Privacy In Network And Security Analysis
VerifiedAdded on 2022/08/12
|18
|3836
|20
AI Summary
Will need expert with strong IT and security background for this Homwork
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: - PRIVACY IN NETWORK
PRIVACY IN NETWORK
Name of the Student
Name of the University
Author Note
PRIVACY IN NETWORK
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1PRIVACY IN NETWORK
Table of Contents
1. Question-1..............................................................................................................................2
1.1 Part- (a).............................................................................................................................2
1.2 Part- (b)............................................................................................................................3
2. Question-2..............................................................................................................................4
2.1 Part- (a).............................................................................................................................4
2.2 Part- (b)..........................................................................................................................10
2.3 Part- (c)...........................................................................................................................11
2.4 Part- (d)..........................................................................................................................12
2.5 Part- (e)...........................................................................................................................13
3. References............................................................................................................................15
Table of Contents
1. Question-1..............................................................................................................................2
1.1 Part- (a).............................................................................................................................2
1.2 Part- (b)............................................................................................................................3
2. Question-2..............................................................................................................................4
2.1 Part- (a).............................................................................................................................4
2.2 Part- (b)..........................................................................................................................10
2.3 Part- (c)...........................................................................................................................11
2.4 Part- (d)..........................................................................................................................12
2.5 Part- (e)...........................................................................................................................13
3. References............................................................................................................................15
2PRIVACY IN NETWORK
1. Question-1
1.1 Part- (a)
List 3 problems with X.509.
Answer:
Within the field of cryptography, X.509 refers to a standardised definition for the
purpose of format in relation to the public key certificates. This particular format finds its
usage in multiple internet protocols having the inclusion within TLS/SSL, which has a
complete dependency upon HTTPS that is a secure protocol used for the purpose of
browsing1. In addition to this, X.509 is also utilized in offline applications such as the like of
electronically working signatures. However, their usage has a lot of problems directly
associated with the utilization as well as implementation. The problems are,
Architectural problems- situations where the client has the complete trust upon the
certificates in case the CRLs are readily available, there is a possibility for the client
to lose the capability for making the PKI attractive offline. As a reason, most of the
clients have trust issues with the availability of the CRLs. However, in case the hacker
gets in control of the communication channel, there is also the possibility of the CRL
getting disabled.
Certificate authorities problem- mostly, the clients opt for issues that readily offer
with the cheapest of the certificates in this regard. As a reason, the quality of the
certificates are compromised highly leading to the security that is provisioned by the
X.509 certificate.
1 Zink, Thomas, and Marcel Waldvogel. "X. 509 user certificate-based two-factor authentication for web
applications." (2017).
1. Question-1
1.1 Part- (a)
List 3 problems with X.509.
Answer:
Within the field of cryptography, X.509 refers to a standardised definition for the
purpose of format in relation to the public key certificates. This particular format finds its
usage in multiple internet protocols having the inclusion within TLS/SSL, which has a
complete dependency upon HTTPS that is a secure protocol used for the purpose of
browsing1. In addition to this, X.509 is also utilized in offline applications such as the like of
electronically working signatures. However, their usage has a lot of problems directly
associated with the utilization as well as implementation. The problems are,
Architectural problems- situations where the client has the complete trust upon the
certificates in case the CRLs are readily available, there is a possibility for the client
to lose the capability for making the PKI attractive offline. As a reason, most of the
clients have trust issues with the availability of the CRLs. However, in case the hacker
gets in control of the communication channel, there is also the possibility of the CRL
getting disabled.
Certificate authorities problem- mostly, the clients opt for issues that readily offer
with the cheapest of the certificates in this regard. As a reason, the quality of the
certificates are compromised highly leading to the security that is provisioned by the
X.509 certificate.
1 Zink, Thomas, and Marcel Waldvogel. "X. 509 user certificate-based two-factor authentication for web
applications." (2017).
3PRIVACY IN NETWORK
Implementation issues- multiple implementations of the X.509 lead to the fact of
turning off the revocation checks that leads to the fact of making the possibility of the
browser stronger2. In addition to this, within X.509 name as well as policy constraints
are not readily supported.
1.2 Part- (b)
There are other certificates as below. Please investigate and explain that what the
applications of these certificates is.
• Attribute Certificates
• CV Certificates
• PGP Certificates
• WAP Certificate
• SPKI Certificates
Answer:
1. Attribute Certificates- this commonly refers to an electronically existing certificate
upon which the message is digitally signed with the help of some recognized third
party organization having the inclusion of some content that is tied to certain
attributes3. The attributes refer to the likes of properties or might as well as
characteristics that have the potential to determine the existing appearance along with
the state and the other existing qualities belonging to the particular entity of an ID.
