• Choose a category
• All
• Classic-Fiction

Identifying Key Usage

During the time when the key is not being revoked, suspended, renewed, or destroyed, it is being used. Key usage is simply the use (and management) of public and private keys for encryption. While the topic appears as an objective on the exam, there is nothing additional to know here that is not addressed elsewhere in this chapter.

Real World Scenario

Selling the Company’s Old Computers

You’ve been asked to verify that the computers your company has liquidated are ready to be sold. What steps should you take to verify that unauthorized access to information doesn’t occur?

You need to be concerned about two issues in this case. First, you need to make sure all corporate records, software, and other sensitive information are removed from the system. Second, you need to make sure any special access devices or encryption systems have been removed. Encryption systems that use key-based models may store keys in hidden areas of the disks. As a general practice, the disks on systems that are sold as surplus should be completely zeroed out; doing so prevents any sensitive information from being released inadvertently.

Summary

This chapter focused on the basic elements of cryptography and the PKI implementation. There are three primary methods of encryption:

■ Symmetric

■ Asymmetric

■ Hashing

Symmetric systems require that each end of the connection have the same key. Asymmetric systems use a two-key system. In public key cryptography, the receiver has a private key known only to them; a public key corresponds to it, which they make known to others. The public key can be sent to all other parties; the private key is never divulged. Hashing refers to performing a calculation on a message and converting it into a numeric hash value.

There are five main considerations in implementing a cryptography system:

■ Confidentiality

■ Integrity

■ Authentication

■ Nonrepudiation

■ Access control

Confidentiality means that the message retains its privacy. Integrity means the message can’t be altered without detection. Authentication is used to verify that the person who sent the message is actually who they say they are. Nonrepudiation prevents either the sender or receiver from denying that the message was sent or received. Access control is the methods, processes, and mechanisms of preventing unauthorized access to the systems that do the cryptography.

PKI is a system that has been widely implemented to provide encryption and data security in computer networks. It’s being implemented globally by both governmental agencies and businesses. The major components of a PKI system include the certificate authority, the registration authority (which could be local), and certificates. The most common certificate implemented in PKI is X.509 v3.

CA systems can establish trusting relationships based on a hierarchical, bridge, mesh, or hybrid structure. This relationship can be defined based upon the needs of the organization.

The three cryptographic attacks covered in this chapter were mathematical, weak key, and birthday attacks. In mathematical attacks, mathematical methods are used to find ways to break an algorithm and decrypt a message. The birthday attack is based on the probability that patterns and common events become more likely as collections get larger. The weak key attack exploits either poorly chosen passwords or flaws in the password encryption algorithm.

In this chapter, you also learned about the standards, agencies, and associations that are interested in cryptography. You learned about the standards associated with cryptographic systems and the key-management life cycle.

Several government agencies have been specifically charged with overseeing security and encryption. The NSA and NIST are both concerned with government encryption standards. NIST is primarily concerned with nonmilitary standards; NSA/CSS is concerned with military applications.

The IETF, ISOC, ITU,