Key Points

References

Reference_description_with_linked_URLs_______________________	Notes______________________________________________________________

Key Concepts

Encryption Key Management

TLS encryption for TCP sessions

IP Layer encryption methods - IPSEC

The primary encryption method used at the IP layer is IPsec (Internet Protocol Security), which utilizes various symmetric encryption algorithms like AES, Blowfish, Triple DES, and can leverage key exchange protocols like Diffie-Hellman to securely establish shared secrets for encryption and decryption of data packets across a network

Secure Messaging Concepts

Secure Messaging Protocols

Potential Value Opportunities

Potential Challenges

MFA with SMS text codes is not secure

Government Issues New iPhone, Android 2FA Warning—Stop Using SMS Codes Now. - Forbes 241222

a mandate to “use only end-to-end encrypted communications… such as Signal or similar apps.” Users are urged to use apps that are “compatible with both iPhone and Android operating systems, allowing for text message interoperability across platform,” ruling out Google Messages and iMessage.

2FA/MFA is clearly an absolute as well. This needs to be “FIDO phishing-resistant authentication,” which means something linked to authenticated user hardware allowing for some physical form of authentication. “Where feasible, hardware-based FIDO security keys, such as Yubico or Google Titan, are the most effective; however, FIDO passkeys are an acceptable alternative.”

Hardware-based FIDO security keys, also known as physical security keys or hardware tokens, are external devices that allow passwordless logins. They connect to endpoint devices using USB, NFC, or Bluetooth. Some examples of hardware-based FIDO security keys include:

YubiKeys: A popular example of a hardware-based FIDO security key
Hideez Keys: A popular example of a hardware-based FIDO security key
Solokeys: A popular example of a hardware-based FIDO security key

Other types of FIDO security keys include:

USB-based keys: These keys are versatile and connect to devices' USB ports for authentication.
NFC-enabled keys: These keys provide contactless authentication with NFC-enabled devices.
Bluetooth security keys: These keys enable wireless authentication and are useful for devices without USB ports.

When choosing a FIDO security key, you can consider things like: hardware-based security features, user experience, and certification and compliance requirements.

Not all applications and websites support security keys as a form of authentication.However, many major platforms, including Google, Facebook, Dropbox, and GitHub, support them

Other advice includes locking phones, SIMs and carrier services (such as voicemail) with a PIN wherever available. “This PIN is required for logging into your account or completing sensitive operations, such as porting your phone number—a critical step in countering SIM-swapping techniques.”

FIDO passkeys

FIDO (Fast Identity Online) passkeys are a type of authentication method that use public-private key cryptography to improve online security. They can take many forms, including:

A hardware security key
A passkey registered to a website on your browser
A smartphone with built-in biometric capabilities
Synced passkeys, which are shared across multiple devices
Hardware-bound passkeys, which are stored in dedicated hardware devices

Here are some examples of how FIDO passkeys work:

Sign in: The user receives a prompt to sign in with a passkey.
Authentication: The user completes a local authentication method using biometrics, a local PIN, or by touching their FIDO Security Key.
Verification: The client device sends the signed challenge back to the service, which verifies it with the stored public key and signs the user in.

FIDO passkeys are considered phish-resistant because of their cryptographic communication protocols and the fact that they must be registered with the authenticating service.