Question Set

Topic - 2
Public Key Infrastructure
Public Key Infrastructure

[December 2018] [December 2016]

1. Explain the purpose of Public Key Infrastructure (PKI). 2
 Public Key Infrastructure (PKI) is a security architecture that has been introduced to
provide an increased level of confidence for exchanging information over the Internet.

[March 2019] [June 2017][June 2016]

1. Public Key Infrastructure Encryption (PKI) is one of the other essential components. Give TWO (2)
examples of how it is used. 2
2. Public Key Encryption is another essential component of PKI. State how Public Key Encryption is
used.
 Uses two keys, one for encryption, other for decryption cannot be derived from each
other.
 Public Key distributed
 Private key never distributed, kept confidentially

[December 2018] [December 2016]

1. PKI uses Public Key Encryption. Explain what is meant by Public Key Encryption and how it ensures
confidentiality. 4
 A pair of related cryptographic keys are used which cannot be obtained from each other.
 Public Key – distributed to anyone
 Private Key – must be kept secret by receiver
 Confidentiality achieved by encrypting message with public key and decrypting with
private key.

[September 2018]
1. Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an
increased level of confidence for exchanging information. There are three main applications used in
PKI. State the THREE (3) applications. 3

 Encryption/decryption: the sender encrypts a message with the recipient’s public key.
 Digital signature (authentication): the sender “signs” the message with its private key; a
receiver can verify the identity of the sender using sender’s public key.
 Key exchange: both sender and receiver cooperate to exchange a (session) key.

[September 2018] [September 2017]

1. There are several benefits to using PKI. State the FIVE (5) main benefits. 5
2. Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an
increased level of confidence for exchanging information. There are FIVE (5) key benefits to using
PKI. State the FIVE (5) key benefits:

 Certainty regarding the quality of information transmitted electronically

 Certainty of the source and destination of such information
 Assurance of the time and timing of such information
 Certainty of the privacy of such information
 Assurance that such information may be used as evidence in a court of law

Topic – 2 NS&C Page - 1

Digital Certificate

[March 2019] [September 2018] [June 2017]

1. When issuing Digital Certificates (DC), public Certification Authorities (CAs) will include information
in the key usage field of the certificate to state what the private key may be used for. State THREE
(3) possible purposes the private key may be used for. 3
2. A digital certificate issued by a public Certificate Authority will contain information in the key usage
field of the certificate. This means that the private key may be used for specific purposes. State
FIVE (5) specific purposes. 5

 digital signatures
 certificate signing
 encipher or decipher only
 key encipherment
 data encipherment

[March 2019][Sept 2018] [June 2018] [December 2017] [June 2017]

1. Data in Digital Certificates (DC) should conform to the ITU (IETF) standard X.509. State THREE (3)
types of information that should be included to ensure the data in the certificate conforms to the
standard. 3
2. The data in a digital certificate usually conforms to the ITU (IETF) standard X.509. The certificate
includes specific information. State FIVE (5) pieces of information that can be included. 5

 the identity of the owner of the corresponding private key

 the length of the key
 the algorithm used by the key
 the associated hashing algorithm
 dates of validity of the certificate
 the actions that the key can be used for

[December 2017] [March 2019] [June 2019]

1. Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an
increased level of confidence for exchanging information. There are three essential components of
PKI. One of these is a Digital Certificate. Explain what is meant by the term Digital Certificate. 3
2. A Digital Certificate (DC) is one of the three key components used in Public Key Infrastructure (PKI).
State who issues the DC and describe how it is used. 3
3. Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an
increased level of confidence for exchanging information. An essential part of a PKI is a Digital
Certificate (DC).
Explain the purpose of a Digital Certificate and identify THREE (3) pieces of information that an
X.509 certificate contains. 5

 A digital certificate usually issued by one of the public CAs

 A digital document that binds a public key to an identity that the issuing CA is willing to
vouch for.

Digital Certificate include the following elements:

 the identity of the owner of the corresponding private key
 the length of the key
 the algorithm used by the key
 the associated hashing algorithm
 dates of validity of the certificate
 the actions that the key can be used for

Topic – 2 NS&C Page - 2

[December 2018] [December 2016]
1. PKI involves the use of a Digital Certificate. Explain the purpose of a Digital Certificate. 2
 A Digital Certificate establishes authenticity of the holder
 A Digital Certificate is a digital document that binds your public key to an identity
 Digital Certificate contains further information in the key usage field of the certificate.
 This means that the private key may be used for specific purposes such as: digital
signatures, certificate signing

[March 2019] [June 2017]

1. There are two ways to generate a Digital Certificate (DC). One of these is using a popular
encryption software called PGP, which provides the user with the ability to generate their own digital
certificate. State what the acronym PGP stands for and who else can generate the digital certificate

 PGP = Pretty Good Privacy

 Certificate Authority

[June 2019]
1. PGP is a popular piece of encryption software used to generate Digital Certificates (DCs). State
what the acronym PGP stands for and state ONE (1) other encryption methodology used by PGP. 2
 PGP = Pretty Good Privacy
 The other encryption methodology is
- Hashing or data compression or symmetric-key cryptography

[September 2018] [December 2017] [September 2017]

1. Public Key Encryption uses two keys. A public key and a private key. State how these two keys are
used during the encryption and decryption process. 2
 Messages are encrypted with the recipient's public key and can only be decrypted with
the corresponding private key.

