Advanced Cryptography

Get Started. It's Free
or sign up with your email address
Rocket clouds
Advanced Cryptography by Mind Map: Advanced Cryptography

1. Digital Certificates

1.1. Defining

1.1.1. Technology used to associate a user's idenity to a public key that has been digitally signed by a trusted third-party.

1.1.2. Characteristics

1.1.2.1. Owner's name

1.1.2.2. Owner's public key

1.1.2.3. Name of issuer

1.1.2.4. Digital signature of the issuer

1.1.2.5. Serial number of the digital certificate

1.1.2.6. Expiration date of the public key

1.2. Managing

1.2.1. Certificate Authority (CA)

1.2.1.1. Serves as the third-party agency that is responsible for issuing the digital certificate.

1.2.1.2. Duties

1.2.1.2.1. Generate, issue and distributed public key certificates.

1.2.1.2.2. Distribute CA certificates

1.2.1.2.3. Generate and publish certificate statue

1.2.1.2.4. Provide a means for subscribers to request revocation

1.2.1.2.5. Revoke public-key certificates

1.2.1.2.6. Maintain the security, availability of the certificate issuance signing

1.2.1.3. The subscriber will generate the public and private keys and send the public key to the CA

1.2.2. Registration Authority (RA)

1.2.2.1. Subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.

1.2.2.2. Local Registration Authorities (LRA)

1.2.2.2.1. "Off-loadin" these registration functions to one or more RAs that can be distributed in different geographic areas.

1.2.2.3. Sometimes the CA does the duties of the RA.

1.2.2.4. Duties

1.2.2.4.1. Recieve, authenticate and process certificate revocation requests.

1.2.2.4.2. Identify and authenticate subscribers

1.2.2.4.3. Obtain a public key from the subscriber

1.2.2.4.4. Verify that the subscriber possess the asymmetric private-key corresponding to the public-key submitted for certification.

1.2.2.5. Primary function of the RA is to verify the identity of the individual.

1.2.2.6. Authentication

1.2.2.6.1. Email

1.2.2.6.2. Documents

1.2.2.6.3. In person

1.2.3. Certificate Revocation List (CRL)

1.2.3.1. List all the revoked digital certificates.

1.2.3.2. Revoked Reasons

1.2.3.2.1. Certificate is no longer used.

1.2.3.2.2. Details of the certificate have changed.

1.2.3.2.3. Private-key has been exposed

1.2.3.2.4. Private-key has been lost

1.2.4. Certificate Repository (CR)

1.2.4.1. Web Browser Management

1.2.4.1.1. View default loaded certificates for a web browser.

1.2.4.1.2. Automatic updates will update the web browser automatically and download CRLs as needed.

1.2.4.2. Publically accessible centralized directory of digital certificates that can be used to view the statues of digital certificates.

1.3. Types

1.3.1. Class 1: Personal Digital Certificates

1.3.1.1. RA only requires the user's name and e-mail address in order to recieve certificate.

1.3.1.2. Used for personal e-mails, digital signatures and documents.

1.3.2. Class 2: Server Digital Certificates

1.3.2.1. Mainly used with webservers but can be used with other server types as well.

1.3.2.2. Functions

1.3.2.2.1. Ensure the authenticity of the server.

1.3.2.2.2. Ensure the authenticity of the cryptographic connection to the server.

1.3.3. Class 3: Software Publisher Digital Certificates

1.3.3.1. Verify that their programs are secure and have not been tampered with.

1.3.4. Class 4 is for online business transactions between companies.

1.3.5. Class 5 is for private organizations or governmental security.

1.3.6. Dual-Key Digital Certificates

1.3.7. Dual-Sided Digital Certificates

1.3.8. X.509 Digital Certificates

1.3.8.1. Most widely accepted format/standard for digital certificates defined by International Telecommunication Union (ITU)

2. Public Key Infrastructure (PKI)

2.1. Is the framework for all the entities involved in digital certificates for digital certificate management

2.2. Public-Key Cryptographic Standards (PKCS)

2.2.1. See page 463 and 464 (PKS 7 & 10)

2.3. Trusted Models

2.3.1. Hierarchical

2.3.1.1. Assigns a single hierarchy with one master CA called "root".

2.3.2. Distributed

2.3.2.1. Has multiple CAs that sign digital certificates.

2.3.3. Bridge

2.3.3.1. Acts as a "facilitator" to bridge Hierarchical and Distributed models.

2.3.3.2. Does not issues digital certificates

2.3.4. Third-party trust refers to a situation in which two individuals trust each other because each trusts a third party.

