Topic 2

1. Public Key Infrastructure (PKI) is a security architecture that has been introduced
to provide an increased level of confidence for exchanging information.
ECommerce makes use of Public Key Infrastructure using TLS when you make a
purchase.

Spell out the acronym TLS and explain how a browser uses TLS to ensure that
the E-commerce server is authentic and not a spoof website.

 TLS: Transport Layer Security.

 The browser checks the validity of the Digital Certificate.
 The browser makes an HTTPS connection to the web server
 The web server sends its Digital Certificate to the browser.
 As long as the Digital certificate was issued to a trusted third party
(CA), the CA is ready to attest for the validity of the certificate.

2. PKI uses ‘Public Key Cryptography’ rather than ‘Symmetric Key Cryptography’.
Explain the weakness of Symmetric Key cryptography that Public Key
Cryptography overcomes.

The issue of safely distributing the confidential information (Symmetric

Key).

3. Alice wants to send a secure message to James. Describe how Alice would use
Public Key Infrastructure to send a send a secure message to James.

Alice encrypts her message with James’s Public Key and transmits it to
James. James decrypt with his Private Key.

4. Public Key encryption has limitations. What is the disadvantage of Public Key
encryption compared to Symmetric Key encryption?

PK is much slower than Symmetric. this is overcome by using PK

to exchange Symmetric Key then use Symmetric encryption for speed.
5. How can Public and Symmetric Key encryption be combined to overcome the
disadvantage you identified in part (d)?

Overcome by exchanging Symmetric Keys and then utilizing Symmetric

encryption.

6. Explain in detail how non-repudiation is achieved in email systems that employ

OPenPGP.

Using a Digital Signature, A digital code attached to an electronic

document to verify its content and sender. The message is hashed using a
pre-determined algorithm. The message digest is private key encrypted.
The encrypted message digest is the message's signature. The recipient
decrypts the signature using the sender's public key. If the MD matches the
decrypted signature, the message has not been changed with.

7. Digital Certificates are important in this process. Explain the purpose of a Digital
Certificate and outline how you would obtain this certificate.

A Digital Certificate is a document that links your public key to an identity

that the issuing Certification Authority is willing to say is real. It is called a
Digital Certificate.
Self-generated digital certificates are possible, but these do not provide
authentication. Typically, you'll need to approach a CA.

8. Hash functions are used in Digital Signatures. What is the purpose of a Digital
Signature?

A Digital signature ensures authenticity/ non-repudiation

9. Outline the steps involved in the creation of a digital signature.

The message is hashed and encrypted with the sender's private key. The
encrypted message digest is the message's signature. The receiver
decrypts the signature using the sender's public key. If the MD matches the
decrypted signature, the message has not been changed with.
10. Public Key Infrastructure (PKI) is a security architecture that aims to give an
increased level of confidence for exchanging information. Three essential
components of PKI are Digital Certificates, Certificate Authority and Public Key
encryption.

Briefly explain what is meant by the following terms:

Certificate Authority

 Issues and verifies certificates.

 Verifies and digitally signs the certificate to ensure its accuracy.
They can generate a private and public key for their client.
 Responsible for verifying that the person requesting a certificate has
the correct identification.

11. Digital Certificate

A digital certificate is often issued by one of the public certificate

authorities. A digital document that associates a public key with an identity

that the issuing CA is willing to vouch for.

12. Public Key Encryption

 Uses 2 keys 1 for encryption, other for decryption cannot be derived

from each other.
 Public Key distributed.
 Private key never distributed, kept confidentially.

13. Explain how Digital Certificate, Public Key Encryption and Certificate Authority
work together in PKI.

CA is essential in confirming identification and providing a DC. The DC

verifies the owner and distributes the Public Key to users. Public and
Private keys enable users and computers to securely exchange data across
public networks such as the Internet.
14. Public Key Infrastructure (PKI) is security architecture that has been introduced
to provide an increased level of confidence for exchanging information.

An essential part of PKI is a Digital Certificate (DC). An important function of a

Digital Certificate is to authenticate the owner of the certificate. Define the term
authenticate.

The process of confirming that a claimed property of a thing is correct is

known as authentication.

15. A Digital Certificate can be self-issued or issued by a 3rd party. What is such a
3rd party called? Explain what the 3rd party would do when issuing a Digital
Certificate.

 Certificate Authority issues the DC.

 Verifies and digitally signs the certificate to ensure its accuracy.
They can generate a private and public key for their client.
 Responsible for verifying that the person requesting a certificate has
the correct identification.

16. Identify THREE (3) pieces of information that an X.509 Digital certificate
contains.

Version.
Serial number.
Algorithm.
Subject public key information.
Digital Signature.

