The private key component of the public key cryptography is used to create the digital signatures. Similar to a written signature, a digital signature is unique to the signer except that it can be verified electronically. This is made possible by the fact that in public key crypto-systems, digital signatures are generated with the private key component of the public/private key pair. The corresponding public key is used to verify the signature. Because a given user’s private key does not need to be shared with other parties, there is a strong association between the user’s identity and possession of the private key.
Key escrow cryptographic techniques are used in electronic surveillance of telecommunications by law enforcement officials. A definition of a key escrow system is that an encryption key or a document is delivered to a third person to be given to the grantee only upon the fulfillment of a condition. A key escrow system is one that entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called “escrow agents”).
The key component holders provide the components of a key to a “grantee” (for example, a law enforcement official) only upon fulfillment of the condition that the grantee has properly demonstrated legal authorization to conduct electronic surveillance of telecommunications encrypted using the specific device whose device unique key is being requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key that is then used to decrypt the telecommunications that are encrypted with that session key. The digital signature does not use the key escrow cryptography.
The primary feature distinguishing secret key algorithms is the use of a single secret key for cryptographic processing. The use of advanced encryption standard (AES) is an example of secret key cryptography. The AES algorithm can be implemented with reasonable efficiency in the firmware of a smart token. Electronic signatures can use either secret key or public key cryptography. The digital signature is not using the secret key cryptography due to sharing of a secret key by two parties. Hybrid approaches are possible, where public key cryptography is used to distribute keys for use by secret key algorithms. However, the digital signature is not using the hybrid approaches.
22. Effective controls to detect attempts to replay an earlier successful authentication exchange do
a. A timestamp
b. A sequence number
c. An unpredictable value
d. A statistical random value
Timestamps assume there is a common reference that logically links a claimant and verifier. On receipt of an authentication message, the verifier calculates the difference between the timestamp in the message and the time of receipt. If this difference is within the expected time window, the message is accepted.
A message with a particular sequence number is accepted only once as agreed by the claimant and verifier in advance. Messages received by a verifier are checked for acceptability within the range of agreed-upon values. An unpredictable value, or challenge, is sent by the verifier, and he will ensure that the same challenge is not reused within the time frame of concern. The values used do not require true statistical randomness. The only requirement is that the values should be unpredictable with a high probability of nonrepeating.
The problem with the statistical random value is that it deals with probabilities of occurrence and sampling methods, which will not meet the requirements of the other three choices.
23. Procedural security controls for recognizing trusted certificate authority (CA) and registration authority (RA) roles should include:
1. Least privilege concept must be practiced.
2. Separation of duties concept must be practiced.
3. A single person should not generate a new CA key pair.
4. A person authorizing certificates to a subject should not be verifying the subject’s identity.
a. 1 and 2
b. 1 and 4
c. 3 and 4
d. 1, 2, 3, and 4
