the iso/osi security architecture cits3002 computer networks · the iso/osi security architecture...

CITS3002ComputerNetworks

1 next→ CITS3002 help3002 CITS3002schedule

TheISO/OSISecurityArchitecture

Aswellasdefiningtheirseven-layeredmodel,theISO/OSIgroupalsodefinedarangeofterminologiesformingtheirISO/OSISecurityArchitecture.Itincludestherequirements:

dataconfidentiality-protectsdataasittraversesthenetworkfrombeingdisclosedtoincorrectparties.Eventhepresenceofparticularcommunicationsequencesbetweenpartiesshouldnotbeidentified.

dataintegrity-protectsthedatafrommodificationorremovalwhileinthenetwork,

dataoriginauthentication-validatesthesenderofthedata,

datareceiverauthentication-validatesthereceiverofthedata,

peer-entityauthentication-validatesallnetworkcomponents,suchashardwareroutersandpeersoftwarecomponentsthroughwhichadatastreammusttravel,and

non-repudiation-createsandverifiesevidencethattheclaimedsendersentthedata,thattheintendedreceiverdidreceiveit,andthatneithercandenythatthisoccurred.

NOTE:thecoreTCP/IPinternetworkingsuitemeetsnoneoftherequirementsoftheISO/OSISecurityArchitecture.Supportforadditionalservicesisevolving,primarilyattheApplicationLayer,butchangescannotbeeasilymadetolowerlayers.

CITS3002ComputerNetworks,Lecture12,Cryptography'sroleinnetworking,p1,27thMay2020.

"Remoteexploit+localrootexploit⇒remoterootexploit."— Oldesayinghandeddownthroughtheages.“

http://teaching.csse.uwa.edu.au/units/CITS3002/index.php

https://secure.csse.uwa.edu.au/run/help3002

http://teaching.csse.uwa.edu.au/units/CITS3002/schedule.php


←prev 2 next→ CITS3002 help3002 CITS3002schedule

Cryptography'sRoleinNetworking

Theneedforcryptographytoprovidesecurityariseswiththepossibilityofstolenhardware,wiretapping,thebroadcastmechanismsofLANsandWLANs,andnetworktrafficpassingthroughforeignnetworks.

Weassumethatanadversaryisableto:

Copydatafromdiskstorageforremoteanalysis,Passivelylisten(only)onbroadcastchannels(suchaswired-EthernetandWiFi),Aggressivelymonitortrafficthoughintermediateroutersorworkstations(situatedanywhereonamessage'spath),Activelyreplay,modifyorinserttheirownmessagesintothemessagestream.

Cryptographyprovidessolutionstomostoftheseproblems.

Sowhereshouldtheencryptionbeperformed?

Usersencryptingindividualfilesstoredinastandardfile-system,File-systemsencryptingalldatabeforewritingittodisk,DatalinkandNetworklayers:inswitchesandrouters(e.g.VPNs),SessionLayer:withend-to-enddataconversion(e.g.SSL),ApplicationLayer:inprogramssuchasemailagents(e.g.PGP).


"Cryptographyisthescienceofmakingthecostofimproperlyacquiringoralteringdatagreaterthanthepotentialvaluegained.Thevalueofinformationusuallydropswithtime,andcryptographymakesthetimerequiredtoobtaindatainunauthorizedwayslongenoughtodecreaseitsvaluewellbelowthemoneyspentonobtainingit."— JalahFeghhi,DigitalCertificates

“






BasicCryptographicTerminologyWeuseanencryptionfunctionandakeytoconverttheplaintext(theinput)intotheciphertext(theoutput).

Theintendedreceiverhopestoquicklyandcorrectlyreversetheprocess-somethingthatadversariesshouldbeunabletodo.

Weassumethattheadversaryknowstheencryptionfunction(process)beingused,andthatthekeyissecretandchangedfrequently.Thekeylengthisexpressedinbits:

Technology Keylengths Possiblekeys Keylength

ATMPIN 4decimaldigits 10,000 14bits

old-styleUnixpasswords 8characters 1268=6.3x1016 56bits

UnixpasswordswithMD5

anynumberofcharacters

unlimited,thoughduplicates 128bits

Thefollowingattacksagainstcryptographyarecommon.Eachhasthegoalofdeterminingthecryptographickey(s),sothatexistingdatamaybeexposed,orfuturemessagesdecryptedwithouttherepeatedeffort:

Knownplaintextattack-thecryptanalyst(fancynameforanadversarywithaMathsdegree)has(ordetermines)ablockofplaintextanditscorrespondingblockofciphertext.Thismayseemunlikely,butregularlyexchangedencryptedmessageshavefixedorpredictablepayloads(e.g.emailheaders,VPN-sessionestablishment).

Chosenplaintextattack-thecryptanalystcanhavetheirintendedvictimunknowinglyencryptfixed,knownblocksofdata.

Differentialanalysis-akindofplaintextattackinvolvingmanyverysimilarplaintextsbeingencrypted,andtheirresultingciphertextsbeingcompared.

Ifthereisnoseparateintegritycheckontheencrypteddata-anattackermaybeabletoalteritsothatitdecryptstodataoftheattacker'schoice.







SimpleSubstitution:

CaesarCipher:ch = (char)((ch + K) % 26);

PT : abcdefghijklmnopqrstuvwxyz CT : DEFGHIJKLMNOPQRSTUVWXYZABC

HereK = 3.

MonoalphabeticSubstitution:Eachsymbolmapstosomeothersymbol.Thekeyissimplya26letterstringfromthealphabet.

PT : abcdefghijklmnopqrstuvwxyz CT : QWERTYUIOPASDFGHJKLZXCVBNM

Herethereare26!=4x1026possiblekeys.

At1msecpersolution,abruteforceapproachwouldtake1013years.

However,inEnglishandmanyothernaturallanguages,textstatisticsareavailableonthemostfrequentlyusedletters,(262)digraphs,(263)trigraphsandwords.Tobreaksimplecodeswe:

countfrequenciesofeachletterandmatche's,t's,etc.countdigraphs(th,er,on,an,re,he,in,ed,nd,ha,at,en,es,of,or...)andtrigraphs(he,and,tha,ent,ion,tio,for,nde,has,nce...)matchth,the,in,and,...

ThemovieWindtalkersfocusesontheuseofthenaturallanguageofNavajoIndiansasacodeinWWII.SpeakersofKlingonclaimthattheirlanguageis,forotherreasons,indecipherable(inpractice).





http://www.imdb.com/title/tt0245562/

http://www.abc.net.au/news/2012-01-05/navajo-code-talker-dies-in-arizona/3759704

http://www.kli.org/

https://www.youtube.com/watch?v=xAG3gGzaVUo



TheInfluenceofComputersonCryptographyThefirstroleofcomputerswastogatherstatisticsandperform'brute-force'searchesofciphertextusingsomeheuristics.

Traditionally,convoluted,obscure,andundisclosedalgorithmsrequiringlongkeyswereusedtoencrypttext.Morerecentlythefocushaschangedtosupportsimple,openalgorithms,butwithcomplex'solutions'.

Thealgorithmicinversesthemselvesareintendedtobesocomplexthatbrute-forcetechniquestakemillionsofyearstosucceed.

Analgorithm'sstrengthisnotsimplyderivedfromitskeys'length,butfromitspeerevaluationandpublicreview.

Aweakalgorithmisonewhosealgorithmandimplementationarenotavailable,andwhosestrengthwouldbecompromisediftheseweremadepublic.

In1883AugusteKerckhoffstatedasoneofhissixaxiomsofcryptography:

"Ifthemethodofenciphermentbecomesknowntoone'sadversary,thisshouldnotpreventonefromcontinuingtousethecipheraslongasthekeyremainsunknown."





http://en.citizendium.org/wiki/Kerckhoffs%27_Principle



SymmetricCiphersTheDataEncryptionStandard(DES,1976)isknownasasymmetriccipher,oftenaprivatekeyalgorithm-inwhichthesenderandreceiverusethesamekeythatmustbekeptprivate.

Ingeneral,longerkeysprovidestrongerencryption,butitisamistaketoimplythestrengthofanencryptionalgorithmintermsofbitsalone.Bruteforceattacksarethemostsuccessful.

Somepopularexamplesofsymmetricciphers:

DES:ablockbasedcipherof64bitblocksin,64bitblocksout,56bitkeyfilledto64bits(8odd-paritybits).

Triple-DES:encryptsthesameplaintextwithDESthreetimes.Threeortwokeysareprovided,theplaintextisencryptedwiththe1stkey,decryptedwiththesecond,andfinallyencryptedwiththethird(or1stagain).

Adouble-DESscheme(withonly2keys)doesnotrequire22nbrute-forcetestsbut2n+1testswithameet-in-the-middleattack.

RonRivest'sRC2blockcipheremployskeysupto1024bits,andexecutesataspeedindependentofkeylength.

RonRivest'sRC4streamcipher(asusedinWiFi'sWEPencryption)employskeysof40to256bits,buthasthepropertythatiftwomessagesareencryptedwiththesameRC4key,theirencryptionsarerelatedinaknownway.







TheDESAlgorithmAsanexampleofthefirstofficialdeploymentofencryption,we'llconsidertheDataEncryptionStandard,DES.

In1977theUSGovernmentadoptedaproductcipherfromIBMandlaterthatyearwasdefinedasastheofficialencryptionstandardbytheUSStandardsBureau.

DESsoftwareispubliclyavailable(seeDES-crypt.c),butismoreefficientlyimplementedinhardware.Usersareconfidentofitssecurity(theywillopenlysaywhenitisinuse-forexample,Unixpasswords).

Dataisencryptedin64bitblocks.Ciphertextisoutputin64bitblocks.A56bitkeyisused.Thesamekeyisusedforbothencryptionanddecryption.





http://undergraduate.csse.uwa.edu.au/units/CITS3002/DES-crypt.c



ProductandSubstitutionCipherBoxesEach'box'isparameterizedbythepairingsofinput->outputwires,andeachinput->outputmappingininvertible.Analgorithmis,then,furtherparameterizedbythearrangementofP-andS-boxes,andisalsoinvertible.

TheSubstitutionStages







TheStepsoftheDESAlgorithmThealgorithmhas19stepsforencryption;decryptionsimplyperformsthestepsinthereverseorder.

Step1.Transpositionofplaintext,independentofkey.Step19.InverseofStep1.Step18.Exchangeleft32bitswithright32bits.Steps2-17.Useafunctionofthekeyforeachstage,whichweshallcallKi.

Left out := Right inRight out := XOR(left in, f(Right in, Ki)) where f is a 4 step function.

Whatarethestepsofthismagicfunctionf?

1. E:=R1(whichis32bits)expandedto48bits.2. D:=XOR(E,Ki).3. DivideDinto8x6bits;

feedeachofthese6bitsintoadifferentSboxeachproducing4bits.

4. Feedthese8x4bits(=32bits)throughaPbox.

HowistheDESkeyused?K0:=56transpositioncipherofK.DivideK0into2x28bits.ROLefteachpart.Ki:=56bittransitionofthenumberformed.







TripleDESDESisstillinusetoday,inanextendedformcalledtriple-DES,or3DES.WhereastheoriginalDESusedonlyone56-bitkey,3DESusesuptothree56bitkeys(plusoneparitybyte)inordertoincreasethedifficultyofbreakingthecipher:

3DES_encrypt(key1, key2, key3, message) =

DES_encrypt(key1, DES_decrypt(key2, DES_encrypt(key3, message)))

Theencrypt-decrypt-encryptapproachisusedtomakethealgorithmcompatiblewithsingleDES,inthespecialcasewhenkey1 = key2 = key3.

