Week 2 - Cryptography Applications

Question 1

What is PKI (Public Key Infrastructure)?

Answer 1

a system that defines the creation, storage, and distribution of digital certificates

Question 2

What is a digital signature?

Answer 2

a file that proves an entity owns a certain public key

Question 3

What 3 things does a certificate contain?

Answer 3

1. Info on Public Key
2. Registered Owner
3. Digital Signature

Question 4

What does CA stand for?

Answer 4

Certificate Authority

Question 5

What is a CA responsible for?

Answer 5

storing, issuing, and signing certificates

Question 6

What does RA stand for?

Answer 6

Registration Authority

Question 7

What is the RA responsible for?

Answer 7

verifying the identities of any entities requesting certificates to be signed and stored with the CA (certificate authority)

Question 8

What does CRL stand for?

Answer 8

Certificate revocation list

Question 9

What does a CRL list provide?

Answer 9

a list of certificates that are no longer valid (certificate revocation list)

Question 10

What does the X.509 standard define?

Answer 10

defines the format of digital certificates

Question 11

What are the fields are defined in a X.509 standard?

Answer 11

1. Version
2. Serial number
3. Certificate signature algorithm
4. Issuer name
5. Validity
   6.

Question 12

Describe the

Question 13

What are the 9 fields defined in a X.509 certificate?

Answer 13

1. Version
2. Serial number
3. Certificate signature algorithm
4. Issuer name
5. Validity
6. Subject
7. Subject public key info
8. Certificate signature algorithm
9. Certificate signature value

Question 14

What does CRL stand for?

Answer 14

Certificate Revocation List

Question 15

What is a certificate revocation list (CRL)?

Answer 15

distributes a list of certificates that are no longer valid

Question 16

What does the X.509 standard define?

Answer 16

defines the format of digital certificates

Question 17

How does HTTPS protect us on the internet?

Answer 17

encapsulates the HTTP traffic over an encrypted secure channel using TLS or SSL

Question 18

What does HTTPS stand for?

Answer 18

HyperText Transport Protocol (Secure)

Question 19

What is HTTPS also called?

Answer 19

HTTP over SSL or TLS (what it uses to encapsulate traffic)

Question 20

When was SSL 3.0 deprecated?

Answer 20

2015

Question 21

What is TLS?

Answer 21

Provides a secure channel for an application to communicate with the service

(that’s independent of HTTPS but is used with it)

Question 22

What are some examples that use TLS to secure communications? (4)

Answer 22

1. VoIP calls (skype, hangouts)
2. email
3. instant messaging
4. wifi network security

Question 23

What is a session key?

Answer 23

the shared symmetric encryption key used in TLS sessions to encrypt data sent back and forth

Question 24

What is the session key derived from?

Answer 24

the public-private key

(so if the private key is compromised, an attacker can decode all previously sent encoded messages)

Question 25

How do you defend against having your session key compromised?

Answer 25

using forward secrecy (cryptographic system), so that if the private key is compromised the session keys are still safe

Question 26

What does SSH stand for?

Answer 26

Secure Shell

Question 27

What is SSH?

Answer 27

a secure network protocol that uses encryption to allow access to a network service over unsecured networks

Question 28

What protocol is most commonly used for remote login to command-line-based system?

Answer 28

SSH (Secure Shell)

(but the protocol is super flexible)

Question 29

What key does SSH use to authenticate the remote machine the client is connecting to?

Answer 29

SSH uses public-key cryptography

Question 30

What is PGP?

Answer 30

Pretty Good Privacy

Question 31

What does PGP do?

Answer 31

encryption app that uses asymmetric encryption and allows authentication of data, with privacy from 3rd parties

Question 32

What is PGP commonly used in?

Answer 32

encrypted mail communication

Question 33

How secure is PGP?

Answer 33

Very secure with no known mechanisms to break the encryption via cryptographic or computational means (military-grade encryption)

(police and govt even have issues recovering data sometimes)

Question 34

What does VPN stand for?

Answer 34

Virtual Private Network

Question 35

What does a VPN allow you to do?

Answer 35

a mechanism that allows you to remotely connect a host/network to an internal private network while passing the data over a public channel (like the internet)

Question 36

VPN is like an ____ ____ where…

Answer 36

VPN is like an encrypted tunnel where all of the remote system’s network traffic flows through

(packets are channeled transparently through the remote private network)

Question 37

What is a point-to-point VPN connection?

Answer 37

Connects by bridging 2 gateways (private networks) through an encrypted tunnel

Question 38

What does IPsec stand for?

Answer 38

Internet Protocol Security

Question 39

What is IPsec?

Answer 39

It’s a VPN protocol that was designed in conjunction with IPV6

Question 40

What 2 modes of operations does IPsec support?

Answer 40

1. Transport mode
2. Tunnel mode

Question 41

How does IPsec work?

(the process, where is it sent)

Answer 41

It encrypts an IP packet and encapsulates that encrypted packet inside an IPsec packet and sent to the VPN end-point to get decapsulated/decrypted

Question 42

What’s the difference between transport mode and tunnel mode for IPsec?

Answer 42

Transport mode - only the payload of the packet is encrypted, header untouched
Tunnel mode - entire IP packet (w/ header) is encrypted/encapsulated inside a new IP packet with new headers

Question 43

OpenVPN operates over either ____ or ____

Answer 43

TCP or UDP

Question 44

OpenVPN operates over port….?

Answer 44

Port 1194

Question 45

Where is a Trusted Platform Module located?

Answer 45

It’s a hardware device that’s typically integrated into the hardware of a computer that is a dedicated crypto processor

Question 46

How does a TPM work?

Answer 46

it has a unique secret RSA key burned into the hardware at the time of manufacture (which allows things like hardware authentication and prevents changes)

Question 47

What is remote attestation?

Answer 47

idea of a system authenticating its software and hardware configuration to a remote system

Question 48

What is data binding and sealing for TPM?

Answer 48

using the secret key to derive a unique key that’s used for encryption of data

Question 49

What is a secure element?

Answer 49

a tamper-resistant chip often embedded in the microprocessor or integrated into the mainboard of a mobile device (securely stores crypto keys and provides a secure environment for apps)

Question 50

What is TEE?

Answer 50

Trust execution environment - full blown isolated execution environment that runs alongside the OS

Question 51

TPMs are most commonly used to: (3)

Answer 51

1. ensure platform integrity
2. prevent unauthorized changes to the system (hardware, software, encryption)
3. protect contents of the entire disc

Question 52

What does FTE encrypt? [Full disk encryption]

Answer 52

the entire drive of the system (not just the files)