lecture 6

Question 2

What are digital certificates?

Answer 2

Digital certificates are a technology used to associate a user’s identity to a public key digitally signed by a trusted third party

Question 3

What does a digital signature prove?

Answer 3

A digital signature proves a document originated from a valid sender

Question 4

What is a weakness of using digital signatures?

Answer 4

It only proves the sender’s private key was used to encrypt the signature but an imposter could post a public key under a sender’s name

Question 5

What role does a trusted third party play in digital certificates?

Answer 5

It verifies the owner and that the public key belongs to that owner

Question 6

What is a Certificate Signing Request (CSR)?

Answer 6

A request with user information like name address and email to get a digital certificate

Question 7

Who processes and verifies the authenticity of a CSR?

Answer 7

An intermediate Certificate Authority (CA)

Question 8

What is the purpose of an offline Certificate Authority (offline CA)?

Answer 8

To ensure security by keeping the root CA offline except for specific infrequent tasks

Question 9

What is a Certificate Repository (CR)?

Answer 9

A publicly accessible centralized directory of digital certificates

Question 10

Name a reason a digital certificate would be revoked.

Answer 10

Certificate no longer used or private key lost or exposed

Question 11

What is a Certificate Revocation List (CRL)?

Answer 11

A list of digital certificates that have been revoked

Question 12

What does OCSP stand for and what does it do?

Answer 12

Online Certificate Status Protocol it performs real-time lookup of a certificate’s status

Question 13

What is OCSP stapling?

Answer 13

A variation where web servers regularly query OCSP Responder to get a signed time-stamped response

Question 14

Name the most common categories of digital certificates.

Answer 14

Root certificates domain certificates hardware and software certificates

Question 15

What is certificate chaining?

Answer 15

Linking several certificates together to establish trust between all certificates involved

Question 16

What is a root digital certificate?

Answer 16

A self-signed certificate created and verified by a Certificate Authority as the start of a certificate chain

Question 17

What are domain digital certificates used for?

Answer 17

To ensure authenticity of the web server to the client and the cryptographic connection

Question 18

Name three types of domain digital certificates.

Answer 18

Domain validation Extended Validation (EV) Wildcard

Question 19

What is the standard format for digital certificates?

Answer 19

X.509

Question 20

What are the three encoding formats for X.509 certificates?

Answer 20

Basic Encoding Rules BER Canonical Encoding Rules CER Distinguished Encoding Rules DER

Question 21

What does PKI stand for?

Answer 21

Public Key Infrastructure

Question 22

What is the purpose of PKI?

Answer 22

To manage digital certificates asymmetric cryptography key management

Question 23

Name three actions facilitated by PKI in certificate management.

Answer 23

Create store distribute revoke

Question 24

What is direct trust in PKI trust models?

Answer 24

One person knows and trusts the other person directly

Question 25

What is third-party trust in PKI trust models?

Answer 25

Two individuals trust each other because they both trust a third party

Question 26

Name the three PKI trust models using a Certificate Authority.

Answer 26

Hierarchical trust model distributed trust model bridge trust model

Question 27

What is the hierarchical trust model?

Answer 27

A single hierarchy with one master CA called root signing all certificates

Question 28

What is a limitation of the hierarchical trust model?

Answer 28

If the single CA private key is compromised all certificates become worthless

Question 29

What is the distributed trust model?

Answer 29

Multiple CAs sign digital certificates eliminating hierarchical model limitations

Question 30

What is the bridge trust model?

Answer 30

One CA acts as a facilitator connecting other CAs but does not issue certificates

Question 31

What is a Certificate Policy (CP)?

Answer 31

A published set of rules governing the operation of a PKI

Question 32

What is a Certificate Practice Statement (CPS)?

Answer 32

A technical document describing how a CA uses and manages certificates in detail

Question 33

Name the four stages of the Certificate Life Cycle.

Answer 33

Creation suspension revocation expiration

Question 34

Where can public keys be stored?

Answer 34

Embedded within digital certificates

Question 35

Where can private keys be stored?

Answer 35

On the user's local system or hardware like smart-cards and tokens

Question 36

What are two key usage pairs in key management?

Answer 36

One pair to encrypt information the other for digital signatures

Question 37

Name some key handling procedures.

Answer 37

Escrow expiration renewal revocation recovery suspension destruction

Question 38

Name some common cryptographic transport protocols.

Answer 38

SSL TLS SSH HTTPS S/MIME SRTP IPsec

Question 39

What is SSL?

Answer 39

Secure Sockets Layer a protocol to create encrypted data paths between client and server

Question 40

What is TLS?

Answer 40

Transport Layer Security a replacement for SSL with improved security

Question 41

What is SSH used for?

Answer 41

Encrypted alternative to Telnet for accessing remote computers securely

Question 42

What port does HTTPS use?

Answer 42

Port 443

Question 43

What is S/MIME?

Answer 43

A protocol for securing email messages allowing encryption and digital signatures

Question 44

What does SRTP protect?

Answer 44

Voice over IP communications adding authentication and confidentiality

Question 45

What does IPsec provide?

Answer 45

Authentication confidentiality and key management for IP communications

Question 46

Name the two encryption modes IPsec supports.

Answer 46

Transport mode encrypts data only Tunnel mode encrypts header and data

Question 47

Why are cryptographic protocols difficult to design securely?

Answer 47

Because they are complex and security proofs are complicated compared to algorithms

Question 48

What happens if cryptography is improperly applied?

Answer 48

It can lead to vulnerabilities that attackers exploit

Question 49

What determines the strength of a cryptographic key?

Answer 49

Randomness length and cryptoperiod

Question 50

Does keeping algorithms secret enhance security like keys?

Answer 50

No algorithms need to be public for cryptography to be useful

Question 51

What is a block cipher mode of operation?

Answer 51

Rules specifying how block ciphers handle blocks of plaintext

Question 52

Name common block cipher modes.

Answer 52

Electronic Code Book ECB Cipher Block Chaining CBC Counter CTR Galois Counter GCM

Question 53

What is a crypto service provider?

Answer 53

Software or hardware that implements cryptographic algorithms generates keys and authenticates users

Question 54

What is certificate chaining used for?

Answer 54

Verifying that a digital certificate is genuine by linking certificates to establish trust

Question 55

What do domain validation certificates verify?

Answer 55

Control over the domain name but not the trustworthiness of individuals behind the site