17. Define the term revocation in relation to digital certificates and briefly explain how
the process of revocation works.

 It is a list of certificates that are no longer valid.

 There is a system for informing expired certificates (revoked).
 Certificate revocation lists may be available to the public because
they may have been widely distributed.
18. Explain the purpose of Public Key Infrastructure (PKI).

Public Key Infrastructure (PKI) is a security architecture that has been put
in place to give people more trust when they exchange information over the
Internet.

19. PKI uses Public Key encryption. Explain what is meant by Public Key Encryption
and how it ensures confidentiality.

 Anyone can have a public key.

 Receiver must keep private key hidden.
 Encryption with public key and decryption with private key.
 A pair of cryptographic keys are used that can't be used to get each
other.

20. PKI involves the use of a Digital certificate. Explain the purpose of a Digital
Certificate.

 A DC verifies the holder's identity.

 A DC binds a public key to an identity.
 This means the private key can be used for digital signatures and
certificate signing.

21. Outline who issues a digital certificate and briefly explain its role.

 A trusted 3rd party verifies the ID Certification Authority.

 CA verifies the certificate's information and digitally signs it.

22. Explain TWO (2) purposes of a Digital Signature.

 Authentication.
 Message integrity.
 Non-repudiation.
23. The first stage of creating a Digital signature is to create a Message Digest.
Briefly explain how a message digest is created.

A message digest is created by hashing the message.

24. The final stage of creating a Digital signature is to encrypt the Message Digest. Is
the sender’s public or private key is used? You should support your answer with
a brief explanation

The message digest is private key encrypted. The sender's private key
ensures authenticity.

25. Explain how a Digital signature is now used when sending the message.

 The message is sent with the encrypted message digest.

 Decrypts the message digest using the sender's public key.
 Receiver compares MD to decrypted message digest.
 Authenticity and integrity are proven if they match.

26. Explain how a Digital Signature is different from a Digital Certificate.

Certificate Authority (CA) issues a Digital Certificate.

27. Public Key Infrastructure (PKI) is a security architecture that has been introduced
to provide an increased level of confidence for exchanging information. E-
Commerce makes use of Public Key Infrastructure using TLS when customers
make a purchase.

State what the acronym TLS stands for and explain how a browser uses TLS to
ensure that an E-commerce server is an authentic website.

Q/NO 1.
28. Explain the role of the Certificate Authority in PKI.

 Issues and verifies certificates.

 Verifies the certificate's information and digitally signs it.
 There are many certificate classes available to match the various
stages of these checks.
 Assumes responsibility for ensuring that the individual requesting a
certificate is who they claim to be.

29. How can we be certain that a public key certificate has not been modified or
falsified?

The public key certificate is signed by the CA to prevent its

modification.

30. A digital signature is created in the following way:

1. A message digest (MD) is created.
2. The message digest is encrypted.
3. The encrypted message digest is added to the message and sent.

Identify which TWO (2) of the following security attribute(s) are preserved by a
digital signature and briefly explain your choices.

• Confidentiality
• Integrity
• Availability
• Non-repudiation

 Since the signature is generated using the sender's private key, it is

non-repudiation.
 If the message changes, the hash value will be different.

31. Explain how a message digest is created, and briefly describe this process.

 The MD is created by a hashing the message

 A hashing function explained (e.g.) A mathematical function that
reduces a large amount of data to a small amount.
32. In step 2 of the sequence outlined at the start of this question, the message
digest is encrypted.

State whether this is done using the sender’s public key or the sender’s private
key and explain why.

 The message digest is encrypted with the sender’s private key.

 since the purpose is to verify who the message came from.

33. Explain what the recipient does when they receive the message in order to
confirm the authenticity of the sender.

 computes the message digest.

 Decrypts the encrypted message digest.
 with the sender’s public key.
 If they match then the authenticity and integrity are verified.

34. Public Key Infrastructure (PKI) is a security architecture that has been introduced
to provide an increased level of confidence for exchanging information. There are
three essential components of PKI. One of these is a Digital Certificate. Explain
what is meant by the term Digital Certificate.

A public Certificate Authority usually issues a digital certificate. A digital

document that associates a public key with an identity for which the
issuing CA will vouch.

35. Public Key Encryption is another essential component of PKI. State how Public
Key Encryption is used.

Q/NO 12.

36. There are two ways to generate a Digital Certificate. One of these is using a
popular encryption software called PGP, which provides the user with the ability
to generate their own digital certificate. State what the acronym PGP stands for
and who else can generate the digital certificate.

 PGP = Pretty Good Privacy.

 Certificate Authority.
37. Explain what is meant by the term Revocation with regards to Digital Certificates.
  Revocation is the system of making it known that certificates are no
longer valid.
 Revoked certificates will be recorded in a list.
 Revocation lists exist publicly.

38. When issuing Digital Certificates (DC), public Certification Authorities (CAs) will
include information in the key usage field of the certificate to state what the
private key may be used for. State THREE (3) possible purposes the private key
may be used for.

 Digital signatures.
 Certificate signing.
 Encipher or decipher only.
 Data encipherment.
 key encipherment

39. Data in Digital Certificates (DC) should conform to the ITU (IETF) standard
X.509. State THREE (3) types of information that should be included to ensure
the data in the certificate conforms to the standard.

 The identity of the owner of the private key.

 The length of the key.
 The algorithm used by the key.
 dates of validity of the certificate.
 the associated hashing algorithm

40. Explain the process a Certificate Authority will go through to verify a Digital
Certificate (DC).

 The CA signs the public key certificate to prevent modification.

 This is used to validate the key.
 The root CA in the browser is used to verify the authenticity of the
signature.

41. State the purpose of a Registration Authority when used by a Certificate

Authority.
 A person or company who wants to get a digital certificate can use a third-
party to check them out.

42. Public Key Encryption uses two keys. A public key and a private key. State how
these TWO (2) keys are used during the encryption and decryption process.

Messages are encrypted with the recipient's public key and can only be
decrypted with the corresponding private key.

43. Public Key Infrastructure (PKI) is a security architecture that has been introduced
to provide an increased level of confidence for exchanging information. There are
FIVE (5) key benefits to using PKI. State the FIVE (5) key benefits:

 Assurance in the quality of electronic data.

 Verified source and destination of information.
 Assurance of such information's timing.
 Confidentiality of such information.
 That information can be used as evidence in court.

44. PKI uses Digital Signatures. Briefly explain what a Digital Signature is and how it
is created.

 A digital signature is a unique, encrypted numerical value.

 A hashing algorithm is performed on the document to be signed
producing a unique numerical value.
 An encrypted result is linked to the document using a private
cryptographic key.

45. PKI uses ‘Public Key Cryptography’ rather than ‘Symmetric Key Cryptography’. 1
Explain the weakness of Symmetric Key cryptography that Public Key
Cryptography overcomes.

The problem of securely distributing the secret (Symmetric Key).

46. Public Key encryption has limitations. What is the disadvantage of Public Key
encryption compared to Symmetric Key encryption? Explain how can this
disadvantage be overcome?

Q/NO 4
47. Public Key Infrastructure (PKI) is a security architecture that has been introduced
to provide an increased level of confidence for exchanging information. There are
three main applications used in PKI. State the THREE (3) applications.

 Encryption/decryption: Sender encrypts message with recipient's

public key.
 Key exchange: both sender and receiver cooperate to exchange a
key.
 Digital signature: The sender “signs” the message with its private
key; the receiver verifies the sender's identity using the sender's
public key.

48. A digital certificate issued by a public Certificate Authority will contain information
in the key usage field of the certificate. This means that the private key may be
used for specific purposes. State FIVE (5) specific purposes.

Q/NO 38

49. The data in a digital certificate usually conforms to the ITU (IETF) standard
X.509. The certificate includes specific information. State FIVE (5) pieces of
information that can be included.

Q/NO 39.

50. Explain what a Digital Signature is and how it is applied to a document that will
be sent via email.

 A digital signature is a unique, encrypted numerical value.

 It differs each time it is generated and is used to prove the ownership
or copyright of data.
  A hashing algorithm is performed on the document to be signed
producing a unique numerical value.
 An encrypted result is linked to the document using a private
cryptographic key.

51. When you receive a document via email you need to be able to check that it has
not been altered in transit. State how the document is verified.

Calculate a hash value for the same document and decrypt the encrypted
hash value.

52. A Digital Certificate (DC) is one of the three key components used in Public Key
Infrastructure (PKI). State who issues the DC and describe how it is used.

Q/NO 11.

53. PGP is a popular piece of encryption software used to generate Digital

Certificates (DCs). State what the acronym PGP stands for and state ONE (1)
other encryption methodology used by PGP.

PGP = Pretty Good Privacy

hashing, symmetric-key cryptography

54. Email sent between different people and organizations often uses digital
signatures. Explain what a digital signature is, detailing which Cryptographic
method is used to create the signature and what security functions they provide
for the sender and receiver.

Email messages that have a digital signature attached to them are more
secure because the recipient can be sure that they were sent by the right
 person (authentication + non-repudiation). Public key cryptography is used
to create digitally signed message digests.

55. Describe THREE (3) key functions of a certificate authority.

Q/NO 28.

56. Explain TWO (2) components of PKI.

 A certificate authority that stores, issues and signs the digital certificates.
 Revocation a system for making it known that certificates are no longer
valid.