Chapter 9. Cryptography and Public Key Infrastructure

OBJECTIVES

This chapter covers the following TruSecure-specified objectives for the TICSA exam:

Identify key issues of cryptography and be able to explain basic cryptographic methods in use today.

• Recognize the characteristics of encryption.

• Identify encryption types.

• Define the uses of hash functions.

• Define the uses of digital signatures.

• This chapter introduces you to the basic concepts behind encryption and the differences between symmetrical and asymmetrical encryption types. You learn what a hash function is and how it is used in encryption algorithms. We discuss how digital signatures are used to authenticate identity and ensure that the original content of a message has not been changed.

Explain, identify, or recognize basic uses, requirements and functions of PKI and digital certificates.

• Define the function of a Public Key Infrastructure (PKI).

• Recognize the history of the PKI.

• Identify the role of digital certificates within a PKI.

• This chapter outlines the history of public key cryptography and introduces the concept of a Public Key Infrastructure (PKI) based on a public/private key pair and implemented via Certification Authorities (CAs) that issue digital certificates containing public key information.

OUTLINE

Introduction 290

Brief History of Cryptography 290

Uses of Cryptography in Information Security Security 292

Purposes of Cryptography in Information Security 292

Confidentiality 293

Integrity 293

Authentication 293

Nonrepudiation 294

How Cryptography Is Used to Protect Computer Data 295

File/Disk Encryption 295

IP Security (IPSec) 297

Logon Authentication 298

Remote Access Authentication 299

Secure Email 300

Secure Web and E-Commerce Transactions 301

Server Security 302

Types of Encryption 303

Symmetrical Encryption 304

Asymmetrical Encryption 305

Digital Certificates 306

Hashing and Hash Functions 307

Common Hash Function Types 307

Hash Functions Used in Cryptography 308

Digital Signatures 309

How Digital Signatures Work 309

Verifying the Digital Signature 310

Uses of Digital Signatures 310

Managing the Encryption Keys 311

Management of Secret Keys (Shared Secrets) 311

Management of Public/Private Key Pairs 312

Secure Key Generation and Key Exchange 312

Internet Key Exchange (IKE) 312

Secure Key Exchange Mechanism (SKEME) 312

Oakley Key Determination Protocol 313

Diffie-Hellman Key Exchange Algorithm 313

Key Length 313

Key Lifetime 314

Distribution of Public Keys 314

Backup of Private Keys 315

Steganography 316

History of Steganography 316

How Modern Steganography Works 316

Steganography Software 317

Introduction to PKI 317

History of PKI 318

PKI and Certificate Management 319

PKI and X.500 Standards 319

Components of PKI 321

Security Policies 321

Certification Authorities 322

PKI Key Storage 323

Key Policies 323

Digital Certificates 323

Certificate Requests 325

Certificate Revocation Lists (CRL) 326

Certificate Stores and Certificate Distribution 327

PKI-Aware Applications 327

Uses of PKI Today 328

STUDY STRATEGIES

• Ensure that you understand the definitions and concepts relating to cryptography and the PKI.

• Read the references at the end of the chapter for further understanding of the topics covered in this chapter.

• Obtain practical experience in using digital certificates and public/private key pairs obtained by requesting issuance from a public or internal certification authority.