[March 2018]
2. Alison wants to send a secure message to Jason. Describe how Alison would use Public Key
Infrastructure to send a send a secure message to Jason. 2
 Alison encrypts her message with Jason’s Public Key and transmits it to Jason. Jason
decrypt with his Private Key.

[June 2018] [September 2016]

Public Key Infrastructure (PKI) is security architecture that has been introduced to provide an increased
level of confidence for exchanging information.
1. An essential part of PKI is a Digital Certificate (DC). An important function of a Digital Certificate is
to authenticate the owner of the certificate. Define the term authenticate. 1

 To authenticate is a process that is used to confirm that a claimed characteristic of an

entity is actually correct.

Certificate Authority

[December 2018] [December 2016]

1. Outline who issues a Digital Certificate and briefly explain its role. 2
 A trusted 3rd party verifies the ID (Certification Authority (CA)

Topic – 2 NS&C Page - 3

  CA Ensures that the information contained within the certificate is correct and digitally
signs it

[December 2017] [June 2019]

1. Explain how Digital Certificate, Public Key Encryption and Certificate Authority work together in PKI.

 Certificate Authority has the essential role of verifying identity and issuing a Digital
Certificate.
 The Digital Certificate authenticates the possessor, and provides the Public Key to users
Public and Private keys ensure that, users and computers can securely exchange data
over networks such as the Internet.

[March 2019][June 2017]

1. Explain the process a Certificate Authority will go through to verify a digital certificate (DC). 3

 The public key certificate is signed by the CA to prevent modification/falsification.

 This is used when checking the key is valid.
 The signature is validated against the root CAs’ contained in the browser (if PKI aware) or
other application.

[June 2018] [September 2016]

1. A Digital Certificate can be self-issued or issued by a 3rd party. What is such a 3rd party called?
Explain what the 3rd party would do when issuing a Digital Certificate. 3

 Certificate Authority issues the Digital Certificate.

Certificate Authority:

 Takes responsibility for identifying (to a stated extent) the correctness of the identity of
the person asking for a certificate to be issued. [via registration authority]
 Ensures that the information contained within the certificate is correct and digitally signs
it. The CA may generate a public key and a private key for their client.
 Alternatively the person applying for a certificate may generate their own key pair and
send a signed request containing their public key to the CA.

March 2017

1. Explain the role of the Certificate Authority in PKI. 4

 Issues and verifies certificates.

 Takes responsibility for identifying (to a stated extent) the correctness of the identity of
the person asking for a certificate to be issued.
 Ensures that the information contained within the certificate is correct and digitally signs
it.
 Different classes of certificate can be purchased that correspond to the different levels of
these checks.
 Class 1 certificates can be easily acquired by supplying an email address.
 Class 2 certificates require additional personal information to be supplied.
 Class 3 certificates can only be purchased after detailed checks have been made.

2. How can we be certain that a public key certificate has not been modified or falsified? 1

Topic – 2 NS&C Page - 4

  The public key certificate is sign by the CA to prevent its modification or falsification.

[March 2019][June 2017]

1. State the purpose of a Registration Authority when used by a Certificate Authority. 1

 A third-party used to perform checks on a person or company applying for a digital

certificate.

Digital Signature

[September 2017]
1. PKI uses Digital Signatures. Briefly explain what a Digital Signature is and how it is created. 3

 A digital signature is a unique, encrypted numerical value.

 It differs each time it is generate and is use to prove the ownership or copyright of data.
 A hashing algorithm is performing on the document to be sign producing a unique
numerical value.
 This is then encrypts using a private cryptographic key and links the result to the
document.

[June 2016]
1. Hash functions are use in Digital Signatures.
i) What is the purpose of a Digital Signature? 1

 A Digital signature ensures authenticity/ non-repudiation.

ii) Outline the steps involved in the creation of a digital signature. 4

 The message is hashed (with agreed algorithm) to form a message digest and the
message digest is encrypted with the sender’s private key.
 The encrypted message digest is the signature which is added to the message and sent.
 The recipient computes the message digest and also decrypts the signature with the
sender’s public key.
 The recipient compares the MD with the decrypted signature, if they match the message
has not been tampered with.

