Chapter 8 - Encryption Flashcards
What are self-executing contracts?
Contracts with code-defined terms that execute actions automatically when conditions are met.
What are the commercial uses of blockchain?
Companies like IBM promote blockchain for commercial purposes, using permissioned blockchain for business transactions.
How does blockchain enhance trust and transparency?
Through an immutable public ledger that ensures data integrity.
What is the role of blockchain in supply chain management?
Provides transparency and traceability, ensuring compliance and quality control with immutable records.
What is a key feature of blockchain?
Decentralization, which eliminates the need for central authorities.
What does an immutable ledger ensure?
Data integrity, as records cannot be altered or deleted.
What is the digital evolution impact of blockchain?
It reshapes traditional systems, offering transparency, efficiency, and trust in the digital era.
What is a TPM (Trusted Platform Module)?
A dedicated microcontroller for hardware-level security that protects digital secrets.
What is the function of an HSM (Hardware Security Module)?
Safeguards and manages digital keys in a tamper-proof environment.
What does a Key Management System do?
Manages, stores, distributes, and retires cryptographic keys.
What is a secure enclave?
A coprocessor integrated into the main processor for secure data processing and storage.
What is steganography?
A technique that conceals a message within another to hide its existence.
What is tokenization?
The process of substituting sensitive data with non-sensitive tokens.
What is data masking?
The process of disguising original data to protect sensitive information.
What are cryptographic attacks?
Techniques used to exploit vulnerabilities in cryptographic systems.
What is a downgrade attack?
An attack that forces systems to use weaker cryptographic standards.
What is a collision attack?
An attack that finds two different inputs producing the same hash output.
What is the Birthday Paradox in cryptography?
The probability that two distinct inputs will produce the same hash output.
What is quantum computing?
A computing technology that uses quantum mechanics to access enormous processing power.
What are qubits?
Quantum bits that can represent multiple combinations of ones and zeros simultaneously.
What is the threat of quantum computing to traditional encryption?
It poses a threat by enabling rapid factorization of large prime numbers.
What is post-quantum cryptography?
Cryptographic algorithms designed to be secure against quantum computing attacks.
What is one method for creating post-quantum cryptography?
Increasing the key size to raise the number of permutations needed for brute force.
What are the NIST selected post-quantum cryptography standards?
CRYSTALS-Kyber, CRYSTALS-Dilithium, FLACON, SPHINCS+.
What is the NIST symmetric approved encryption standard?
AES (Advanced Encryption Standard) // the only widely used symmetric encryption standard
What are the use cases for symmetric/asymmetric encryptions?
Symmetric:
*bulk encryption
*good efficiency with large datasets
*fast encryption
Asymmetric:
*key exchange (to continue with the symmetric)
*authentication
*digital signatures
What are the CIAN components of asymmetric encryption?
C-Confidentiality: only the recipient can decrypt the data
I , A - Integrity/Authentication: creation of a hash digest of the message
N - Non repudiation through digital signature; everybody with a public key can verify senders identity
Name the Common Asymmetric Algorithms:
*Diffie-Hellman - used for key exchange and VPN tunnel establishment
*RSA - key exchange, encryption, digital signatures, MFA
*ECC (Elliptic Curve Cryptography) - 6 times more efficient than RSA - therefore used for low-power computing; variants: ECDH (EC Diffie-Hellman); ECDHE (EC Diffie-Hellman Ephemeral; ECDSA (EC Digital Signature Algorithm)
Name Common Hashing Algorithms:
*MD5 (Message Digest Alg 5) - legacy, not used anymore - led to collisions
*SHA (Secure Hash Algorithm) - now third iteration (SHA-3) is used (224-512 bit hash digests)
*RIPEMD (RACE Integrity Primitive Evaluation Message Digest) - opensource SHA competitor but less popular
*HMAC (Hash Based Message Authentication Code) - always paired with other hash method; checks message integrity and authenticity
Name common Signature Algorithms:
*DSA (Digital Security Algorithm) - used for digital signatures
*RSA - digital signatures; encryption and key distribution (including code signing)
Public Key Infrastructure (PKI) Components are:
*Certificate Authority (issuer of certificates)
*Registration Authority (middle man between users and CA)
*Certification Revocation List (CRL) -
*Online Certificate Status Protocol (OCSP) - real time alternative to CRL (faster, less secure)
*Digital Certificates - issues by CA to link a public key to an entity
*Public/Private Keys
*Key Management System (generation, storage, distribution and destruction)
*Trust Model
*End entities
What’s a Key Escrow?
A secure, third-party location for storing cryptographic keys; enables key retrieval in case of loss so that encrypted data is not permanently inaccessible if lost
What are the types of Digital Certificates?
*Wildcard Certificate - one certificate applies to all subdomains
*Subject Alternate Name (SAN) field - one certificate applies to not only subdomains but also a different sites related to the same Root Domain
*Single-sided Certificate - only requires one server to be validated
*Dual-sided - only for the really high security stuff; requires more processing power
*Self-Signed Certificates - for testing or closed environments
*Third Party Certificates (parties: DigiCert, GlobalSign, Sectigo, GoDaddy, Entrust)
What is “Obsfucation”? What are the methods?
It’s a process of obscuring the data so when it’s captured it’s harder to extract any valuable information.
*steganography (message within a message)
*tokenization (substitution of valid data with tokens of no intrinsic value)
*data masking (disguising some parts of the information)
