Unit 5(?) Cybersec
Blockchain technology:
1. A transaction is requested. The transaction could be any digital transaction like transferring bitcoins, medical records, data backups, house title information.
2. The transaction is sent to every computer, or node, in a decentralized network to be verified.
3. The verified transaction is added to a new block of data containing other recently verified transactions.
4. A secure code, called a hash, is calculated from the previous block of transaction data in the blockchain. The hash is added to the new block of verified transactions.
5. The block is added to the end of the blockchain which is then updated to all nodes I the network for security. The transaction is complete.
6. If any blocks are altered, its hash and all following hashes in the chain are automatically recalculated. The altered chain will no longer match the chains stored by the rest of the network and will be rejected.
Certificate Authorities and Certificates
1. Certificate Authority (CA) – An entity that stores, signs, and issues digital certificates
2. Public Key Infrastructure – Tools used to create and manage public keys for encryption
3. Digital Signature – Mathematical scheme for verifying the authenticity of digital messages/documents
4. Private Certificate Authorities – A self-hosted CA that is run by an enterprise for its own internal use
5. PKI Trust Relationships – A relationship that allows a CA to trust a certificate issued by another CA
6. Web Server SSL Certificate – Certificate issued to a web server to authenticate its identity to the client.
7. Code Signing Certificate – A digital certificate that contains information that fully identifies an entity and is issued by a CA.
8. Self-signed Certificate – A digital certificate that is not signed by a trusted third-party CA
9. Machine and Computer Certificate – A file/electronic password that proves the authenticity of a device, server, or user
10. Email Certificate – Digital certificates that can be used to sign and encrypt email messages
11. User Certificate – Digital certificates that are issued by a CA to a user and is used to authenticate the user to a server.
12. Registration Authority (RA) – Goes through the process of identifying who the requester happens to be, perform some validation of that requester, and then decide if that certificate should be signed.
Public key infrastructure (PKI)
· Based on trust (who you can trust)
· In PKI, you trust the CA (certificate authority)
· Digital certificates are files that contain verifiable information proving an entity is who they claim to be
o Verify with the CA
o CA is an organization that verifies that they are who they claim to be
o CA business is only good as long as they can be trusted
· Registration authorities (RA)
o Assists CAs before issuing digital certificates by verifying the user’s identity
Key generation: creating a key for the user
Certificate generation: Allocates key to user (no one else can use that key)
Distribution: Makes key available to users
Storage: Stores and protects against unauthorized use
Revocation: Manages compromised keys
Expiration: Certificate may have a defined end of life
Certificate:
· Public key certificates link public keys with a digital signature
· Has unique digital signature
o Can be valued by a CA
· Certificates can be created by users
Commercial CA:
· Browser handles this automatically
· Purchased web certificate
o Enters public trust through CA
· Create your own key and send to CA for signing
o Issues Certificate Signing Request (CSR)
· Different levels of trust and features
Web Server SSL Certificates:
· Domain validation certificate (DV)
o Owner of the certificate has some control over a DNS domain
· Extended validation certificate (EV)
o Additional checks have verified the certificate owner’s identity
o Browsers used to show a green name on the address bar
o Promoting the use of SSL is now outdated
· Subject Alternative Name (SAN)
o Extension to an X.509 certificate
o Lists additional identification information
o Allows a certificate to support many different domains
· Wildcard domain
o Certificates are based on the name of the server
o This domain will apply to all server names in a domain
· Root certificate
o The public key certificate that identifies the root CA
§ Everything starts with this certificate
o The root certificate issues other certificates
§ Intermediate CA certificates
§ Any other certificates
o This is a very important certificate
§ Take all security precautions
§ Access to the root certificate allows for the creation of any trusted certificate
· Self-signed certificate
o Internal certificates don’t need to be signed by a public CA
§ Your company is the only one going to use it
§ No need to purchase trust for devices that already trust you
o Build your own CA
§ Issue your own certificates signed by your own CA
· Email certificate
o Encrypt emails using recipient’s public key
o Decrypt emails using your private key
o Digital signatures
§ Use private key to digitally sign an email
§ Validates source/author
§ Provides non-repudiation and integrity to email message
· Code-signing certificate
o Applications can be signed by developer
§ Providers level of trust
o The user’s OS examines the signature
§ Validates software has not been modified en route
o Is software from trusted organizations
Blockchain technology:
1. A transaction is requested. The transaction could be any digital transaction like transferring bitcoins, medical records, data backups, house title information.