The users utilize this certificate to have a legal identity.
2 Forsby, Filip, et al. "Lightweight x. 509 digital certificates for the internet of things." Interoperability, Safety
and Security in IoT. Springer, Cham, 2017. 123-133.
3 Karthikeyan, S., Rizwan Patan, and B. Balamurugan. "Enhancement of security in the Internet of Things (IoT)
by using X. 509 authentication mechanism." Recent Trends in Communication, Computing, and Electronics.
Springer, Singapore, 2019. 217-225.
Implementation issues- multiple implementations of the X.509 lead to the fact of
turning off the revocation checks that leads to the fact of making the possibility of the
browser stronger2. In addition to this, within X.509 name as well as policy constraints
are not readily supported.
1.2 Part- (b)
There are other certificates as below. Please investigate and explain that what the
applications of these certificates is.
• Attribute Certificates
• CV Certificates
• PGP Certificates
• WAP Certificate
• SPKI Certificates
Answer:
1. Attribute Certificates- this commonly refers to an electronically existing certificate
upon which the message is digitally signed with the help of some recognized third
party organization having the inclusion of some content that is tied to certain
attributes3. The attributes refer to the likes of properties or might as well as
characteristics that have the potential to determine the existing appearance along with
the state and the other existing qualities belonging to the particular entity of an ID.
The users utilize this certificate to have a legal identity.
2 Forsby, Filip, et al. "Lightweight x. 509 digital certificates for the internet of things." Interoperability, Safety
and Security in IoT. Springer, Cham, 2017. 123-133.
3 Karthikeyan, S., Rizwan Patan, and B. Balamurugan. "Enhancement of security in the Internet of Things (IoT)
by using X. 509 authentication mechanism." Recent Trends in Communication, Computing, and Electronics.
Springer, Singapore, 2019. 217-225.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4PRIVACY IN NETWORK
2. CV certificates- these kinds of certificates primarily refer to the digital certificates that
consists of all the relative data belonging to the individual user that are commonly
mentioned on a CV to provide with all the details necessary for a respective
organization to be in possession regarding an employee.
3. PGP Certificates- these certificates place forward the idea of a completely working
system meant for the purpose of cryptographic encryption of files as well as emails.
This certificates offers the users with the features of confidentiality, non-repudiation
as well as integrity of all the details that is mentioned with the PGP certificate.
4. WAP Certificate- this particular certificate refers to a wildcard certificate that can be
specifically utilized to publish multiple services that are web-based belonging to the
public internet4. Situations where there is a need for updating the publicised
certificate, all of the information can be updated at a single place with the help of
WAP certificates.
5. SPKI Certificates- this certificate was primarily developed for the purpose of
provisioning the business organizations to have all the details that are included in
different certificates to have a single certificate for all the purposes. This saves time as
well as revenue for the respective organizations utilizing this properly.
2. Question-2
2.1 Part- (a)
Public key cryptography can only be used in practice if users trust the authenticity of
public keys. There are different trust models.
• Direct Trust
4 Hedberg, Thomas D., Sylvere Krima, and Jaime A. Camelio. "Embedding x. 509 digital certificates in three-
dimensional models for authentication, authorization, and traceability of product data." Journal of computing
and information science in engineering 17.1 (2017).
2. CV certificates- these kinds of certificates primarily refer to the digital certificates that
consists of all the relative data belonging to the individual user that are commonly
mentioned on a CV to provide with all the details necessary for a respective
organization to be in possession regarding an employee.
3. PGP Certificates- these certificates place forward the idea of a completely working
system meant for the purpose of cryptographic encryption of files as well as emails.
This certificates offers the users with the features of confidentiality, non-repudiation
as well as integrity of all the details that is mentioned with the PGP certificate.
4. WAP Certificate- this particular certificate refers to a wildcard certificate that can be
specifically utilized to publish multiple services that are web-based belonging to the
public internet4. Situations where there is a need for updating the publicised
certificate, all of the information can be updated at a single place with the help of
WAP certificates.
5. SPKI Certificates- this certificate was primarily developed for the purpose of
provisioning the business organizations to have all the details that are included in
different certificates to have a single certificate for all the purposes. This saves time as
well as revenue for the respective organizations utilizing this properly.
2. Question-2
2.1 Part- (a)
Public key cryptography can only be used in practice if users trust the authenticity of
public keys. There are different trust models.
• Direct Trust
4 Hedberg, Thomas D., Sylvere Krima, and Jaime A. Camelio. "Embedding x. 509 digital certificates in three-
dimensional models for authentication, authorization, and traceability of product data." Journal of computing
and information science in engineering 17.1 (2017).
