Week 2 - Cryptography Applications Flashcards
What is PKI (Public Key Infrastructure)?
a system that defines the creation, storage, and distribution of digital certificates
What is a digital signature?
a file that proves an entity owns a certain public key
What 3 things does a certificate contain?
- Info on Public Key
- Registered Owner
- Digital Signature
What does CA stand for?
Certificate Authority
What is a CA responsible for?
storing, issuing, and signing certificates
What does RA stand for?
Registration Authority
What is the RA responsible for?
verifying the identities of any entities requesting certificates to be signed and stored with the CA (certificate authority)
What does CRL stand for?
Certificate revocation list
What does a CRL list provide?
a list of certificates that are no longer valid (certificate revocation list)
What does the X.509 standard define?
defines the format of digital certificates
What are the fields are defined in a X.509 standard?
- Version
- Serial number
- Certificate signature algorithm
- Issuer name
- Validity
6.
Describe the
What are the 9 fields defined in a X.509 certificate?
- Version
- Serial number
- Certificate signature algorithm
- Issuer name
- Validity
- Subject
- Subject public key info
- Certificate signature algorithm
- Certificate signature value
What does CRL stand for?
Certificate Revocation List
What is a certificate revocation list (CRL)?
distributes a list of certificates that are no longer valid
What does the X.509 standard define?
defines the format of digital certificates
How does HTTPS protect us on the internet?
encapsulates the HTTP traffic over an encrypted secure channel using TLS or SSL
What does HTTPS stand for?
HyperText Transport Protocol (Secure)
What is HTTPS also called?
HTTP over SSL or TLS (what it uses to encapsulate traffic)
When was SSL 3.0 deprecated?
2015
What is TLS?
Provides a secure channel for an application to communicate with the service
(that’s independent of HTTPS but is used with it)
What are some examples that use TLS to secure communications? (4)
- VoIP calls (skype, hangouts)
- instant messaging
- wifi network security
What is a session key?
the shared symmetric encryption key used in TLS sessions to encrypt data sent back and forth
What is the session key derived from?
the public-private key
(so if the private key is compromised, an attacker can decode all previously sent encoded messages)
How do you defend against having your session key compromised?
using forward secrecy (cryptographic system), so that if the private key is compromised the session keys are still safe
What does SSH stand for?
Secure Shell
What is SSH?
a secure network protocol that uses encryption to allow access to a network service over unsecured networks
What protocol is most commonly used for remote login to command-line-based system?
SSH (Secure Shell)
(but the protocol is super flexible)
What key does SSH use to authenticate the remote machine the client is connecting to?
SSH uses public-key cryptography
What is PGP?
Pretty Good Privacy
What does PGP do?
encryption app that uses asymmetric encryption and allows authentication of data, with privacy from 3rd parties
What is PGP commonly used in?
encrypted mail communication
How secure is PGP?
Very secure with no known mechanisms to break the encryption via cryptographic or computational means (military-grade encryption)
(police and govt even have issues recovering data sometimes)
What does VPN stand for?
Virtual Private Network
What does a VPN allow you to do?
a mechanism that allows you to remotely connect a host/network to an internal private network while passing the data over a public channel (like the internet)
VPN is like an ____ ____ where…
VPN is like an encrypted tunnel where all of the remote system’s network traffic flows through
(packets are channeled transparently through the remote private network)
What is a point-to-point VPN connection?
Connects by bridging 2 gateways (private networks) through an encrypted tunnel
What does IPsec stand for?
Internet Protocol Security
What is IPsec?
It’s a VPN protocol that was designed in conjunction with IPV6
What 2 modes of operations does IPsec support?
- Transport mode
- Tunnel mode
How does IPsec work?
(the process, where is it sent)
It encrypts an IP packet and encapsulates that encrypted packet inside an IPsec packet and sent to the VPN end-point to get decapsulated/decrypted
What’s the difference between transport mode and tunnel mode for IPsec?
Transport mode - only the payload of the packet is encrypted, header untouched
Tunnel mode - entire IP packet (w/ header) is encrypted/encapsulated inside a new IP packet with new headers
OpenVPN operates over either ____ or ____
TCP or UDP
OpenVPN operates over port….?
Port 1194
Where is a Trusted Platform Module located?
It’s a hardware device that’s typically integrated into the hardware of a computer that is a dedicated crypto processor
How does a TPM work?
it has a unique secret RSA key burned into the hardware at the time of manufacture (which allows things like hardware authentication and prevents changes)
What is remote attestation?
idea of a system authenticating its software and hardware configuration to a remote system
What is data binding and sealing for TPM?
using the secret key to derive a unique key that’s used for encryption of data
What is a secure element?
a tamper-resistant chip often embedded in the microprocessor or integrated into the mainboard of a mobile device (securely stores crypto keys and provides a secure environment for apps)
What is TEE?
Trust execution environment - full blown isolated execution environment that runs alongside the OS
TPMs are most commonly used to: (3)
- ensure platform integrity
- prevent unauthorized changes to the system (hardware, software, encryption)
- protect contents of the entire disc
What does FTE encrypt? [Full disk encryption]
the entire drive of the system (not just the files)
