Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Security > Certs + TLS (...crypto ...-> network) > Flashcards

Certs + TLS (...crypto ...-> network) Flashcards

1
Q

What problem do Certificates aim to solve in public key cryptography?

A

When a server sends over a PK, how do we verify authentication of the PK. Aka, how do we know the PK truly belongs to the server?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What exactly is a certificate?

A

Certs are documents that contain each entity’s PKs. We trust them because they are signed using the CA private signing key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a CA?

A

Certificate Authority: A globablly trusted entity that contains the signed certificates of many different servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do certificates come into play on the Key exchange?

A

When the server sends over the PK, it also sends over the domain name and the signature. The client will use its VK (verification key) that is a PK pre-downloaded on its hardware to look up and verify that the signature matches the domain and PK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does an X.509 Certificate contain?

A

Serial #, Expiration date, Common name of subject (ex: google.com), PK, extensions, CA name, CA signature (hash of PK with their SK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can an attacker get a “valid” certificate? (insert their own PK)

A
  • Bypass a CA’s validation process
  • Larger scale attack: compromise the CA organization and generate multiple malicious certs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Public-Key Pinning? What is its goal + what does it defend against? What are the issues with its defense? Is this still secure?

A

Goal: Get rid of any intermediate or root CAs that might be malicious / give away too many invalid certificates

A certain server is able to only accept certificates signed by a specific list of CAs (either implemented via code on the client side- ex: Chrome only trusts certificates by Google CA) or a message/list of trusted CAs is sent

Attacks:If the server is hacked, the attacker can forge the message of CAs to only connect with the Cert of the attacker. Also, you can do an attack on availability by pinning a broken key to shut the website down. Public Key pinning is DEPRECATED now

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Revocation?

A

A defense on malicious certs: It is a CA/server that contains a list of revoked certificates

CRL: A way for each CA to keep a list of revoked certs. When try to get a cert, it checks this list first. Not used anymore bc list gets too big and difficult to keep it current.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Computer Security (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions