Shared Flashcard Set

Details

Chapter 6: Stuff he said we should know
I'll refine all of this before next week's exam...
11
Computer Science
12th Grade
02/11/2013

Additional Computer Science Flashcards

 


 

Cards

Term
Explain X.509....
Definition

in the late 1980s, the X.500 OSI Directory Standard was defined by the International Organization for Standardization (ISO) and the International Telecommunication Union (ITU). It was developed for implementing a network directory system, and part of this directory standard was the concept of authentication of entities within the directory. X.509 is the portion of the X.500 standard that addresses the structure of certificates used for authentication.

 

Several versions of the X.509 certificates have been created, with version 3 being the current version (as this is being written)….Version 3 added additional optional extensions for more subject identification information, key attribute information, pol- icy information, and certification path constraints. In addition, version 3 allowed additional extensions to be defined in standards or to be defined and registered by organizations or communities. 

Term
Explain SSL/TLS...
Definition

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide the most com- mon means of interacting with a PKI and certificates.

 

SSL and TLS are cryptographic protocols that provide data integrity and security over networks by encrypting network connections at the transport layer.

Term
Explain S/MIME...
Definition

The Secure/Multipurpose Internet Mail Extensions (S/MIME) message specification is an extension to the MIME standard that provides a way to send and receive signed and encrypted MIME data.

 

The changes in the S/MIME standard have been so frequent that the standard has become difficult to implement.

 

The standard places reliance upon more than one other standard for it to function. Key among these is the format of a public key certificate as expressed in the X.509 standard.

Term
What is PGP?
Definition

Pretty Good Privacy (PGP) is a popular program that is used to encrypt and decrypt e- mail and files. It also provides the ability to digitally sign a message so the receiver can be certain of the sender’s identity. Taken together, encrypting and signing a message allows the receiver to be assured of who sent the message and to know that it was not modified during transmission.

 

PGP is one of the most widely used programs and is frequently used by both individuals and businesses to ensure data and e-mail privacy.

Term
How does PGP work?
Definition

PGP uses a variation of the standard public key encryption process. In public key encryption, an individual (here called the creator) uses the encryption program to create a pair of keys. One key is known as the public key and is designed to be given freely to others. The other key is called the private key and is designed to be known only by the creator. Individuals wanting to send a private message to the creator will encrypt the message using the creator’s public key. The algorithm is designed such that only the private key can decrypt the message, so only the creator will be able to decrypt it.

 

This method, known as public key or asymmetric encryption, is time consuming. Symmetric encryption uses only a single key and is generally faster. It is because of this that PGP is designed the way it is. PGP uses a symmetric encryption algorithm to encrypt the message to be sent. It then encrypts the symmetric key used to encrypt this message with the public key of the intended recipient. Both the encrypted key and message are then sent. The receiver’s version of PGP will first decrypt the symmetric key with the private key supplied by the recipient and will then use the resulting decrypted key to decrypt the rest of the message.

 

PGP can use two different public key algorithms—Rivest-Shamir-Adleman (RSA) and Diffie-Hellman. The RSA version uses the International Data Encryption Algorithm (IDEA) to generate a short symmetric key to be used to encrypt the message and RSA to encrypt the short IDEA key. The Diffie-Hellman version uses the Carlisle Adams and Stafford Tavares (CAST) algorithm to encrypt the message and the Diffie-Hellman algorithm to encrypt the CAST key.

 

To generate a digital signature, PGP takes advantage of another property of public key encryption schemes. Normally, the sender will encrypt using the receiver’s public key and the message will be decrypted at the other end using the receiver’s private key. The process can be reversed so that the sender encrypts with his own private key. The receiver then decrypts the message with the sender’s public key. Since the sender is the only individual who has a key that will correctly be decrypted with the sender’s public key, the receiver knows that the message was created by the sender who claims to have sent it. The way PGP accomplishes this task is to generate a hash value from the user’s name and other signature information. This hash value is then encrypted with the sender’s private key, known only by the sender. The receiver uses the sender’s public key, which is available to everyone, to decrypt the hash value. If the decrypted hash value matches the hash value sent as the digital signature for the message, then the receiver is assured that the message was sent by the sender who claims to have sent it.

Term
Explain HTTPS...
Definition
Most web activity occurs using the Hypertext Transfer Protocol (HTTP), but this protocol is prone to interception. HTTPS uses the Secure Sockets Layer (SSL) to transfer in- formation. Originally developed by Netscape Communications and implemented in its browser, HTTPS has since been incorporated into most common browsers. It uses the open standard SSL to encrypt data at the application layer. In addition, HTTPS uses the standard TCP port 443 for TCP/IP communications rather than the standard port 80 used for HTTP. Early HTTPS implementations made use of the 40-bit RC4 encryption algorithm, but with the relaxation of export restrictions, most implementations now use 128-bit encryption.
Term
Explain IPsec...
Definition

IPsec is a collection of IP security features designed to introduce security at the network or packet-processing layer in network communication. 

 

IPsec is designed to be used to provide secure virtual private net- work capability over the Internet. In essence, IPsec provides a secure version of the IP by introducing authentication and encryption to protect layer 4 protocols. IPsec is optional for IPv4 but is required for IPv6. Obviously, both ends of the communication need to use IPsec for the encryption/decryption process to occur.

 

IPsec provides two types of security service to ensure authentication and confidentiality for either the data alone (referred to as IPsec transport mode) or for both the data and header (referred to as tunnel mode).

 

IPsec introduces several new protocols including the Authentication Header (AH), which basically provides authentication of the sender, and the Encapsulating Security Payload (ESP), which adds encryption of the data to ensure confidentiality. IPsec also provides for payload compression before encryption using the IP Payload Compression Protocol (IPcomp). 

 

Frequently, encryption negatively impacts the ability of compression algorithms to fully compress data for transmission. By providing the ability to compress the data before encryption, IPsec addresses this issue.

Term
Explain FIPS...
Definition

The Federal Information Processing Standards Publications (FIPS PUBS or simply FIPS) describe various standards for data communication issues. These documents are issued by the U.S. government through the National Institute of Standards and Technology (NIST), which is tasked with their development. Three categories of FIPS PUBS are currently maintained by NIST:

 

• Hardware and software standards/guidelines

 

• Data standards/guidelines

 

• Computer security standards/guidelines

Term
Explain Common Criteria (CC)...
Definition

The Common Criteria (CC) is the result of an effort to develop a joint set of security processes and standards that can be used by the international community.

 

The major contributors to the CC are the governments of the United States, Canada, France, Germany, the Netherlands, and the United Kingdom. 

 

The CC also provides a listing of laboratories that apply the criteria in testing security products. Products that are evaluated by one of the approved laboratories receive an Evaluation Assurance Level of EAL1 through EAL7 (EAL7 is the highest level)...

Term
Explain WTLS...
Definition

The Wireless Transport Layer Security (WTLS) protocol is based on the Transport Layer Security (TLS) protocol. WTLS provides reliability and security for wireless communications using the Wireless Application Protocol (WAP).

 

WTLS can be implemented in one of three classes: Class 1 is called anonymous authentication but is not designed for practical use. Class 2 is called server authentication and is the most common model. The clients and server may authenticate using different means. Class 3 is server and client authentication. In Class 3 authentication, the client’s and server’s WTLS certificates are authenticated. Class 3 is the strongest form of authentication and encryption.

Term
Explain WEP...
Definition
The Wired Equivalent Privacy (WEP) algorithm is part of the 802.11 standard and is used to protect wireless communications from interception. A secondary function is to prevent unauthorized access to a wireless network. WEP relies on a secret key that is shared between a mobile station and an access point. In most installations, a single key is used by all of the mobile stations and access points.
Supporting users have an ad free experience!