Paper Example on Digital Certificates

2021-05-25
5 pages
1119 words
University/College: 
Type of paper: 
Essay
logo_disclaimer
This essay has been submitted by a student.
This is not an example of the work written by our professional essay writers.

Digital Certificates offer a means of proving identity in electronic transactions. They provide information of an identity as well as other supporting information. They also offer support for public key cryptography because they contain the public key of the entity identified in the certificate. In creating digital key, a unique cryptographic key is generated. One of the keys is referred to as a private key and the other as a public. Digital certificates are issued by an authority, referred to as the Certification Authority. The Certification Authority guarantees the validity of the information.

Trust banner

If this sample essay on"Paper Example on Digital Certificates" doesn’t help,
our writers will!

Certification Authorities

The Certificate Authority (CA) is a trusted entity that is responsible for issuing public-private pairs and Digital Certificates. The main role of CA is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. The CA performs three functions. First, CA verifies the identity. It must validate the identity of the entity which requested a digital certificate before granting it. Second, CA issues Digital Certificates. Once the validation process is over, the CA issues the Digital Certificates to the entity who requested it. Third, Certificate Authority maintains the Revocation List. Revocation List is the list of invalid digital certificates which have been provoked.

Revocation Lists

Revocation List is the list of invalid digital certificates which have been provoked. Every entity has the right to demand the early revocation of the digital certificate, if the client feels that the private key was misused. A client application such as a web browser can use revocation lists to check servers authenticity. Also, a server application can use a revocation list to deny access to clients that are no longer trusted. Besides, Digital certificates are revoked for many reasons. Firstly, if the CA realized that it has improperly issued a certificate, it may revoke the certificate. Secondly, if the CA discovers that the certificate is counterfeit, it will revoke. Thirdly, the main reason for Digital Certificate revocation is compromised certificates private key. Lastly, Digital certificate is revoked if the certificate owner no longer owns the domain which it was issued.

How and why the use of digital certificates confirms that a server is indeed the correct server when an SSL or TLS session is created

Secure Socket Layer (SSL) is a technology for establishing an encrypted link between a client and a server allows sensitive information such as login details to be transmitted securing over the Internet. Typically, data sent between a web server and browsers are in plain text format, so the data are vulnerable to eavesdropping. If an intruder is able to intercept the data being transmitted between a web server and a browser, they can manipulate and use that data.

All web browsers have the capability to interact with secured web servers using the SSL protocol technology. However, the web browser and server require an SSL Certificate to be able to establish a secure connection. An SSL Certificate has a public and private key which work together to establish an encrypted connection.

When an SSL session, is created, the client wishes to talk to the server. It sends a message which contains a list of encryption algorithms the client supports. The server responds by providing which encryption algorithms will be used, and then it sends its Digital Certificate. The client will then verify that certificate and obtain the server public key from it. Next, the client generates a random value, and then encrypts it with the obtained public key. The client sends the encrypted random value to the server. Then the server decrypts the message and extracts secret keys for Message Authentication Code (MAC) and symmetric encryption. The client also performs the same computation. In the next step, the client sends a message for verification, which is encrypted and authenticated by MAC. The Server verifies that message and sends its own message in response. At that stage, both the server and client have the symmetric keys required and they both know the handshake has succeeded. However, if an SSL session is about to be established with a server with invalid Digital Certificate, the SSL session is not established.

Do you believe the use of SSL and/or TLS is generally sufficient for securing most private transactions today? Why or why not?

I believe the use of SSL or TLS is not sufficient for securing most private transactions today because it has been found to be weaker with the disclosure of a new attack that could allow attackers to steal sensitive data. The new attack dubbed Bar-MitzVah which exploits the invariance weakness which is the weak key pattern used in RC4 keys that can leak plain text from SSL traffic (The Hacker News,2016). Am worried about the renegotiation weakness described in the EKR (2009) blog item because there are numerous potential attacks which exploit the SSL handshake to exhaust server resources. For instance, the SSL-DOS accomplishes this by sending garbage data to a server. Besides, digital certificates are used by malicious intruders to conduct man- in-middle over the secured SSL,tricking users into thinking they were on a legitimate website while in the reality, their SSL traffic is being intercepted and secretly tampered with for malicious purposes.

What is the weakest point in the internal organizational process of creating, using, and storing digital certificates?

Typical organization must have an associated directory or database. An associated directory use a directory access protocol called LDAP. LDAP is the weak point of any organization. It stores information about certificates and their certificate holder. The Comondo Company was the first organization to suffer a LPAD attack (The Hacker News, 2016). High managers revealed that their database had been compromised in March 16th 2011.

What are the implications for the users of digital certificates generally?

Digital certificates offer a number of services to users. They provide protection against unauthorized access and interception by attackers. They also offer integration to back-end existing databases to accommodate automatic verification to the data registration. However, when Certificate Authority is compromised, there are different consequences to the organization these CAs. First, the attacker can impersonate a legitimate organization by issuing a fake certificate with the aim of stealing sensitive data such as logging details, credit card details, among others. Second, legitimate organizations who had their digital certificate issued by the compromised CAs, found themselves with an invalid SSL certificate, which caused added downtime, confusion, among others. Third, a malicious intruder can impersonate a software update service through a service such as a certificate impersonation and DNS hijack. Through this impersonation, the operating system will take the update as if it was from the provider and happily install it.

Reference

@. (2016). The Hacker News - Cyber Security, Hacking News. Retrieved November 17, 2016, from http://thehackernews.com/

notification
If you want discreet, top-grade help, order a custom paper from our experts.

If you are the original author of this essay and no longer wish to have it published on the SuperbGrade website, please click below to request its removal: