Unformatted text preview:

Computer Security CS477Lecture 11Ching-Hua ChuanOctober 8st2008Administration Homework #2 October 13th Test review October 13th Test #2 October 15thToday’s Outline Authentication Applications X.501 (Chap 4.2) Public key infrastructureX.509 Authentication Service X.509 is part of the X.500 series of recommendations that define a directory service. A directory: a server or distributed set of servers that maintains a database about users. Each certificate contains the public key of a user and is signed with the private key of a CA. X.509 is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use.CertificatesCertificateCA<<A>> = CA{V, SN, AI, CA, TA, A, Ap}whereY<<X>> = certificate of user X signed by CA YY{I} = the signing I of Y. It consists of I with an encrypted hash code appended.The Typical Digital Signature ApproachCA userObtaining a User’s Certificate Characteristics of certificates generated by CA: Any user with access to the public key of the CA can recover the user public key that was certified. No part other than the CA can modify the certificate without this being detected. Because of the unforgeable characteristics, certificates can be: put in a directory without special protection transmitted between users directly In a Large Community Subscribing to a common CA is infeasible: Everyone needs to have CA’s public key. The public key must be securely delivered to every user. Solution: multiple CAs Each CA securely provides its public key to some fraction of users.A Simple ScenarioCA X1 CA X2user A user BPBX1PBX21X1<<X2>>2X2<<B>>3A chain of certificates: X1<<X2>>X2<<B>>X.509 Hierarchy Hierarchy CAs: U, V, …, Z Users: A, B, C Forward certificate Certif. of X generated by other CAs. Reverse certificate Certif. generated by X that are the certif of other CAs.X.509 HierarchyA acquires B’s certificate:X<<W>>W<<V>>V<<Y>>Y<<Z>>Z<<B>>B acquires A’s certificate:Z<<Y>>Y<<V>>V<<W>>W<<X>>X<<A>>Revocation of Certificates Reasons for revocation User’s PR key is compromised User is no longer certified by this CA CA’s certificate is compromised Certificate Revocation List (CRL) Every CA has one Keep revoked but not expired certificates, issued by this CAAuthentication ProceduresOne-wayTwo-wayThree-waySigned by APublic Key Infrastructure X.509 (PKIX)PKIX Architecture ModeloptionalSummary Authentication Applications X.501 (Chap 4.2) Public key infrastructureCertificate content, chain of certificate, hierarchy, authentication proceduresArchitecture model, management


View Full Document

BARRY CS 477 - Homework #2

Download Homework #2
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Homework #2 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Homework #2 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?