ch 4 Flashcards
define key strength
primary characteristics that determine the resiliency of the key to attacks, randomness, length of key, crypto period.
what are the different block cypher modes
(ECB) Electronic code book
(CBC) cipher block chaining
(CTR) Counter
(GCM) Galois/counter
Block cypher mode that each possible block of plaintext has a defined corresponding ciphertext value and vise versa
(ECB) electronic code book
block cipher mode in which a sequence of bits are encrypted as a single unit or blocked with a cipher key applied to the entire block.
(CBC)cipher block chaining
block cipher mode in which value that is encrypted and given as input to XOR with plaintext which results in cyphertext block
(CTR) Counter
Symmetric key that provides both privacy and integrity encryption
(GCM) Galois/ Counter
Generates keys, provides key storage’s implements cryptographic algorithms. can be implemented in software or hardware
Crypto service provider
a value that can be used to ensure that plaintext when hashed, will not consistently result in the same digest.
salt
input value that must be unique with some specified scope
Nonce
arbitrary number that can be used along with a secret key for data encryption
(IV) Initializing Vector
used to prove a document originated from a valid sender. they only show the private key of the sender was used to encrypt the digital sender.
digital certificates
used to help solve the problem of verifying identity
trusted third party
associated a users identity to a public key
digital certificate
responsible for digital certificates
(CA) Certificate authority
also known as a (CSR) Certificate signing request.
digital certificate
what is the process for the CSR
user signs the CSR then sends it to the intermediate CA, intermediate CA verifies the CSR and authenticity. intermediate CA’s process the certificates request, verifies the identity of the individual.
what do you do to ensure the integrity of a Root CA (the beginning stage of a certificate)
keep it offline from the network
publicly accessible centralized directory of digital certificates can be managed locally by a storage are connected to the CA server
(CR) Certificate Repository
cert is no longer in use details have changed and the private key lost or stolen cert has been revoked
certificate revocation
cert serial numbers that have been revoked
(CRL) certification revocation list
performs real time lookup of the certificate status, called a request response protocol
(OCSP) Online certificate status protocol
OCSP where web servers send queries to the OCSP responder server at regular intervals to receive a signal time stamped response.
OCSP stapling
what are the common digital certs
Root cert, domain certs, hardware and software certs
the process of verifying a digital certificate
certificate chaining
endpoint of the chain of certificate chaining
user digital certificate
the beginning of the chain of certificate chaining
root digital certificate
performs two primary functions: authenticity of the web server to the client, authenticity of the cryptographic connection to web servers.
domain digital certificates
Verifies the identity of the entity that has control over the domain name.
domain validation
requires more extensive verification of the legitimacy of the business.
(EV) extended validation
used to validate a main domain along with subdomains.
wildcard
also known as a unified communications certificate, primarily used for Microsoft exchange servers or unified communications.
(SAN) Subject alternative name
division that defines the most widely accepted digital certs
(ITU) Telecommunications Standardization Sector
what is the standard certificate
x.509
what does BER stand for
basic encoding rules
what does CER stand for
cononical encoding rules
what does DER stand for
Distinguished encoding rules
framework for all entities involved in digital certs
(PKI) Public key Infrastructure
what doe the cert management facilitate by PKI
create/ store/ distribute/ revoke
confidence or reliance
trust
trust relationship between individual and entities
trust model
trust model where one person knows the other person
direct trust
two individuals trust each other because of the trust of a third party
third party trust
assign a single hierarchy with one master CA called the Root.
Hierarchical trust model
A single CA private key could be compromised. could also create a significant backlog
trust model limitations
multiple CA’s sign digital certificates
Distributed trust model
One CA acts as a facilitator to interconnect connect all other CA’s
bridge trust model
governs operations of a PKI
certificate policy (CP)
technical document in detail on how the CA uses and manages certs
(CPS) Certificate practice statement
occurs after user is positively identified
creation
may occur when employee is on a leave of absence
suspension
cert is no longer valid
revocation
key can no longer be used
expiration
public key storage embedded within digital certs, private key on users local system
key management
removes all public and private keys and the users identification from the CA.
destruction
uses AES, developed by netscape, most common transport algorithms
(SSL) Secure Socket Layer
SSLv.3 served as the basis for TLS v1.0, current version is TLS v1.2
(TLS) Transport Layer Security
named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS
Cipher suite
determined by overall security
length of keys
it is a LINUX/UNIX based command interface and protocol. used to access remote computers, can be used for a tool for secure network backups.
(SSH) Secure Shell
Common use of TSL and SSL, The secure version is actually “PLAIN” HTTP sent over SSL or TLS. Uses port 443 instead of HTTP’s port 80.
(HTTPS) Hypertext Transport Protocol Secure
Secures email messages/ as well as digitally signed email messages.
(S/MIME) Secure/ Multipurpose Internet Main Extensions
Provides protection for Voice over IP (VoIP). Adds security features such as messages authentication and confidentiality for VoIP Communications.
(SRTP) Secure Real-Time Transport Protocol
Considered to be transparent security protocol, Provides three areas of protection, Authentication, Confidentiality, Key Management. Supports two encryption modes.
(IPsec) IP security
Encrypts only the data portion of the packet.
Transport
Encrypts both the header and the data portion.
Tunnel
