Public Key Infrastructure C3B Flashcards
Mechanisms to Protocols
A protocol is an orderly sequence of steps that two or more parties follow to accomplish conjoint tasks.
Repetitive vs Random
Repetitive - an attacker could intercept a daily encrypted message that was always nothing to report
Random - an attacker just waits for the day the ciphertext becomes different from before
Public Key Crytography
Asymmetric algorithms allow you to generate a key pair.
- The private key never leaves your hard drive.
- The public key is published far and wide.
Mechanisms to Protocols: Digital Signatures
A digital signature is itself a sequence of bits conforming to one of a few standards.
Mechanisms to Protocols: Session Keys
- Generate a symmetric ‘session key’
- Used only for this communication session
- Random number
- Use public key to encrypt
- Then use the session key to exchange data
Security Protocols: Man-in-the-middle Attack
- it occurs when public keys all look the same, and people exchange keys directly
- Digital Certificates are used to assure authenticity of the sender.
- Issued by third parties: certificate authorities (CA).
Certificate Authority (CA)
The CA is the final result in a long linkage of developments in applied cryptography that attempt to solve the problem of authentication.
- The CA solves the problem of authentication by trusted referral.
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
- Application
- SSL
- TCP (transmission control protocol)
- IP (Internet Protocol)
- Data Link
SSL (Secure Socket Layer)
SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers)
TLS (Transport Layer Security)
facilitate privacy and data security for communications over the Internet
