022 Encryption - 022.1 Cryptography and Public Key Infrastructure (weight: 3)

Questions and Answers

What is the primary purpose of cryptographic algorithms?

• To enhance processor speeds in devices
• To create user-friendly software interfaces
• To provide secure communication over the internet (correct)
• To standardize company policies

Which category does AES (Rijndael) belong to?

• Key Exchange Algorithms
• Symmetric Encryption Algorithms (correct)
• Asymmetric Encryption Algorithms
• Hash Functions

What precaution should be taken when working with cryptographic algorithms?

• Always use existing implementations (correct)
• Encrypt data using random keys frequently
• Use outdated algorithms for compatibility
• Create new cryptographic algorithms from scratch

What characterizes symmetric encryption algorithms?

The same key is used for both encryption and decryption. (D)

What is the result of applying a cipher to plaintext?

The data becomes unrecognizable unless decrypted. (C)

What type of cryptographic method helps in securely exchanging keys?

Key Exchange Algorithm (B)

Why should unique cryptographic algorithm implementations be avoided?

They often lack sufficient peer review and security testing. (C)

Which of these options defines hash functions?

They create unique fixed-size outputs from variable-size inputs. (A)

What is the primary function of a Public Key Infrastructure (PKI)?

To facilitate the issuance and validation of certificates. (B)

What distinguishes a Root CA from other CAs in the PKI hierarchy?

Root CAs issue self-signed certificates and are not signed by any other CA. (A)

Why might a certificate be revoked in a PKI?

The private key associated with the certificate has been compromised. (B)

How does Let's Encrypt handle certificate issuance?

Automatically through the ACME protocol. (D)

What role do Sub-CAs play in a PKI?

They may certify other CAs or issue end-user certificates. (D)

What is a Revocation List in PKI?

A published list of certificates that have been revoked. (D)

What is the validity period for Let's Encrypt certificates?

90 days (B)

What is a key characteristic of Root CAs in operating systems and browsers?

They must be explicitly recognized as trustworthy. (D)

What is the purpose of the public key in asymmetric encryption?

To encrypt messages intended for the recipient (D)

Which of the following statements is true about hybrid encryption methods?

They create a secure connection using public keys and then agree on a symmetric key. (A)

What does 'Perfect Forward Secrecy' ensure in encrypted communications?

No data can be decrypted without current keys. (C)

What characteristic makes hash functions critical in cryptographic processes?

They change significantly with even the smallest data modifications. (B)

Which of the following algorithms is recognized for key exchange without sending the keys over the network?

Diffie-Hellman Key Exchange (B)

What is the role of a signature in digital communications?

To prove the identity of the sender and the data's integrity. (C)

What is the main purpose of transport encryption?

To encrypt data during transmission to protect it from interception. (D)

What is an essential vulnerability when a symmetric key is leaked?

Encrypted communications can be decrypted by unauthorized parties. (A)

What characterizes end-to-end encryption?

Only the final recipient can decrypt the data sent by the sender. (C)

What problem does a collision attack exploit in hash functions?

It creates the same hash for different data inputs. (A)

Why is asymmetric cryptography beneficial in public key infrastructure?

Public keys can be shared widely without compromising security. (A)

What does RSA stand for in the context of asymmetric encryption?

Rivest-Shamir-Adleman (C)

What is included in an X.509 certificate?

Validity period and the public key of the subject. (B)

How do Elliptic Curve Cryptography (ECC) methods differ from traditional asymmetric methods?

They achieve similar security with lower resource consumption. (B)

What is the function of a Certificate Signing Request (CSR)?

To apply for a digital certificate with identity proof. (C)

What attack occurs when modifications to input data do not affect the hash values generated?

Collision attack (A)

What happens during the domain validation process by a Certificate Authority (CA)?

The applicant must host a file on the specified hostname. (A)

Which hash algorithm is considered insecure for certain applications today?

MD5 (D)

What is a primary risk of improperly managed public keys?

An attacker could impersonate a legitimate user. (A)

What is the primary focus of signature algorithms in cryptography?

Verifying data integrity and authenticity. (C)

What does a signature from a Certification Authority signify in a digital certificate?

The identity of the certificate owner is verified. (B)

What is a crucial characteristic of the private key related to a public key?

It must be kept secret and secured. (C)

What is the role of the issuer in an X.509 certificate?

To verify the subject's identity before issuing the certificate. (D)

What would happen if a malicious actor succeeded in distributing a public key under a false identity?

The malicious actor could decrypt messages intended for the legitimate user. (B)

What must a user do to ensure their public key is trusted?

Verify it through a trusted Certification Authority. (B)

Study Notes

Cryptography and Encryption

• Encryption methods, also known as cryptographic procedures or cryptology, are vital for achieving IT security objectives.
• Standardized procedures enable different manufacturers' products to communicate over the Internet.
• Cryptographic algorithms are mathematically complex; utilizing existing implementations is recommended over custom implementations.
• OpenSSL project offers various tools for using cryptographic functions as open-source software.

Types of Cryptographic Processes

• Cryptographic methods can be categorized into:
  • Encryption algorithms (Ciphers)
  • Key exchange algorithms
  • Hash functions

Encryption (Ciphers)

• Ciphers transform plaintext into unreadable text using a key, revertible only with the correct key.
• Two categories of encryption:
  • Symmetric encryption: Same key for both encryption and decryption, known to both sender and receiver (e.g., AES).
  • Asymmetric encryption: Uses two different keys; sender encrypts with the receiver's public key, which can only be decrypted using the receiver's private key (e.g., RSA).

Hybrid Encryption

• Combines symmetric and asymmetric algorithms.
• Asymmetric methods establish secure connections using public keys, thereafter agreeing on a shared key for symmetric encryption.

Security Considerations

• Encryption can differentiate outputs even with the same initial data if different keys are used.
• Exposure of a private asymmetric or shared symmetric key allows third parties to compromise encryption.
• Due to the Internet's vastness, pre-arranging a shared key is often impractical. Asymmetric encryption simplifies this, allowing public keys to be broadly available.

Perfect Forward Secrecy

• Measures aimed at preventing the retrospective decryption of past communications even if a key is compromised.
• Enables secure key agreement methods without key transmission over the network.

Key Exchange Algorithms

• Allow parties to establish a common key securely without transmitting it over the network.
• An example algorithm: Diffie-Hellman Key Exchange (DH).

Hash Functions

• Generate a checksum that changes with any data alteration, providing integrity verification but no reverse access to input data.
• Cryptographic hash attacks (collisions) occur when modifications create identical checksums.
• Notable hash algorithms: MD5 (seen as insecure) and SHA-256.

Signature Algorithms

• Used to verify data integrity and authenticity through digital signatures created by hashing and encrypting with a private key.
• Recipients can validate signatures using the sender's public key to ensure data hasn't been tampered with.

Elliptic Curve Cryptography (ECC)

• A form of asymmetric cryptography that uses elliptic curves to improve efficiency without compromising security.
• Frequently employed for Diffie-Hellman key exchange to ensure Perfect Forward Secrecy.

Encryption Levels

• Transport encryption: Encrypts data for segments of transmission, but not necessarily at rest on mail servers.
• End-to-end encryption: Ensures that data can only be decrypted by the intended recipient.

Certificates and Public Key Infrastructure (PKI)

• Asymmetric cryptography permits public key sharing for encrypted communication, necessitating identity verification of key holders.
• Certificates confirm the identity of key holders and include identity details, public keys, and signatures from trusted certification authorities (CAs).

X.509 Standard

• Internet standard for certificates, containing fields like issuer, subject, public key, and validity.

Certificate Lifecycle

• Certificates are created after generating a key pair and submitting a Certificate Signing Request (CSR) to a CA for validation.
• A successful submission results in the CA signing the certificate, binding the public key to the verified identity.

CA Structure

• PKI facilitates the organization and trustworthiness of CAs, including self-signed root CAs.
• Trust in a CA means trusting the certificates it issues, assuming identity claims are verified.

Certificate Revocation

• Certificates need revocation when trust is lost due to key exposure or ownership changes.
• Revocation lists are published by CAs, but checking these can be inadequate. Hence, certificates often have short lifespans.

Let's Encrypt

• A certification authority that issues free SSL certificates through automated processes using the ACME protocol.
• New certificates are obtained quickly, are valid for 90 days, and are widely trusted by mainstream browsers.

Description

Explore the essential methods of cryptography and encryption that are crucial for IT security. This quiz covers encryption algorithms, key exchange processes, and the differences between symmetric and asymmetric encryption. Test your knowledge on the various cryptographic processes used in securing digital communications.