Security + Computer System Security

DCOM 258 E31

Name: Shaamim Ahmed
Chapter 14: PKI & Encryption Protocols
Part # 1

Define the following Key Terms (12 points)

1. Certificates
Certificates are digitally signed electronic documents that bind a public key with a user
identity.
2. X.509
X.509 certificate has access to multiple resources, possibly in multiple locations.
Although difficult, X.509 certificates that use MD5 and SHA-1 hashes can be
compromised. For organizations worried about extremely resourceful hackers, a more
powerful hashing algorithm such as SHA-2 should be implemented with the certificate.
X.509 is the core of the PKIX, which is the IETFs Public Key Infrastructure (X.509)
working group. Components of an X.509 certificate include the following:
Owner (user) information, including their public key
Certificate authority information, including their name, digital signature, serial
number, issue and expiration date, and version
3. Certificate authority (CA)
A certificate authority (CA) is the entity (usually a server) that issues certificates to users.
In a PKI system that uses a CA, the CA is known as a trusted third party. Most PKI
systems use a CA. The CA is also responsible for verifying the identity of the recipient of
the certificate.
4. Registration authorities (RA)
Registration authorities are used to verify requests for certificates.
An RA might also be used if the organization deals with several CAs.
5. Certificate revocation list (CRL)
A list of certificates no longer valid or have been revoked by the issuer
Could be revoked due to theft, unspecified certificates, or key compromise
6. Online Certificate Status Protocol (OCSP)
Contains less information than a CRL and does not require encryption
7. Key escrow
When certificate keys are held in the case that third parties such as government or
other organizations need access to encrypted communications
8. Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) A cryptographic protocol that provides secure Internet
communications such as web browsing, instant messaging, e-mail, and VoIP.
9. Transport Layer Security (TLS)
Transport Layer Security (TLS) is the successor to SSL. Provides secure Internet
communications. This is shown in a browser as HTTPS.

Security + Computer System Security

DCOM 258 E31

10. Secure Shell (SSH)

Secure Shell (SSH) is a protocol that can create a secure channel between two computers
or network devices, enabling one computer or device to remotely control the other.
Designed as a replacement for Telnet, it is commonly used on Linux and Unix systems,
and nowadays also has widespread use on Windows clients. It depends on public key
cryptography to authenticate remote computers.
11. Web of Trust
A decentralized trust model that addresses issues associated with the public
authentication of public keys common to CA-based PKIs.
Is peer-to-peer.
This model is used by PGP.
12. Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME is an IETF standard that provides cryptographic security for electronic
messaging such as e-mail.
13. Point-to-Point Tunneling Protocol (PPTP)
A protocol used in virtual private networks
Encapsulates PPP packets, ultimately sending encrypted traffic
Uses port 1723
14. Layer 2 Tunneling Protocol (L2TP)
Also used in VPNs
Creates an unencrypted tunnel if used by itself, or an encrypted one with the aid
of IPsec
Often uses a PKI
15. Internet Protocol Security (IPSEC)
Authenticates and encrypts IP packets, effectively securing communications between the
computers and devices that use this protocol
16. Security Association (SA)
The establishment of secure connections and shared security information, using either
certificates or cryptographic keys.
17. Authentication Header (AH)
Offers integrity and authentication
18. Encapsulated Security Payload (ESP)
Provides integrity, confidentiality, and authenticity of packets
Part # 2: Short Answers (8 points)
1. Discuss the following concepts: (3)

Security + Computer System Security

DCOM 258 E31
A.

B.

C.

Single-sided certificates
When the server validates itself to recipients of the certificate, for
example, users who access the website
Dual-sided certificates
The server and the user validate their identities
Works well when a limited amount of computers and sessions are involved
Web of trust
A decentralized trust model that addresses issues associated with the
public authentication of public keys common to CA-based PKIs.
Is peer-to-peer.
This model is used by PGP.

2. Discuss the following concepts: (3)

A.
Secure/Multipurpose Internet Mail Extensions S/MIME
Originally developed by RSA Security, Secure/Multipurpose Internet Mail
Extensions (S/ MIME) is an IETF standard that provides cryptographic security
for electronic messaging such as e-mail. It is used for authentication, message
integrity, and non-repudiation of origin. Most e-mail clients have S/MIME
functionality built-in. S/MIME uses a separate session key for each e-mail
message.
B.

Secure Sockets Layer and Transport Layer Security (SSL and TLS)
Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are
crypto- graphic protocols that provide secure Internet communications such as
web browsing, instant messaging, e-mail, and VoIP. These protocols rely on a PKI
for the obtaining and validating of certificates.
Many people refer to the secure connections they make to websites as SSL, but
actually some of these will be TLS. The last version of SSL, version 3, was
released in 1996. TLS is a more secure solution; version 1 of TLS supersedes
SSLv3. As of the writing of this book, the latest version of TLS is 1.2 (defined in
2008).

C.

Secure Shell (SSH)

Secure Shell (SSH) is a protocol that can create a secure channel between two
computers or network devices, enabling one computer or device to remotely
control the other. Designed as a replacement for Telnet, it is commonly used on
Linux and Unix systems, and nowadays also has widespread use on Windows
clients. It depends on public key cryptography to authenticate remote computers.
One computer (the one to be controlled) runs the SSH daemon, while the other
com- puter runs the SSH client and makes secure connections to the first
computer (which is known as a server), as long as a certificate can be obtained
and validated.

3. What is Internet Protocol Security (IPsec)? (5)

Security + Computer System Security

DCOM 258 E31

Authenticates and encrypts IP packets, effectively securing communications

between the computers and devices that use this protocol
Uses three protocols: SA, AH, and ESP
Secure Association (SA)
o The establishment of secure connections and shared security information,
using either certificates or cryptographic keys
Authentication Header (AH)
o Offers integrity and authentication
Encapsulating Security Payload (ESP)
o Provides integrity, confidentiality, and authenticity of packets

4. List the three protocols that use IPsec and define them (8)
Uses three protocols: SA, AH, and ESP
Secure Association (SA)
o The establishment of secure connections and shared security information,
using either certificates or cryptographic keys
Authentication Header (AH)
o Offers integrity and authentication
Encapsulating Security Payload (ESP)
o Provides integrity, confidentiality, and authenticity of packets