per point ( max 3 ) A digital certificate is an electronic/online document. used to authenticate/prove the identity of a website/the online identity of an individual/organisation typically issued by a CA For example: it contains information identifying a website owner/individual and a public key
7(b) [2 marks]
mark per point ( max 2 ) The digital certificate provides the public key … that can be used to validate the private key associated with the organisation/website/digital signature
Sheila has a customer called Fred. Fred wants to send Sheila a confidential document as part of a transaction.
Explain how Fred uses asymmetric encryption to send his document securely. 4 marks
Show mark scheme
4 [4 marks]
mark per mark point ( Max 4 ) Sheila’s computer uses an algorithm to generate a matching pair of keys private and public Sheila’s computer sends Fred’s computer Sheila’s public key // Fred‘s computer acquires Sheila’s public key Fred’s computer encrypts the document/plain text using Sheila’s public key to create cipher text Fred’s computer sends the cipher text to Sheila’s computer The cipher text can only be decrypted using Sheila’s private key // Sheila’s computer uses Sheila’s private key to decrypt the cipher text.
(a) Describe what is meant by a digital certificate. 3 marks
(b) Explain the role of a digital certificate in creating a digital signature. 2 marks
Show mark scheme
7(a) [3 marks]
mark per point ( max 3 ) A digital certificate is an electronic/online document. used to authenticate/prove the identity of a website/the online identity of an individual/organisation typically issued by a CA For example: it contains information identifying a website owner/individual and a public key
7(b) [2 marks]
mark per point ( max 2 ) The digital certificate provides the public key … that can be used to validate the private key associated with the organisation/website/digital signature
(a) Encryption is used to alter data into a form that makes it meaningless if intercepted. 2 marks
Describe the purpose of asymmetric key cryptography.
(b) Identify two benefits and two drawbacks of quantum cryptography. 4 marks
Benefit 1
Benefit 2
Drawback 1
Drawback 2
Show mark scheme
9(a) [4 marks]
One mark per mark point ( Max 2 ) MP1 To provide better security MP2 … by using two different keys / a public key and a private key MP3 One of the keys is used to encrypt the message MP4 … the matching key is used to decrypt the message.
9(b) [5 marks]
One mark per benefit ( Max 2 ) MP1 Provides security based on laws of physics rather than mathematical algorithms, so more secure. MP2 To protect the security of data transmitted over fibre optic cables. MP3 Virtually unhackable. MP4 The performance of quantum cryptography is continuously improved, making it suitable for most valuable government/industrial secrets. MP5 Longer keys can be used MP6 Eavesdropping can be detected One mark per drawback ( Max 2 ) MP1 Lacks many vital features such as digital signature, certified mail, etc. MP2 High cost of purchasing / maintaining equipment required. MP3 Currently only works over relatively short distances. MP4 Error rates are relatively high as technology is still being developed. MP5 Polarisation of light can change during transmission. MP6 Allows criminals and terrorists to hide their communications.
(a) Encryption is used to scramble data to make it meaningless if intercepted. 2 marks
Describe the purpose of quantum cryptography.
(b) Explain the differences between symmetric and asymmetric cryptography when encrypting and decrypting data. 3 marks
Show mark scheme
5(a) [3 marks]
One mark per mark point ( Max 2 ) MP1 to produce a virtually unbreakable encryption system / send virtually un-hackable secure messages … MP2 …using the laws / principles of quantum mechanics / properties of photons MP3 detects eavesdropping … MP4 …because the properties of photons change MP5 to protect security of data transmitted over fibre optic cables MP6 to enable the use of longer keys.
5(b) [4 marks]
One mark per mark point ( Max 3 ) MP1 Symmetric cryptography uses a single key to encrypt and decrypt messages, Asymmetric cryptography uses two. MP2 The symmetric key is shared, whereas with asymmetric, only the public key is shared (and the private key isn’t). MP3 … the risk of compromise is higher with symmetric encryption and asymmetric encryption is more secure. MP4 Symmetric cryptography is a simple process that can be carried out quickly, but asymmetric is much more complex, so slower. MP5 The length of the keys in symmetric encryption are (usually) shorter than those for asymmetric (128/256 bits v 2048 bits).
(a) Encryption is used to alter data into a form that makes it meaningless if intercepted. 2 marks
Describe the purpose of asymmetric key cryptography.
(b) Identify two benefits and two drawbacks of quantum cryptography. 4 marks
Benefit 1
Benefit 2
Drawback 1
Drawback 2
Show mark scheme
9(a) [4 marks]
One mark per mark point ( Max 2 ) MP1 To provide better security MP2 … by using two different keys / a public key and a private key MP3 One of the keys is used to encrypt the message MP4 … the matching key is used to decrypt the message.
9(b) [5 marks]
One mark per benefit ( Max 2 ) MP1 Provides security based on laws of physics rather than mathematical algorithms, so more secure. MP2 To protect the security of data transmitted over fibre optic cables. MP3 Virtually unhackable. MP4 The performance of quantum cryptography is continuously improved, making it suitable for most valuable government/industrial secrets. MP5 Longer keys can be used MP6 Eavesdropping can be detected One mark per drawback ( Max 2 ) MP1 Lacks many vital features such as digital signature, certified mail, etc. MP2 High cost of purchasing / maintaining equipment required. MP3 Currently only works over relatively short distances. MP4 Error rates are relatively high as technology is still being developed. MP5 Polarisation of light can change during transmission. MP6 Allows criminals and terrorists to hide their communications.
Virtual memory, paging and segmentation are used in memory management.
(a) Explain what is meant by virtual memory . 3 marks
(b) State one difference between paging and segmentation in the way memory is divided. 1 mark
Show mark scheme
8(a) [3 marks]
One mark for each correct point ( Max 3 ) • Disk / secondary storage is used to extend the RAM / memory available • … so the CPU appears to be able to access more memory space than the available RAM • Only the data in use needs to be in main memory so data can be swapped between RAM and virtual memory as necessary • Virtual memory is created temporarily.
8(b) [1 mark]
One mark for a correct statement about the difference between paging and segmentation e.g. • Paging allows the memory to be divided into fixed size blocks and Segmentation divides the memory into variable sized blocks. • The operating system divides the memory into pages, the compiler is responsible for calculating the segment size. • Access times for paging is faster than for segmentation.
Show mark scheme
8(a)
Or R/Reset S/Set
8(b) [1 mark]
To store a binary digit / (single) bit.
8(c) [3 marks]
One mark for each point ( Max 3 ) • Correct application of De Morgan’s Law • Correct application of Double Negation Law or Distributive Law • Correct answer (A.B).(A.C).(B.D) (A.B) + (A.C) + (B.D) [1]
(A.B) + (A.C) + (B.D) [1] _ _ A. (B + C) + B.D [1]
Virtual memory, paging and segmentation are used in memory management.
(a) Explain what is meant by virtual memory . 3 marks
(b) State one difference between paging and segmentation in the way memory is divided. 1 mark
Show mark scheme
8(a) [3 marks]
One mark for each correct point ( Max 3 ) • Disk / secondary storage is used to extend the RAM / memory available • … so the CPU appears to be able to access more memory space than the available RAM • Only the data in use needs to be in main memory so data can be swapped between RAM and virtual memory as necessary • Virtual memory is created temporarily.
8(b) [1 mark]
One mark for a correct statement about the difference between paging and segmentation e.g. • Paging allows the memory to be divided into fixed size blocks and Segmentation divides the memory into variable sized blocks. • The operating system divides the memory into pages, the compiler is responsible for calculating the segment size. • Access times for paging is faster than for segmentation.
A message is to be sent securely. Software uses a key to encrypt the message before it is sent.
(a) (i) Give two reasons for using key cryptography. 2 marks
1
2
(ii) Give two methods of key cryptography that can be used. 2 marks
1
2
(b) When there is a secure exchange of key(s), the message is sent.
The use of quantum cryptography is being considered for the secure exchange.
(i) State two possible benefits of using quantum cryptography. 2 marks
1
2
(ii) State two possible drawbacks of using quantum cryptography. 2 marks
1
2
| The table sh register, the | hows assembly language instr Accumulator (ACC). | ructions for a processor that has one general purpos | |
|---|---|---|---|
| Instruction | Instruction | Explanation | |
| Label | Opcode | Operand | |
LDM |
#n |
Load the number n to ACC | |
LDD |
<address> |
Load the contents of the given address to ACC | |
LDI |
<address> |
The address to be used is at the given address Load the contents of this second address to ACC |
|
ADD |
<address> |
Add the contents of the given address to the ACC | |
STO |
<address> |
Store the contents of the ACC at the given address | |
<label>: |
<data> |
Gives a symbolic address | |
| # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 |
(a) The address 500 contains the value 100 and the address 100 contains the value 20 . 3 marks
State the addressing mode and the contents of ACC after each instruction has been executed.
LDM #500 Addressing mode
Contents of ACC
LDD 500 Addressing mode
Contents of ACC
LDI 500 Addressing mode
Contents of ACC
(b) Use only the given instruction set to write assembly language code to: 7 marks
- use the constant
20which needs to be stored
| constant to the value e result in variable Z. | e stored in the address contained in th | |
|---|---|---|
| Label | Instruction | Instruction |
| Label | Opcode | Operand |
Show mark scheme
8(a)(i) [2 marks]
two from To ensure the message is authentic // came from a trusted source To ensure that only the intended receiver is able to understand the message To ensure the message has not been altered during transmission Non-repudiation, neither the sender or receiver can deny the transmission occurred
8(a)(ii) [2 marks]
Symmetric Asymmetric
8(b)(i) [2 marks]
two from Any eavesdropping can be identified (as the state will be changed) Integrity of the key once transferred can be guaranteed (cannot be copied and decrypted at a later date) Longer/more secure keys can be exchanged
8(b)(ii) [2 marks]
two from Limited range requires dedicated fibre (optic) line and specialist hardware cost of dedicated fibre (optic) line and specialist hardware is expensive polarisation of light may be altered whilst travelling down fibre optic cables
A binary search or a linear search can be used to look for a specific value in an array.
(a) Complete this pseudocode algorithm for a linear search. 4 marks
DECLARE MyList : ARRAY[0:9] OF INTEGER
DECLARE MaxIndex : INTEGER
DECLARE Index : INTEGER
DECLARE Found : BOOLEAN
DECLARE ValueToFind :
INPUT ValueToFind
Found FALSE
# ←
Index 0
# MaxIndex ← ______ ←
REPEAT
IF MyList[Index] = ValueToFind THEN
Found TRUE
# ←
ENDIF
Index
←
UNTIL Found OR Index > MaxIndex
IF Found THEN
OUTPUT "Value found at position ", Index
ELSE
OUTPUT
ENDIF
(b) (i) State the necessary condition for a binary search. 1 mark
(ii) Describe how to perform a binary search. 4 marks
(iii) Explain how the performance of a binary search varies according to the number of values in the array. 1 mark
(c) Compare the performance of the algorithms for a binary search and a linear search using Big O notation for order of time complexity. 3 marks
Show mark scheme
8(a) [4 marks]
INTEGER
8(b)(i) [1 mark]
The list to be searched must be ordered/sorted
8(b)(ii) [4 marks]
four from Find the middle item / index Check the value of middle item in the list to be searched If equal item searched for is found If this is not equal/greater/less than the item searched for … discard the half of the list that does not contain the search item Repeat the above steps until the item searched for is found … or there is only one item left in the list and it is not the item searched for // lower bound > / = upper bound
8(b)(iii) [1 mark]
As the number of items in the list increases the time to search the list increases
8(c) [3 marks]
Linear search O(n) and Binary search O(log2n) / O(Log n) time to search increases linearly in relation to the number of items in the list for a linear search and logarithmically for a Binary search time to search increases less rapidly for a binary search and time to search increases more rapidly for a linear search
A message is to be sent securely. Software uses a key to encrypt the message before it is sent.
(a) (i) Give two reasons for using key cryptography. 2 marks
1
2
(ii) Give two methods of key cryptography that can be used. 2 marks
1
2
(b) When there is a secure exchange of key(s), the message is sent.
