Security Plus Cryptography and PKI

Flashcards Covering Security Plus 1.4 2.3 2.4

What are the goal of cryptography?

Confidentiality

What is symmetric encryption?

Using a shared secret key to encrypt and decrypt data.

What is asymmetric encryption?

Using a combination of public and private key pairs to encrypt and decrypt data.

What are the three states of data?

1. Data at rest

2. Data in transit

3. Data in use

What is data at rest?

Data that is stored and not being accessed for use.

What is data in transit?

Data that is being moved across the network

What is data in use?

Data that is in memory for use in an active process.

What is full disk encryption?

A form of encryption where all the data on a hard drive is automatically encrypted, including the operating system and system files.

What is partition encryption?

Encryption that targets a specific partition of a hard drive instead of the entire disk.

What is file-level encryption?

Allows users to encrypt specific files rather than entire drives or partitions.

What is transparent data encryption?

A technology that encrypts data at rest in databases, including on hard drives and backup media.

What is column-level encryption?

Allows for specific columns within tables to be encrypted.

How does encryption ensure integrity?

Using digital signatures ( encrypted message digests).

How are modern cryptography algorithms secured?

Through their key length.

How are key lengths defined?

The number of binary bits (0s and 1s) in the key.

How are keys represented to end users?

Hexadecimal format ( 0 to f). There are 16 possible values!

How many bits are in a hex character?

4 bits.

What is the formula to determine the key size based on number of hex characters?

Key size = # of hex characters * 4 ( 4 bits/character)

What is the kerckhoffs principle?

A cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle can be summed up as “The enemy knows the system.”

What is a block cipher?

Block ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. The transposition ciphers are examples of block ciphers.

What is a stream cipher?

Operate on one character or bit of a message at a time.

What are the weaknesses of symmetric encryption?

1. Key exchange is a major problem.

2. Symmetric key cryptography does not implement non-repudiation.

3. The algorithm is not scalable.

4. Keys must be regenerated often

For assymetric encryption what key is kept “secret” or protected?

The private key.

For assymetric encryption what key is shared?

The public key.

What form of encryption is useful for encrypting large amounts of data?

Symmetric Encryption (AES).

What form of encryption has a size limit for the amount of data it can encrypt?

Assymetric Encryption (RSA).

What is a digital certificate?

Digital certificates are essentially endorsed copies of an individual's public key.

Who endorses a digital certificate?

A certificate authority (CA).

What is a certificate authority?

Neutral organizations offer notarization services for digital certificates.

What are X.509 certificates?

Steps in certification lifecyle?

1. Enrollment

2. Verification

3. Revocation

What happens during enrollment?

• Generate a key pair.

• Create a Certificate Signing Request (CSR).

• Submit the CSR to a Certificate Authority (CA).

• Authenticate the request.

• CA approves or denies the request.

• CA issues the certificate (if approved).

• Deliver the certificate to the requester.

• Install and configure the certificate.

• Verify the certificate's functionality.

What happens during verification?

• Validate the certificate's authenticity by checking the CA's digital signature.

• Confirm the certificate matches the private key.

• Verify the certificate's expiration date and validity period.

• Ensure the certificate’s usage aligns with its intended purpose.

• Check the certificate against revocation lists (CRL or OCSP).

What happens during revocation?

• Certificate Revocation List (CRL): A list maintained by the CA containing certificates that have been revoked before their expiration.

• Online Certificate Status Protocol (OCSP): A real-time protocol that allows clients to query the CA to check if a certificate is revoked.

• Revocation Reasons: Certificates may be revoked due to key compromise, change of information, or other security concerns.

• Checking Revocation: Clients check the CRL or use OCSP to verify the certificate's status during validation.

Formula for # of symmetric keys.

Number of keys = n(n-1) /2 where n is # of participants.

Formula for assymetric keys.

Number of keys = 2n where n is # of participants.

What is a certification revocation list?

Maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect

OCSP

Protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Certificate Stapling

Extension to the Online Certificate Status Protocol that relieves some of the burden placed upon certificate authorities by the original protocol. the web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server, which it then attaches to the digital certificate.

What is homomorphic encryption?

Encrypting data in a way that preserves the ability to perform computation on that data.

What is frequency analysis?

Looking at the blocks of an encrypted message to determine if any common patterns exist.

What is a rainbow table attack?

Reverse hashed password values by precomputing the hashes of common passwords.

What is diffie-helman used for?

Exchanging symmetric keys.

What is the strongest key length for AES?

256 bytes or 64 hex character key.

Formula for determining # of hex characters should represent key length?

hex # = key length / 4