A company must send sensitive data over a non-secure network via web services. The company
suspects that competitors are actively trying to intercept all transmissions. Some of the information
may be valuable to competitors, even years after it has been sent. Which of the following will help
mitigate the risk in the scenario?
A.
Digitally sign the data before transmission
B.
Choose steam ciphers over block ciphers
C.
Use algorithms that allow for PFS
D.
Enable TLS instead of SSL
E.
Use a third party for key escrow
A is incorrect. The answer is C, to use algorithms that allow for PFS.
Digitally signing the data will only guarantee its integrity. It will not protect it from being read by anyone else. Enabling TLS instead of SSL looks like it would help, as TLS is significantly more secure than SSL.
The indicator that the data needs to stay secure years into the future, however, shows that the cipher needs to be invulnerable to future breaking of keys.
Perfect Forward Secrecy (PFS) is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of secret keys or passwords. If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered. (source: https://en.wikipedia.org/wiki/Forward_secrecy)
0
0