Intro to Cryptography WGU C839 Module 4 correctly answered!

Intro to Cryptography WGU C839 Module 4 correctly answered!These are usually the encryption of a message digest with the senders private key. In order to verify them, the recipient uses the senders public key. They are considered good if they provide the following. Authentication Integrity Non-repudiation Digital Signature It is a digital document that contains a public key and some information to allow your system to verify where they key came from. This is the most common way to distribute pubic keys in asymmetric cryptography. Digital Certificate uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communications and transactions. PKI (Public Key Infrastructure) They are in place by the RSA to ensure uniform certificate management throughout the internet PKCS (Public Key Cryptography Standards) A certificate is a digital representation of information that identifies you as a relevant entity by a? Trusted Third Party (TTP) This is an entity trusted by one or more users to manage certificates CA (Certificate Authority) Used to take the burden off of a CA by handling verification prior to certificates being issues. They act as a proxy between user and CA. They receive requests, authenticate them and forward them to the CA RA (Registration Authority) is a set of rules that defines how a certificate may be used. CP (Certificate Policy) An international standard for the format and information contained in a certificate. The most common type of digital certificate in the world. Relied on by S/MIME Contains your name, info about you and signature of the person who issued the certificate X.509 List of certificates issued by a CA that are no longer valid CRL (Certificate Revocation List) CRL Distribution Method: CA automatically sends the CRL out at regular intervals PUSH Model CRL Distribution Method: The CRL is downloaded from the CA by those who want to see verify a certificate. This is the end users responsibility Pull Method Is a Base64 encoded DER certificate, enclosed between "------ BEGIN CERTIFICATE ------" AND "------ END CERTIFICATE ------" .pem Usually in binary DER form, but Base64-encoded certificates are common too. .cer, .crt, .der PKCS#7 Signed Data structure without data just certificate(s) or CRL(s) .p7b, p7c PKCS#12, may contain certificate(s) pubic and private (password protected) keys. .p12 Predecessor of PKCS#12 usually contains data in PKCS#12 format with files generated in IIS .pfx A newer protocol for verifying certificates in real-time Online Certificate Status Protocol (OSCP) Determining the path between X.509 digital certificates and a trusted root Delegated Path Discovery The validation of the path to the trusted root according to a particular validation policy Delegated Path Validation Setup and initialization Administration Cancelation are the phases of? Key life-cycle Registration Key pair Generation Certificate Generation Certificate Dissemination Setup and Initialization Phase Key storage Certificate retrieval and validation Backup or escrow Recovery Administration Phase Expiration Renewal Revocation Suspension Destruction Cancelation and History Phase Person who can recover keys from keystore on behalf of a user Highly-trusted person Issue recovery agent certificates - EFS Recovery Agent certificate - Key Recovery Agent Certificate Update and Path Vulnerabilities The most basic form of authentication User name and password are transmitted over the network and compared to a table of corresponding name-password pairs. Name-password pair table is encrypted, but the transmission of the passwords is done in clear text, unencrypted. It is the basic authentication feature for HTTP PAP (Password Authentication Protocol) This is a proprietary version of PAP, it is somewhat more secure then PAP because username and passwords are both encrypted when they are sent over the network. S-PAP (Shiva Password Authentication Protocol) After a connecting is established the authenticator will "challenge" the requestor. The requestor responds with a calculated has function. The authenticator checks the response against its own calculation of the expected hash function. If they match the authenticator acknowledges the request, otherwise the connection is terminated. This processes is repeated at random intervals. CHAP (Challenge-Handshake Authentication Protocol) Most widely used authentication protocol, mainly within Microsoft systems. Invented at MIT and is named for the three-headed mythical dog that was reputed to guard the gates of Hades. Uses symmetric cryptography, with authentication performed on UDP port 88 Kerberos A server or client that Kerberos can assign tickets to Principal This server authorizes the principal and connects them to the ticket granting server Authentication Server (AS) This server provides tickets to the principal after they are authenticated and connected Ticket Granting Server (TGS) Provides the initial ticket to the principal and handles TGS requests. Typically runs both the AS and TGS services Key Distribution Center (KDC) A boundary within and organization, each separate boundary has its own AS and TGS Realm This server grants tickets to remote realms Remote Ticket Granting Server (RTGS) A ticket that is granted during the authentication process Ticket Granting Ticket (TGT) Used to authenticate to the server. Contains client identity, session key, timestamp and a checksum. It is encrypted with the servers keys Ticket A temporary encryption key Session Key Proves the session keys was recently created, typically expires within five minutes Authenticator Step 1: User sends credentials to the AS Step 2: AS authenticates user Step 3: The AS contacts the TGT that is sent to the users computer Step 4: The users computer presents the TGT back to the TGS to request access to a specific network resource. The TGS uses the AS to authenticate the ticket. if it is authentic then a resource ticket and session key are sent to the users computer Step 5: The users presents the ticket/session key to the resource Step 6: The resource verifies the ticket/session key with the TGS Step 7: The user is authorized access to the resource Kerberos Process By itself it is not an algorithm, but uses other well established asymmetric and symmetric algorithms. This software products was developed to make encryption and decryption readily usable by end users. Usually associated with email encryption Can be used to create certificates, but unlike X.509 they contain multiple signatures and define there own format Pretty Good Privacy (PGP) Wi-Fi Encryption method that uses a stream cipher RC4 128 or 156 bits. WEP (Wired Equivalent Privacy) Uses a Pre-shared key mode Designed for home and small office networks Does not require an Authentication Server Each wireless device authenticates using the same 256 bit key Uses Temporal Key Integrity protocol (TKIP) a 128 bit per-packet key and is dynamically generates a new key for each packet WPA-Personal This version of Wi-Fi encryption implements mandatory elements of 802.11i and introduces CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) a new AES-based encryption mode. Has the optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching which cache the results of 802.1X authentications to improve access time. WPA-2 Wi-Fi encryption standard that uses a stream cipher RC4 to secure data and a CRC-32 checksum for error checking. Standard versions use a 40 bit key with 24bit IV's to form a 64 bit encryption 128 bit version uses a 104 bit key with a 24 bit IV Wired Equivalent Privacy (WEP) Designed for enterprise networks and requires a RADIUS authentication server. Extensible Authentication Protocol (EAP) is used for authentication and has a variety of implementations such as EAP-TLS and EAP-TTLS WPA-Enterprise (WPS-802.1x Mode) Developed by Netscape and has been supplanted by TLS. Was the preferred method used with HTTPS. SSL (Secure Socket Layer) This is a encrypting transmission protocol where the client and server perform a negotiation using a handshaking procedure. The client presents the server with a list of encryption and hashing functions it can support. The server picks the strongest encryption and hashing it can also support and notifies the client of the chosen algorithms. The server presents the client with an X.509 Certificate that the client can verify through a CA. The client uses the servers public key with random numbers to generate a session key for a secure connection that is decrypted with the servers private key. This information is used to generate the key material used for encryption and decryption TLS (Transport Layer Security)