{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Authentication2 - Certificate Authorities(CA KDCs are used...

Info icon This preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Certificate Authorities (CA) KDCs are used to facilitate authentication in a network that relies on secret key cryptography. Certificate Authorities are a similar mechanism for allowing authentication that relies on public key cryptography. A CA is a trusted node that maintains the public keys for all nodes (Each node maintains its own private key). If a new node is inserted in the network, only that new node and the CA need to be configured with the public key for that node. A CA is involved in authenticating users by generating certificates A certificate for User X is a message containing “X” and X’s public key signed with the CA’s private key. X’s certificate: [“X”, (n,e) X , Expiration Time] CA X keeps the same certificate as long as he has the same public key. X appends the certificate to his messages. Since everyone knows the CA’s public key, they can decrypt the certificate and know X’s public key.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
The Certificate Authority model may have some advantages: 1. The CA does not need to be online. As a result, A. It is more secure than KDC B. It is not a performance bottleneck 2. If the CA were to crash, then nodes that already have their certificates can still operate. 3. Certificates are not security sensitive. A saboteur could delete Certificates, but not create fake ones or modify existing ones in any way since only the CA can generate signatures. 4. A compromised CA cannot decrypt conversations. A compromised CA could fool users into accepting a bogus public key and then carry out transactions with users. They still could not decrypt any previously encrypted messages where the real public key was used. One problem with the Certificate Authority model is how to handle certificates that refer to a deleted user or node. 1. What if User X is given a certificate for communication with User Z and User Z is removed from the system before it expires? 2. User X will still use his certificate until the expiration time expires 3. What kind of harm can this do? 4. User X can still exchange messages with User Z using his un- expired certificate.
Image of page 2
Solution : Maintain a Certificate Revocation List ( CRL ) at the CA. A Certificate is valid if: (1) it has a valid CA signature (2) has not expired (3) is not listed in the CA’s CRL list Certificates typically have an associated expiration time. Typically on the order of months (too long to wait if it needs to be revoked). The CA maintains a Certificate Revocation List ( CRL ). A CRL is issued periodically by the CA and contains all the revoked certificates. Each transaction is checked against the CRL. The X.509 standard has a defined format for storing a certificate as well as a CRL. An X.509 CRL includes a list of serial numbers of unexpired revoked certificates and an issue time for the CRL.
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Password Policy Review As mentioned before, passwords can be stolen, copied and guessed.
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern