3. (24 points) Compare the following schemes for obtaining Bob\'s public key, in
ID: 3709530 • Letter: 3
Question
3. (24 points) Compare the following schemes for obtaining Bob's public key, in terms of bandwidth and computation efficiency, security, flexibility, and any other criteria you can think of: a. (4 points) downloading Bob's key from the node located at a particular IP address (via an unauthenticated interaction) b. (4 points) looking up Bob's key in a directory via an unauthenticated interaction c. (4 points) having an authenticated conversation tothe directory d. (4 points) having the directory sign the information you request e. (4 points) storing and retrieving certificates from the directory f. (2 points) having no directory but having each principal responsible for keeping it own certificate and sending it to someone who needs to talk to it.Explanation / Answer
Solution:
a)
Downloading Bobk key from whatever response to what is believed to be his IP address. If someone can intercept traffic sent to Bob's IP address, they can give Alice (roe requester) the wrong public key. However; the advantage of this scheme is that in order for Alice and Bob to communicate, only Alice and Bob need to be available—no directory, no KDC, etc. This is computationally cheap since there is no authentication required to obtain Bob's public key.
b)
Looking up Bob's key in a directory via an unauthenticated interaction. If someone breaks Into the directory, they can install incorrect information. They can also impersonate the directory through various means, and give out faulty Information, even if they can't actually break into the directory. This is computationally cheap since there is no authentication required to obtain Bob's public key
c)
Authenticated interaction with the directory Now nobody can impersonate the directory. but the directory is an on-line trusted thing, so if someone were to compromise the directory, they could subvert security.
d)
Having the directory sign the information you request. Similar security properties to above (authenticated interaction with the directory), but it means that Bob can obtain signed info, elation from the directory and send it to Alice, rather than having everyone that wants to talk to Bob have to carry on an authenticated exchange with the directory
e)
Storing and retrieving cells from the directory This is more secure because the trusted party can be off-line. Compromising the directory can be at worst a denial of service.
f)
Having each principal keep its own certificate. This might make chain-building difficult. unless there was a globally agreed-upon root, in which case everyone could keep the complete chain from the root to themselves. It Is less flexible since Bob has to be available for Alice to obtain his cert before she can do something like composing an encrypted message for him.
I hope this helps if you find any problem. Please comment below. Don't forget to give a thumbs up if you liked it. :)
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.