5PRIVACY IN NETWORK
• Web of Trust
• Hierarchical Trust
• Combining Trust Hierarchies
Explain
• The operation of each of them including their advantages and disadvantages. (one
paragraph for each)
• The application of each of them with one example
Answer:
Direct Trust
This particular mode of trust comes into existence when the user wants to carry out an
activity of validating the credentials belonging to a specific entity without having the reliance
upon any other existing entity. In regards to this particular scenario, there is no real
delegation of trust because of the fact that all of the relying parties are subordinate
constituents depending upon the trusted hierarchy5. All of such discussed entities gain the
particular trust by carrying out the association with all of the commonly existing entities that
have the primary responsible of entity authentication belonging to each individual entity.
The direct trust model has the shared existence within some of the common
architectures such as the like of PKI. The CA is considered to be the most common example
of trust related entity that carries out the originally existing entity authentications along with
the generation of all the necessary credentials that have a direct association with the entities.
5 Zhu, Wen-Tao, and Jingqiang Lin. "Generating correlated digital certificates: Framework and applications."
IEEE Transactions on Information Forensics and Security 11.6 (2016): 1117-1127.
• Web of Trust
• Hierarchical Trust
• Combining Trust Hierarchies
Explain
• The operation of each of them including their advantages and disadvantages. (one
paragraph for each)
• The application of each of them with one example
Answer:
Direct Trust
This particular mode of trust comes into existence when the user wants to carry out an
activity of validating the credentials belonging to a specific entity without having the reliance
upon any other existing entity. In regards to this particular scenario, there is no real
delegation of trust because of the fact that all of the relying parties are subordinate
constituents depending upon the trusted hierarchy5. All of such discussed entities gain the
particular trust by carrying out the association with all of the commonly existing entities that
have the primary responsible of entity authentication belonging to each individual entity.
The direct trust model has the shared existence within some of the common
architectures such as the like of PKI. The CA is considered to be the most common example
of trust related entity that carries out the originally existing entity authentications along with
the generation of all the necessary credentials that have a direct association with the entities.
5 Zhu, Wen-Tao, and Jingqiang Lin. "Generating correlated digital certificates: Framework and applications."
IEEE Transactions on Information Forensics and Security 11.6 (2016): 1117-1127.
6PRIVACY IN NETWORK
The primary difference of the direct trust model from the other models of trust is that this
model does not provision with the allowance of delegating the original entity authentication.
The advantage of the direct trust model is that the procedure for validating the
credentials is carried out by having no real inclusion of delegation ensuring with the fact of
high level of confidence within every individual entity that shares an association with the
implementation of trust6. On the contrary, the disadvantage that is associated with the direct
trust model is that this model might have the requirement of more labour as well as highly
expensive that the other models of trust that exist.
For example, within the procedure of direct trust model, OSCP responses are
potentially signed with the help of OSCP signing certificate belonging particularly to an
individual VA server. In regards to this, the signing certificate is not significantly included
within the OSCP response.
Web of Trust
Within the field of cryptography, Web of Trust is a model that consists of a concept
that finds the specific usage within the PGP, the GnuPG as well as the other existing
OpenPGP-compatible systems for establishing the originality within the compiling of public
key to that of the respective owner7. This particular model of trust is decentralized and is also
an alternative option to the centralized model of trust belonging to the public key
infrastructure having the complete reliance upon the certificate authority.
All existing OpenPGP-compliant and the relative implementations have the primary
inclusion of a certificate scheme to provision this with the required amount of assistance. The
6 Basu, Chandrayee, and Mukesh Singhal. "Trust dynamics in human autonomous vehicle interaction: A review
of trust models." 2016 AAAI Spring Symposium Series. 2016.
7 Hussein, Aya, Sondoss Elsawah, and Hussein Abbass. "Towards Trust-Aware Human-Automation Interaction:
An Overview of the Potential of Computational Trust Models." Proceedings of the 53rd Hawaii International
Conference on System Sciences. 2020.
The primary difference of the direct trust model from the other models of trust is that this
model does not provision with the allowance of delegating the original entity authentication.
The advantage of the direct trust model is that the procedure for validating the
credentials is carried out by having no real inclusion of delegation ensuring with the fact of
high level of confidence within every individual entity that shares an association with the
implementation of trust6. On the contrary, the disadvantage that is associated with the direct
trust model is that this model might have the requirement of more labour as well as highly
expensive that the other models of trust that exist.
For example, within the procedure of direct trust model, OSCP responses are
potentially signed with the help of OSCP signing certificate belonging particularly to an
individual VA server. In regards to this, the signing certificate is not significantly included
within the OSCP response.
Web of Trust
Within the field of cryptography, Web of Trust is a model that consists of a concept
that finds the specific usage within the PGP, the GnuPG as well as the other existing
OpenPGP-compatible systems for establishing the originality within the compiling of public
key to that of the respective owner7. This particular model of trust is decentralized and is also
an alternative option to the centralized model of trust belonging to the public key
infrastructure having the complete reliance upon the certificate authority.
All existing OpenPGP-compliant and the relative implementations have the primary
inclusion of a certificate scheme to provision this with the required amount of assistance. The
6 Basu, Chandrayee, and Mukesh Singhal. "Trust dynamics in human autonomous vehicle interaction: A review
of trust models." 2016 AAAI Spring Symposium Series. 2016.
7 Hussein, Aya, Sondoss Elsawah, and Hussein Abbass. "Towards Trust-Aware Human-Automation Interaction:
An Overview of the Potential of Computational Trust Models." Proceedings of the 53rd Hawaii International
Conference on System Sciences. 2020.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7PRIVACY IN NETWORK
procedural operation has been termed as Web of trust that is a primary model of trust within
the field of cybersecurity that can be utilized during the safety provision of a network8.
OpenPGP identities and the relative certificates that ate completely based upon the trust
model named as Web of trust can be digitally signed by the users who have endorsed the
association to that of the public key having a direct association with the entity that have been
kept on the list within the certificate. This entire activity is particularly carried out within the
key signing parties.
The primary advantage of Web of trust model is that it is considered to be the best
way for obtaining as well as distributing along with verifying the trusted PGP keys having the
inclusion of highest level of trust9. This also shares the fact that it will remain as the most
trustworthy model of trust. Publishing the keys related to PGP is widely the best known
secondary form of sharing the trustworthy keys with the end users within a network.
On the contrary, this model of trust does not provision with the allowance to millions
of users to carry out communication with the help of messages to physically meet with the
recipient who are in form of users10. In addition to this, there also lies no possibility for
millions of users of application software to meet the software developers in person to get hold
of the PGP public key for the procedure of verifying as well as trusting the usage of computer
systems.
Hierarchical Trust
8 Vaibhav, Akash, et al. "Security challenges, authentication, application and trust models for vehicular ad hoc
network-a survey." IJ Wireless and Microwave Technologies 3 (2017): 36-48.
9 Altaf, Ayesha, et al. "Trust models of internet of smart things: A survey, open issues, and future directions."
Journal of Network and Computer Applications 137 (2019): 93-111.
10 Yanco, Holly A., et al. "Methods for developing trust models for intelligent systems." Robust Intelligence and
Trust in Autonomous Systems. Springer, Boston, MA, 2016. 219-254.
procedural operation has been termed as Web of trust that is a primary model of trust within
the field of cybersecurity that can be utilized during the safety provision of a network8.
OpenPGP identities and the relative certificates that ate completely based upon the trust
model named as Web of trust can be digitally signed by the users who have endorsed the
association to that of the public key having a direct association with the entity that have been
kept on the list within the certificate. This entire activity is particularly carried out within the
key signing parties.
The primary advantage of Web of trust model is that it is considered to be the best
way for obtaining as well as distributing along with verifying the trusted PGP keys having the
inclusion of highest level of trust9. This also shares the fact that it will remain as the most
trustworthy model of trust. Publishing the keys related to PGP is widely the best known
secondary form of sharing the trustworthy keys with the end users within a network.
On the contrary, this model of trust does not provision with the allowance to millions
of users to carry out communication with the help of messages to physically meet with the
recipient who are in form of users10. In addition to this, there also lies no possibility for
millions of users of application software to meet the software developers in person to get hold
of the PGP public key for the procedure of verifying as well as trusting the usage of computer
systems.
Hierarchical Trust
8 Vaibhav, Akash, et al. "Security challenges, authentication, application and trust models for vehicular ad hoc
network-a survey." IJ Wireless and Microwave Technologies 3 (2017): 36-48.
9 Altaf, Ayesha, et al. "Trust models of internet of smart things: A survey, open issues, and future directions."
Journal of Network and Computer Applications 137 (2019): 93-111.
10 Yanco, Holly A., et al. "Methods for developing trust models for intelligent systems." Robust Intelligence and
Trust in Autonomous Systems. Springer, Boston, MA, 2016. 219-254.
8PRIVACY IN NETWORK
The hierarchical model of trust is also known as the tree that consists of a root starting
from the CA present right on the top provisioning with all the information related to the
cybersecurity models in the field of computer networks. This particular presence is followed
by the CA that is present next to the hierarchy and only place forward with trusted
information provisioned by the root belonging to the CA11. Following this, the root belonging
to the CA carries out the trust upon the CAs that are present in the immediate level within the
same hierarchy. This particular arrangement provisions with an allowance of high level
controlling at differently existing levels belonging to the respective hierarchy tree.
This particular model of trust refers to the most common type of implementation that
finds the shared existence within the large sized organizations that has the wanting of
extending the individual certificates and the directly relatable processing capabilities. In
addition to this, the hierarchical models also placed forward with the allowance of having a
tighter control over the activities having the dependency upon the certification. Keeping all
this into consideration, it can be stated that within the hierarchical model of trust, all of the
CAs are assembled under a commonly existing root belonging to the CA, which particularly
carries out the activity of issuing the certificates belonging to the sub-category CAs12. The
entire hierarchical tree that has been designed in accordance to the hierarchical model of trust
is in possession of all the required number of certificates. All of the end users belonging to
this model of the tree build up a complete trust upon all the transactions that it carries out.
Combining Trust Hierarchies
This particular model of trust deals with the primary procedure of meeting the
demands placed by the users. In reference to this, the model of trust is commonly displayed
11 Yao, Xuanxia, et al. "Using trust model to ensure reliable data acquisition in VANETs." Ad Hoc Networks 55
(2017): 107-118.
12 Govindaraj, Priya, and N. Jaisankar. "A review on various trust models in cloud environment." Journal of
Engineering Science & Technology Review 10.2 (2017).
The hierarchical model of trust is also known as the tree that consists of a root starting
from the CA present right on the top provisioning with all the information related to the
cybersecurity models in the field of computer networks. This particular presence is followed
by the CA that is present next to the hierarchy and only place forward with trusted
information provisioned by the root belonging to the CA11. Following this, the root belonging
to the CA carries out the trust upon the CAs that are present in the immediate level within the
same hierarchy. This particular arrangement provisions with an allowance of high level
controlling at differently existing levels belonging to the respective hierarchy tree.
This particular model of trust refers to the most common type of implementation that
finds the shared existence within the large sized organizations that has the wanting of
extending the individual certificates and the directly relatable processing capabilities. In
addition to this, the hierarchical models also placed forward with the allowance of having a
tighter control over the activities having the dependency upon the certification. Keeping all
this into consideration, it can be stated that within the hierarchical model of trust, all of the
CAs are assembled under a commonly existing root belonging to the CA, which particularly
carries out the activity of issuing the certificates belonging to the sub-category CAs12. The
entire hierarchical tree that has been designed in accordance to the hierarchical model of trust
is in possession of all the required number of certificates. All of the end users belonging to
this model of the tree build up a complete trust upon all the transactions that it carries out.
Combining Trust Hierarchies
This particular model of trust deals with the primary procedure of meeting the
demands placed by the users. In reference to this, the model of trust is commonly displayed
11 Yao, Xuanxia, et al. "Using trust model to ensure reliable data acquisition in VANETs." Ad Hoc Networks 55
(2017): 107-118.
12 Govindaraj, Priya, and N. Jaisankar. "A review on various trust models in cloud environment." Journal of
Engineering Science & Technology Review 10.2 (2017).
9PRIVACY IN NETWORK
with the help of the Trust Pyramid that is commonly divided into five primary stages. The
five primary stages come into play whenever a user carries out certain communication with a
website where the developers or the owners of the website are entrusted with the sensitive
information that belongs to the users13. The users might provision their personal information
to the website because of various activities that lies to the interest of the respective end users.
The five levels of trust pyramid are,
Level 1: the baseline of the relevance with the fact that users can get their demands
met with the particular website and can build the trust that the information can be
provided to the website with assured security.
Level 2: interest as well as preference over the other existing options that might also
be relatable to the demands of the users. This also builds the trust within the users that
the website also has the inclusion of options in regards to the sensitive information
that is provisioned to the website.
Level 3: this is the level where the respective users trust the website with their
personal information getting hold of the assurance that their information shall be
safe14.
Level 4- the refers to the last level of trust within the trust pyramid where the users
keep a trust upon the website with all the financial as well as sensitive information
provisioned to the website for carrying out financial activities.
2.2 Part- (b)
Many Linux variants allow the installation of additional software such as updates or
services from servers located on the Internet. The authenticity of those software packages
13 Rashmi, M. R., and C. Vidya Raj. "A Review on Trust Models of Social Internet of Things." Emerging
Research in Electronics, Computer Science and Technology. Springer, Singapore, 2019. 203-209.
