Question

In: Computer Science

Subject: Cryptography Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device...

Subject: Cryptography

Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial-of-service attack. What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?

Solutions

Expert Solution

Answer:-

Cryptography :

Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.

However, in today's computer-centric world, cryptography is most often associated with crambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers.

Certificate Revocation List (CRL) :

1) A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.

2) CRLs are a type of blacklist and are used by various endpoints, including Web browsers, to verify whether a certificate is valid and trustworthy.

3) Digital certificates are used in the encryption process to secure communications, most often by using the TLS/SSL protocol. The certificate, which is signed by the issuing Certificate Authority, also provides proof of the identity of the certificate owner.

4) When a Web browser makes a connection to a site using TLS, the Web server's digital certificate is checked for anomalies or problems; part of this process involves checking that the certificate is not listed in a Certificate Revocation List.

5) These checks are crucial steps in any certificate-based transaction because they allow a user to verify the identity of the owner of the site and discover whether the Certificate Authority still considers the digital certificate trustworthy.

6) The X.509 standard defines the format and semantics of a CRL for a public key infrastructure. Each entry in a Certificate Revocation List includes the serial number of the revoked certificate and the revocation date.

7) The CRL file is signed by the Certificate Authority to prevent tampering. Optional information includes a time limit if the revocation applies for only a period of time and a reason for the revocation.

8) CRLs contain certificates that have either been irreversibly revoked (revoked) or that have been marked as temporarily invalid .

9) Digital certificates are revoked for many reasons. If a CA discovers that it has improperly issued a certificate, for example, it may revoke the original certificate and reissue a new one. Or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL.

10) The most common reason for revocation occurs when a certificate's private key has been compromised. Other reasons for revoking a certificate include the compromise of the issuing CA.

11) The owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing operations entirely or the original certificate being replaced with a different certificate from a different issuer.

12) The problem with Certificate Revocation Lists, as with all blacklists, is that they are difficult to maintain and are an inefficient method of distributing critical information in real time. When a certificate authority receives a CRL request from a browser, it returns a complete list of all the revoked certificates that the CA manages.

13) The browser must then parse the list to determine if the certificate of the requested site has been revoked. Although the CRL may be updated as often as hourly, this time gap could allow a revoked certificate to be accepted.

14) The CRLs are cached to avoid incurring the overhead involved with repeatedly downloading them. Also, if the CRL is unavailable, then any operations depending upon certificate acceptance will be prevented and that may create a denial of service.

Certificate Revocation List (CRL)


Related Solutions

Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that...
Suppose a system uses a Public-Key Infrastructure with a Certificate Revocation List. A device in that system is asked to verify a certificate but cannot access the Certificate Revocation List database because of a denial of service attack What are the possible courses of action for the device, and what are the advantages and disadvantages of each course of action?
[Public key revocation procedure] Suppose that a certain authority is running a (publicly accessible) database of...
[Public key revocation procedure] Suppose that a certain authority is running a (publicly accessible) database of users’ public keys. Let us define the following procedure for revoking a public key from the database. When a user Bob claims that the secret key skB corresponding to his public key pkB was stolen, he sends to the authority the statement “Revoke Bob’s public key pkB” which is signed using skB . Upon receiving such the statement, the authority revokes pkB from the...
3. Public Key Cryptography involves the use of two keys: a public key and a private...
3. Public Key Cryptography involves the use of two keys: a public key and a private key. Explain the use of each key
4NCA: 4.7 What is a nonce? 4.8 What are two different uses of public-key cryptography related...
4NCA: 4.7 What is a nonce? 4.8 What are two different uses of public-key cryptography related to key distribution? 4.9 What are the essential ingredients of a public-key directory? 4.10 What is a public-key certificate? 4.11 What are the requirements for the use of a public-key certificate scheme? 4.12 What is the purpose of the X.509 standard? 4.13 What is a chain of certificates? 4.14 How is an X.509 certificate revoked?
Please Answer!!! Why is public-key cryptography be used to encrypt a symmetric key in a digital...
Please Answer!!! Why is public-key cryptography be used to encrypt a symmetric key in a digital envelope instead of encrypting the message directly? What types of data should be encrypted? When should data be encrypted?
What represents the mechanism of digital signature correctly?? What represents the mechanism of public key cryptography...
What represents the mechanism of digital signature correctly?? What represents the mechanism of public key cryptography correctly? Structured decision-makings are those which are _____.??
Design a security service that provides data integrity, data confidentiality and nonrepudiation using public-key cryptography in...
Design a security service that provides data integrity, data confidentiality and nonrepudiation using public-key cryptography in a two-party communication system over an insecure channel.
As the U.S. grapples with a growing list of transportation infrastructure needs and limited public funds,...
As the U.S. grapples with a growing list of transportation infrastructure needs and limited public funds, more states are looking to public-private partnerships as a means of fixing and replacing aging bridges, tunnels and roads. Should the private sector help rebuild American infrastructure? Is there a downside for taxpayers?​ what would be the engineer's opinion?
Suppose the following: James’ public key = Kj, James’ private key = Kj-1 Randy’s public key...
Suppose the following: James’ public key = Kj, James’ private key = Kj-1 Randy’s public key = Kr, Randy’s private key = Kr-1 Each person’s public key is known to others; Each one’s private key is only known to the owner Explain how Randy can send a plaintext P to James secretly Explain how James can verify if a plaintext P is sent from Randy Explain how Randy can verify if a plaintext P is sent from James and at...
a) In a public-key system using RSA, n=77 and its public key is e=23. What is...
a) In a public-key system using RSA, n=77 and its public key is e=23. What is the private key d? Show your steps of calculation. b) Let M=3. Compute its cipher text under the above RSA. Please use the divide conquer algorithm to compute the exponential function for the cipher text.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT