M4: Key establishment and certificate management - C.4 & C.8 Flashcards
What is entity authentication?
M4: Key establishment and certificate management - C.4 & C.8
It’s the process of verifying the identity of a communicating party.
What is a session key?
M4: Key establishment and certificate management - C.4 & C.8
A session key is a temporary symmetric key used for securing communications during a session.
What’s the difference between key transport and key agreement?
M4: Key establishment and certificate management - C.4 & C.8
Key transport involves one party choosing and sending the key, while key agreement involves both parties contributing to the key.
What is mutual authentication?
M4: Key establishment and certificate management - C.4 & C.8
It’s when both parties in a communication prove their identities to each other.
What is a replay attack?
M4: Key establishment and certificate management - C.4 & C.8
It’s when an attacker captures and reuses a message from a previous session to gain unauthorized access.
What is a reflection attack?
M4: Key establishment and certificate management - C.4 & C.8
It’s when an attacker tricks a party into proving its identity to itself, often by replaying messages.
What is a relay attack?
M4: Key establishment and certificate management - C.4 & C.8
It’s when an attacker forwards messages between two parties to make them believe they are communicating directly.
What is a middle-person attack?
M4: Key establishment and certificate management - C.4 & C.8
It’s when an attacker intercepts and possibly alters the communication between two parties without their knowledge.
What is the purpose of time-variant parameters (TVPs)?
M4: Key establishment and certificate management - C.4 & C.8
TVPs ensure the uniqueness and freshness of protocol messages to prevent replay attacks.
What is Diffie-Hellman key agreement?
M4: Key establishment and certificate management - C.4 & C.8
It’s a method for two parties to establish a shared secret over an insecure channel.
main weakness of basic Diffie Hellman?
M4: Key establishment and certificate management - C.4 & C.8
It is vulnerable to middle-person attacks because it doesn’t authenticate the parties.
What is the Station-to-Station (STS) protocol?
M4: Key establishment and certificate management - C.4 & C.8
It’s an extension of Diffie-Hellman that includes authentication using digital signatures.
What is a key distribution center (KDC)?
M4: Key establishment and certificate management - C.4 & C.8
It’s a trusted server that generates and distributes session keys to parties that don’t share long-term keys.
What is a key translation center (KTC)?
M4: Key establishment and certificate management - C.4 & C.8
It’s a server that helps one party encrypt a session key for another party, reducing key distribution complexity.
Why is it important to avoid reusing session keys?
M4: Key establishment and certificate management - C.4 & C.8
Reusing session keys can make them vulnerable to attacks and increase the risk of key leakage.
What is a public-key certificate?
M4: Key establishment and certificate management - C.4 & C.8
It’s a data structure that links a public key to an owner, verified by a Certification Authority (CA).
Why is the authenticity of a public key important?
M4: Key establishment and certificate management - C.4 & C.8
To ensure the public key belongs to the correct owner and prevent misuse by attackers.
What role does a Certification Authority (CA) play?
M4: Key establishment and certificate management - C.4 & C.8
A CA verifies and signs certificates, asserting the ownership of public keys.
What is a Distinguished Name (DN) in a certificate?
M4: Key establishment and certificate management - C.4 & C.8
It’s a unique identifier for the certificate’s owner, including attributes like Country., Organization, and Common-Name.
What is the purpose of the validity period in a certificate?
M4: Key establishment and certificate management - C.4 & C.8
It specifies the dates between which the certificate is valid and can be trusted.
What is a Certificate Revocation List (CRL)?
M4: Key establishment and certificate management - C.4 & C.8
It’s a list of certificates that have been revoked before their expiration date, issued by a CA.
What is the difference between a CRL and delta CRLs?
M4: Key establishment and certificate management - C.4 & C.8
Delta CRLs are updates to a base CRL, making it easier to manage and distribute revocation information.
What is the Online Certificate Status Protocol (OCSP)?
M4: Key establishment and certificate management - C.4 & C.8
It’s a method for checking the real-time status of a certificate’s validity.
What is Trust on First Use (TOFU)?
M4: Key establishment and certificate management - C.4 & C.8
It’s when a certificate is trusted the first time it’s seen, without prior verification, assuming it’s genuine.
What is a trust anchor in PKI?
M4: Key establishment and certificate management - C.4 & C.8
It’s a pre-trusted public key used to start the validation chain for certificates.
What is the purpose of certificate extensions in X.509v3?
M4: Key establishment and certificate management - C.4 & C.8
They provide additional information and constraints, like key usage and subject alternate names.
What is a bridge CA?
M4: Key establishment and certificate management - C.4 & C.8
It’s a CA used to connect multiple CA domains, reducing the complexity of cross-certifications.
What is a strict CA hierarchy?
M4: Key establishment and certificate management - C.4 & C.8
It’s a tree structure of CAs with a single root CA at the top, issuing certificates down the hierarchy.
What is the browser trust model?
M4: Key establishment and certificate management - C.4 & C.8
Browsers use a list of trusted root CAs to validate server certificates, without cross-certificates between CAs.
What is the main challenge with managing long-term private keys?
M4: Key establishment and certificate management - C.4 & C.8
Ensuring they are securely stored and protected from offline password-guessing attacks
