Section 1.4 Flashcards
(32 cards)
What does PKI stand for?
Public Key Infrastructure
What’s the purpose of the PKI?
Public Key Infrastructure (PKI) is a framework of policies, procedures, hardware, software, and people that enables the secure exchange of information over networks. It uses a system of digital certificates and public-private key pairs to authenticate the identity of users, devices, and services, ensuring secure communication and data integrity.
What is Symmetric encryption?
Symmetric encryption means that anytime you are performing a decryption of some information, you’re using the same key that you used to encrypt that information.
What is Asymmetric encryption?
Asymmetric encryption means that two (or more) keys are used, one for encryption and one key for decryption.
One becomes the private key and the other becomes the public key.
How does it work?
Anyone that has the public key, can encrypt data with that key and then send the encrypted data to you, and only the holder of the private key can decrypt the data.
What is transport encryption and provide examples of it.
Transport encryption is encrypting data on the move.
For example browsers use https for encrypted data in transit.
VPNs encrypts all data transmitted over the network.
- Client based VPN use SSL/TLS
- Site to Site VPN use IPsec
Explain encryption algorithms
Encryption algorithm provides the formula to be used during the encryption and decryption process. Both sides, the encrypting side and decrypting side must use the same encryption algorithm.
Why are cryptographic key lengths important?
Brute force attacks are commonly used by attackers to find the key. This means that brute force attacks try every possible key combination. The longer the key, the more combination would be available, therefore more secure.
What’s a typical key length for symmetric encryption?
128-bit or larger symmetric keys are common
What’s a typical key length for asymmetric encryption?
3072 bits or even larger
What is meant by key stretching /strengthening?
This means that in order to make a key more secure, you would hash a password, and then hash the hash of the password, and hash the hash … and continue
What is Out-of-band key exchange?
This means that the key is shared through means that are not in the internet. This would be through in person, over a telephone and so on.
What is In-band key exchange?
This means that the key is shared through the network. This would use additional security such as:
- If the goal is to share a symmetric key, then this key can be encrypted with a asymmetric key, and then send the key along with the asymmetric public key.
Explain session keys
Session keys are used for temporary basis for a specific session.
Explain the key exchange algorithms.
Key exchange algorithms means the following:
System A has its own private key.
System B has its own private key.
If system A wants to send information to system B, then it can combine its private key with System B public key.
Then when the information is received in system B, system B can combine its private key with System A public key.
Now the two systems can securely communicate with each other.
What is a TPM?
Its a Trusted Platform Module (TPM) to provide cryptographic functions for a specific computer.
It can create keys.
It can store keys such as bitlocker keys.
What is a HSM?
Hardware Security Module (HSM) is used for large environments such as thousands of servers. HSM is used to store all the encryption keys for all of those servers.
What is a secure enclave?
A secure enclave is a hardware processor, which is isolated from the main processor and provides extensive security features such as:
- Has its own boot ROM
- Monitors the system boot process
- Random number generator
- Real time memory encryption
- Root cryptographic keys
- Performs AES encryption in hardware and more
What is obfuscation?
It’s the process of making something unclear, but not impossible to understand.
A type of obfuscation is Steganography, which means hiding information inside of an image.
What is Steganography?
Steganography is security through obscurity.
It can be in an image data, or the actual image itself.
It can be on network bits, or audios.
What is tokenization?
Tokenization refers to replacing sensitive data with a non sensitive placeholder.
For example it can be taking a SSN number and providing a new number that the system understands how to revert it back to the original number.
What is data masking?
Data masking means that we hide part of the information and only display part of the information. An example is showing only the last 4 digits of a credit card number and hiding the rest of them using *.
What is SHA256 Hash?
It’s a popular hashing algorithm
What is hashing used for?
- Verify downloaded file.
- Password storage
What does salt means in hashing process?
It’s random data added to a password when hashing. Makes the hash stronger especially against attacks such as rainbow tables or brute force.