The use of quantum cryptography is being considered for the secure exchange.
(i) State two possible benefits of using quantum cryptography. 2 marks
1
2
(ii) State two possible drawbacks of using quantum cryptography. 2 marks
1
2
| The table sh register, the | hows assembly language instr Accumulator (ACC). | ructions for a processor that has one general purpos | |
|---|---|---|---|
| Instruction | Instruction | Explanation | |
| Label | Opcode | Operand | |
LDM |
#n |
Load the number n to ACC | |
LDD |
<address> |
Load the contents of the given address to ACC | |
LDI |
<address> |
The address to be used is at the given address Load the contents of this second address to ACC |
|
ADD |
<address> |
Add the contents of the given address to the ACC | |
STO |
<address> |
Store the contents of the ACC at the given address | |
<label>: |
<data> |
Gives a symbolic address | |
| # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 | # denotes a denary number, e.g. #123 |
(a) The address 500 contains the value 100 and the address 100 contains the value 20 . 3 marks
State the addressing mode and the contents of ACC after each instruction has been executed.
LDM #500 Addressing mode
Contents of ACC
LDD 500 Addressing mode
Contents of ACC
LDI 500 Addressing mode
Contents of ACC
(b) Use only the given instruction set to write assembly language code to: 7 marks
- use the constant
20which needs to be stored
| constant to the value e result in variable Z. | e stored in the address contained in th | |
|---|---|---|
| Label | Instruction | Instruction |
| Label | Opcode | Operand |
Show mark scheme
8(a)(i) [2 marks]
two from To ensure the message is authentic // came from a trusted source To ensure that only the intended receiver is able to understand the message To ensure the message has not been altered during transmission Non-repudiation, neither the sender or receiver can deny the transmission occurred
8(a)(ii) [2 marks]
Symmetric Asymmetric
8(b)(i) [2 marks]
two from Any eavesdropping can be identified (as the state will be changed) Integrity of the key once transferred can be guaranteed (cannot be copied and decrypted at a later date) Longer/more secure keys can be exchanged
8(b)(ii) [2 marks]
two from Limited range requires dedicated fibre (optic) line and specialist hardware cost of dedicated fibre (optic) line and specialist hardware is expensive polarisation of light may be altered whilst travelling down fibre optic cables
(a) Describe the purpose of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) 2 marks
protocols.
(b) Explain how SSL/TLS protocols are used when a client-server communication is initiated. 4 marks
Show mark scheme
8(a) [2 marks]
One mark for each correct marking point (Max 2) The SSL and TLS protocols provide communications security over the • internet / network … they provide encryption • They enable two parties to identify and authenticate each other • … and communicate with confidentiality and integrity. •
8(b) [4 marks]
One mark for each correct marking point (Max 4) An SSL/TLS connection is initiated by an application • … which becomes the client • The application which receives the connection becomes the server • Every new session begins with a handshake (as defined by the • (SSL/TLS) protocols) The client requests the digital certificate from the server // the server • sends the digital certificate to the client The client verifies the server’s digital certificate • …and obtains the server’s public key • The encryption algorithms are agreed • The symmetric • … session keys are generated / defined •
(a) Describe the purpose of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) 2 marks
protocols.
(b) Explain how SSL/TLS protocols are used when a client-server communication is initiated. 4 marks
Show mark scheme
8(a) [2 marks]
One mark for each correct marking point (Max 2) The SSL and TLS protocols provide communications security over the • internet / network … they provide encryption • They enable two parties to identify and authenticate each other • … and communicate with confidentiality and integrity. •
8(b) [4 marks]
One mark for each correct marking point (Max 4) An SSL/TLS connection is initiated by an application • … which becomes the client • The application which receives the connection becomes the server • Every new session begins with a handshake (as defined by the • (SSL/TLS) protocols) The client requests the digital certificate from the server // the server • sends the digital certificate to the client The client verifies the server’s digital certificate • …and obtains the server’s public key • The encryption algorithms are agreed • The symmetric • … session keys are generated / defined •