Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security > Key Management > Flashcards

Key Management Flashcards

1
Q

Crypto period

A

The crypto period is the time span during which a specific key is authorized for use.
The processing period can continue after the protection period. The crypto-period lasts from the beginning of the protection period to the end of the processing period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Understand requirements for key distributions with and without PKI

A

Symmetric secret keys: Confidentiality required.

Asymmetric public keys: Authenticity required.

Asymmetric public keys with PKI: Authenticity required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PKI

A

Public-Key Infrastructure.
Cryptography solves security problems in open networks, but creates key distribution challenges. Public-key cryptography simplifies the key distribution, but requires a PKI which creates trust management challenges

PKI consists of:
– Policies (to define the rules for managing certificates)
– Technologies (to implement the policies and generate,
store and manage certificates)
– Procedures (related to key management)
– Trust model of public-key certificates (how the
certificates are cryptographically linked to each other)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Understand requirements for type of protection needed (confidentiality or integrity)

A

..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Certificates

A
  • A public-key certificate is a
    record of data, including the
    subject distinguished name andits public key, all digitally signed
    by a CA (Certificate Authority).
  • Binds name to public key
  • An authentic copy of the CA’s public key is needed in order to validate the certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ideas, content, issuing, managing of certificates and PKI

A

..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PKI trust model

A

• Advantages:
– works well in highly-structured setting such as military and
government
– unique certification path between two entities (so finding certification
paths is trivial)
– scales well to larger systems

• Disadvantages:
– need a trusted third party (root CA)
– ‘single point-of-failure’ target
– If any node is compromised, trust impact on all entities stemming
from that node
– Does not work well for global implementation (who is root TTP?)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The strength of cryptographic security depends on

A
  1. The size of the keys
  2. The robustness of cryptographic algorithms/protocols
  3. The protection and management afforded to the keys. (Key management)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Key Protection

A 
Symmetric ciphers
– Never stored or transmitted ‘in the clear’
– May use hierarchy: session keys encrypted with master key
– Master key protection:
• Locks and guards
• Tamper proof devices
• Passwords/passphrases
• Biometrics

Asymmetric ciphers
– Private keys need confidentiality protection
(“Master Key”)
– Public keys need integrity/authenticity protection
(“PKI”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information Security (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions