• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/77

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

77 Cards in this Set

  • Front
  • Back
Asymmetric encryption
1. Sender writes a message
2. Sender encrypts the message with sender's private key to create interim msg
3. Sender encrypts the interim msg with recipient's public key
4. Sender sends the msg
5. The recipient decrypts the msg with receipient's private key
6. The recipient decrypts interim msg with sender's public key
Types of asymmetric cryptography
RSA
Diffie-Hellman
ECC
El Gamal
Key management basics
Keys should be long enough to provide the necessary level of protection, should be stored and transmitted secuirely, should be random, and should use the full spectrum of the keyspace. In addition, they should be escrowed, properly destroyed at the end of their lifetime
Centralized key management
Centralized key management gives complete control of cryptographic keys to organization and takes control away from the end users. In a centralized management solution, copies of all cryptographic keys are stored in escrow
Decentralized key management
In decentralized key management, end users generate their keys (whether symmetric or asymmetric) and submit keys only as needed to centralized authorities. The end user's private key is always kept private so they are the only entitiy in possession of it.
Symmetric cryptography
Symmetric cryptography is also called private key cryptography or secret key cryptography
Strengths and weaknesses of symmetric cryptography
Symmetric cryptography is very fast but it is secure as long as the keys are kept private
Block cipher
A block cipher is a solution that works against a complete static data set called block. Each block is encrypted separately
Stream ciphers
A stream cipher is a solution that works against data that is constantly being produced on the fly. Stream ciphers can operate on a bit, character or buffer basis of encrypting data in real-time.
Common symmetric cryptography solutions
AES, 3DS, DES, IDEA, Blowfish, Twofish, Rivest Choper 5 (RC5) and Carisle Adams/Stafford Tavares (CAST-128)
Asymmetric cryptography
Asymmetric cryptography is also called PKI. It uses key pairs consisting of a public and private key. Each communication partner in an asymmetric cryptography solution needs only a key pair.
Strengths and weaknesses of asymmetric cryptography
Asymmetric cryptography is scalable. The private key of the key pair must be kept private and secure. It is slower than symmetric cryptography. It provides 3 security cryptography solution needs only a key pair.
Common asymmetric cryptography solutions
RSA
Diffie-Hellman
ECC
El Gamal
Confidentiality
Prevents or minimizes unauthorized access to data
Integrity
protection prevents unauthorized alteration of data
Digital signatures
A digital signature is an electronic mechanism to prove that a message was send from a specific user and that the message wasn't changed while in transit.
Authentication
The security service that verifies the identity of the sender
Non-repudiation
Non-repudiation prevents the sender of a message or the perpetrator of an activity from being able to deny that they send the message or performed the activity
Access control
Access control restricts access to secure data to authorized users. Cryptographic access control is enforced through the possession of encryption key
Key storage
Cryptographic keys and digital cert should be stored securely.
Software key storage
A software solution offers flexible storage mechanisms and often, customizable options. This is vulnerable to virus and attacks
Hardware key storage
Hardware solutions aren't as flexible. However, they're more reliable and more secure than software solutions.
Private key protection
In a symmetric system, all entities in possession of the shred secret key must protect the privacy and secrecy of that key
Use of multiple key pairs
In some situation you may use multiple key pairs. one for authentication and one for digital signature
Hashing
Hashing is used to produce a unique data indentifier
Hashing attack
Hashing can be attacked using reverse engineering, reverse hash matching
Common hash algorithms
The common hash algorithms are Secure Hash Algorithm (SHA-1), MD5, MD4 and MD2
Hashing
Hashing is used to produce a unique data identifier. Hashing takes a variable-length output. It can be performed in only one direction. The hash value is used to detect violations of data integrity
Hashing attacks
Hashing can be attacked using reverse engineering, reverse hash matching or a birthday attack. These attack methods are commonly used by password-cracking tools
Common hashing algorithms
MD5, MD4, MD2
One time pad
One time pad is the basis of many forms of modern cryptography from SSL to IPSec to dynamic one time password tokens. The concept is that a real or virtual paper pad contains codes or keys on each page that are random and do not repeat. Each page of the pad can be used once for a single operation, then it is discarded - never to be reused or be valid again.
SSL/TLS
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are used to encrypt traffic between a web browser and a web server.
SSL steps
1. The client requests a secure connection.
2. The server responds with its certificate and its public key
3. The client verifies the server cert, produces a session (symmetric) key, encrypts the key with the server's public key and send the key back to the server
4. The server unpacks the session key and sends a summary of session details to the client encrypted with the session key
5. The client reviews the summary and sends it own summary back to the server, encrypted with the session key
6. After both entities receives a matching session summary, secured SSL comm is initiated.
SSL uses what type of session key?
Symmetric keys, 40-bit and 128-bit
What is S/MIME
Secure Multipurpose Internet mail Extensions
How S/MIME work?
1. Sender encrypts the message with the recipient's public key
2. The message is sent to the recipient
3. The recipient decrypts the message using the recipient's private key
What protocols are commonly used for VPN?
PPTP and L2TP
What authentication methods supports by PPP
CHAP, EAP, MS-CHAP1, MS-CHAP2, SPAP and PAP
What is L2TP
A combo of MS proprietary implementation of PPTP and Cisco L2F VPN protocols.
What can L2TP used for?
It can be used by to tunnel any routable protocol but does not have any native security features.
IPSec
IPSec can be stand-alone VPN or a module used with L2TP. IPSec is not one protocol but a collection of protocols. 2 primary protocols are Authentication Header (AH) and Encapsulating Security Payload (ESP)
2 Modes of IPSec
Tunnel mode - Encrypting payload and message header and adding a temp header

Transport mode - IPSec provide encryption only of the payload
SSH
Secure Shell is a secure replacement of Telnet, rlogon, rsh and rcp
ISAKMP
Internet Security Association and Key Management Protocol is used to negotiate and provide authenticated keying material for security associations in a secured manner. The 4 major functional components are authentication of communications peers, threat mitigation, security association creation and management, and cryptographic key establishment and management.
PKI
PKI focuses on proving the identity of comm partners, providing a means to securely exchange session-based symmetric encryption keys through asymmetric cryptographic solutions, and providing a means to protect message integrity through the use of hashing
Certificates
Certificates serve a single purpose: proving the identity of a user or the source of an object.
Trusted third parties
Certificates work under a theory known as the trusted 3rd party: if User A trusts user C and user B trusts user C, then user A can trust B and visa versa.
x.509 version 3 certificate standard
Most certificates are based on the X.509 version 3 certificate standard. Some of the required components are the subject's public key, the CA's distinguishing name, a unique serial number, and the type of symmetric algorithm used for the certificate's encryption
Procedure for requesting a certificate
To request a certificate, a subject submits a request to a CA with proof of their identity and their public key
Certificate policies
A certificate policy is a PKI document that serves as the basis for common interoperability standards and common assurance criteria. It's a statement that governs the use of digital certificates within an organization. Certificate policies are acceptable use policies for certificates
Revocation
A CA may have cause to revoke or invalidate a certificate before its predefined expiration date. Revocation may occur because the subject's the subject's identity information has changed, the subject used the certificate to commit a crime, or the subject used the certificate in such a way as to violate the CA's certificate policy
CRL
Certificate Revocation list.
How a web browser handles new certificates
When a web browser receives a certificate from a web server, it verifies that the date on the certificate is still valid. Next, it checks the local copy of the CA's CRL. If the CRL is no longer valid, an updated copy of the CRL is obtained.
OCSP
Online Certificate Status Protocol is a revocation solution that functions on a direct query basis. Each time an application receives a new cert, it sends a query to an OCSP CA server. The CA responds directly to indicate whether the cert is still valid or not.
Trust model
The term trust model refers to the structure of the trust hierarchy used by a cert authority system.
Hierarchical trust model
A hierarchical structure has a single top-level root CA. Below the root CA are one two or more subordinate CAs. The root CA is the start of trust. All CAs and participants in a hierarchical trust model ultimately rely on the trustworthiness of the root CA.
Cross-certification
Cross-certification occurs when a CA from one organization elects to trust a CA from another organization
Trust lists
A trust list is a form of trust model where a web browser or similar application is provided with a list of root cert of trusted CAs.
Key escrow
Key escrow is a storage process by which copies of private keys and/or secret keys are retained by a centralized management system. This system securely stores the encryption keys as a means of insurance or recovery in the event of a lost or corrupted key
Key revocation and status checking
Keys and certificates can be revoked before they reach their lifetime expiration date. Status checking is the process of checking the lifetime dates against the current system date, checking the CRL, and/or querying an OCSP server.
Key suspension
Suspension is an alternative to revocation.
Key recovery
recovery is the process of pulling a key or certificate from escrow. The recovery process can be used when a user loses their key or their key has been corrupted. Only a key recovery agent can perform key recovery
M of N control
If the environment doesn't warrant the trust of a single key recovery agent, a mechanism known as M of N control can be implemented. M of N control indicates that there are multiple key recovery agents (M) and that a specific minimum number of these key recovery agents (N) must be present and working in tandem in order to extract keys from the escrow database.
Key renewal
Renewal is the process by which a key or certificate is reissued with an extended lifetime date before it expires. The renewal process doesn't a complete repeat of the request and identity proofing process; rather, the old key (which is about to expire) is used to sign the request for the new key.
Key destruction
After a key or certificate is no longer needed or it has expired or been revoked, it should be properly disposed of. For keys and certificates that are still valid, the CA should be informed about the destruction of the key or certificate, This action allows the CA to update its CRL and OCSP servers.
Variants of SHA
SHA-256, SHA-224, SHA-384, SHA-512, SHA-1
NTLM
1. Stands for NT LAN Manager
2. It is MS
3. It is an authentication protocol
A certificate request should contain what sort of information?
1. Web site name
2. Contact email
3. Corporate info
IKE
IKE depends on security association
SPAP
Shiva Password Authentication Protocol is an older proprietary, two-way reversible encryption protocol
PKCS
PKCS is the de facto cryptographic message standards developed by RSA Laboratories
PKCS#11
Used by smartcards
In a decentralized key management system what is the user responsible to do?
Generate key pair
Weakness to LM Hash
Passwords longer than 7 characters are broken into two chunks

Before being hashed, all lowercase characters in the password are converted to upper case character
LAN Manager applies to what OSs
Windows 3.1 and DOS
Only successful attack to AES is
Side channel attack where the attack improper implementations that leak data
A hash created by MD5 is typically a hex number of how many character?
32