Chapter 4 - Advanced Cryptography And PKI Flashcards

1
Q

Key strength

A

The resiliency of a key to resist attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Three primary characteristics that determine the resiliency of the key to attacks

A

1) Randomness
2) length of key
3) cryptoperiod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cryptoperiod

A

The length of time for which a key is authorized for use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Block cipher mode of operation

A

A process that specifies how block ciphers should handle plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Most common block cipher modes of operation

A

1) Electronic Code Book (ECB)
2) Cipher Block Chaining (CBC)
3) Counter (CTR)
4) Galois/Counter (GCM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Electronic Code Book (ECB)

A

A process in which plaintext is divided into blocks and each block is then encrypted separately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cipher Block Chaining (CBC)

A

A process in which each block of plaintext is XORed with the previous block of ciphertext before being encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Counter (CTR)

A

A process in which both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Galois/Counter (GCM)

A

A process that both encrypts and computes a message authentication code (MAC).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Crypto service provider

A

A service used by an application to implement cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Crypto modules

A

Cryptography modules that are invoked by crypto service providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Algorithm input values

A

1) salt

2) nonce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Nonce

A

A value that must be unique within some specified scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Initialization vector (IV)

A

A nonce that is selected in a non-predictable way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Salt

A

A value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Digital certificate

A

A technology used to associate a users identity to a public key and that has been digitally signed by a trusted third party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Certificate Signing Request (CSR)

A

A user request for a digital certificate.

Ex. Car title application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Intermediate certificate authority (CA)

A

An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA).

Ex. Visit county courthouse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Certificate Authority (CA)

A

The entity that is responsible for digital certificates. Also called a root CA.

Ex. Title sent from state DMV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Certificate Repository (CR)

A

A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Certificate revocation list (CRL)

A

A list of certificate serial numbers that have been revoked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Online certificate status protocol (OCSP)

A

A process that performs a real-time lookup of a certificate’s status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Stapling

A

A process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Certificate chaining

A

Linking several certificates together to establish trust between all the certificates involved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

User digital certificate

A

The end-point of the certificate chain.

26
Q

Root digital certificate

A

A certificate that is created and verified by a CA. The beginning point of the certificate chain.

27
Q

Pinning

A

Hard-coding a digital certificate within a program that is using the certificate.

28
Q

Key exchange

A

The handshake setup between web browser and web server.

30
Q

Domain validation digital certificate

A

Certificate that verifies the identity of the entity that has control over the domain name.

31
Q

Extended validation certificate (EV)

A

Certificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.

32
Q

Wildcard digital certificate

A

Certificate used to validate a main domain along with all subdomains.

33
Q

Subject Alternative Name (SAN)

A

Also known as a Unified Communications Certificate (UCC), certificate primarily used for Microsoft Exchange servers or unified communications.

34
Q

Hardware and software digital certificates

A

1) machine digital certificate
2) code signing digital certificate
3) email digital certificate

35
Q

Machine digital certificate

A

Certificate used to verify the identity of a device in a network transaction.

36
Q

Code signing digital certificate

A

Certificate used by software developers to digitally sign a program to prove that the software comes from the entity that signed it and that no unauthorized third party has altered it.

37
Q

Email digital certificate

A

A certificate that allows a user to digitally sign and encrypt mail messages.

38
Q

All X.509 certificates follow the standard ITU-T X.690, which specifies one of three different encoding formats..

A

1) Basic Encoding Rules (BER)
2) Canonical Encoding Rules (CER)
3) Distinguished Encoding Rules (DER)

39
Q

Privacy Enhancement Mail (PEM)

A

An X.509 file format that is designed to provide confidentiality and integrity to emails, it uses DER encoding and can have multiple certificates.

40
Q

Personal Information Exchange (PFX)

A

An X.509 file format that is the preferred file format for creating certificates to authenticate applications or websites, PFX is password protected because it contains both private and public keys.

41
Q

PKCS#12

A

An X.509 file format that is one of a numbered set of 15 standards defined by RSA Corporation, it is based on the RSA public key algorithm and like PFX contains both private and public keys.

42
Q

Public key infrastructure (PKI)

A

The underlying infrastructure for the management of public keys used in digital certificates.

43
Q

Three PKI trust models

A

1) hierarchical trust model
2) distributed trust model
3) bridge trust model

44
Q

Hierarchical trust model

A

PKI trust model that assigns a single hierarchy with one master CA who signs all digital certificate authorities with a single key.

45
Q

Distributed Trust model

A

PKI trust model that assigns multiple CA’s to sign digital certificates.

46
Q

Bridge trust model

A

PKI trust model where one CA acts as facilitator to interconnect all other CA’s. The facilitator CA does not issue digital certificates; instead, it acts as the hub between hierarchical trust models and distributed trust models.

47
Q

Certificate policy

A

A published set of rules that govern the operation of a PKI. Provides recommended baseline security requirements for the use and operation of CA, intermediate CA, and other PKI components.

48
Q

Certificate Practice Statement (CPS)

A

Describes in detail how the CA uses and manages certificates.

49
Q

Object identifier (OID)

A

A designator made up of a series of numbers separated with a dot which names an object or entity.

50
Q

Key escrow

A

A process in which keys are managed by a third party, such as a trusted CA.

51
Q

Secure Sockets Layer (SSL)

A

An early and widespread cryptographic transport algorithm; now considered obsolete.

52
Q

Transport Layer Security (TLS)

A

A widespread cryptographic transport algorithm. Current versions v1.1 and v1.2 are considered secure.

53
Q

Secure Shell (SSH)

A

An encrypted alternative to the Telnet protocol that is used to access remote computers.

54
Q

Hypertext Transport Protocol Secure (HTTPS)

A

HTTP sent over SSL (Secure Sockets Layer) or TLS (Transport Layer Security).

55
Q

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A

A protocol for securing email messages.

56
Q

Secure Real-time Transport Protocol (SRTP)

A

A protocol for providing protection for Voice over IP (VoIP) communications.

57
Q

Internet Protocol Security (IPsec)

A

A protocol suite for securing Internet Protocol (IP) communications.

58
Q

Authentication Header (AH)

A

An IPSec protocol that authenticates that packets received were sent from the source.

59
Q

Encapsulating Security Payload (ESP)

A

An IPSec protocol that encrypts packets.

60
Q

Transport mode

A

An IPSec mode that encrypts only the data portion (pay-load) of each packet yet leaves the header unencrypted.

61
Q

Tunnel mode

A

An IPSec mode that encrypts both the header and the data portion.

62
Q

Session keys

A

Symmetric keys used to encrypt and decrypt information exchanged during the session and to verify its integrity.