Question

In: Computer Science

Subject: Cryptography Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device...

Subject: Cryptography

Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial-of-service attack. What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?

Solutions

Expert Solution

Answer:-

Cryptography :

Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.

However, in today's computer-centric world, cryptography is most often associated with crambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers.

Certificate Revocation List (CRL) :

1) A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.

2) CRLs are a type of blacklist and are used by various endpoints, including Web browsers, to verify whether a certificate is valid and trustworthy.

3) Digital certificates are used in the encryption process to secure communications, most often by using the TLS/SSL protocol. The certificate, which is signed by the issuing Certificate Authority, also provides proof of the identity of the certificate owner.

4) When a Web browser makes a connection to a site using TLS, the Web server's digital certificate is checked for anomalies or problems; part of this process involves checking that the certificate is not listed in a Certificate Revocation List.

5) These checks are crucial steps in any certificate-based transaction because they allow a user to verify the identity of the owner of the site and discover whether the Certificate Authority still considers the digital certificate trustworthy.

6) The X.509 standard defines the format and semantics of a CRL for a public key infrastructure. Each entry in a Certificate Revocation List includes the serial number of the revoked certificate and the revocation date.

7) The CRL file is signed by the Certificate Authority to prevent tampering. Optional information includes a time limit if the revocation applies for only a period of time and a reason for the revocation.

8) CRLs contain certificates that have either been irreversibly revoked (revoked) or that have been marked as temporarily invalid .

9) Digital certificates are revoked for many reasons. If a CA discovers that it has improperly issued a certificate, for example, it may revoke the original certificate and reissue a new one. Or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL.

10) The most common reason for revocation occurs when a certificate's private key has been compromised. Other reasons for revoking a certificate include the compromise of the issuing CA.

11) The owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing operations entirely or the original certificate being replaced with a different certificate from a different issuer.

12) The problem with Certificate Revocation Lists, as with all blacklists, is that they are difficult to maintain and are an inefficient method of distributing critical information in real time. When a certificate authority receives a CRL request from a browser, it returns a complete list of all the revoked certificates that the CA manages.

13) The browser must then parse the list to determine if the certificate of the requested site has been revoked. Although the CRL may be updated as often as hourly, this time gap could allow a revoked certificate to be accepted.

14) The CRLs are cached to avoid incurring the overhead involved with repeatedly downloading them. Also, if the CRL is unavailable, then any operations depending upon certificate acceptance will be prevented and that may create a denial of service.

Certificate Revocation List (CRL)


Related Solutions

Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that...
Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial of service attack What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?
[Public key revocation procedure] Suppose that a certain authority is running a (publicly accessible) database of...
[Public key revocation procedure] Suppose that a certain authority is running a (publicly accessible) database of users’ public keys. Let us define the following procedure for revoking a public key from the database. When a user Bob claims that the secret key skB corresponding to his public key pkB was stolen, he sends to the authority the statement “Revoke Bob’s public key pkB” which is signed using skB . Upon receiving such the statement, the authority revokes pkB from the...
As the U.S. grapples with a growing list of transportation infrastructure needs and limited public funds,...
As the U.S. grapples with a growing list of transportation infrastructure needs and limited public funds, more states are looking to public-private partnerships as a means of fixing and replacing aging bridges, tunnels and roads. Should the private sector help rebuild American infrastructure? Is there a downside for taxpayers?​ what would be the engineer's opinion?
a) In a public-key system using RSA, n=77 and its public key is e=23. What is...
a) In a public-key system using RSA, n=77 and its public key is e=23. What is the private key d? Show your steps of calculation. b) Let M=3. Compute its cipher text under the above RSA. Please use the divide conquer algorithm to compute the exponential function for the cipher text.
outline the key components of public financial management system.
outline the key components of public financial management system.
. Describe (in detail) the Spaulding Classification system and list the 3 device categories.
. Describe (in detail) the Spaulding Classification system and list the 3 device categories.
Q3. Privacy-Preserving Computation using Public-Key Cryptography (Marks: 3+5 = 8) Say, Alice wants to multiply two...
Q3. Privacy-Preserving Computation using Public-Key Cryptography (Marks: 3+5 = 8) Say, Alice wants to multiply two numbers (M1 and M2) and send the result to Bob. That is, Alice is the sender and Bob is the receiver. However, Alice does not have the computation power to multiply two numbers. Therefore, she decides to send both numbers to a cloud server. Though the cloud server has the computation power, it cannot be trusted. As a result, Alice relies on the Homomorphic...
List and explain the key stages in the process of system construction by composition
List and explain the key stages in the process of system construction by composition
NC3A - 3.6 What are the principal ingredients of a public-key cryptosystem? 3.7 List and briefly...
NC3A - 3.6 What are the principal ingredients of a public-key cryptosystem? 3.7 List and briefly define three uses of a public-key cryptosystem. 3.8 What is the difference between a private key and a secret key? 3.9 What is a digital signature?
17#12 Consider a system with one component that is subject to failure, and suppose that we...
17#12 Consider a system with one component that is subject to failure, and suppose that we have 100 copies of the component. Suppose further that the lifespan of each copy is an independent exponential random variable with mean 15 days, and that we replace the component with a new copy immediately when it fails. (a) Approximate the probability that the system is still working after 1725 days. Probability ≈ (b) Now, suppose that the time to replace the component is...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT