Digital Certificates & Cryptographic Protocols

Vocabulary flashcards covering asymmetric cryptography, digital signatures, certificate management, PKI, and various cryptographic protocols including SSL, TLS, SSH, and IPsec.

Asymmetric Cryptographic Algorithms

Cryptographic systems that use pairs of keys: a public key available to everyone and a private key known only to its owner.

Digital Signature

An encrypted digest produced by a sender using their private key to verify identity and ensure message integrity.

Nonrepudiation

An electronic verification benefit that prevents a sender from disowning a message by claiming the signature was forged.

Digital Certificate

A container for a public key, owner information, and serial number that is digitally signed by a trusted third party.

Certificate Authority (CA)

A trusted entity that processes a Certificate Signing Request (CSR) and verifies user authenticity to issue digital certificates.

Direct Trust

A type of trust model where one person knows and trusts another person directly.

Hierarchical Trust Model

A trust model that assigns a single hierarchy with one master Certificate Authority called the root.

Certificate Chaining

A path created between user certificates and root CAs via intermediate CAs to trace trust back to the highest level.

Root Certificates

Top-level certificates that are self-signed because there is no higher-level authority above them.

Public Key Infrastructure (PKI)

The mechanisms and policies for securely creating, storing, exchanging, and destroying digital certificates and asymmetric keys.

Certificate Repository (CR)

A publicly accessible centralized directory used to view the status of digital certificates.

Certificate Revocation List (CRL)

A list of digital certificates that are no longer valid due to loss, compromise, or changes in user details.

Obfuscation

The act of making something obscure or unclear to protect data, where the obscurity of the key protects the encrypted information.

Secure Socket Layer (SSL)

An early cryptographic protocol (current version $v3.0$) designed to create encrypted paths between clients and servers.

SSL Stripping

An attack where an adversary establishes an HTTPS connection with a server while maintaining an unsecured HTTP connection with the user.

Transport Layer Security (TLS)

The successor to SSL, with current version $v1.3$, which became significantly more secure starting with version $v1.1$.

Secure Shell (SSH)

An encrypted alternative to Telnet consisting of three utilities: slogin, ssh, and scp.

HTTPS

The secure version of HTTP sent over SSL or TLS, utilizing port $443$.

S/MIME

A protocol for securing email that allows users to send encrypted and digitally signed messages by organizing information in the message body.

Secure Real-time Transport Protocol (SRTP)

A secure extension of RTP used to protect Voice over IP (VoIP) communications through message authentication and confidentiality.

Internet Protocol Security (IPsec)

A protocol suite in the OS or communication hardware that encrypts and authenticates each IP packet of a session.

Authentication Header (AH)

An IPsec protocol that encrypts the packet header to authenticate that the received packets were sent from the correct source.

Encapsulating Security Payload (ESP)

An IPsec protocol that ensures confidentiality by encrypting every packet.

Transport Mode

An IPsec encryption mode that encrypts only the data portion of each packet and leaves the header unencrypted.

Tunnel Mode

An IPsec encryption mode that encrypts both the header and the data portion of the packet.