Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
|
What are some essentials to key management?
|
Keys should be long enough
Keys should be stored and transmitted securely Keys should be random and use the full spectrum of keyspace The more the key is used or the shorter the key is, the shorter the lifetime should be. Keys should be backed up or escrowed. Keys should be properly destroyed at end of lifetime. |
|
|
What is Centralized key management?
|
Gives complete control of cryptographic keys to the organization and takes it away from the end users
Allows key generation process to take advantage of large scale system resources. Algorithms tend to be processor intensive Management functions can be centralized Key archive and storage may be vulnerable to attack - stores keys in escrow |
|
|
What is Decentralized key managment?
|
Controlled by end users and end users private key is always kept private
Work decentralized and risks spread No single point of failure or attack Storage and management issues |
|
|
What is Steganography?
|
Hiding one message in another like electornic watermarking.
|
|
|
What are Substitution Ciphers?
|
Changes one character or symbol into another. Simple. May keep someone out for a short time.
|
|
|
What is Symmetric Key Cryptography?
|
Requires both ends of encrypted message to have same key and processing algorithms
Symmetric key = secret key = private key Typically keys are not sent across encrypted channel. Usually sent out of band Strengths: Fast, strong encryption when larger keys are used Weaknesses: keys must be kept private or not at all secure, key exchange is a common problem, not scalable when used alone. |
|
|
What is a Block Cipher?
|
Works against a complete static data set. Data set is broken into fixed length segments called blocks and each block is encrypted separately.
|
|
|
What is a Stream Cipher?
|
Works against data that is constantly being produced on the fly. Can operate on a bit, character or buffer basis. Encrypts data in real time.
|
|
|
Describe Advanced Encryption Standard (AES).
|
Symmetric Cryptography Solution.
Uses Rijndael block cipher algorithm Uses block size 128 Supports key sizes 128, 192, 256. (128 by default) |
|
|
Describe Data Encryption Standard (DES).
|
Symmetric Cryptography Solution.
Uses block size 64 Supports key size 56 bits |
|
|
Describe Triple DES.
|
Symmetric Cryptography Solution.
Uses block size 64 Supports key size 128 bits |
|
|
Describe Carlisle Adams/Stafford Tavares (CAST).
|
Symmetric Cryptography Solution.
Uses block sizes of 32, 64, 128 Uses 40 bit to 128 bit key size in increments of 8 Fast and efficient |
|
|
Describe Rivest's cipher.
|
Symmetric Cryptography Solution.
Uses block sizes of 32, 64, 128 Uses key size 0-2040 |
|
|
Describe Blowfish.
|
Symmetric Cryptography Solution.
64 bit block size Uses key size of 32 - 448 |
|
|
Describe Twofish.
|
Symmetric Cryptography Solution.
Block size 128 Key size 128, 192, 256 |
|
|
Describe International Data Encryption Algorithm (IDEA).
|
Symmetric Cryptography Solution.
Block size of 64 Key size 128 Similar to speed and capability to DES but more secure |
|
|
Describe Asymmetric Algorithms.
|
Also called Public Key Cryptography
Public keys and private keys - use two keys to encrypt and decrypt Public key may be private or could be known by both sides Strengths: scalable, possession of the public key doesn't allow someone to generate the private key. Weaknesses: slower than symmetric. Provides authentication, integrity and non repudiation. |
|
|
Describe Rivest-Shamir-Adleman (RSA).
|
Asymmetrical Key Soution
Early system Uses large integer numbers as basis of process De facto standard Works for encryption and digital signatures |
|
|
Describe Diffie Hellman.
|
Asymmetrical Key Soution
Algorithm is used primarily to send keys across public network |
|
|
Describe Elliptical Curve Cryptography (ECC)
|
Asymmetrical Key Soution
Used in cell phones and wireless devices Uses points on a curve to define public/private key pair. Similar to RSA but less mathematically intensive |
|
|
Describe El Gamal
|
Asymmetrical Key Soution
Used for transmitting digital signatures and key exchanges Process similar to Diffie Hellman |
|
|
What is confidentiality?
|
Prevents or minimizes unauthorized access of data.
|
|
|
What is integrity?
|
Prevents unauthorized alterations of data.
|
|
|
What is Non-repudiation?
|
Prevents the sender from being able to deny that they sent the message.
|
|
|
What is Authentication?
|
Security service that verifies the identity of the sender or receiver of a message.
|
|
|
What are Digital Signatures?
|
Electronic mechanism to prove that a message was sent from a specific user and that the message wasn't changed while in transit.
Derived from a hash process known only by the originator. |
|
|
What is Trusted Platform Module (TPM)?
|
Whole disk encryption which uses a TPM chip to release the hard drive encryption keys into memory.
|
|
|
What is Hashing?
|
Hashing is used to produce a unique data identifier. Takes variable length input and produces a fixed length output. One directional. Hash value can be used to ensure data integrity.
|
|
|
What is Secure Hash Algorithm (SHA)?
|
Hashing Algorithm.
