Worksheet 09: PKI | Computer Security (Fall 2024)

Worksheet 09: PKI

Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single PDF document. Be sure to properly label each question.

  1. What is key management?

  2. Why do public-key cryptography, on its own, not provide authenticity/integrity?

  3. How do public-key certificates address the challenges of authenticity of public keys? How is trust determined in these certificates? (Your answer should include “certificate authorities” (CAs))

  4. What steps should a CA take before issuing a certificate? And provide an example of how each of these can be verified.

  5. What is a certificate chain? And when are they used? Provide an organizational example.

  6. What is a self-signed certificate and why, typically, they are considered untrusted except for known CAs?

  7. What is the difference between a DV, OV, and EV certificate in HTTPS/TLS?

  8. Find two websites, one with an EV and one with just a DV certificate. How does your browser display these certificates differently, if it at all?

  9. Do some research on your own to determine why do you think EV certificates were de-emphasized in browsers? Here’s a hint.

  10. There’s a great website for comparing browser behavior for different SSL certificates and other errors: badssl.com. Provide a brief comparison of some of the browser features to warn users of different states between a valid SSL and that of plain HTTP (no TLS)

  11. What is certificate transparency, and why is it important? Read about it on Wikipedia.

  12. S/MIME is a PKI system for sending authenticated and encrypted email. And you’re going to use it send me an encrypted email! But it will take a bit of work.

    First, you will need to create a S/MIME certificate for your email and have that certificate signed by a trusted certificate authority (CA). You should use your school email address for this, e.g., the one @gwu.edu. You are free to choose whatever CA you wish and tthere are options you can (and should) find that cost no money. I recommend this one:

    https://extrassl.actalis.it/portal/uapub/freemail?lang=en

    After you do that … you’ll need to do some work to figure out how to do this on your system. That’s kind of the point of this exercise. Note that you cannot use the school GMail for this as it is not configured for S/MIME. Instead, I recommend using Outlook, which is incldued as part of Office 360 package from school.

    Once you think you have this setup, send me an email with the subject S/MIME: YOUR FULL NAME where YOUR FULL NAME is your full name and include your certificate as an attachment. I will reply and do the same. Then, on the third email, send me an encrypted email now that you have my public key. I will reply with an encrypted email as well.

    To answer this part, include the encrypted email message I sent to you in your submission, and also 2-3 sentences reflecting on this process. Do you think this was easy or hard? Could you convince your friend without a CS background to do this?