Week 2 - Cryptography Applications Flashcards

1
Q

What is PKI (Public Key Infrastructure)?

A

a system that defines the creation, storage, and distribution of digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a digital signature?

A

a file that proves an entity owns a certain public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What 3 things does a certificate contain?

A
  1. Info on Public Key
  2. Registered Owner
  3. Digital Signature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does CA stand for?

A

Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a CA responsible for?

A

storing, issuing, and signing certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does RA stand for?

A

Registration Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the RA responsible for?

A

verifying the identities of any entities requesting certificates to be signed and stored with the CA (certificate authority)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does CRL stand for?

A

Certificate revocation list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a CRL list provide?

A

a list of certificates that are no longer valid (certificate revocation list)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the X.509 standard define?

A

defines the format of digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the fields are defined in a X.509 standard?

A
  1. Version
  2. Serial number
  3. Certificate signature algorithm
  4. Issuer name
  5. Validity
    6.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe the

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 9 fields defined in a X.509 certificate?

A
  1. Version
  2. Serial number
  3. Certificate signature algorithm
  4. Issuer name
  5. Validity
  6. Subject
  7. Subject public key info
  8. Certificate signature algorithm
  9. Certificate signature value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does CRL stand for?

A

Certificate Revocation List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a certificate revocation list (CRL)?

A

distributes a list of certificates that are no longer valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the X.509 standard define?

A

defines the format of digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How does HTTPS protect us on the internet?

A

encapsulates the HTTP traffic over an encrypted secure channel using TLS or SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does HTTPS stand for?

A

HyperText Transport Protocol (Secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is HTTPS also called?

A

HTTP over SSL or TLS (what it uses to encapsulate traffic)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When was SSL 3.0 deprecated?

A

2015

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is TLS?

A

Provides a secure channel for an application to communicate with the service

(that’s independent of HTTPS but is used with it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are some examples that use TLS to secure communications? (4)

A
  1. VoIP calls (skype, hangouts)
  2. email
  3. instant messaging
  4. wifi network security
23
Q

What is a session key?

A

the shared symmetric encryption key used in TLS sessions to encrypt data sent back and forth

24
Q

What is the session key derived from?

A

the public-private key

(so if the private key is compromised, an attacker can decode all previously sent encoded messages)

25
Q

How do you defend against having your session key compromised?

A

using forward secrecy (cryptographic system), so that if the private key is compromised the session keys are still safe

26
Q

What does SSH stand for?

A

Secure Shell

27
Q

What is SSH?

A

a secure network protocol that uses encryption to allow access to a network service over unsecured networks

28
Q

What protocol is most commonly used for remote login to command-line-based system?

A

SSH (Secure Shell)

(but the protocol is super flexible)

29
Q

What key does SSH use to authenticate the remote machine the client is connecting to?

A

SSH uses public-key cryptography

30
Q

What is PGP?

A

Pretty Good Privacy

31
Q

What does PGP do?

A

encryption app that uses asymmetric encryption and allows authentication of data, with privacy from 3rd parties

32
Q

What is PGP commonly used in?

A

encrypted mail communication

33
Q

How secure is PGP?

A

Very secure with no known mechanisms to break the encryption via cryptographic or computational means (military-grade encryption)

(police and govt even have issues recovering data sometimes)

34
Q

What does VPN stand for?

A

Virtual Private Network

35
Q

What does a VPN allow you to do?

A

a mechanism that allows you to remotely connect a host/network to an internal private network while passing the data over a public channel (like the internet)

36
Q

VPN is like an ____ ____ where…

A

VPN is like an encrypted tunnel where all of the remote system’s network traffic flows through

(packets are channeled transparently through the remote private network)

37
Q

What is a point-to-point VPN connection?

A

Connects by bridging 2 gateways (private networks) through an encrypted tunnel

38
Q

What does IPsec stand for?

A

Internet Protocol Security

39
Q

What is IPsec?

A

It’s a VPN protocol that was designed in conjunction with IPV6

40
Q

What 2 modes of operations does IPsec support?

A
  1. Transport mode
  2. Tunnel mode
41
Q

How does IPsec work?

(the process, where is it sent)

A

It encrypts an IP packet and encapsulates that encrypted packet inside an IPsec packet and sent to the VPN end-point to get decapsulated/decrypted

42
Q

What’s the difference between transport mode and tunnel mode for IPsec?

A

Transport mode - only the payload of the packet is encrypted, header untouched
Tunnel mode - entire IP packet (w/ header) is encrypted/encapsulated inside a new IP packet with new headers

43
Q

OpenVPN operates over either ____ or ____

A

TCP or UDP

44
Q

OpenVPN operates over port….?

A

Port 1194

45
Q

Where is a Trusted Platform Module located?

A

It’s a hardware device that’s typically integrated into the hardware of a computer that is a dedicated crypto processor

46
Q

How does a TPM work?

A

it has a unique secret RSA key burned into the hardware at the time of manufacture (which allows things like hardware authentication and prevents changes)

47
Q

What is remote attestation?

A

idea of a system authenticating its software and hardware configuration to a remote system

48
Q

What is data binding and sealing for TPM?

A

using the secret key to derive a unique key that’s used for encryption of data

49
Q

What is a secure element?

A

a tamper-resistant chip often embedded in the microprocessor or integrated into the mainboard of a mobile device (securely stores crypto keys and provides a secure environment for apps)

50
Q

What is TEE?

A

Trust execution environment - full blown isolated execution environment that runs alongside the OS

51
Q

TPMs are most commonly used to: (3)

A
  1. ensure platform integrity
  2. prevent unauthorized changes to the system (hardware, software, encryption)
  3. protect contents of the entire disc
52
Q

What does FTE encrypt? [Full disk encryption]

A

the entire drive of the system (not just the files)

53
Q
A