Lecture 3: 25th September 2019 Flashcards

Crypto hashes & PKI

1
Q

What are cryptographic hashes?

A

A mathematical function or algorithm which takes an input of arbitrary size and returns an output (digest) of a fixed size. It is used to implement mechanisms that transform communications to make them hard to decipher to aid confidentiality and privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the properties of cryptographic hashes?

A

pre-image resistance: can’t easily find an input that produces a given output

weak collision resistance: given one (fixed) input and its hash, can’t easily find another input that gives the same hash

strong collision resistance: can’t find any (variable) pair of inputs that give the same hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are one-way hash functions?

A

A mathematical function or algorithm which takes an input of arbitrary size and returns an output (digest) of a fixed size for which it is hard to find an input for a given output, nor an input whose hash is the same as another given input (pre-image resistance and weak collision resistance).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a message authentication code?

A

A short piece of data attached to messages to authenticate them generated from a keyed hash function using the message data and a symmetric key known to the sender and receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are message authentication codes made?

A

A keyed hash function combines the message data with a symmetric key known to the sender and receiver to generate a MAC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Digital Signature Algorithm?

A

A mathematical process that generates public and private keys with prime numbers and modular arithmetic to facilitate the use of digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does the Digital Signature Algorithm work?

A

Make keys:

Choose two primes, p (large) and q and choose a random number x between 0 and q. Let g be the result of a math equation on p and q. Let y = (g ^ x) mod p.

private key is {p, q, g, x} and public key is {p, q, g, y}

Then to sign a message:

Take a hash function H (often one of the SHA series)
Let h = the hash of the message
Choose random k, 0 < k < q
Compute r = ((g ^ k) mod p) mod q
Compute i such that k ∗ i mod q = 1
Compute s = i ∗ (h + r ∗ x) mod q = 1
Package the signature as {r,s}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a certificate?

A

A digital code generated using public-key encryption and a one-way hash function that is authenticated by a trusted third party or certificate authority to verify a message’s integrity and authenticate the sender’s claimed identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a certificate aka?

A

Certificates are aka digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are certificates made from?

A

Certificates are formed from the digest of a message through a hash function (integrity) encrypted by the sender’s private encryption key (authenticity), along with a label to show the claimed identity of the sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a digital fingerprint?

A

The output of a one-way fingerprinting (hash) function applied to a message used to verify the integrity of the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do digital signatures work? Give the concept, not the algorithm.

A

The digital fingerprint (hash digest) is encrypted with the sender’s private key to form the digital signature and sent with message. The receiver uses the sender’s public key to decrypt to find the digital fingerprint. The receiver then independently hash the original message themselves. Authenticity and integrity verified iff the two hash digests are the same.

Confidentiality can also be added. The sender can generate a random key and use it to encrypt the message. They can then encrypt the key with the receiver’s public key and send it with the message. The receiver can decrypt the key with their private key to view the original message and perform the same above integrity and authenticity verification checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do digital signatures, message digests, and cryptographic protocols give in terms of the original aims of security?

A

A digital signature gives authenticity

A message digest gives integrity

Cryptographic protocols give confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is PGP?

A

Pretty Good Privacy is a protocol and set of software that uses encryption for privacy and authentication based on validity assessed by the trust in another party, which propagates in a web and increases for users over time, without relying on any certificate authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does PGP work?

A

Users sign documents with their keys. Trust networks built up, with users trusting those who they trust also trust. Users go through the multiple levels of trust over time as their trust is established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the levels of trust in PGP?

A

Untrusted, marginal trust (at least one other trusted user must vouch for a new public key), full trust (trust user to provide their keys without further verification), and implicit trust (for keys that you own). Trusted keys are added to a “key ring” for each user.

17
Q

What is Public Key Infrastructure?

A

A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption to aid trusted communication by verifying the authenticity, integrity, and configuration of messages.

18
Q

What are the possible states of certificates used in PKI?

A

Construction; issuance; signing; confirmation / denial; invalidation

19
Q

What are certificate authorities?

A

Trusted entities that control the distribution of digital certificates in a network. A Certificate Authority can issue certificates, schedule revocation and publish revocation lists.

CAs distribute certificates and certifies identities through registration and identity-public key bindings. note some argue should be private key.

20
Q

How are certificate authorities related?

A

In a hierarchical tree with a trusted root CA that controls other CAs that may be local or remote to users.

21
Q

What are the consequences of the hierarchical nature of the relations between different certificate authorities?

A

Certificates can be hierarchical => very long, having to pass through multiple levels to the root CA.

22
Q

How are CAs on the lower level of the tree related?

A

They certify each other.

23
Q

What is pre-image resistance in hash algorithms?

A

can’t easily find an input that produces a given output

24
Q

What is weak collision resistance in hash algorithms?

A

given one (fixed) input and its hash, can’t easily find another input that gives the same hash

25
Q

What is strong collision resistance in hash algorithms?

A

can’t find any (variable) pair of inputs that give the same hash

26
Q

What is the difference between a MAC, digital signature, digital fingerprint, and certificate?

A

Digital signature = certificate.

A digital fingerprint is the hash of a message that is encrypted with the sender’s private key to form a digital signature.

A MAC is a short piece of data attached to messages to authenticate them generated from a keyed hash function using the message data and a symmetric key known to the sender and receiver.

Both MACs and digital signatures chiefly verify integrity and authenticity but digital signatures can also provide confidentiality.

27
Q

What is a digital signature?

A

A digital code generated using public-key encryption and a one-way hash function that is authenticated by a trusted third party or certificate authority to verify a message’s integrity and authenticate the sender’s claimed identity.

28
Q

Of what are certificates in PKI composed?

A

Subject’s public key and the certificate and private key of the issuer CA.

29
Q

What is the X.509 standard?

A

A standard format of public-key certificates.

30
Q

What are the fields in X.509 certificates?

A

unique ID; subject; signature algorithm used; signature; issuer; valid from; valid until; key-usage (how to use public key); public key; thumbprint algorithm; thumbprint.