SB 9: Trust in Keys Flashcards

1
Q

What is the difference between a session key and an interchange key?

A

Interchange key: a key associated with a principal to a communication. Can convince the reciever the sender is who they say they are. Used for all sessions. Changes independently of session inititation and termination.

Session key: a key associated with the communication itself. Generated for a single session and discarded once the session ends. Prevents forward search attacks.

The distinction lies in the difference between a communication and a user involved in the communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can keys be exchanged?

A
  1. The key is enciphered before sent OR it must be derived without an exchange of data from which the key can be derived
  2. A 3rd party can be used
  3. The cryptosystems and protocols are publicly known. The key(s) is the only secret data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a certificate?

A

A token that binds an identity to a key. Contains information like timestamp, public key and a representation of the identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can a certificate be validated?

A
  1. Tree-like hierarchy
  2. An arbitrary arrangement of certifiers that rely on each individuals knowledge of the certifiers.

By obtaining the public key and doing a comparison between the computed hash value and the desiphered hash value of the certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What fields can exist in a certificate?

A

There are fields containing various information such as who the certificate was issued to, information about the public key, etc. Lastly the signature, an ensiphered hash of all other fields. Depending on the protocol used the fields can vary slightly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a certificate authority?

A

An entity that issues certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the PKI?

A

It manages public keys and certificate authorities. It is complex because of different requirements for different protocols.

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations).[1] The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mention a problem with PKI

A

The heart of any PKI is trust. Trusting that the identity is correct and trusting that the private keys are properly protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you store keys?

A

Public keys only need integrity protection. Private keys need confidentiality as well. The storage of public keys is therefore not the big issue.

  1. Store on a separate device
  2. (Better) Split the key then store it on a separate device.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a principal?

A

a unique entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an identity (in computer science)?

A

specifies a principal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of using identity when dealing with cryptography?

A

Accountability: it can track principals actions. Who did what can then be identified.
Access control: requires an identity to determine what actions are allowed and not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is key management?

A

The distribution of keys. Mechanisms used to bind an identity to a key. The generation, maintenance and revoking of such keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does the symmetric cryptographic key exhange work?

A

It relies on a trusted 3rd party “C”. “A” shares a secret key with “C”. “B” shares a different secret key with “C”. The goal is to provide a secret key that “A” and “B” share.

Vulnerable to a replay attack.
The basis for many more sophisticated protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly