Crypto Quiz

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

PKI responsibilities

-Binding of public keys to people -Certificate Authority -Trust

Key generation

-build both the public and private keys at the same time -randomization -large prime numbers -MATH

Key management Lifecycle

1. Key generation 2. Certificate Generation 3. Distribution 4. Storage 5. Revocation 6. Expiration

Serial Number

A number uniquely identifying the certificate within the domain of its CA.

Certificate extensions

Add more information to a digital certificate. -extension ID -Critical - True/False -Value - String value of the extension

AES

Advanced Encryption Standards, Today's Symmetric Encryption Standard

Public Key certificate

Binds public key with a digital signature

Signed Data syntax

CMS provides integrity, authentication, and nonrepudiation security.

What is a PKI?

Combination of Policies, procedures, hardware, software, people

CIA + N

Confidentiality Integrity Availability Non-repudiation

Valid from/ Valid to

Date and time during which the certificate is valid

PKI can be used by:

E-mail clients Virtual private network products Web server components Domain controllers Mobile Devices

Sign with Private key

Message doesn't need to be encrypted nobody else can sign

Pretty Good Privacy (PGP)

PGP can use symmetric and asymmetric encryption methods.

Asymmetric Encryption

Public key Cryptography Public key and Private key

Public key

Public key and algorithm used by the certificate holder

Key exchange

Public key, the slower protocol, can be used to exchange the private key, and then the communication uses the faster symmetric key protocol.

Certificate Repositories

Repository is a term that describes a centralized directory that can be accessed by a subset of individuals.

Fall of 2000 Which AES did NIST choose?

Rijndael

Substitution Cipher

Substitution ciphers work on the principle of substituting a different letter for every letter. This system permits 26 possible values for every letter in a message. Simple analysis of the cipher retrieves the key. One looks for common letters and patterns that would become words.

Caesar cipher (Shift Cipher)

The algorithm specifies that you offset the letters of the alphabet either to the right (forward) or to the left (backward). The key specifies how many letters the offset is

Issuer

The name of the CA, expressed as Distinguished Name (DN)

Subject

The name of the certificate holder, expressed as a Distinguished Name (DN)

Version

The x.509 version supported (V1, V2, V3)

Elliptic Curve Cryptography ECC

Two points can be added to get a third point on the curve. Users agree on a Elliptic Curve (27 Curves) and a fixed curve point.

Symmetric key from asymmetric key

Use public key and private key to create a symmetric key

Extensions

V3 certificates can be defined with extended attributes, such as friendly subject or issuer names, contact email addresses, and intended key usages

IPsec

VPN protocol that secures all types of IP traffic because it works below the Application layer features designed to introduce security at the network or packet-processing layer in network

WTLS

Wireless version of TLS

IDEA (International Data Encryption Algorithm)

a block-mode cipher using a 64-bit block size and a 128-bit key. IDEA is susceptible to a weak key—a key made of all zeros.

SSH (Secure Shell)

a clear text protocol for a remote connection to a computer.

What is a key?

a key is a sequence of bits (1's and 0"s) used by an algorithm to encrypt or decrypt. Keys are generated in advance and usually kept in a key table for easy access.

Policy certificates

a mechanism is required to provide centrally controlled policy information to PKI clients.

Digital signature

adds trust(integrity) PKI uses Certificate Authority Web of Trust

key pair

allows more flexibility and mobility.

True Crypt

an open source solution for encryption. It also allows file encryption or whole disk encryption.

Key complexity

assigning a large number of possible values to the key.

Brute Force

attempting every possible key.

Nonrepudiation

based upon public key cryptography and the principle of only you knowing your private key.

Certificate creation

built into OS part of windows domain services 3rd party Linux options

Diffie - Hellman

came up with a scheme where two people could create a SHARED SECRET KEY by exchanging public information. Used in the electronic key exchange method of the Secure Sockets Layer (SSL) protocol.

