CASP: Chapter 10A

IPSec

AES

TLS

RSA

HSM (Hardware Security Module)

Smart card

USB token

TPM (Trusted Platform Module)

They authenticate users during logon processes.

They provide secure access to network resources.

They identify authorized endpoints for secure communication.

They encrypt data in transit.

To issue digital certificates for end-users.

To manage revocation lists for expired certificates.

To facilitate secure communication between network devices.

To enable interoperability and shared trust between multiple independent PKIs.

PKI encrypts messages using symmetric encryption keys.

PKI manages public/private keys, ensures integrity through digital signatures, and provides authentication through private key encryption.

PKI generates digital signatures using public keys.

PKI distributes encryption keys over untrusted connections.

By using digital signatures to verify message integrity.

By distributing private keys to all communication endpoints.

By encrypting messages with symmetric encryption keys.

By centralizing digital certificate standards and cryptographic services.

To verify the integrity of boot firmware and software in devices.

To decrypt encrypted data stored in persistent storage.

To validate the authenticity and source of software by providing proof of origin.

To encrypt applications and drivers for secure transmission over the internet.

Secure transmission using TLS.

Whole disk encryption or file-level encryption.

Digital signatures using ECDSA.

Symmetric encryption using IPSec.

HTTP

IPSec

ECDSA

SSH

VPN encryption

Trusted execution environment (TEE) mechanisms like Intel Software Guard Extensions

TLS encryption

Whole disk encryption