Cryptography and PKI Overview

Questions and Answers

What does Public Key Infrastructure (PKI) consist of?

• Only hardware used for encryption
• Procedures for decrypting data
• Only software for managing digital certificates
• A combination of hardware, software, policies, and procedures (correct)

What is the main purpose of a private key in cryptography?

• To create a digital certificate
• To decrypt data encrypted with its corresponding public key (correct)
• To encrypt data that can be shared publicly
• To securely share keys over insecure networks

Which level of encryption generally provides the strongest protection?

• 128-bit encryption
• 192-bit encryption
• 256-bit encryption (correct)
• 64-bit encryption

Which type of encryption involves transforming an entire hard disk?

Full-Disk encryption (B)

Which method is typically used for securely exchanging keys over an insecure medium?

Diffie-Hellman or RSA mechanisms (C)

What characteristic does key length have on encryption strength?

Longer key lengths generally correlate with increased strength (B)

What does asymmetric encryption use for encrypting and decrypting data?

Two different keys, one public and one private (A)

Which type of encryption would you use to secure a single record within a database?

Record encryption (D)

What is the primary function of a Trusted Platform Module (TPM)?

To store RSA encryption keys specific to the host system (D)

How does salting enhance password security?

By adding random data to each password before hashing (B)

What is a major advantage of using a Hardware Security Module (HSM)?

It securely stores digital keys and performs cryptographic operations (C)

What is the role of certificate authorities in public key infrastructure (PKI)?

To manage and verify digital certificates (A)

Which method is used to ensure the authenticity of digitally signed documents?

Digital signatures (A)

What does hashing do to the original data?

It creates a fixed-length string of characters from the data (A)

What distinguishes self-signed certificates from third-party certificates?

Self-signed certificates are issued by the entity using them. (B)

In terms of cryptographic security, what does the term 'root of trust' refer to?

A secure starting point for cryptographic processes (D)

Flashcards

Public Key

Part of a key pair openly shared for encrypting data.

Private Key

Secret key used to decrypt data encrypted with its corresponding public key.

Encryption

Process of converting plain text into unreadable text.

Asymmetric Encryption

Uses two different keys (public & private) for encryption and decryption.

Symmetric Encryption

Uses the same key for both encryption and decryption.

Key Length

The number of bits in a key, influencing encryption strength.

PKI (Public Key Infrastructure)

Set of systems for managing digital certificates.

Key Escrow

Storing encryption keys with a third party.

Trusted Platform Module (TPM)

A chip storing encryption keys specific to a device.

Hardware Security Module (HSM)

Physical device protecting digital keys and handling cryptographic operations.

Obfuscation/Steganography/Tokenization/Data Masking

Methods for hiding or replacing data to protect it.

Hashing and Salting

Hashing creates fixed data strings; salting adds random data to passwords before hashing for extra security.

Digital Signatures

Used to verify the authenticity of digital documents.

Blockchain

A secure, public ledger for transactions.

Certificate Authorities, CRLs, and OCSP

Parts of a system to manage digital certificates.

Self-Signed vs. Third-Party Certificates

Certificates issued by the user (self-signed) or a trusted third party.

Study Notes

Cryptographic Solutions

• Cryptography is a crucial method to secure data, communications, and business operations in the digital age.
• Cryptography is constantly evolving, so staying updated on new methods and tools is essential.

Public Key Infrastructure (PKI)

• PKI is a system of hardware, software, policies, and procedures to manage digital certificates.
• PKI is essential for establishing secure encrypted communication channels over the internet.
• PKI handles the creation, management, distribution, use, and revocation of digital certificates.

Public Key

• The public key is shared publicly and used to encrypt data.

Private Key

• The private key is kept secret and used to decrypt data encrypted using its corresponding public key.

Key Escrow

• Sometimes, keys are stored in a third-party repository (key escrow) to protect and recover them.

Encryption

• Encryption changes plain text into unreadable text.
• Different encryption levels (e.g., 128-bit, 256-bit) affect the difficulty of breaking the encryption.

Types of Encryption (Different Levels)

• Full-disk encryption encrypts the entire hard drive.
• Partition encryption encrypts specific disk partitions.
• Volume encryption encrypts a logical volume of files.
• Database encryption encrypts entire databases or sensitive table data.
• Record encryption encrypts individual records within a database.

Asymmetric vs. Symmetric Encryption

• Asymmetric encryption uses two different keys (public and private).
• Symmetric encryption uses the same key for encryption and decryption.

Key Exchange

• Key exchange mechanisms (e.g., Diffie-Hellman, RSA) provide secure key exchange over insecure channels.

Cryptographic Algorithms

• Common algorithms include AES, DES, and RSA.

Key Length

• Key length (in bits) typically correlates with encryption strength.

Hardware Security

• Trusted Platform Module (TPM): A specialized chip storing RSA encryption keys specific to the host.
• Hardware Security Module (HSM): Physical devices safeguarding and handling cryptographic keys.

Data Protection Methods

• Obfuscation, Steganography, Tokenization, and Data Masking: Methods used to hide data or replace it with tokens.
• Hashing: Converts data into fixed-length strings.
• Salting: Adds random data to passwords before hashing to improve security.
• Digital Signatures: Verify the authenticity of digitally signed documents.

Blockchain and Certificates

• Blockchain can function as a secure public ledger for transactions.
• Certificate Authorities (CAs), Certificate Revocation Lists (CRLs), and Online Certificate Status Protocol (OCSP) are components of PKI managing digital certificates.
• Self-signed Certificates: Issued by the entity using them.
• Third-party Certificates: Issued by a trusted third party.
• Root of Trust: The secure starting point for cryptographic or secure boot processes.

Summary

• Cryptography is essential for secure data, transactions, and communications in modern digital environments.
• Various methods and tools exist for diverse security needs.

Key Points

• PKI is fundamental for secure communication.
• Encryption can be applied at multiple levels.
• Hardware security tools (TPM, HSM) enhance security.

Review Questions

• Explain the difference between public and private keys.
• Describe encryption levels and their tradeoffs.
• Describe the role of a Hardware Security Module.
• How does key stretching strengthen passwords?

Practical Exercises

• Setting up a basic encrypted email service.
• Using a steganography tool to hide text within an image.