The private key component of the public key cryptography is used to create the digital signatures. Similar to a written signature, a digital signature is unique to the signer except that it can be verified electronically. This is made possible by the fact that in public key crypto-systems, digital signatures are generated with the private key component of the public/private key pair. The corresponding public key is used to verify the signature. Because a given user’s private key does not need to be shared with other parties, there is a strong association between the user’s identity and possession of the private key.

Key escrow cryptographic techniques are used in electronic surveillance of telecommunications by law enforcement officials. A definition of a key escrow system is that an encryption key or a document is delivered to a third person to be given to the grantee only upon the fulfillment of a condition. A key escrow system is one that entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called “escrow agents”).

The key component holders provide the components of a key to a “grantee” (for example, a law enforcement official) only upon fulfillment of the condition that the grantee has properly demonstrated legal authorization to conduct electronic surveillance of telecommunications encrypted using the specific device whose device unique key is being requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key that is then used to decrypt the telecommunications that are encrypted with that session key. The digital signature does not use the key escrow cryptography.

The primary feature distinguishing secret key algorithms is the use of a single secret key for cryptographic processing. The use of advanced encryption standard (AES) is an example of secret key cryptography. The AES algorithm can be implemented with reasonable efficiency in the firmware of a smart token. Electronic signatures can use either secret key or public key cryptography. The digital signature is not using the secret key cryptography due to sharing of a secret key by two parties. Hybrid approaches are possible, where public key cryptography is used to distribute keys for use by secret key algorithms. However, the digital signature is not using the hybrid approaches.

22. Effective controls to detect attempts to replay an earlier successful authentication exchange do not include:

a. A timestamp

b. A sequence number

c. An unpredictable value

d. A statistical random value

22. d. The emphasis should be to use nonrepeating values in message authentication to ensure that an attempt to replay an earlier successful authentication exchange will be detected. Timestamps, sequence numbers, and unpredictable values can detect replay attempts.

Timestamps assume there is a common reference that logically links a claimant and verifier. On receipt of an authentication message, the verifier calculates the difference between the timestamp in the message and the time of receipt. If this difference is within the expected time window, the message is accepted.

A message with a particular sequence number is accepted only once as agreed by the claimant and verifier in advance. Messages received by a verifier are checked for acceptability within the range of agreed-upon values. An unpredictable value, or challenge, is sent by the verifier, and he will ensure that the same challenge is not reused within the time frame of concern. The values used do not require true statistical randomness. The only requirement is that the values should be unpredictable with a high probability of nonrepeating.

The problem with the statistical random value is that it deals with probabilities of occurrence and sampling methods, which will not meet the requirements of the other three choices.

23. Procedural security controls for recognizing trusted certificate authority (CA) and registration authority (RA) roles should include:

1. Least privilege concept must be practiced.

2. Separation of duties concept must be practiced.

3. A single person should not generate a new CA key pair.

4. A person authorizing certificates to a subject should not be verifying the subject’s identity.

a. 1 and 2

b. 1 and 4

c. 3 and 4

d. 1, 2, 3, and 4

23. d. All four items are examples of procedural security controls for recognizing trusted CA and RA roles. The CA is a trusted third party that generates, issues, signs, and revokes public key certificates. The CA can delegate responsibility for the verification of the subject’s identity to an RA. The RA is a trusted entity that establishes and vouches for the identity of a subscriber to a credentials service provider (CSP).

24. Which of the following need not be subject to maintenance of special accounting records for cryptographic keying materials?

a. Ephemeral keys

b. Encrypted keys

c. Decrypted keys

d. Key encrypting keys

24. a. Ephemeral keys are cryptographic keys that are generated for each execution of a key establishment process and that meet other requirements of the key (for example, unique to each message or session and short-lived). It may not be practical or necessary to maintain accounting records for relatively short-lived keys such as ephemeral keys. This is because user devices (for example, user entities at client nodes) generate ephemeral keys, and they are intended for use within the client node.

The other three choices need accounting records. Encrypted keys are encrypted with a key encrypting key to disguise the value of the underlying plaintext key. The key encrypting key is used for the encryption or decryption of other keys.

25. For the willful or negligent mishandling of cryptographic keying materials, the consequences of policy violation should be commensurate with which of the following?

a. Actual harm

b. Known harm

c. Potential harm

d. Guaranteed harm

25. c. The consequences of willful or negligent mishandling of cryptographic keying materials (for example, keys and initialization vectors) should be commensurate with the potential harm that the policy violation can result in for the organization and other affected parties. The actual harm cannot be known in advance, and there is no guarantee that harm will occur for certain.

26. A cryptographic keying material is compromised during the course of regular or normal work. Which of the following actions may not be necessary during the compromise recovery process?

a. Key destruction

b. Notification of users of compromised keys

c. Emergency key revocation

d. Replacement of the compromised keys

26. a. Notification of users of compromised keys, emergency key revocation, and secure replacement of the compromised keys are a part of normal recovery procedures. Key destruction must take place only when an external attacker is involved, not when user errors and system problems are involved during the course of regular work. The other three choices are normally used during the compromise recovery process.