Cryptography Misc Flashcards

1
Q

Trusted Platform Module (TPM)

A

security chip installed on motherboards that manages symmetric and asymmetric keys, hashes and digital certificates

Helps protect passwords, encrypt drives, manage digital rights, making it harder to access computers with TPM enabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TPM Uses

A

Binding - binds hard drive to computer through encryption. Hard drive contents only available on that computer

Sealing - seals system state to particular HW, SW configuration, preventing changes to the system. System can only boot after TPM verifies integrity by comparing original hash value of system configuration to hash value at boot time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TPM Details

A

Uses static and dynamic memory to retain information when PC is powered off

Memory used in TPM chip:

Endorsement Key (EK) - persistent memory installed by mfr that contains public / private key pair

Storage Root Key (SRK) - persistent memory that secures keys stored in the TPM

Attestation Identity Key (AIK) - Dynamic memory that ensures integrity of EK

Platform Configuration Registration (PCR) Hashes - dynamic memory that stores data hashes for the sealing function

Storage Keys - Dynamic memory that contains the keys used to encrypt storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Encryption Communication Levels

Link Encryption

A

Encrypts all data transmitted over a link

Data Link Control information needed to transmit data correctly, is only part not encrypted

Header Information is decrypted so routing can occur, then re-encrypted before sending to next device

Used over public communication links to ensure security and privacy

Protects against packet sniffers, other eavesdropping

All data encrypted, no user interaction required

Each device data transmitted through must receive the key, key changes must be transmitted to each device on the route and packets are decrypted at each device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption Communication Levels

End-to-End Encryption

A

Encrypts less of the packet than Link Encryption

Packet routing information, packet headers and addresses are not encrypted, exposing more information

Advantages
Every device in path doesn’t have to encrypt / decrypt to determine routing

user selects exactly what gets encrypted and how

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Email Security

PGP

A

Provides email encryption use different technologies

Provides confidentiality, integrity, authenticity based on the encryption methods used

Provides key management using RSA and web of trust

Public key rings of all users stored on each users’s computer in a key ring file. In that, each user assigned level of trust. Users in web vouch for each other

Users can choose level of trust and change it if needed

Compromise of user’s public key requires that key is removed from key ring of all users

Provides data encryption using IDEA

Provides data integrity if using MD5

Provides authentication with public certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Email Security

Secure MIME (S/MIME)

A

Adheres to PKCS, Public Key Cryptography Standards

Encryption provides confidentiality
Hashing provides integrity
Public Key certificates provide authentication
Message digests provide nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Quantum Cryptography

A

combines quantum physics and cryptography

offers possibility of factoring products of large prime numbers

provides strong encryption, eavesdropping detection

excellent choice for organizations transmitting top secret data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internet Security

A

Remote Access allows direct dial-in or access over the internet

Organization ensures data protection with encryption

RA servers can require encrypted connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internet Security

SSL

A

Secure Sockets Layer provides encryption, server and client authentication and message integrity

Allows application to have encrypted, authenticated communication over network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Internet Security

TLS

A

Transport Layer Security - open community standard that provides many of the same services as SSL

TLS 1.0 based on SSL 3.0 but is more extensible

Goal of TLS is privacy and data integrity between two communicating applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Internet Security

HTTPS

A

HTTP Secure - http over SSL / TLS protocol

not same as Secure HTTP which encrypts a single message, not entire session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Internet Security

SET

A

Secure Electronic Transaction (SET)

Never fully adopted. Secures credit card transactions based on X.509 certificates and asymmetric keys. Would have required full cooperation of financial institutions, credit card users, wholesale, retail firms, payment gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Internet Security

Secure Shell

A

SSH - application and protocol used to remotely log into other computer using secure tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internet Security

Internet Protocol Security

A

IPSEC

Suite of protocols that establish secure channel between two devices

AH - Authenticating Headers provide authentication and integrity

ESP - Encapsulating Security Payload provides authentication, integrity and encryption

SA - Secure Association is a record of a device’s configuration that needs to participate in IPSEC

SPI - Security Parameter Index is a table that tracks different SA’s used and ensures device uses appropriate SA to communicate with other device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IPSEC’s Two Modes

A

Transport or Tunnel Mode
Both can be used for gateway-gateway or host-gateway IPSEC communication

Transport Mode protects only message payload
Tunnel Mode protects payload, routing, header

Internet Key Exchange (IKE) is common key exchange method used with IPSEC. combines OAKLEY and Internet Security Association and Key Mgmt Protocol (ISAKMP)

Authentication methods include pre-shared keys, certificates, PKI

Most secure implementations of pre-shared keys require PKI but not necessary if preshared key based on simple passwords