Lesson 3: Explain Cryptographic Solutions Flashcards
What is cryptography?
The art of securing information by encoding it, transforming plaintext into ciphertext to protect data from unauthorized access.
Define plaintext in cryptographic terms.
Unencrypted data.
Define ciphertext in cryptographic terms.
Encrypted data.
What is an algorithm in cryptography?
The process of encryption/decryption.
What is cryptanalysis?
The study of breaking cryptographic systems.
List the three main types of cryptographic algorithms.
- Hashing algorithms
- Symmetric ciphers
- Asymmetric ciphers
What do hashing algorithms ensure?
Data integrity.
What is a characteristic of symmetric ciphers?
Use a single shared key.
What is a characteristic of asymmetric ciphers?
Utilize a public/private key pair.
What do Hashing Algorithms do?
These algorithms convert input data into fixed-length digest, ensuring data integrity by allowing verification of data without revealing the original content.
What is the mechanism of symmetric encryption?
Uses the same key for both encryption and decryption.
This makes it efficient for large data sets.
What is the primary advantage of symmetric encryption?
Speed, making it ideal for bulk data encryption.
What is a disadvantage of symmetric encryption?
The secure exchange of the encryption key can be a vulnerability.
Give an example of a widely used symmetric cipher.
The Advanced Encryption Standard (AES).
What are the variations of AES indicative of?
The key size, such as AES-128 and AES-256.
Provide a use case for Symmetric Encryption
Commonly used in securing data at rest and in transit, such as in file encryption and VPNs.
Streaming services.
What is the mechanism of asymmetric encryption?
A public key is used for encryption and a paired private key for decryption.
What is a key advantage of asymmetric encryption?
Secure key exchange since the public key can be shared openly.
What is a drawback of asymmetric encryption?
It is slower and requires more computational resources.
What is a common use case for asymmetric encryption?
To encrypt symmetric session keys.
Name two popular asymmetric encryption algorithms.
- RSA
- ECC (Elliptic Curve Cryptography)
What do hashing algorithms produce?
They convert input data into a fixed-length string of characters, which is unique to the input data.
What is the primary use of hashing algorithms?
To ensure data integrity.
Allowing verification of data without revealing the original content.
Name a common hashing algorithm.
SHA (Secure Hash Algorithm), specifically SHA-256.
MD5 is a less secure hashing algorithm and considered obsolete for sensitive applications.
What is collision resistance in hashing?
Minimizing the chances of two different inputs producing the same hash output.
Provide examples of when hashing algorithms are used
*Password Storage
*Digital Signatures
*Data Integrity Checks
What do digital signatures combine to ensure security?
Hashing and asymmetric encryption.
These ensure both data integrity and authenticity of the sender.
What is the process of creating a digital signature?
The sender creates a message digest using a hashing algorithm and signs it with their private key.
The recipient can verify the signature using the sender’s public key.
Why are digital signatures important?
They ensure that the message has not been altered and confirm the sender’s identity.
Provide a use case of a Digital Signature
Commonly used in software distribution, financial transactions, and legal documents to provide non-repudiation.
(ex. A signature at the bottom of an NDA)
What role do Certificate Authorities (CAs) play in PKI?
They validate the legitimacy of public key owners.
They are trusted entities, and ensure secure communications.
What are the types of CAs?
- Private CAs (Certificate Authorities) for internal communications
- Third-party CAs (e.g., DigiCert, Let’s Encrypt) for public communications
What are the functions of a CA (Certificate Authorities)?
Issue, validate, revoke, and manage digital certificates.
What are the possible trust models for a CA (Certificate Authorities)?
The root of trust can be
*Single CA - simple but vulnerable
*Hierarchical CA - creates a chain of trust
What is revocation for a CA (Certificate Authorities)?
Revocation is the process of invalidating a digital certificate before its scheduled expiration date, often done when a certificate’s private key is compromised or the CA no longer trusts the certificate.
How does a CA (Certificate Authorities) manage revocation?
CAs (Certificate Authorities) manager certificate revocation through mechanisms like Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP)
What is a digital certificate?
A digital certificate wraps a public key with details about the issuer and the subject. This establishes trust in the key’s authenticity.
What components are typically included in a digital certificate?
- The public key
- Information about the certificate authority
- The validity period
What is Root of Trust?
The root CA (Certificate Authorities) is the top-level CA that signs the intermediate CAs, creating a hierarchical trust model.
What are common certificate formats?
X.509 - widely used in various applications, including SSL/TLS
How do you manage digital certificates?
Digital certificates require careful management to ensure they are valid and not compromised.
What is data protection? (regarding encryption)
Encryption is essential for protecting data at rest, transit, and in use, ensuring confidentiality and integrity.
Many industries are required to implement encryption to comply with data protection regulations.
What is used for Bulk Encryption?
Symmetric ciphers like AES are commonly used for bulk encryption due to their speed and efficiency.
What is Key Exchange Mechanisms?
The combination of symmetric and asymmetric encryption, this allows for secure key exchange while maintaining performance.
Provide use cases of encryption
*Secure file storage
*Email encryption
*VPNs
What is full disk encryption (FDE)?
Protects the entire disk, ensuring that all data is encrypted and inaccessible without proper authentication.
Commonly used in organizations to protect sensitive data form unauthorized access.
What is volume encryption?
Provide and example
Applies encryption to specific volumes, allowing for more granular control over data security. (ex. Microsoft BitLocker)
What is file encryption?
Targets individual files for encryption, providing flexibility in protecting sensitive information.
What is Data encryption levels?
The different scopes or locations where encryption can be applied to protect data, ranging from encrypting entire disks to specific columns within a database.
Includes Transparent Data Encryption (TDE) for encrypting data on disk and record-level encryption for more specific data protection.
What is transport encryption?
Secures data in transit, protecting it from interception during transmission.
What are common protocols for Transport Encryption?
Common protocols include TLS (Transport Layer Security) and IPsec, which provide secure communication channels over networks.
What is a key exchange? (Transport Encryption)
Secure key exchange mechanisms are essential for establishing encrypted sessions without exposing keys.
What is Integrity Checking? (Transport Encryption)
Hash-based Message Authentication Code (HMAC) is often used to ensure data integrity during transmission.
When is Transaction Encryption used?
Transport Encryption is used in web browsing, email, and secure file transfer protocols.
What is Perfect Forward Secrecy (PFS)?
Ensures that session keys are not compromised even if the private key is compromised in the future.
It is increasingly important in the context of growing cyber threats and data breaches.
How does PFS (Perfect Forward Secrecy) work?
PFS (Perfect Forward Secrecy) utilizes ephemeral session keys generated through protocols like Diffie-Hellman (D-H) to establish secure sessions.
What are the benefits of PFS (Perfect Forward Secrecy)?
PFS (Perfect Forward Secrecy) enhances security by ensuring that past and future sessions remain secure even if a key is compromised.
What is a use case for PFS (Perfect Forward Secrecy)?
Commonly implemented in secure communication protocols to enhance data security.
What is salting in password security?
Adding a unique random value to passwords before hashing.
This helps to prevent precomputed attacks (ex. rainbow tables)
What does key stretching do?
Extends low-entropy keys to create more secure versions.
This makes brute-force attacks more difficult (ex. PBKDF2 used in WPA)
What is the importance of Salting and Key Stretching?
Both techniques enhance password security and are critical in protecting user credentials.
When are Salting and Key Stretching implemented?
Widely used in password storage systems to ensure that even if a database is compromised, the passwords remain secure.
What is blockchain technology?
A decentralized ledger technology that records transactions in a secure and immutable manner.
What is Integrity Assurance? (Blockchain Technology)
Each block is cryptographically linked to the previous one, ensuring data integrity and preventing tampering.
When is Blockchain Technology used?
Blockchain Technology is used in various fields, including finance (cryptocurrencies), supply chain management, and identity verification.
What are the benefits of Blockchain Technology?
Blockchain Technology provides transparency, security, and trust in digital transactions without the need for intermediaries.
What are the challenges with Blockchain Technology?
Scalability, energy consumption, and regulatory concerns are significant challenges facing Blockchain Technology.
What is steganography?
The practice of hiding data within other files.
What is Data Masking?
Redacts sensitive information in data sets for analysis while preserving the usability of the data.
What is tokenization?
Replaces sensitive data with non-sensitive tokens stored in a secure vault.
What are common use cases of Obfuscation techniques?
Commonly used in data privacy regulations to protect personal information while allowing data analysis.
What is the importance of Obfuscation techniques?
Obfuscation techniques are essential for maintaining privacy and security in data handling practices.