2.4. Managing

2.4.1. Certificate Policy (CP)

2.4.1.1. Published set of rules that govern the operation of PKI

2.4.2. Certificate Practice Statement (CPS)

2.4.2.1. Describes in detail how a CA uses and manages certificates.

2.4.3. Certificate Life Cycle

2.4.3.1. Creation

2.4.3.2. Suspenstion

2.4.3.2.1. Deactivates a certificate for a specific duration and can be reactivated.

2.4.3.3. Revocation

2.4.3.3.1. Revokes a certificate before its expiration date and is permanent.

3. Key Management

3.1. Handling

3.1.1. Escrow

3.1.1.1. Third-party stores and manges the key

3.1.2. Expiration

3.1.3. Renewal

3.1.3.1. An existing key can be renewed before it expires

3.1.4. Revocation

3.1.4.1. Revokes a key before its expiration date and is permanent.

3.1.5. Recovery

3.1.5.1. Key Recovery Agent (KRA)

3.1.5.1.1. Highly trused person responsible for recovering lost or damaged digital certificates

3.1.5.2. M-of-N Control

3.1.5.2.1. N Group

3.1.5.2.2. M Group

3.1.6. Suspension

3.1.6.1. Deactivates a key for a specific duration and can be reactivated.

3.2. Storage

3.2.1. Private

3.2.1.1. Smart cards or in tokens

3.2.2. Public

3.2.2.1. Imbedding them in certificates

3.2.2.2. Software repository

4. Transport Encryption Algorithms

4.1. Secure Socket Layer (SSL)

4.1.1. Transport Layer Security (TLS)

4.1.1.1. Extension of SSL

4.1.1.2. Protocol that guarantees privacy and data integrity between applications communicating over the internet

4.1.2. Developed by Netscape for securely transmitting documents over the internet.

4.1.3. Used for other application leve protocols such as FTP, LDAP and SMTP.

4.2. Secure Shell (SSH)

4.2.1. Encrypted alternative to Telnet protocol that is used to access remote computers.

4.2.2. Linux/UNIX based command interface.

4.3. Hypertext Transport Protocol over SSL (HTTPS)

4.3.1. Secure Hypertext Transport Protocol (SHTTP)

4.3.1.1. Related to HTTPS

4.3.1.2. Developed by Enterprise Integration Technology (EIT)

4.3.1.3. Allows clients and servers to negotiate independently encryption and digital signature methods in any combination in both directions.

4.3.2. Uses port 443 instead of HTTP's port 80

4.4. IP Security (IPsec)

4.4.1. OSI Layer

4.4.1.1. 7. Application

4.4.1.1.1. PGP

4.4.1.2. 6. Presentation

4.4.1.3. 5. Session

4.4.1.3.1. Kerberos

4.4.1.3.2. SSL

4.4.1.4. 4. Transport

4.4.1.4.1. TCP

4.4.1.5. 3. Network

4.4.1.5.1. IP

4.4.1.5.2. IPSec

4.4.1.6. 2. Data Link

4.4.1.7. 1. Physical

4.4.2. Two Encryption Modes

4.4.2.1. Tunnel

4.4.2.1.1. Encrypts the header and data postion.

4.4.2.2. Transport

4.4.2.2.1. Only encrypts the data portion (payload)

4.4.2.2.2. Used for communications behind a firewall. When leaving through the firewall, it will be tunnel encryption for communications from firewall to firewall.

4.4.3. Protection

4.4.3.1. 1. Authentication

4.4.3.1.1. Achieved through Authentication Header (AH) protocol.

4.4.3.2. 2. Confidentiality

4.4.3.2.1. Achieved through the Encapsulating Security Payload (ESP) protocol.

4.4.3.3. 3. Key Management

4.4.3.3.1. Achieved through the Association and Key Management Protocol/Oakley (ISAKMP/Oakly) protocol.