Chapter 4: Advanced Cryptography Flashcards
What are Session Keys?
Symmetric keys used to encrypt & decrypt info exchanged during the session (layer 6 of OSI model)
between browser and web server to verify integrity
What is a Digital Certificate/
Associates a user’s identity to a public key that has been “digitally signed” by a trusted third party
What is a CA?
What is a CSR?
Certificate Signing Request - Process to obtain digital certificate
What is the process of obtaining a certificate?
- Generate public and private key pair
- Sign the CSR with the public key
- Send CSR to the Registration Authority (RA) to verify authenticity
- After verification and the CSR is processed, a cert is issued via a intermediate certificate authority
What is a CR?
Certificate repository - A publicly accessible centralized directory of digital certificates used to view certificate status
What is a CRL?
Certificate Revocation List
What is OCSP?
Online Certificate Status Protocol - Performs real time look up of a certificate’s status
What is OCSP stapling?
Improves performance by positioning a digitally-signed and time-stamped version of the OCSP response directly on the webserver.
What is a Root digital certificate?
Beginning point of the chain, created & verified by a CA;
Self-signed & does not depend on a higher authority
What is Certificate chaining?
Process of verifying a digital vertificate is genuine
What is a User digital certificate?
End point of the chain
What is a web of trust in trust models?
A user signs a digital certificate then exchanges it with all other users
What is PKI?
Public Key Infrastructure - A framework for all entities involved in digital certificates
What is a third-party trust in trust models?
Two parties trust eachother because they both trust a third party that knows them individually
A trust eachother B, because they both trust C
What is a Hierarchial Trust Model?
Signs all digital certificate authorities with a single key (Root)
What is a Distributed Trust Model?
Multiple certificate authorities that sign digital certificates
What is a Bridge Trust Model?
One CA interconnects with other CA’s
What is a CP?
Certificate Policy - A publish set of rules that govern operation of a PKI
What is a CPS?
A technical document that describes in detail how the CA uses & manages certificates
What is an Escrow?
A process where keys are managed by a third pary such as trusted certificate authority
What is Revocation?
Early revoking - cannot be renewed
Why is TLS better than SSL?
It removes support for MD5 and SHA-224, requires use of Perfect Forward Secrecy for public key–based key exchange, and encrypts handshake messages after the ServerHello exchange.
What is a Cipher Suite?
It is a named combination of the encryption, authentication, and message authentication code (MAC) algorithms that is used with TLS.
What is IPSec?
A protocol suite for securing IP (Network Layer) communications
-Transparent
-Authenticates packets received
-Manages keys to ensure they are not intercepted
What is S/MIME?
Secure/Multipurpse Internet Mail Extensions - A protocol fo secring email messages
What is SRTP/
Secure Real-time Transport Protocol - A secure extension protecting transmisson using Real-time Transport Protocol
What is a block cipher mode of operation?
Specifies how block ciphers should handle these blocks
What is CBC?
Cipher Block Chaining - Output of a round of encryption as input for next-round
What is GCM?
Galois/Counter - A mode both encrypts plaintext and computes a message authentication code (MAC) to ensure that the message was created by the sender and that it was not tampered with during transmission
What determines Key Strength?
- Randomness
- Cryptoperiod
- Key Length
IPSec is considered a transparent security protocol, what does that entail?
-Programs do not hae to be modified to run under IPSec
- No user training
- Does not require software changes