Produces hash value that can be used with an encryption protocol 160-bit hash value |
|
|
What is Message Digest 5 (MD)?
|
Hashing Algorithm.
MD5, MD4, MD2 Text expresses as single string of digits MD5 is faster than SHA and uses 128 bit hash |
|
|
What is LANMAN?
|
Legacy storage mechanism used by older versions of windows.
Was replaced by NTLM Limited password length to 14 characters and shorter passwords were padded out to 14 |
|
|
What is NTLM?
|
Challenge response protocol system
Came with Windows NT Uses MD4 and MD5 hashing |
|
|
What is Pretty Good Privacy (PGP)?
|
Similar to S/MIME
Uses digital signatures Now de facto encryption for email. Uses both symmetrical and asymmetrical |
|
|
What is One time pad?
|
Basis for modern cryptography from SSL to IPSec.
Real or virtual paper pad contains codes or keys on each page that are random and do not repeat. |
|
|
What is S/MIME?
|
Standard used to encrypt email
MIME is the de facto standard for email messages. S/MIME is secure version |
|
|
What is Point to Point Tunneling Protocol (PPTP)?
|
Encapsulation in a single point to point environment
Encapsulates and encrypts PPP packets Vulnerability - negotiation in the clear. Can be sniffed Uses TCP and UDP Does not work with IPSE |
|
|
What is Layer 2 Tunneling Protocols (L2TP)?
|
Hybrid of PPTP and L2F
Point to point (PPP) Supports multiple network protocols Can be used in networks besides TCP/IP (interoperability) Uses UDP Works with IPSec (very secure) |
|
|
What is the difference between HTTPS and S-HTTP?
|
HTTPS is a secure channel between client and server. S-HTTP creates secure message rather than secure channel. Also provides data integrity and authentication.
|
|
|
What is IP Security (IPSec)?
|
Both stand alone VPN protocol and module that can be used with L2TP.
Authentication and encryption across internet Standard for encrypting VPN channels Together with Layer 2 Tunneling Protocol (L2TP) and Layer 2 Forwarding (L2F) creates packets that are difficult to read if intercepted Works on Layer 3 (Network Layer) of OSI model In tunnel mode, provides encryption for payload and message header. In tansport mode only encrypts payload. |
|
|
What are AH and ESP?
|
Two of the primary protocols of IPSec. Authentication Header (AH) and Encapsulating Security Payload (ESP)
AH: Authentication Header, responsible for authenticity and integrity. Authenticates packets by signing them. ESP Encapsulating Security Payload. Handles payload |
|
|
What is IKE?
|
Internet Key Exchange ensures secure exchange of secure keys between communications partners to establish VPN tunnel.
|
|
|
What is ISAKMP?
|
Internet Security Association Key Management Protocol: A framework for establishing, negotiating, modifying and deleting security associations between to parties.
|
|
|
What is Overloading NAT?
|
Multiple inside local addresses share a single inside global address
|
|
|
What is a PKI?
|
PKI defines infrastructure that should work across multiple vendors, systems, networks.
Framework, not a technology. Focuses on providing identity of communication partners, providing a secure means to exchange session based symmetric encryption keys through asymmetric cryptographic solutions, and providing a means to protect message integrity through the use of hashing. |
|
|
What are certificates?
|
Provide identity of a user or the source of an object. Don't provide proof of reliability or quality of the object or service
|
|
|
What is X.509 version 3 certificate standard?
|
Supported by International Telecommunications Union (ITU) and many other standards organizations
Information stored: version, serial number, signature algorithm, issuer, valid from, valid to, subject, public key, extensions, signature algorithm signature |
|
|
What are Certificate Policies?
|
Define what purpose certificates have: financial transactions: email: ecommerce etc
Policy regarding interoperability Acceptable use policies |
|
|
What are Certificate Practice Statements?
|
Describe how a CA will manage the certificates. How managment will be performed. How security will be maintained.
|
|
|
What can cause a certificate to be revocated?
|
Subjects identity information has changed.
Subject used certificate to commit a crime. Subject used certificate in a way that violated the CA's certificate policy. |
|
|
What is Online Certificate Status Protocol (OCSP)?
|
Revocation solution that funtions on direct query basis.
|
|
|
What is a Trust Model?
|
Trust hierarchy used by a certificate authority system.
|
|
|
What is Key Escrow?
|
Storage process by which copies of private keys are retained by a centralized managment system.
|
|
|
What is M of N control?
|
If environment doesn't warrant the trust of a single key recovery agent, M of N can be implemented.
Indicates that there are Multiple key recovery agents (M) and that a specific minimum number of these key recovery agents (N) must be present and working in tandem to extract the keys from the escrow database. |
|
|
What is KHMAC used for?
|
To digitally sign packets that are transmitted on IPSec connections.
|
|
|
What is ISAKMP used for?
|
Supports establishment of security associations (SAs) which are sets of parameters that define methods used by computers to communicate securely.
|
