Keys, Certificates, and Security Module

We will complete our course with a deeper look at encryption, keys, and certificates, and then tie it all together with recommendations on how to approach security.

On this page you'll find:

• Week 5 Individual Work Checklist
• CS-108: Keys and Certificates
• A: Enigma
• B: Public/Private Key Encryption
• C: Encrypting and Signing
• D: Certificates
• CS-109: Security
• A: Security Myths
• B: Two-factor Authentication
• C: Social Engineering

Week 5 Individual Work Checklist

• Watch required videos:
• Enigma (15:21)*
• Public/Private Keys (16:01)*
• Encrypting and Signing (12:19)*
• Certificates (11:37)*
• Security Myths (19:04)*
• Two-factor Authentication (20:11)*
• Social Engineering (17:12)*
• Complete required exercises:
• Enigma Emulator
• Examine Certificates (8:30)*
• Answer two-factor authentication questions
• Answer social engineering question
• Answer the following homework questions through the emailed REDCap link:
• What is the Enigma code for “Interoperability”?
• What is the public key for the class website?
• Give an example of a one-factor security interaction, not mentioned in the training, either from real-life or online.
• Give an an example of a two-factor security interaction, not mentioned in the training, either from real-life or online.
• Give an example of social engineering, not mentioned in training, either from real-life or online.

*Videos are password protected. Registered students will receive the password.

CS-108: Keys and Certificates

A: Enigma

The Enigma is a fascinating World War II encryption device that gives you a deep dive into a relatively simple but complete encryption system. Spending some time understanding how the Enigma works will allow you to understand the basics of cryptography and also give you new insights into world and computer history. The mathematical work done to crack the Enigma machine led directly to the invention of the modern electrical computer.

• Enigma (15:21)*

Exercise

Please review the content on these websites and become comfortable with the Enigma emulator:

• https://en.wikipedia.org/wiki/Enigma_machine
• https://brilliant.org/wiki/enigma-machine/
• https://www.101computing.net/enigma-machine-emulator/

On the Enigma emulator, please reset the page so all dials are at “A A A”. Then encode the word “INTEROPERABILITY”.

Please answer this question:

• What is the Enigma code for “Interoperability”?

B: Public/Private Key Encryption

Encryption depends on the use of a shared key, but how does this key get distributed securely? We can’t have a secret conversation based on a secret shared key if we don’t have a way to secretly share the secret key. Public/private key cryptography solves this problem by creating pairs of keys, where one is shared publicly and one is kept secret. This allows for encoding messages that only the receiver can read. This technology is used to establish HyperText Transfer Protocol, Secure (HTTPS) connections today. You will learn, at a high level, how these keys work and the importance of keeping the private key a secret while sharing the public key widely.

• Public/Private Keys (16:01)*

There is no exercise.

There is no question.

C: Encrypting and Signing

Now that you know how public/private keys can be used to encrypt, we will talk about how they can also be used to sign data. It is critical to be able to confidently verify that a piece of information was created by a certain system or not. Public/private key cryptography supports both encryption and signing with the same mathematical process. We will show how this is used to support SMART Health Cards. SMART Health Cards can be generated by an IIS, downloaded to a personal wallet, and then confidently verified by a third party.

• Encrypting and Signing (12:19)*

There is no exercise. 

There is no question.

D: Certificates

Public keys are distributed in a certificate which links them to the identity of the client or server system. Certificates become trusted when they are signed by Certificate Authorities (CA). These certificates are used when you browse securely, which is true in all or nearly all web transactions you do today.

• Certificates (11:37)*

Exercise

First watch this video on how to find and see the details in the certificate for the Centers for Disease Control and Prevention website using Chrome, Edge, or Firefox. You will see that any time you connect to a secure website, your browser will have the public certificate of the website it is connecting to. This happens because the browser must have this to set up a secure connection.

• Examine Certificates (8:30)*

Now, for this web page you are on right now, please open the certificate and find the public key that was used to secure this website. It will be a series of hex numbers separated by spaces or colons.

Please answer this question:

• What is the public key for the class website?

CS-109: Security

The most challenging aspects of a setting up an IIS is making sure the data is both available for use and also secured against being used for the wrong purposes. No system can ever be made completely secure, and if good security measures are incorrectly implemented it can compromise both usability and security. The right solution involves an analysis of the entire network from the perspective of those who might use or abuse the system. In this section we will give you some essential concepts for understanding how to approach security.

A: Security Myths

Systems are put at risk when good security technologies are incorrectly implemented. We will discuss three myths that you can avoid when working to improve security.

• Security Myths (19:04)

B: Two-factor Authentication

A common tactic for reducing unauthorized access is to ensure that all access requires two factors of authentication. We will discuss the three factor categories:

1. Something you are
2. Something you have
3. Something you know

The banking industry has used these for years to secure financial transactions. But implementing these in our online world can be challenging.

• Two-factor Authentication (20:11)*

Exercise

We are looking for some more examples of one-factor and two-factor interactions from real life.

Please answer these questions:

• Give an example of one-factor security authentication, not mentioned in this training, either from real-life or online.
• Give an example of two-factor security authentication, not mentioned in this training, either from real-life or online.

C: Social Engineering

Systems are compromised by those who use the system. This is where we need to look first to improve security. First, we have authorized users who find shortcuts to accomplish their tasks more efficiently, and second, we have bad actors who exploit social networks to gain access they should not have. We will begin to talk about how social engineering is used to compromise networks.

• Social Engineering (17:12)

Exercise

Please answer this question:

• Give an example of social engineering, not mentioned in the training, either from real-life or online.

*Videos are password protected. Registered students will receive the password.