RSA (Rivest Shamir Adleman)

can be used for both encryption and digital signatures. RSA's security has withstood the test of over 20 years of analysis, but in software it can be 100 times slower than even DES.

Public key infrastructures (PKIs)

central security foundation for organizations.

Lightweight Directory Access Protocol (LDAP).

certificate repositories are usually LDAP compliant

HTTPS

clear text protocol that is secured by encryption, in this case Secure Socket Layer (SSL).

Symmetric algorithms

comparatively faster and have fewer computational requirements.

XML Key Management Specification (XKMS)

defines services to manage PKI operations within the Extensible Markup Language (XML) environment.

PKIX Certificate Management Protocol (CMP)

defines the messages and operations required to provide certificate management services within the PKIX model.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

extension to the MIME standard that provides a way to send and receive signed and encrypted MIME data.

PKI - X.509 (PKIX)

formed by the Internet Engineering Task Force (IETF) to define a certificate profile and operational Model for deployment of X.509 Certificates

NSA Suite B Cryptography

includes: AES Elliptic Curve DSA Elliptic curve D-H SHA-256

Rijndael

is a block cipher separating data input in 128-bit blocks that can also be configured to use blocks of 192 or 256 bits.

Cryptanalysis

is the process of analyzing available information to attempt to return the encrypted message to its original form.

Cryptography

is the science of encrypting information.

key space

is the size of every possible key value. 128, 256 bits are example key spaces.

End-entity certificates

issued by a CA to a specific subject such as Joyce, the accounting department, or a firewall.

distinguished name

label that follows the X.500 standard.

Hashing definition

math function that performs one way encryption.

ECC vs DH/DSA/RSA

much more efficient

Integrity provided by:

one-way hash functions and digital signatures.

Local Registration Authorities

performs the same functions as an RA, but the LRA is closer to end users.

Vigenère Cipher

polyalphabetic substitution cipher that depends on a password. done by setting up a substitution table

cryptographic algorithm

set of mathematical steps for encrypting and decrypting information.

algorithm

step-by-step problem-solving procedure. recursive computational procedure for solving a problem in finite steps

CA certificates

superior CA gives the authority and allows the subordinate CA to accept certificate requests and generate the individual certificates.

SSL

supports many different algorithms but primarily used D-H for key exchange, DES or 3 DES for symmetric encryption and SHA-1 and MD-5 for hashing.

Key escrow

system by which a private key is kept both by the user and by the government.

Register Authority

the component that accepts a request for a digital certificate.

ISAKMP

to support security associations at all layers of the network stack meaning it can be implemented on the transport level using TCP or UDP

Transport Layer Security (TLS)

update version of SSL that supports more ciphers , D-H,RSA,DES,3DES, AES,MD5 and SHA. protocol that ensures privacy

Enigma machine

used a complex series of substitutions to perform encryption, and gave rise to great amounts of research in computers.

El Gamal

used as the U.S. government standard for digital signatures, and may also be used for encryption. uses a problem known as the discrete logarithm problem as its central, asymmetric operation. The discrete log problem concerns finding a logarithm of a number within a finite field arithmetic system.

Class 3 certificate

used by a company to set up its own certificate authority.

Class 2 certificate

used for software signing

Hashing functions

used to create a digest of a unique message

Class 1 certificate

used to verify an individual's identity through e-mail.

Cross-certification certificates

used when independent CAs establish peer-to-peer trust relationships.

Blowfish

using 64-bit blocks and a variable key length from 32 to 448 bits. It is designed to run quickly on 32-bit microprocessors. It is optimized for situations where there are few key changes

Digital Signatures

ways to confirm that the information is correct, nonrepudiation

How to verify private key?

with public key


Set pelajaran terkait

Chapter 12: Gene Expression At The Molecular Level I: Production of mRNA and Proteins

View Set

Algebra 1-2 Semester 2 Final page 1

View Set

anatomy chapter 9 sensory system quiz

View Set

OS Portable Fire Extinguisher Safety

View Set