Question

In: Computer Science

4NCA: 4.7 What is a nonce? 4.8 What are two different uses of public-key cryptography related...

4NCA:

  • 4.7 What is a nonce?

  • 4.8 What are two different uses of public-key cryptography related to key distribution?

  • 4.9 What are the essential ingredients of a public-key directory?

  • 4.10 What is a public-key certificate?

  • 4.11 What are the requirements for the use of a public-key certificate scheme?

  • 4.12 What is the purpose of the X.509 standard?

  • 4.13 What is a chain of certificates?

  • 4.14 How is an X.509 certificate revoked?

Solutions

Expert Solution

4.7. Nonce:

  • Nonce is a random value to be repeated in message to assure that the response is fresh and has not been replayed by an opponent.

4.8. Uses of Public-key cryptography related to key distribution:

  • Public Key Encryption: The message is encrypted with the recipient's public key and can only be decrypted with a private key.
  • Digital Signatures: The message is signed with the sender's private key and it can be verified by anyone who has access to this public key.

4.9. Essential ingredients of a Public-Key directory:

  • There needs to be an Authority that maintains a directory with an Entry for each participant.
  • From there, each participant must register a public key with the directory authority and they may be able to replace this existing public key with a new one at any time.
  • The participants will also be allowed to access the directory electronically.

4.10. Public-Key certificate:

  • A Public-Key certificate consists of a public key and a user ID of the key owner, and this whole block is signed by a trusted third party.
  • Then, the user can present this public key to the authority in a secure manner and then obtain the public-key certificate.
  • Anyone who needs this user's public key can obtain the certificate and verify that it is valid by the way of a trusted signature.

4.11. Requirements for the use of a public-key certificate scheme:

  • Only the certificate authority can create and update certificates
  • Any participant can verify that the certificate originated from the certificate authority and is not counterfeit
  • Any participant can verify the currency of the certificate
  • Any participant can read a certificate to determine the name and public key of the certificate's owner

4.12. Purpose of X.509 standard:

  • The X.509 is part of the X.500 series that defines a directory service.
    • The directory is a server or distributed set of servers that maintain a database of information about users.
  • The X.509 defines the framework for the provision of authentication services by the X.500 directory to its users and it may serve as a repository of public-key certificates.
  • It also defines the alternative authentication protocol based on the use of public-key certificates.

4.13. Chain of Certificates:

  • A certificate chain consists of all the certificates needed to certify the subject identified by the end certificate.
  • This includes the following:
    • The end certificate
    • The certificate of intermediate CAs
    • The certificate of a root CA trusted by all parties in the chain
  • Every intermediate CA in the chain holds a certificate issued by the CA one level above it in the trust hierarchy.
  • The root CA issues a certificate for itself.

4.14. X.509 certificate may be revoked for the following reasons:

  • The CA's certificate assumed to be compromised
  • The user is no longer certificated by this certificate authority (CA). This is because:
    • The subject name has changed
    • The certificate is suspended, or
    • The certificate was not issued in conformance with the CA's policies.
  • The user's private key is assumed to be compromised.

The CAs must maintain a list consisting of all revoked certificates issued by the CA, including both those issued to users and to other CAs. These lists should be posted on the directory.


Related Solutions

Subject: Cryptography Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device...
Subject: Cryptography Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial-of-service attack. What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?
What represents the mechanism of digital signature correctly?? What represents the mechanism of public key cryptography...
What represents the mechanism of digital signature correctly?? What represents the mechanism of public key cryptography correctly? Structured decision-makings are those which are _____.??
Please Answer!!! Why is public-key cryptography be used to encrypt a symmetric key in a digital...
Please Answer!!! Why is public-key cryptography be used to encrypt a symmetric key in a digital envelope instead of encrypting the message directly? What types of data should be encrypted? When should data be encrypted?
Cryptography*** For DES, what is the probability that two different keys will encrypt atleast 1 plaintext...
Cryptography*** For DES, what is the probability that two different keys will encrypt atleast 1 plaintext message to the same ciphertext output?
Q3. Privacy-Preserving Computation using Public-Key Cryptography (Marks: 3+5 = 8) Say, Alice wants to multiply two...
Q3. Privacy-Preserving Computation using Public-Key Cryptography (Marks: 3+5 = 8) Say, Alice wants to multiply two numbers (M1 and M2) and send the result to Bob. That is, Alice is the sender and Bob is the receiver. However, Alice does not have the computation power to multiply two numbers. Therefore, she decides to send both numbers to a cloud server. Though the cloud server has the computation power, it cannot be trusted. As a result, Alice relies on the Homomorphic...
Design a security service that provides data integrity, data confidentiality and nonrepudiation using public-key cryptography in...
Design a security service that provides data integrity, data confidentiality and nonrepudiation using public-key cryptography in a two-party communication system over an insecure channel.
what are the federal government role and key activities related to public health? select one of...
what are the federal government role and key activities related to public health? select one of the eleven operating division of the U.S department of health and human services and describe their mission/ purpose. discuss and example of a public health services they provide. how does this differ from the role and function of local and state health department?
a) In a public-key system using RSA, n=77 and its public key is e=23. What is...
a) In a public-key system using RSA, n=77 and its public key is e=23. What is the private key d? Show your steps of calculation. b) Let M=3. Compute its cipher text under the above RSA. Please use the divide conquer algorithm to compute the exponential function for the cipher text.
Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that...
Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial of service attack What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?
Let Ajay and Bijay public key is certified by a CA. Both of them uses secure...
Let Ajay and Bijay public key is certified by a CA. Both of them uses secure DHKE with parameters α and p for encrypting/decrypting messages with a symmetric algorithm such as AES. Now assume Ranjit hold the CA’s signature algorithm (and especially its private key), which was used to generate certificates. Can Ranjit decrypt old cipher-texts which were exchanged between Ajay and Bijay before the CA signature algorithm and private key was compromised, which Ranjit had stored? Explain.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT