Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 17: Public Key Cryptography, image, image, image, image, image,…
Module 17: Public Key Cryptography
17.1 Public Key Cryptography with Digital Signatures
17.1.1 Digital Signature Overview
Authentic
The signature cannot be forged and provides proof that the signer, and no one else, signed the document.
Unalterable
After a document is signed, it cannot be altered.
Nor Reusable
The document signature cannot be transferred to another document.
Non-repudiated
The signed document is considered to be the same as a physical document. The signature is proof that the document has been signed by the actual person.
17.1.2 Digital Signatures for Code Signing
Digital signatures are commonly used to provide assurance of the authenticity and integrity of software code.
17.1.3 Digital Signatures for Digital Certificates
A digital certificate is equivalent to an electronic passport. It enables users, hosts, and organizations to securely exchange information over the internet.
17.2 Authorities and the PKI Trust System
17.2.1 Public Key Management
Internet traffic consists of traffic between two parties. When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information.
17.2.2 The Public Key Infrastructure
PKI is needed to support large-scale distribution and identification of public encryption keys. The PKI framework facilitates a highly scalable trust relationship.
17.2.3 The PKI Authorities System
Many vendors provide CA servers as a managed service or as an end-user product. Some of these vendors include Symantec Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, and DigiCert among others.
17.2.4 The PKI Trust System
PKIs can form different topologies of trust. The simplest is the single-root PKI topology.
17.2.5 Interoperability of Different PKI Vendors
Interoperability between a PKI and its supporting services, such as Lightweight Directory Access Protocol (LDAP) and X.500 directories, is a concern because many CA vendors have proposed and implemented proprietary solutions instead of waiting for standards to develop.
17.2.6 Certificate Enrollment, Authentication, and Revocation
The first step in the CA authentication procedure is to securely obtain a copy of the CA’s public key. All systems that leverage the PKI must have the CA’s public key, which is called the self-signed certificate.
17.3 Applications and Impacts of Cryptography
17.3.1 PKI Applications
SSL/TLS certificate-based peer authentication
Secure network traffic using IPsec VPNs
HTTPS Web traffic
Control access to the network using 802.1x authentication
Secure email using the S/MIME protocol
Secure instant messaging
Approve and authorize applications with Code Signing
Protect user data with the Encryption File System (EFS)
Implement two-factor authentication with smart cards
Securing USB storage devices
17.3.2 Encrypted Network Transactions
Consider how the increase of SSL/TLS traffic poses a major security risk to enterprises because the traffic is encrypted and cannot be intercepted and monitored by normal means.
17.3.3 Encryption and Security Monitoring
Network monitoring becomes more challenging when packets are encrypted. However, security analysts must be aware of those challenges and address them as best as possible.
17.4 Publiz Key Cryptography Summary
17.4.1 What Did I Learn in this Module?
Public Key Cryptography
Digital signatures are a mathematical technique used to provide three basic security services: authenticity, integrity, and nonrepudiation.
Authorities and the PKI Trust System
When establishing secure connection between two hosts, the hosts will exchange their public key information.
Applications and Impacts of Cryptography
There are many common uses of PKIs including a few listed here: SSL/TLS certificate-based peer authentication, HTTPS Web traffic, secure instant message, and securing USB storage devices
