Week 2 - Cryptography Aplications

Question 1

What is PKI (Public Key Infrastructure)?

Answer 1

a system that defines the creation, storage, and distribution of digital certificates

Question 2

What is a digital signature?

Answer 2

a file that proves an entity owns a certain public key

Question 3

What 3 things does a certificate contain?

Answer 3

1. Info on Public Key
2. Registered Owner
3. Digital Signature

Question 4

What does CA stand for?

Answer 4

Certificate Authority

Question 5

What is a CA responsible for?

Answer 5

storing, issuing, and signing certificates

Question 6

What does RA stand for?

Answer 6

Registration Authority
verifying the identities of any entities requesting certificates to be signed and stored with the CA (certificate authority)

Question 7

What does CRL stand for?

Answer 7

Certificate revocation list

Question 8

What does a CRL list provide?

Answer 8

a list of certificates that are no longer valid (certificate revocation list)

Question 9

What does the X.509 standard define?

Answer 9

defines the format of digital certificates

Question 10

What are the fields are defined in a X.509 standard?

Answer 10

defines the format of digital certificates

Question 11

What are the fields are defined in a X.509 standard?

Answer 11

1. Version
2. Serial number
3. Certificate signature algorithm
4. Issuer name
5. Validity

Question 12

What are the 9 fields defined in a X.509 certificate?

Answer 12

1. Version
2. Serial number
3. Certificate signature algorithm
4. Issuer name
5. Validity
6. Subject
7. Subject public key info
8. Certificate signature algorithm
9. Certificate signature value

Question 13

What does CRL stand for?

Answer 13

Certificate Revocation List

Question 14

What is a certificate revocation list (CRL)?

Answer 14

distributes a list of certificates that are no longer valid

Question 15

What does the X.509 standard define?

Answer 15

defines the format of digital certificates

Question 16

How does HTTPS protect us on the internet?

Answer 16

encapsulates the HTTP traffic over an encrypted secure channel using TLS or SSL

Question 17

What does HTTPS stand for?

Answer 17

HyperText Transport Protocol (Secure)

Question 18

What is HTTPS also called?

Answer 18

HTTP over SSL or TLS (what it uses to encapsulate traffic)

Question 19

When was SSL 3.0 deprecated?

Answer 19

2015

Question 20

What is TLS?

Answer 20

Provides a secure channel for an application to communicate with the service

(that’s independent of HTTPS but is used with it)

Question 21

What are some examples that use TLS to secure communications? (4)

Answer 21

secure web browsing (HTTPS), email (SMTP/POP3 over TLS), online banking logins, and secure file transfers (FTPS) - any sensitive information

Question 22

What is a session key?

Answer 22

a temporary, randomly generated cryptographic key used to encrypt and decrypt data during a single communication session

Question 23

What is the session key derived from?

Answer 23

a master key using cryptographic algorithms

Question 24

How do you defend against having your session key compromised?

Answer 24

use HTTPS across their entire website and strengthen session management

Question 25

What does SSH stand for

Answer 25

Secure Shell

Question 26

What is SSH?

Answer 26

a network protocol that allows users to securely communicate and share data between two computers over an unsecured network

Question 27

What protocol is most commonly used for remote login to command-line-based system?

Answer 27

SSH (Secure Shell), which provides a secure way to access a remote computer’s shell and execute commands

Question 28

What key does SSH use to authenticate the remote machine the client is connecting to?

Answer 28

the remote machine’s public key

Question 29

What is PGP?

Answer 29

Pretty Good Privacy, a data encryption program that allows users to securely send and receive messages and files

Question 30

What does PGP do?

Answer 30

encrypts and decrypts messages, authenticates messages with digital signatures, and encrypts files

Question 31

What is PGP commonly used in?

Answer 31

Email encryption, File encryption, Digital signatures, Software signing

Question 32

How secure is PGP?

Answer 32

extremely safe, if used correctly and securely - uses algorithms that are considered unbreakable

Question 33

What does VPN stand for?

Answer 33

Virtual private network

Question 34

What does a VPN allow you to do?

Answer 34

Hide your identity, Encrypt your data, Protect your privacy, Protect business communications, Avoid surveillance, Manage your online bank accounts

Question 35

VPN is like an ____ ____ where…

Answer 35

encrypted tunnel” where your internet traffic is securely channeled through a remote server

Question 36

What is a point-to-point VPN connection?

Answer 36

a secure connection between two devices or networks over the internet that encrypts data to prevent it from being intercepted

Question 37

What does IPsec stand for?

Answer 37

Internet Protocol Security

Question 38

What is IPsec?

Answer 38

a group of protocols that encrypts and authenticates IP packets to secure communications over networks

Question 39

What 2 modes of operations does IPsec support?

Answer 39

transport mode and tunnel mode

Question 40

How does IPsec work?

(the process, where is it sent)

Answer 40

creating a secure “tunnel” between two devices, encrypting data packets before sending them across a network

Question 41

What’s the difference between transport mode and tunnel mode for IPsec?

Answer 41

Tunnel Mode provides end-to-end security by encrypting the entire IP packet, Transport Mode only encrypts the payload of the packet; Tunnel Mode is used for connecting entire networks, Transport Mode is used for host-to-host communication.

Question 42

OpenVPN operates over either ____ or ____

Answer 42

UDP (User Datagram Protocol) or TCP (Transmission Control Protocol)

Question 43

OpenVPN operates over port….?

Answer 43

UDP port 1194 by default, but can also use TCP port 443

Question 44

Where is a Trusted Platform Module located?

Answer 44

on a computer’s motherboard as a separate chip, but it can also be built into the chipset

Question 45

How does a TPM work?

Answer 45

A Trusted Platform Module (TPM) is a security chip that protects a computer or mobile device by storing and using cryptographic keys, and confirming the authenticity of the device’s software and firmware

Question 46

What is remote attestation?

Answer 46

a security mechanism that allows a remote device to prove its identity and integrity to a remote party

Question 47

What is data binding and sealing for TPM?

Answer 47

“data binding” refers to the process of encrypting data using a key generated by the TPM, essentially linking the data to that specific device, while “sealing” takes this a step further by only allowing decryption of the data if the system is in a specific configuration (like a certain set of platform measurements) at the time of decryption, effectively preventing access to the data if the system state has changed

Question 48

What is a secure element?

Answer 48

a microprocessor chip that protects and stores sensitive data in a device

Question 49

What is TEE?

Answer 49

Trusted Execution Environment (TEE) is a method of protecting sensitive data and operations in a device by isolating them in a secure area

Question 50

TPMs are most commonly used to: (3)

Answer 50

to help protect encryption keys, user credentials, and other sensitive data.

Question 51

What does FTE encrypt? [Full disk encryption]

Answer 51

all data on a disk drive, including the operating system, applications, and user data