Cybersecurity - Week 4 - Certificates

Ace your homework & exams now with Quizwiz!

What is the root CA?

A root CA can certify itself by signing on its own public key using its private key so as to produce a self-signed certificate.

Illustrate the certificate issuing process

1. Alice sends certificate request with a. public key of Alice b. Signature of Alice (Alice's signature on her public key) c. Alice identity 2. CA checks Alice identity 3. CA verifies Alice's request using - public key of Alice - Signature of Alice using Alice's claimed public key (CA verifies Alice signature using Alice's public key) (If the signature is valid, CA assures that Alice knows PriKey of alice because otherwise she won't be able to generate the signature)

Illustrate the certificate verification process

1. Bob wants to use Alice's public key 2. He obtains Alice's certificate 3. Bob verify Alice's certificate by checking if the certificate has expired. Then verify the CA signature with the PK of CA (Repeat 3 until we reach root CA) 4. Check Alice's certificate against the latest certificate revocation list signed by CA

A certificate is an authoritative binding between an ______ and the _____'s _______ key

A certificate is an authoritative binding between an entity and the entity's public key.

In the certificate issuing process, why does Alice sign on her public key using her private key?

Because Alice sends the public key and the signature over to CA in the certificate issuing process, when CA verifies the signature against Alice public key, it means that Alice public key is indeed Alice's. If the public key is wrong, the verification would fail because the signature was signed using the private key of Alice and can only be verified using Alice's public key.

What does CA sends back after verifying that both the idenitity and signature of Alice is correct?

CA encrypts the certificate of Alice with Alice's public key and sends it back to Alice

What is the difference between CA's signature and thumbprint?

CA's signature authenticates the subject's public key --- binds the subject's identity and its key Thumbprint is used for exchanging and storage (in a database) of key information. It is an encoded, hexadecimal string

CRL is issued _________ (time)

CRL is issued periodically

In brief, what information does the digital certifiate contain?

Certificates contains information about public key, identity of its owner (called subject), information about the CA (issuer) and the CA's digital signature over the certificate content

How does one ensure that the public key contained in the certificate is able to be used for secure communication purposes?

Have to verify if the signature of the certificate is valid.

What are the two properties achieved when CA signs the certificate? Explain.

Integrity and authenticity. When CA signs over the information using it's private key, unless someone else has the private key, nobody can tamper with the information anymore.

What is the term used for "CA" in digital certificate?

Issuer

Describe the availability problem

In a hybrid encryption, the sender uses AES to encrypt the message using the shared key - C1. The sender then uses RSA to encrypt the shared key with the recipient's public key - C2. The availability problems comes when an attacker replaces the public key of the recipient which causes the recipient to be unable to decrypt C2 to get the shared key to decrypt C1. Ie to say, the recipient cannot even see the message.

What does the "Validity Period" in the public key certificate components contains?

Starting and ending date/time

Security originates from?

Security originates from trust

Digital Certificate

Signature over a public key

Who is the subject in the context of TLS certificates?

The certificate subject is typically a computer, server or other devices

Who is the subject in the context of email certificates?

The certificate subject is typically a person or an organization

Getting a certificate is not free (T/F)

True. It is not free and it comes at a price.

What happens if someone replaces the digital certificate?

Verification won't check out because identities are different

What happens when someone modifies the digital certificate?

Verification won't check out because signature is different

What is certificate revocation?

When Alice wants to revoke her certificate in the event her private key was compromised, lost or ID of alice changes (e.g. resigns from her organization)

What is the term used for "Owner" in digital certificate?

Subject

A root CA is trusted in a sense that it does NOT need to be certified by any other CA (T/F)

True

Modern browsers are pre-installed with certificates signed by trusted CAs (T/F)

True

Root CA is the final trusted origin because security has to originate from somewhere and it originates from trust. (T/F)

True

Users can manually add/delete root CA certificates (T/F)

True

What does the "CA's signature" in the public key certificate components used for?

Used to verify the validity of the certificate. The signature is computed upon all the certificate data

How can the sender get the genuine public key of the recipient? (To address the availability problem)

Using public key certificate (Digital certificate)

CA keeps a list called "certificate revocation list" or CRL in short. What does this list contain?

- Signature algorithm - CA identity info - Last update - Next update - Serial number of list of certificates which has been revoked - CA signature

(Public key certificate) Mandatory components (X.509 standard)

1. Version number 2. Serial Number 3. Subject identifier: the public key owner's unique name 4. Issuer's identifier: the CA's unique name 5. Owner's public key info: values of public key 6. Validity period: starting and ending date/time 7. CA's signature: used to verify the validity of the certificate. The signature is computed upon all the certificate data 8. Thumbprint

What is the Certificate Revocation List (CRL)?

A CRL is a signed list of certificates issued by CA, which contains the serial numbers of revoked certificates. CRL is issued periodically

Who are CA (Certification Authority)?

A trusted third party that issues public key certificates to users. CA must be trusted

How can Bob verify Alice's certificate in a certificate verification process?

Bob has to verify all CA's certificates along the chain (bottom-up), until the root CA's certificate. Then, he decides whether the root CA is trustworthy

Digital certificate proves the __________ of the _______ key

Digital certificate proves the ownership of the public key

In the certificate issuing process, if both (identity and signature) are correct, CA issues a certificate for Alice's _____ and her _____ ____ with CA's signature

In the certificate issuing process, if both (identity and signature) are correct, CA issues a certificate for Alice's identity and her public key with CA's signature

Example of CA locally and worldwide

Singapore's Netrust Verisign Worldwide

What does the "Issuer's identifier" in the public key certificate components contains?

The CA's unique name

What does the "Subject Identifier" in the public key certificate components contains?

The public key owner's unique name. Also contains: Identify information such as IP address, email address

Why do we need CA's signature in the digital certificate?

To ensure information (Alice identity and public key) cannot be tampered/modified.

What does the "Owner's public key info" in the public key certificate components contains?

values of public key


Related study sets

Chapter 14: Depressive Disorders

View Set

Forensics and Security Ch. 11,14,15,16

View Set

Economic Factors and Business Information

View Set

ENY3005L Collection and Curation Techniques

View Set

Chapter 1 - The Management Process Today

View Set

Chapter quiz(attempt #2): Casualty - Tennessee laws and rules, to all

View Set