General Security 3 Flashcards
Which ways are there to transfer Keys
Out-of-Band key exchange
* Not sent over net
* Courier, Telephone, in-person
In-Band key exchange
* Exchange on network
* Additional encryption of key
* Use of asymetric encryption to deliver symmetric key
How to encrypt/decrypt in real time?
- Client - Server want to communicate
- Client creates symmetric key
- Client uses servers public key to encrypt symmetric key
- Client sends encrypted symmetric key to server
- Server decrypts symmetric key with own private key
- Symmetric key is now session key
How to get symmetric keys from asymetric keys?
- Use public and private key cryptography to create a symmetric key
- Bob combines his private key with
Alice’s public key to create a symmetric key - Alice combines her private key with
Bob’s public key to create the same symmetric key
What is a TPM?
Trusted Platform Module
* Specialized cryptographic hardware processor
* Random number generator, key generators
* Persistent memory: Unique keys burned in
* Versatile memory: Storage keys, hardware configuration information
* Password protected (Can not be Brute Forced)
What is a Hardware Security Module?
- Used in large environments
- High-end Cryptographic Hardware
- Key-backup: secure storage in hardware
What is a Key management System?
- Centralized System to manage keys
- Also seperates keys from Data intended to protect
- Associates keys with specific users
- Rotate keys on regular intervals
- Log key use and important events
What is a Secure Enclave?
- Protected area storing especially sensitive information
- Often omplemented as hardware processor / Chip
- Isolated from main processor
Features:
* Has its own boot ROM
* Monitors system Boot process
* True random number generator
* Real-time memory encryption
What are common Stenography Techniques?
Network Based
* Embedded message inside TCP packets
- Image
- Audio Stenography
- Video Stenography
What is Tokenization?
- Replace sensitive Data with a non-sensitive placeholder
- Example: Credit Card Processing
- Original Data and token are not mathematically related
What is Data Masking?
- Hiding parts of the original data