mccaffery_a24

docx

School

University of Rhode Island *

*We aren’t endorsed by this school

Course

434

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by EarlBraveryPheasant31

Report
Full Name CSF 434/534 - Assignment#24 Spring 2020 Question 1: ----------- PKI - Public Key Infrastructure. Provides all the components necessary for different types of users and entities to be able to communicate securely and in a predictable manner Certificate - The digital structure that keys are carried on. RA - Registration authorities require proof of identity from the individual requesting a certificate and will validate this information CA - Certificate authorities digitally sign the certificate using its private key CRL - Certificate Revocation List. A list of serial numbers of certificates that have been revoked. OCSP - Online Certificate Status Protocol . Protocol used for online revocation services . Question 2: ----------- Version number - Identifies the version of the X.509 standard that was followed to create the certificate; indicates the format and fields that can be used. Subject Specifies the owner of the certificate. Public key - Identifies the public key being bound to the certified subject; also identifies the algorithm used to create the private/public key pair. Issuer - Identifies the CA that generated and digitally signed the certificate. Serial number - Provides a unique number identifying this one specific certificate issued by a particular CA. Validity - Specifies the dates through which the certificate is valid for use. Certificate - usage Specifies the approved use of the certificate, which dictates intended use of this public key. Signature algorithm - Specifies the hashing and digital signature algorithms used to digitally sign the certificate.
Extensions - Allows additional data to be encoded into the certificate to expand the functionality of the certificate. Question 3: ----------- This image is depicting a Public Key Infrastructure. The SSL key has the public key information of an individual and this certificate has a CA signature on it to validate it came from a trusted organization. All of the services use the public key to securely communicate with the owner. Question 4: ----------- This is illustrating a hierarchical trust model. This works by validating the other’s certificate in order to communicate between users in a trust domain.Each certificate for each CA, all the way up to a shared trusted anchor, also must be validated. Question 5: ----------- This is illustrating a peer to peer trust model. A peer to peer trust model works by end-entities looking to their issuing CA as their trusted anchor, but the different CAs will not have a common anchor. The two different CAs will certify the public key for each other, which creates a bidirectional trust. Question 6: ----------- This is illustrating a Hybrid Trust Model. This works by each company having their own internal hierarchical models but are also connected through a peer- to-peer model using cross-certification. Question 7: ----------- This illustrates Certificate Chaining. This works by going down a chain of trust from one certificate to another which goes off signing by an issuer. Question 8: -----------
The pros of Key Escrow are it provides a method of obtaining a key in the event that the key holder is not available and solves many problems resulting from an inaccessible key. The cons are that if Key Escrow has to involve an outside agency it can negatively impact the security provided by encryption. Question 9: ----------- 1. End-entity certificates - issued by a CA to a specific subject, such as a specific individual, the Accounting department, or a firewall 2. CA certificates - can be self-signed, in the case of a stand-alone or root CA, or it can be issued by a superior CA within a hierarchical model 3. Cross-certification certificates - used when independent CAs establish peer-to-peer trust relationships 4. Policy certificates - - provide centrally controlled policy information to PKI clients Question 10: ----------- RFC 5280 is a RFC describing Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) . Question 11: ----------- The two ASCII tags that a file with a PEM always contain are BEGIN CERTIFICATE and END CERTIFICATE.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

IDS 402 6-2 Activity Reflection Society.docx
Ethical Hacking-Assignment 14.docx
CYB-515- Benchmark - Business Continuity Plan (BCP) – Phase 1.docx
Topic 5- Application_of_Security_Principles_Presentation.pptx
CYB 515- Principles of Cybersecurity Reference Guide.docx
Customer interviews team submission - assignment template (2).docx
Touchstone Task 2.1_ Planning Network Printer Connectivity Questions.docx
Touchstone Task 2.2_ Planning IP Address Assignments Questions.docx
Touchstone Task 3_ Planning a Wireless Infrastructure Questions.docx
D077 Module 5 Study questions.docx
Recovery Plan Outline.docx
Week 5 Reflection.docx