Module 7 Flashcards

1
Q

What are the two keys used with asymmetric cryptography? What are the uses of assymetric cryptography?

A
  • 2 keys: Public key (can be distributed and shared), private key (must be kept confidential)
  • 2 uses:
    1. Encrypts or decrypts a set of data
    2. used as proof to verify a “signature” of the sender
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a digital signature? What is it’s weakness?

A
  • Electronic verification of the sender
  • Weakness: Only proves the owner of the private and key and does not confirm the true identity of the sender
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a digital certificate?

A

A technology used to associate a user’s identity to a public key and that has been “digitally signed” by a trusted third party”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a certification authority (CA)?

A

Entity that is responsible for digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some of the ways a digital certificate may be authenticated?

A
  • Email
  • Documents
  • In person
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a certificate repository (CR)?

A
  • A certificate repository (CR) is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is certificate revocation? What are two ways you check if a certificate is revoked?

A

Expiration of a digital certificate to ensure security is not compromised

Methods to see if a certificate is revoked:

  1. certificate revocation list (CRL) is a list of certificate serial numbers that have been revoked
  2. Online Certificate Status Protocol (OCSP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a root digital certificate?

A
  • A certificate that is created and verified by a CA.
  • Root certificate trusts the intermediate certificates which is the next level down
  • Self signed and does not depend on higher authority for authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a domain digital certificate?

A
  • Certificates that ensure the authenticity of the web server to the client and the authenticity of the cryptographic connection to the web server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the different types of domain validation digital certificates? (hint 4)

A
  1. Domain Validation: Certification that verifies the identity of the entity that has control over the domain name
  2. Extended Validation (EV): Certificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.
  3. Wildcard: Certificate used to validate a main domain along with all subdomains.
  4. Also known as a Unified Communications Certificate (UCC), certificate primarily used for Microsoft Exchange servers or unified communications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name 3 Hardware and Software Digital Certificates:

A
  1. Machine/Computer digital Certificate: Certificate used to verify the identity of a device in a network transaction.
  2. Code signing digital certificate: Used by software developers to digitally sign a program to prove that the software comes from the entity that signed it
  3. Email Digital certificate: certificate that allows a user to digitally sign and encrypt mail messages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the standard format for digital certificates? What certificate attributes make up this format?

A
  • X.509
  • Attributes that must be included are the certificate validity period, end-host identity information, encryption keys that will be used for secure communications, the signature of the issuing CA, and the common name (CN).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is public key infrastructure? (PKI)

A

underlying infrastructure for the management of public keys used in digital certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a trust model?

A

The type of trust relationship that can exist between individuals or entities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Hierarchical trust model?

A
  • Public Key infrstructure (PKI) trust model
  • assigns a single hierarchy with one master CA called the root. The root signs all digital certificate authorities with a single key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Distributed trust model?

A
  • Public Key infrstructure (PKI) trust model
  • has multiple CAs that sign digital certificates.
17
Q

What is a Bridge trust model?

A
  • Public Key infrstructure (PKI) trust model
  • one CA acts as a facilitator to interconnect all other CAs. The facilitator CA does not issue digital certificates; instead, it acts as the hub between hierarchical trust models and distributed trust models, linking the models together
18
Q

What is a certificate policy?

A
  • published set of rules that govern the operation of a PKI. The CP provides recommended baseline security requirements for the use and operation of CA, intermediate CA, and other PKI components.
19
Q

What is a certificate practice statement (CPS)?

A

describes in detail how the CA uses and manages certificates.

20
Q

What are the 4 parts of a certificate life cycle?

A
  1. Creation
  2. Suspension
  3. Revocation
  4. Expiration
21
Q

Proper key management includes ______________, _____________, and _________________ procedures.

A
  1. Key storage
  2. Key usage
  3. Key handling
22
Q

Name 7 of the key handling procedures:

A
  1. Escrow: A process in which keys are managed by a third party, such as a trusted CA.
  2. Expiration: Date at which keys no longer function
  3. Renewal: renewing a key
  4. Revocation: getting rid of key before its expiration permanently
  5. Recovery: Key recovery agent recovers lost or damaged digital certificates
  6. Suspension: Temporarily getting rid of a key
  7. Destruction: Removes all private and public keys along with the user’s identification information in the CA
23
Q

What is Secure sockets layer (SSL)?

A
  • An early and widespread cryptographic transport algorithm that is now considered obsolete.
24
Q

What is SSL stripping?

A

An attack that manipulates SSL functions by intercepting an HTTP connection.

25
Q

What is Transport layer security (TLS)?

A
  • A widespread cryptographic transport algorithm that replaces SSL.
    • More secure and fixes vulnerabilities
26
Q

What is a cipher suite?

A

A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS and SSL.

27
Q

What is Secure shell (SSH)?

A
  • An encrypted alternative to the Telnet protocol that is used to access remote computers.
28
Q

What is Hypertext Transport Protocol Secure (HTTPS)?

A
  • HTTP sent over TLS (Transport Layer Security) or SSL (Secure Sockets Layer).
29
Q

What is Secure/Multipurpose Internet Mail Extensions (S/MIME)?

A

A protocol for securing email messages.

30
Q

What is Secure Real-time Transport Protocol (SRTP)?

A
  • A protocol for providing protection for Voice over IP (VoIP) communications.
31
Q

What is Internet Protocol Security (IPsec)?

A
  • A protocol suite for securing Internet Protocol (IP) communications.
    • authenticates each IP packet of a session between hosts or networks.
  • Provides authentication, confidentiality, and key management
  • Two encryption modes:
    1. Transport Mode: An IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.
    2. Tunnel Mode: An IPsec mode that encrypts both the header and the data portion.
32
Q

What is a cryptographic key?

A
  • a value that serves as input to an algorithm, which then transforms plaintext into ciphertext (and vice versa for decryption).
  • A key, which is essentially a random string of bits, serves as an input parameter for hash, symmetric encryption, and asymmetric cryptographic algorithms.
33
Q

What characteristics determine key strength?

A
  • Randomness (no predictable pattern)
  • cryptoperiod, or the length of time for which a key is authorized for use.
  • Length of the key (key space)
34
Q

What is a block cipher mode of operation?

A
  • How block ciphers handle blocks of ciphertext by using a symmetric key block cipher algorithm to provide an information service.
  • Could either be an:
    • authentication mode of operation** **(credentialing service)
    • Unathentification** **mode of operation** **(confidentiality service)
35
Q

Provide 4 examples of block cipher mode of operation:

A
  1. Electronic Code Book (ECB).
  2. Cipher Block Chaining (CBC)
  3. Counter (CTR)
  4. Galois/Counter (GCM)
36
Q

What does a crypto service provider do?

A
  • allows an application to implement an encryption algorithm for execution.
  • providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users by calling various crypto modules to perform the specific tasks.