DESunderUnixinsoftwareAnumberofroutinesareprovidedwhicharetypicallyusedforencryptingpasswordsandfiles.

char *crypt(char *key, char *salt);

setkey(char *key);

encrypt(char *buf, int edflag);

ImplementationsofUnixsupportingremotefile-systemsandremote-loginsoftensupportDESencryptionoftransfers(suchaswithRPC/XDRauthentication)usingtheuser'sloginpasswordasthekeyfortheencryption.

AttheCrypto'94conference,M.MatsuipresentedaDES-breakingtechniquetermed'linear-cryptanalysis'.Using243knownciphertexts,hewasabletodetermineasingleDESkeyin50daysona100MHzdesktopmachine.

Asthecrackingprocessislinear,comparabletimesoncontemporarymachinesaremeasuredinhours.

In1998EFF's(then)US$250,000DEScrackingmachinecontained1,856customchipsandcouldbruteforceall256DESkeysin9days.







DESModes-ElectronicCodeBook(ECB)Traditionally,eachblockofciphertextisindependentofotherblocksandismostfrequentlyusedforthecodingofdataonsomestoragemedium(suchasadiskortransmittedviaanetwork).

DESModes-CipherBlockChaining(CBC)Thenotionofchainingensuresthateachblockisdependentonearlierblocks:

Now,anintrudercanneitherinsertnordeleteanyblockwithoutdetection.Cipherblockchainingishencetypicallyusedinnetworkingapplications.







ExchangingEncryptionKeysDespitecenturiesofevolutionofsymmetrickeycryptography,thefundamentalproblemofsecurekeydistributionremains:

"Howcantwopeople(ormachines)encryptanddecryptmessagesusingakeyiftheyarenotsurethatthekeyitselfissecure?"

Diffie-Merkle-HellmanKeyexchangeIn1976DiffieandHellman,fromStanfordUniversity,wrotethepaperMulti-UserCryptographicTechniques,proposingamethodofexchangingkeys.

TheDiffie-Hellmankeyexchangetechniqueenablestwoactiveparticipants(whomayneverhavemet)toagreeonanew,temporary,sessionkeywithwhichtheywillexchangeamessage.

Moreover,anyoneeavesdroppingontheiragreementdiscussion,willnotbeabletofurthereavesdroponthemessageexchange.

Asimple(physical)analogyofhowkeyscanbeexchanged:

AwantstosendakeytoB.AputsthekeyinasecureboxandlocksitwithA'spadlock.BdoesnothavethekeytoA'spadlock,soinstead,BreceivestheboxandaddsB'sownpadlocktotheboxandreturnsittoA.AremovesA'spadlockwithA'sownkeyandsendstheboxbacktoB.BcannowremoveB'sownpadlockandremovethekeywhichisnowsharedbyAandB.

TheworkofDiffieandHellmanwasrevolutionaryinthewaywethinkaboutcryptography.Previouslyitwas'intuitivelyobvious'thatthekeyneededtoencodeanddecodeamessageneededtobethesame(ortriviallyrelated).







PublicKeyCryptographyUsingpublickeyencryptionweusetwokeysratherthanjustone.

Thepublickey,E,maybeopenlypublished.

Theprivatekey,D,isknownonlybytheintendedrecipient.

Theplanistochoosekeyssuchthatevenknowingthepublickeydoesnotrevealtheprivatekey:

AandBopenlypublishtheirpublickeys(viewedasalgorithms)EAandEB.

AsendsEB(Plaintextmessage)toB.

BcalculatesDB(EB(Plaintextmessage))=Plaintextmessage.

BcanthenreplywithEA(Plaintextreply)forAtoread.







TheMIT/RSAAlgorithmIn1978,RonRivest,AdiShamir,andLeonardAdleman,allofMIT,publishedtheimaginativelynamedRSAalgorithmforthegenerationofencryption/decryptionfunctionsfromnumbertheory.

ThedifficultyariseswhenchosingthealgorithmsEAandDAsuchthattheyareinversesofoneanotherandyetdifficulttocrack.

Keylength Factorizationtimes With107x1GHzmachines429-bits(RSA-129) 4,600MIPS-years 14.5secs

512-bits 420,000MIPS-years 22minutes

700-bits 4.2x109MIPS-years 153days

1024-bits 2.8x1015MIPS-years

280,000years

Wechoosetwoverylargeprimenumbers,pandq,eachover100digits.WedefineEAtobethepair(e,n)wheren=pxq(forp,qbeing100digitprimes,nwilltypicallyatleast200decimaldigits).WedefineDAtobethepair(d,n)where(exd)mod((p-1)x(q-1))=1

Wethenuse:

Encryptionfunction:C:=PemodnDecryptionfunction:P:=Cdmodn







AsymmetricciphersRSAisanexampleofanasymmetriccipher,employingdifferentkeysforencryptionanddecryption.Therelationshipbetweenkeyssimplifiesanattack.

RSAhasbecomeubiquitous.ItiscommonlyusedinapplicationssuchasMicrosoftInternetExplorerandFirefoxforimplementingsecurity(SSL),withinmailclientsforsigningandencryptingemails(S/MIME),withinpaymentsystems,andforencryptingtrafficbetweenVPNgateways.

Keysforasymmetricciphersneedtobelongerthankeysforsymmetriccipherstoachievesimilarresistancetobrute-forceattacks:

SymmetricKeyLength

AsymmetricKeyLength

56bits 384bits

64bits 512bits

80bits 768bits

112bits 1792bits

128bits 2304bits

The17-yearpatentonRSAwasduetoexpireonSeptember20,2000,butwasreleasedintothepublicdomaintwoweeksearlyonSeptember6,2000.


"BecausetheRSAalgorithmremainsoneofthemostwidelyusedmethodsofimplementingpublickeycryptography,theexpirationoftheRSApatentisgoodnewsforsoftwarecompanies,e-commerce,andusersofprivateorsecurecommunications.Thefundamentalpatentsonpublickeycryptographyhaveallnowexpired,andweshouldexpectanexplosionofnewandpowerfulimplementationsofthistechnology.IexpecttherewillbeexpirationpartiesfromPaloAltotoPerthastechnologycompaniesrolloutnewapplicationsofthisimportanttechnology!"— PatFinn,"HandbookofIntellectualPropertyClaimsandRemedies"

“






StrongEncryptionisnotenough-theneedforDigitalSignaturesThepushforeCommercehasdemonstratedtheneed,notforgreaterbandwidth,nor(strictly)forgreaterend-to-endsecurity,butforauthenticationandauthorizationoftheendplayers.

DigitalsignatureswerefirstdiscussedbyDiffieandHellmanintheir1976'NewDirectionsinCryptography',buteCommerceisonlyrecentlydemonstratingtheirworthtoawideraudience(andtheirpatenthasexpired!).

Unliketraditionalsignatures,adigitalsignaturecannotbeaconstant;itmustbeafunctionofthedocumentthatitsigns.

Adigitalsignaturepreventstwotypesoffraud-

theforgingofasignaturebythereceiver(oranythirdparty),andtherepudiationofthetransmissionofamessagebythesender.

Twocategoriesofdigitalsignatureareidentified:

Truesignatures,signedbythesender,verifiedbythereceiver.Arbitratedsignaturemayonlybesentandverifiedthroughatrustedthirdparty.Therecipientisunabletoverifythesender'ssignaturedirectly,butisassuredofitsvaliditythroughthemediationofthearbitrator.





http://www.cs.jhu.edu/~rubin/courses/sp03/papers/diffie.hellman.pdf



MessageDigests-basicbuildingblocksAmessagedigestisa16-,20-,32-byte'fingerprint'ofamessage.

Messagedigestsarecentraltodigitalsignatures.Whenamessageissigned,itscontentsarefirsthashedtogiveamessagedigest.Thedigestisthenencryptedwiththesender'ssecretkey,givingaproofofthesender'sidentity.

Agooddigestmusthavetheproperties:

Anabsenceofcollisions.Unlikesimplerfilechecksums,whichquicklydemonstratefileordataintegrity,itmustbehardtofindtwomessageswiththesamedigest.Mustnotbeinvertible.Digestsaredeterministicmany-to-onefunctions.Auniformdistributionofresults.Achangeinjustoneinputbitshouldaffectatleasthalftheoutputbits.

Simplechangestoevenasinglebyte(evenasinglebit)shouldresultindramaticchangestothedigest:

ThewinnerisSydney2f8eff80630eb401b0038d8df420719b

ThewinnerisSydeyf2b91cf6f8ad805a127182e8a46d450f

Somepopularmessagedigests:

MD2andMD5:developedbyRSA,producing16-bytehashes.Researchin1994foundweaknessesincollisionfrequencies.RIPEMD-160:TheEuropeanstandardproducing20-bytehashes.SHA-1,SHA-2andSHA-256arespecifiedbytheUSgovernmentfortheirDSA,outputting20-bytehashes.

From2004:MD5ToBeConsideredHarmfulSomeday.





http://www.youtube.com/watch?v=Cd7KnsiSjd8

https://dankaminsky.com/2004/12/06/46/



(Old)performanceofthebasicbuildingblocksMessagedigestalgorithms(on233MHzPentium-II,butspeedscaleslinearly):

Algorithms Calculation(KB/sec)MD5 36,250

SHA-1 20,428

Symmetrickeyalgorithms(233MHzPentium-II):

Algorithms Setup(ms) Encryption(KB/sec) Decryption(KB/sec)DES(56bit) 6.3 4,386 4,557

Triple-DES(112bit) 22 1,596 1,620

RC4(128bits) 29.8 27,325 28,132

RC5(128bit) 352 4,576 4,691

Asymmetrickeyalgorithms(233MHzPentium-II):

512bits(KB/s)

1024bits(KB/s)

2048bits(KB/s)

RSAencryption 10.5 4.23 0.436

RSAdecryption 5.28 2.87 1.4

Thecommand-lineopensslprogramprovidesspeedsoncontemporarymachines:

linux> openssl OpenSSL> speed md5 To get the most accurate results, try to run this program when this computer is idle. Doing md5 for 3s on 16 size blocks: 1722968 md5's in 2.80s Doing md5 for 3s on 64 size blocks: 1469874 md5's in 2.80s .... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 9833.40k 33603.65k 92756.49k 167532.74k 217651.97k

Forlargeamountsofdata,wefirstencryptthedatawithasymmetricalgorithmandthenencryptthesymmetrickeywithanasymmetricalgorithm.Hybridprotocolsareusedinmostcurrentcryptographicarchitectures,suchasSSL.







DigitalsignaturegenerationDigitalcertificatesareoftenconfusedwithdigitalsignatures.

Likeamessagedigest,adigitalsignatureisa'summary'oftheoriginalmessage,butalsoprovidesanassurancethattheoriginalcreatorofthesignaturehastheprivatekeymatchingthepublickeyusedtogeneratethesignature.

Butwhoholdsthepublicandprivatekeys?

Whatifthepublickeyhadbeenreplacedwithanother?







DigitalcertificatesDigitalcertificateshavebeenlooselydescribedasthedriver'slicensefortheInternet.

Adigitalcertificateprovidesabindingbetweenanentity'spublickey,andoneormoreattributestoitsidentity.

Anentitymaybeaperson,aexecutingpieceofsoftware,oradevicesuchasarouterorasmart-card.Acertificationauthority(CA)atteststotheauthenticityoftheentity'spublickeybydigitallysigningamessagewithitsownprivatekey.The'quality'ofthecertificatedependsonthedetailofinformationprovidedtotheCA(morelater).Either,publicandprivatekeysmaybeissuedbytheCA,ortheCAmaychallengetheentity'spublickey.

Thesuccessfuluseofdigitalcertificatesappearswithinalargecommunity-littleisgainedbyissuingone'sown.







DigitalcertificateencodingToday,certificatesaredefinedbytheISOX.509protocolandappearsasanapplication/x-x509-user-certMIMEtype.

ThedataisencodedusingAbstractSyntaxNotation(ASN.1),encodingandtransmittedinASCIIusingbase64encoding.

(18bitdata->24bitrepresentation).

Earlydebatecentredonwhetherthecertificateitselfneededtobeencrypted(nownot).





https://www.base64decode.org



BrowsersupportfordigitalcertificatesDigitalcertificatesaremanagedbyallcommonbrowsers:Firefox,Safari,Opera,NetscapeNavigator,MicrosoftInternetExplorer...

IfvisitingasitewiththesecureHypertextTransportProtocol,aswithhttps://secure.csse.uwa.edu.au/wecanviewdigitalcertificateinformationviathe'padlocked'icon.

Unfortunately,thereareoftenfewCAsfromAustraliainmostcommonbrowsers.





https://secure.csse.uwa.edu.au/



Browsersupportfordigitalcertificates

Thebrowserwilldisplaythedigitalcertificatefromthecurrentpage-hereshowing:

Thesubjectofthecertificate,Theissuer(CA)ofthecertificate,Theserialnumberofthecertificate,Theperiodofvalidityofthecertificate,andThemessagedigestofcertificate.

Iftheissuerofasite'sdigitalcertificateisalreadyknownbythebrowser(either'hard-wired'ormanuallyadded),theissuer'scertificatemaybeviewedandverified.

Version3ofX.509introducedextensionfields-theassociationofadditionalinformationwithacertificate.Eachextensionhas:

anextensiontypeprovidingsemanticsandtypingoftheextension(e.g.astring),anextensionvalue",suchasanemailorIPaddress,andacriticalityindicatorindicatingifthewholecertificateshouldbeignoredifanextensionisnotrecognized.

Standardextensions(?)nowdescribethe'strength'andpurposeofthecertificate-digitalsignature,non-repudiation,keyencipherment,dataencipherment,certificatesigning,etc.







CertificatePathvalidationCAsareorganizedinhierarchies-eachparentCAsignsacertificatevouchingforasubordinateCA'spublickey.

Whenvalidatingachainofcertificates,thecertificatepath,thepathisfolloweduntilthetopofthechainisreached(when?).

Thereisnoautomatedwayofverifyingthetopofacertificatechainotherthanverifyingthatitisoneofalistofdirectlyknown(andimplicitlytrusted)certificates(suchasinabrowser).

Severalcompanies,suchasVeriSign,Thwaite,Baltimore,AT&T,andagrowingbandofgovernmentdepartmentshavepositionedthemselves'atthetop'.






←prev 25 CITS3002 help3002 CITS3002schedule

CertificateRevocationListsAcertificaterevocationlist(CRL)allowsclientsandserverstocheckwhethertheentitytheyaredealingwithhasavalidcertificate.

Trustbreaksdown,andCRLsarerequired,when:

asubject'sprivatekeyisexposed,aCA'sprivatekeyisexposed,andtherelationshipbetweenthesubjectandCAchanges(e.g.thesubjectisnolongeremployedbytheCA,orstopspayingmoneytotheCA).

Certificaterevocationplaysacrucialpartintheauthenticationprocess:

Obtainthesubject'sdigitalcertificateandverifyitsvalidity.Extracttheserialnumberofthecertificate.FetchthecurrentCRLfromtheCA.VerifytheCRL'sdigitalsignature,andrecorditspublicationtimeandwhenthenextCRListobepublished.ExaminetheCRLtodetermineiftheintendedcertificatebeenrevokedorsuspended(basedonthecertificateserialnumber).Alerttheuserifthecertificateisrevoked.

LimitationsofCertificateRevocationInalargepublickeyinfrastructurecommunity,CRLsarebothlargeandmustbedownloaded




frequently.

ApplicationscanbesignificantlyslowedbytheneedtoretrievethelatestCRLfromaheavilytaxeddirectoryserver(orotherdistributionpoint).

Thereexistsacompromisebetweenalwaysbeingup-to-date,versustheriskoffalsecertificateacceptance.


the iso/osi security architecture cits3002 computer networks · the iso/osi security architecture...

Documents