2. The transaction is sent to every computer, or node, in a decentralized network to be verified.
3. The verified transaction is added to a new block of data containing other recently verified transactions.
4. A secure code, called a hash, is calculated from the previous block of transaction data in the blockchain. The hash is added to the new block of verified transactions.
5. The block is added to the end of the blockchain which is then updated to all nodes I the network for security. The transaction is complete.
6. If any blocks are altered, its hash and all following hashes in the chain are automatically recalculated. The altered chain will no longer match the chains stored by the rest of the network and will be rejected.
Certificate Authorities and Certificates
1. Certificate Authority (CA) – An entity that stores, signs, and issues digital certificates
2. Public Key Infrastructure – Tools used to create and manage public keys for encryption
3. Digital Signature – Mathematical scheme for verifying the authenticity of digital messages/documents
4. Private Certificate Authorities – A self-hosted CA that is run by an enterprise for its own internal use
5. PKI Trust Relationships – A relationship that allows a CA to trust a certificate issued by another CA
6. Web Server SSL Certificate – Certificate issued to a web server to authenticate its identity to the client.
7. Code Signing Certificate – A digital certificate that contains information that fully identifies an entity and is issued by a CA.
8. Self-signed Certificate – A digital certificate that is not signed by a trusted third-party CA
9. Machine and Computer Certificate – A file/electronic password that proves the authenticity of a device, server, or user
10. Email Certificate – Digital certificates that can be used to sign and encrypt email messages
11. User Certificate – Digital certificates that are issued by a CA to a user and is used to authenticate the user to a server.
12. Registration Authority (RA) – Goes through the process of identifying who the requester happens to be, perform some validation of that requester, and then decide if that certificate should be signed.
Public key infrastructure (PKI)
· Based on trust (who you can trust)
· In PKI, you trust the CA (certificate authority)
· Digital certificates are files that contain verifiable information proving an entity is who they claim to be
o Verify with the CA
o CA is an organization that verifies that they are who they claim to be
o CA business is only good as long as they can be trusted
· Registration authorities (RA)
o Assists CAs before issuing digital certificates by verifying the user’s identity
Key generation: creating a key for the user
Certificate generation: Allocates key to user (no one else can use that key)
Distribution: Makes key available to users
Storage: Stores and protects against unauthorized use
Revocation: Manages compromised keys
Expiration: Certificate may have a defined end of life
Certificate:
· Public key certificates link public keys with a digital signature
· Has unique digital signature
o Can be valued by a CA
· Certificates can be created by users
Commercial CA:
· Browser handles this automatically
· Purchased web certificate
o Enters public trust through CA
· Create your own key and send to CA for signing
o Issues Certificate Signing Request (CSR)
· Different levels of trust and features
Web Server SSL Certificates:
· Domain validation certificate (DV)
o Owner of the certificate has some control over a DNS domain
· Extended validation certificate (EV)
o Additional checks have verified the certificate owner’s identity
o Browsers used to show a green name on the address bar
o Promoting the use of SSL is now outdated
· Subject Alternative Name (SAN)
o Extension to an X.509 certificate
o Lists additional identification information
o Allows a certificate to support many different domains
· Wildcard domain
o Certificates are based on the name of the server
o This domain will apply to all server names in a domain
· Root certificate
o The public key certificate that identifies the root CA
§ Everything starts with this certificate
o The root certificate issues other certificates
§ Intermediate CA certificates
§ Any other certificates
o This is a very important certificate
§ Take all security precautions
§ Access to the root certificate allows for the creation of any trusted certificate
· Self-signed certificate
o Internal certificates don’t need to be signed by a public CA
§ Your company is the only one going to use it
§ No need to purchase trust for devices that already trust you
o Build your own CA
§ Issue your own certificates signed by your own CA
· Email certificate
o Encrypt emails using recipient’s public key
o Decrypt emails using your private key
o Digital signatures
§ Use private key to digitally sign an email
§ Validates source/author
§ Provides non-repudiation and integrity to email message
· Code-signing certificate
o Applications can be signed by developer
§ Providers level of trust
o The user’s OS examines the signature
§ Validates software has not been modified en route
o Is software from trusted organizations
