Deck 15: Cryptographic Key Management and Distribution

Manual delivery of a key is not reasonable for link encryption.

For end-to-end encryption over a network, manual delivery is
awkward.

the secure use of cryptographic key algorithms depends on the
protection of the cryptographic keys.

For symmetric encryption to work the two parties to an exchange
must share the same key and that key must be protected from
access by others.

A common requirement in a variety of protocols is for the
encryption of a symmetric key so that it can be distributed to two parties for future communication.

X.509 is an important standard because the certificate structure
and authentication protocols defined in X.509 are used in a
variety of contexts.

A key translation center generates and distributes session keys.

A certification authority is an authority trusted by one or more
users to create and assign public key certificates.

A certificate consists of a public key, an identifier of the key owner,
and the whole block signed by a trusted third party.

Because of the efficiency of public-key cryptosystems, they are
almost always used for the direct encryption of sizable blocks of dat
A.

A greater degree of security can be achieved by maintaining a
publicly available dynamic directory of public keys.

Because certificates are forgeable they cannot be placed in a
directory without the need for the directory to make special
efforts to protect them.

X.509 dictates the use of a specific digital signature algorithm and
a specific hash function.

Each user must share a unique key with the key distribution center
for purposes of key distribution.

A _________ transfers symmetric keys for future communication between two entities, at least one of whom has the ability to generate or acquire symmetric keys by themselves.

Several techniques have been proposed for the distribution of public keys.the proposals can be grouped into the following four general schemes: public announcement, publicly available directory, public-key certificates, and ____________.

A __________ generates and distributes session keys.

Several techniques have been proposed for the distribution of public keys.the four proposals mentioned and discussed in the textbook are: Public announcement, Publicly available directory, Public-key authority, and _______ .

__________ is the process of administering or managing cryptographic keys for a cryptographic system.

A __________ attack is when a protocol is insecure against an adversary who can intercept messages and can either relay the intercepted message or substitute another message.

If encryption is done at the __________ level a key is needed for every pair of users or processes that require communication.

the heart of the X.509 scheme is the __________ certificate associate with each user.

X.509 is based on the use of public-key cryptography and __________ .

If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and
B.A _________ center is responsible for distributing keys to pairs of users as needed.

A _________ is any method for storing and retrieving PKI-related information, such as public key certificates and CRLs.

A __________ consists of a public key, an identifier of the key owner, and the whole block signed by a trusted third party and can be used by participants to exchange keys without contacting a public key authority in a way that is as reliable as if the keys were obtained directly from a public key authority.

A __________ is defined as a set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.

the __________ is an authority trusted by one or more users to create and assign public key certificates.

the certificate extensions fall into three main categories: key and policy information, __________ , and certification path constraints.