1.4 Flashcards
Public Key Infrastructure, Encrypting data, Key exchange, Encryption technologies, Obfuscation, Hashing and digital signatures, Blockchain technology, Certificates
PKI stands for
Public Key Infrastructure
Policies, procedures, hardware, software, and people that are responsible for creating, distributing, managing, storing, and revoking digital certificates
Also used to describe the binding of public keys to people or devices
PKI (Public Key Infrastructure)
A type of encryption that uses a single, shared key to encrypt and decrypt data
Symmetric encryption
AKA secret key, shared secret
A type of encryption that does not scale very well and is challenging to distribute
Symmetric encryption
AKA secret key, shared secret
A type of encryption that is very fast and has little overhead
Symmetric encryption
AKA secret key, shared secret
A type of encryption that uses two mathematically-related keys to encrypt and decrypt data
One key is public and one key is private; the private is used to decrypt data encrypted with the public key
The private key cannot be derived from the public key
Asymmetric encryption
True/False
In asymmetric encryption, the public and private keys are created separately at different times
False. They are created simultaneously and are mathematically related.
A third party that holds and manages decryption keys. This may be within your own organization.
ex. If there are large amounts of keys
ex. Necessary if the employee using that key is no longer part of the company, but the organization needs access to past messages
Key escrow
A type of encryption that is slow to use and involves implementing complex mathematics with very large prime numbers (lots of overhead)
Asymmetric encryption
A type of encryption that protects all of the data in an entire storage device
Full-disk encryption
A type of encryption that protects all of the data in a partition
Partition-level encryption
A type of encryption that protects a single file
File encryption
Which types of encryption do BitLocker and FileVault provide? (2 types)
Full-disk and volume-level encryption
Which type of encryption does EFS provide?
File encryption
A type of encryption that protects a volume
Volume-level encryption
Difference between a volume and a partition?
A partition is a logical division of a disk.
A volume is a logical assembly of two or more partitions used as a mass storage container.
As a filing cabinet, the filing cabinet itself is the disk drive. The drawers represent partitions. A volume is like labeling the top two drawers for “C” and the bottom two drawers “D”. C drawers are alphabetized, and D drawers are organized by date.
A type of encryption that protects all the data stored in a database
Database-level encryption
A type of encryption that encrypts all of the data stored in the database with a symmetric key
Transparent encryption
A type of encryption that protects individual columns within a database.
It uses separate symmetric keys for each column.
Record-level encryption
Why is record-level encryption useful? Why not just encrypt the entire database?
It makes querying the database very hard to do without unencrypting the entire database. This provides unnecessary risk.
By keeping some information (names, ID numbers) unencrypted, a typical user can search common info without having access to privileged information. SSNs and other sensitive info can remain encrypted.
What type of encryption does HTTPS and VPNs provide?
Transport/communication encryption
A type of encryption that protects data traversing through a network
Transport/communication encryption
True/False
The people on both sides of the encryption need to agree on which type of encryption to use based on speed, security level, and complexity of implementation. They need to use compatible encryption methods.
True
True/False
Smaller keys provide stronger encryption
False; the opposite is true
A method of making a weak/small key stronger by performing the encryption algorithm multiple times on the single piece of data
Key stretching
The method of sharing an encryption key across an insecure medium without physically transferring the key
Key exchange
A key exchange method in which you send the symmetric key over a medium other than the internet/network (telephone, courier, in-person, etc.)
Out-of-band key exchange
A key exchange method in which you send the symmetric key over the network, protected with additional asymmetric encryption
This is common for keys that are used for only a short period of time ex. Session keys
In-band key exchange
True/False
Session keys are ephemeral keys, which means they need to be changed often
Session keys also need to be unpredictable
True
An algorithm that combines public and private keys in order to generate the same symmetric key on both sides of the communication, without actually sending the key.
For example, Bob’s laptop combines Bob’s private key and Alice’s public key to make a symmetric key.
Alice’s laptop combines Alice’s private key and Bob’s public key to make a symmetric key.
Because they are both mathematically related, the same symmetric key is generated.
Key exchange algorithm
AKA public and private key cryptography
A standardized piece of hardware specifically designed to provide cryptographic functions for the device it is installed on
It is a cryptographic processor. It can generate random numbers or keys.
It also has persistent memory, meaning there are unique keys that are burned in during manufacturing that can help with full disk encryption.
TPM (Trusted Platform Module)
2 types of memory possessed by the TPM
Persistent memory
There are unique keys burned into it during manufacturing that can be used for full disk encryption
Versatile memory
It can store different sets of keys and hardware configuration information
It can securely store BitLocker keys