Revocation
[March 2019] [June 2017] [March 2016]
1. Explain what is meant by the term Revocation with regards to Digital Certificates. 3
2. Define the term revocation in relation to digital certificates and briefly explain how the process of
revocation works. 3

 Revocation is the system of making it known that certificates are no longer valid
(revoked)
 Revoked certificates will be recorded in a list
 The revocation list sits outside the directory/database
 Revocation lists exist publicly

3. Define the term revocation in relation to digital certificates and briefly explain how the process of
revocation works. 3

Topic – 2 NS&C Page - 5

  There is a system for making it known that certificates are no longer valid (revoked).
 A system of revocation lists has been developed that exists outside the
directory/database that stores certificates.
 It is a list of certificates that are no longer valid.
 Revocation lists may be publicly available as certificates may have been widely
distributed

General

[March 2018] [March 2017][March 2016]

Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an
increased level of confidence for exchanging information. E-Commerce makes use of Public Key
Infrastructure using TLS when you make a purchase.
1. Spell out the acronym TLS and explain how a browser uses TLS to ensure that the E-commerce
server is authentic and not a spoof website. 5

 TLS: Transport Layer Security.

 The browser makes an HTTPS connection to the web server
 The web server sends its Digital Certificate to the browser.
 The browser checks the validity of the Digital Certificate.
 This is with trusted 3rd party (Certificate Authority) that the DC was issued to an identity
that the issuing CA is willing to vouch for.

[March 2018] [March 2016]

1. PKI uses ‘Public Key Cryptography’ rather than ‘Symmetric Key Cryptography’. 1
Explain the weakness of Symmetric Key cryptography that Public Key Cryptography overcomes.

 The problem of securely distributing the secret (Symmetric Key).

[March 2018]

1. Public Key encryption has limitations. What is the disadvantage of Public Key encryption compared
to Symmetric Key encryption? Explain how can this disadvantage be overcome? 2

 Public Key is much slower than Symmetric this is overcome by using PK to exchange
Symmetric Key then use Symmetric encryption for speed.

[June 2016]
1. Public Key Infrastructure (PKI) is a security architecture that aims to give an increased level of
confidence for exchanging information. Three essential components of PKI are Digital Certificates,
Certificate Authority and Public Key encryption. Briefly explain what is meant by the following terms:

i) Certificate Authority 2
ii) Digital Certificate 3
iii) Public Key Encryption 2

2. Alice and Bob are arguing about the role of a Certificate Authority (CA). Alice says everyone who
has a certificate must be a Certificate Authority. Bob says that all Certificates are issued by the
Government.
Briefly explain the purpose of a Certificate Authority. Is Bob or Alice correct about a Certificate
Authority? You should support your answer with ONE (1) reason. 3

 Issues and verifies certificates.

 Takes responsibility for identifying (to a stated extent) the correctness of the identity of
the person asking for a certificate to be issued.
Topic – 2 NS&C Page - 6
  Ensures that the information contained within the certificate is correct and digitally signs
it. The CA may generate a public key and a private key for their client.
 Alternatively the person applying for a certificate may generate their own key pair and
send a signed request containing their public key to the CA.

[June 2016]
1. Explain how Digital Certificate, Public Key Encryption and Certificate Authority work together in PKI.
3
 CA has the essential role of verifying identity and issuing a DC.
 The DC authenticates the possessor, and provides the Public Key to users Public and
Private keys ensure that, users and computers can securely exchange data over
networks such as the Internet.

[March 2016]
1. Alice wants to send a secure message to James. Describe how Alice would use Public Key
Infrastructure to send a send a secure message to James. 2
 Alice encrypts her message with James’s Public Key and transmits it to James. James
decrypt with his Private Key.

2. Public Key encryption has limitations. What is the disadvantage of Public Key encryption compared
to Symmetric Key encryption? 1
 Public Key is much slower than Symmetric

3. How can Public and Symmetric Key encryption be combined to overcome the disadvantage you
identified in part (d)? 1
 Overcome by using PK to exchange Symmetric Key then use Symmetric encryption for
speed.

[December 2015]
1. You are sent a Digital Certificate from another user. Explain TWO (2) ways you can check the
certificate is valid. 2

 Digital Signature
 Revocation list
 Validity period.

[December 2015 (Sample)]

1. Are James’s and Alexander’s opinions about Public Key Infrastructure correct or incorrect? For each
opinion, you should provide ONE (1) reason for why it is either correct or incorrect. 4

 Alexander is incorrect. An algorithm is a set of instructions to carry out a task, PKI uses
encryption, but it can use many different types of encryption algorithm, and it does much
more.
 James is incorrect. PKI enables a certificate holder to be authenticated, but PKI is much
more, Certificates are not just issued to users.

Topic – 2 NS&C Page - 7