I: Answer the following questions. (1*6=6 pts) 1. What is Public key infrastructure (PKI)? 2. List...

1.Public key infrastructure (PKI)

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.

The PKI role that may be delegated by a CA to assure valid and correct registration is called a registration authority (RA). Basically, an RA is responsible for accepting requests for digital certificates and authenticating the entity making the request.

2.The Four Stages of a Certificate Life Cycle

Digital certificates are electronic credentials that are used to authenticate the identities of individuals or devices using a particular network. It’s helpful to think of certificates with a similar functionality as a passport or driver’s license. While these official documents are issued and confirmed by governments to authenticate an identity, a digital certificate is issued and confirmed by a certificate authority (CA) to authenticate an identity .

Passwords rely on words or phrases created by the user, but certificates utilize public-private key encryption to encrypt information sent over-the-air and are authenticated with EAP-TLS, the most secure authentication protocol. Certificates offer far more advantages to IT departments and users alike, as they are easier to use and far more secure than credential based authentication.

However, even certificates are not valid forever.They go through a life cycle that is heavily influenced by an organization’s preferences. While there is some variation, generally speaking the four stages of a certificate are:

1. Certificate Enrollment
2. Certificate Distribution
3. Certificate Validation
4. Certificate Revocation

3.Three PKI trust models that use CA  

1. Herarchical trust model
2. Distributed trust model
3. The bridge trust model

4. S/MIME protocol

  S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted method (or more precisely, a protocol) for sending digitally signed and encrypted messages. S/MIME allows you to encrypt emails and digitally sign them.

When you use S/MIME with an email message, it helps the people who receive that message to be certain that what they see in their inbox is the exact message that started with the sender. It will also help people who receive messages to be certain that the message came from the specific sender and not from someone pretending to be the sender. To do this, S/MIME provides for cryptographic security services such as authentication, message integrity, and non-repudiation of origin (using digital signatures). It also helps enhance privacy and data security (using encryption) for electronic messaging. For a more complete background about the history and architecture of S/MIME in the context of email, see Understanding S/MIME.

5.DDOS

It is one of the least complicated attacks that a hacker can pull off. Basically the goal is to shut down a webserver or connection to the internet. Hackers accomplish this by flooding the server with an extremely large amount of traffic.

It would be like taking a wide open freeway and packing it full of the worst rush hour traffic you could imagine. Every connection to and from the freeway would grind to a halt. This would make visiting the website (or the road) next to impossible, or at the least extremely slow! In some cases, the server might overload and shut down completely.

When this happens, it doesn’t mean that the website was necessarily hacked. It just means that the website was kicked off the internet for a period of time. This may not sound like that big of a deal, but if your company relies heavily on its online presence, this interruption of service could take a huge cut out of profits.