14 Bing, Wong Chiet, Khalil Md Nor, and Ahmad Jusoh. "EVALUATING AND INTEGRATING THE
MCKNIGHT’S TRUST RELATED MODELS." Jurnal Kemanusiaan 17.1-S (2019).
with the help of the Trust Pyramid that is commonly divided into five primary stages. The
five primary stages come into play whenever a user carries out certain communication with a
website where the developers or the owners of the website are entrusted with the sensitive
information that belongs to the users13. The users might provision their personal information
to the website because of various activities that lies to the interest of the respective end users.
The five levels of trust pyramid are,
Level 1: the baseline of the relevance with the fact that users can get their demands
met with the particular website and can build the trust that the information can be
provided to the website with assured security.
Level 2: interest as well as preference over the other existing options that might also
be relatable to the demands of the users. This also builds the trust within the users that
the website also has the inclusion of options in regards to the sensitive information
that is provisioned to the website.
Level 3: this is the level where the respective users trust the website with their
personal information getting hold of the assurance that their information shall be
safe14.
Level 4- the refers to the last level of trust within the trust pyramid where the users
keep a trust upon the website with all the financial as well as sensitive information
provisioned to the website for carrying out financial activities.
2.2 Part- (b)
Many Linux variants allow the installation of additional software such as updates or
services from servers located on the Internet. The authenticity of those software packages
13 Rashmi, M. R., and C. Vidya Raj. "A Review on Trust Models of Social Internet of Things." Emerging
Research in Electronics, Computer Science and Technology. Springer, Singapore, 2019. 203-209.
14 Bing, Wong Chiet, Khalil Md Nor, and Ahmad Jusoh. "EVALUATING AND INTEGRATING THE
MCKNIGHT’S TRUST RELATED MODELS." Jurnal Kemanusiaan 17.1-S (2019).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10PRIVACY IN NETWORK
is established by a digital signature. The verification of the signature requires a public key.
Investigate and explain in detail what is the process of Authentication and Verification of
those software packages. Which one of the trust model above id used for the public key
used in digital signature?
Answer:
The role of digital signatures while installing software packages have a direct relation
to the operating system upon which the particular software is getting installed15. As a result,
this method of verification and authentication varies depending upon the type of operating
system whether it is Linux or windows.
In Linux, mainly the software packages are signed utilizing the PGP and not by the
real author of that particular software, but with the help of the packager . The digitalized
signatures are kept within the packaged database with the containment of the rest of the
information belonging to that same package16. For example, if a .pg.tar.xz file is downloaded,
then the signature will be having the extension of .pkg.tar.xz.sig. As a result, the database can
be signed with the help of an automated process but is not signed.
The Linux on a primary basis carries out a verification procedure of the signature
against all of the publicly existing keys. However, if the user is not in possession of a public
key, the respective user is asked to specifically download such a key from the key server.
PGP makes proper utilization of the Web Trust algorithm. The validity of the public key
belonging to some user has a complete dependency upon the other users signing on that
15 Fritiofsson, Michaela, and Patrik Olsson. Trust models in vehicular ad-hoc networks: Towards an evaluation
and comparison. MS thesis. 2017.
16 Rawashdeh, Enas F., Inas I. Abuqaddom, and Amjad A. Hudaib. "Trust models for services in cloud
environment: A survey." 2018 9th International Conference on Information and Communication Systems
(ICICS). IEEE, 2018.
is established by a digital signature. The verification of the signature requires a public key.
Investigate and explain in detail what is the process of Authentication and Verification of
those software packages. Which one of the trust model above id used for the public key
used in digital signature?
Answer:
The role of digital signatures while installing software packages have a direct relation
to the operating system upon which the particular software is getting installed15. As a result,
this method of verification and authentication varies depending upon the type of operating
system whether it is Linux or windows.
In Linux, mainly the software packages are signed utilizing the PGP and not by the
real author of that particular software, but with the help of the packager . The digitalized
signatures are kept within the packaged database with the containment of the rest of the
information belonging to that same package16. For example, if a .pg.tar.xz file is downloaded,
then the signature will be having the extension of .pkg.tar.xz.sig. As a result, the database can
be signed with the help of an automated process but is not signed.
The Linux on a primary basis carries out a verification procedure of the signature
against all of the publicly existing keys. However, if the user is not in possession of a public
key, the respective user is asked to specifically download such a key from the key server.
PGP makes proper utilization of the Web Trust algorithm. The validity of the public key
belonging to some user has a complete dependency upon the other users signing on that
15 Fritiofsson, Michaela, and Patrik Olsson. Trust models in vehicular ad-hoc networks: Towards an evaluation
and comparison. MS thesis. 2017.
16 Rawashdeh, Enas F., Inas I. Abuqaddom, and Amjad A. Hudaib. "Trust models for services in cloud
environment: A survey." 2018 9th International Conference on Information and Communication Systems
(ICICS). IEEE, 2018.
11PRIVACY IN NETWORK
particular key17. In addition to this, there is no existence of CA within PGP; the public key
can only be revoked with the help of the owner.
Among the trust models that have been briefly discussed, the Web of Trust model
makes use of public keys while dealing with the authentication as well as verification of
digital signatures while installing software packages.
2.3 Part- (c)
One of the method to combine two trust hierarchy is using a Bridge. Explain what a bridge
is and what is its difference with Cross-Certification?
Answer:
Hierarchy Bridge commonly refers to an entity that can be properly utilized for
provisioning support to the dimensions that are utilized as subjects to the ragged hierarchy18.
A bridge belonging to the field of hierarchy has the primary containment of one instance for
each of the separate part coming from individual node into the present hierarchical tree along
with all the nodes present on the same.
A hierarchy bridge is one that has a separate individually existing instance for every
node present on the hierarchy tree19. On the contrary, a cross-certificate refers to a digitalized
certificate, which is issued by the Certificate Authority (CA) and is specifically utilized for
signing the public key for the existing root certificate belonging to another certificate
authority20. Hence, it can be stated that a bridge joins the dimensions with the nodes of the
17 Contreras-Nieto, Cristian, et al. "Bridge maintenance prioritization using analytic hierarchy process and fusion
tables." Automation in Construction 101 (2019): 99-110.
18 Gao, Zhicheng, and Jiliang Li. "Fuzzy analytic hierarchy process evaluation method in assessing corrosion
damage of reinforced concrete bridges." Civil Engineering Journal 4.4 (2018): 843-856.
19 Djemai, M. C., M. Bensaibi, and K. Zellat. "Seismic vulnerability assessment of bridges using analytical
hierarchy process." IOP Conference Series: Materials Science and Engineering. Vol. 615. No. 1. IOP
Publishing, 2019.
20 Rashidi, Maria, Bijan Samali, and Pezhman Sharafi. "A new model for bridge management: Part B: decision
support system for remediation planning." Australian Journal of Civil Engineering 14.1 (2016): 46-53.
particular key17. In addition to this, there is no existence of CA within PGP; the public key
can only be revoked with the help of the owner.
Among the trust models that have been briefly discussed, the Web of Trust model
makes use of public keys while dealing with the authentication as well as verification of
digital signatures while installing software packages.
2.3 Part- (c)
One of the method to combine two trust hierarchy is using a Bridge. Explain what a bridge
is and what is its difference with Cross-Certification?
Answer:
Hierarchy Bridge commonly refers to an entity that can be properly utilized for
provisioning support to the dimensions that are utilized as subjects to the ragged hierarchy18.
A bridge belonging to the field of hierarchy has the primary containment of one instance for
each of the separate part coming from individual node into the present hierarchical tree along
with all the nodes present on the same.
A hierarchy bridge is one that has a separate individually existing instance for every
node present on the hierarchy tree19. On the contrary, a cross-certificate refers to a digitalized
certificate, which is issued by the Certificate Authority (CA) and is specifically utilized for
signing the public key for the existing root certificate belonging to another certificate
authority20. Hence, it can be stated that a bridge joins the dimensions with the nodes of the
17 Contreras-Nieto, Cristian, et al. "Bridge maintenance prioritization using analytic hierarchy process and fusion
tables." Automation in Construction 101 (2019): 99-110.
18 Gao, Zhicheng, and Jiliang Li. "Fuzzy analytic hierarchy process evaluation method in assessing corrosion
damage of reinforced concrete bridges." Civil Engineering Journal 4.4 (2018): 843-856.
19 Djemai, M. C., M. Bensaibi, and K. Zellat. "Seismic vulnerability assessment of bridges using analytical
hierarchy process." IOP Conference Series: Materials Science and Engineering. Vol. 615. No. 1. IOP
Publishing, 2019.
20 Rashidi, Maria, Bijan Samali, and Pezhman Sharafi. "A new model for bridge management: Part B: decision
support system for remediation planning." Australian Journal of Civil Engineering 14.1 (2016): 46-53.
12PRIVACY IN NETWORK
tree, while the cross-certificates issue a digital certificate for the signing of a public key that
again belongs to a different certificate authority.
2.4 Part- (d)
What are the possible trust anchors for Alice that enable her to trust the authenticity of
Bob’s public key?
Answer:
The existing trust anchors that is possible for Alice to have a trust upon the originality
of the public key belonging to Bob can be with the help of the following path,
Bob – Dep1 – Alice.
The above path has been chosen because both of Alice as well as Bob belong to the
same department of the organization, named Dep1 and have a direct connection to the Root
access.
What are the possible trust anchors for Alice that enable her to trust the authenticity of
Emil’s public key?
Answer:
Alice and Emil belong to two different departs of two different organizations. Alice
belongs to Dep1 of Org1. On the other hand, Emil belongs to Org2 with no specific
departments within this organization. For Alice to get hold of the public key that belongs to
Emil, the path that shall be followed is,
Emil – Org2 – Root – Org1 – Dep1 – Alice.
Hence, the above are the possible trust anchors that is specifically needed by Alice to
trust upon the public key that belongs to Emil of a different organization.
tree, while the cross-certificates issue a digital certificate for the signing of a public key that
again belongs to a different certificate authority.
2.4 Part- (d)
What are the possible trust anchors for Alice that enable her to trust the authenticity of
Bob’s public key?
Answer:
The existing trust anchors that is possible for Alice to have a trust upon the originality
of the public key belonging to Bob can be with the help of the following path,
Bob – Dep1 – Alice.
The above path has been chosen because both of Alice as well as Bob belong to the
same department of the organization, named Dep1 and have a direct connection to the Root
access.
What are the possible trust anchors for Alice that enable her to trust the authenticity of
Emil’s public key?
Answer:
Alice and Emil belong to two different departs of two different organizations. Alice
belongs to Dep1 of Org1. On the other hand, Emil belongs to Org2 with no specific
departments within this organization. For Alice to get hold of the public key that belongs to
Emil, the path that shall be followed is,
Emil – Org2 – Root – Org1 – Dep1 – Alice.
Hence, the above are the possible trust anchors that is specifically needed by Alice to
trust upon the public key that belongs to Emil of a different organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13PRIVACY IN NETWORK
2.5 Part- (e)
How can these five PKIs be connected in such a way that any end entity can trust the
public key of any other end entity?
Answer:
How many new certificates are issued in each of the solutions?
Answer:
In the above solution, the new certificates have been issued for the end entities C, F,
G, and J. Hence, four new certificates have been issued in the above diagram as a part of the
solution.
How many trust anchors do the end entities have in each case?
Answer:
The trusted anchors for each of the end entities are 6, that is namely B, E, I, M, P and
Q.
2.5 Part- (e)
How can these five PKIs be connected in such a way that any end entity can trust the
public key of any other end entity?
Answer:
How many new certificates are issued in each of the solutions?
Answer:
In the above solution, the new certificates have been issued for the end entities C, F,
G, and J. Hence, four new certificates have been issued in the above diagram as a part of the
solution.
How many trust anchors do the end entities have in each case?
Answer:
The trusted anchors for each of the end entities are 6, that is namely B, E, I, M, P and
Q.
14PRIVACY IN NETWORK
What are the trust anchors of end entity G in each case?
Answers:
The trusted anchor for the end entity G is one, that is E.
What are the trust anchors of end entity G in each case?
Answers:
The trusted anchor for the end entity G is one, that is E.
15PRIVACY IN NETWORK
3. References
Altaf, Ayesha, et al. "Trust models of internet of smart things: A survey, open issues, and
future directions." Journal of Network and Computer Applications 137 (2019): 93-111.
Basu, Chandrayee, and Mukesh Singhal. "Trust dynamics in human autonomous vehicle
interaction: A review of trust models." 2016 AAAI Spring Symposium Series. 2016.
Bing, Wong Chiet, Khalil Md Nor, and Ahmad Jusoh. "EVALUATING AND
INTEGRATING THE MCKNIGHT’S TRUST RELATED MODELS." Jurnal Kemanusiaan
17.1-S (2019).
Contreras-Nieto, Cristian, et al. "Bridge maintenance prioritization using analytic hierarchy
process and fusion tables." Automation in Construction 101 (2019): 99-110.
Djemai, M. C., M. Bensaibi, and K. Zellat. "Seismic vulnerability assessment of bridges
using analytical hierarchy process." IOP Conference Series: Materials Science and
Engineering. Vol. 615. No. 1. IOP Publishing, 2019.
Forsby, Filip, et al. "Lightweight x. 509 digital certificates for the internet of things."
Interoperability, Safety and Security in IoT. Springer, Cham, 2017. 123-133.
Fritiofsson, Michaela, and Patrik Olsson. Trust models in vehicular ad-hoc networks:
Towards an evaluation and comparison. MS thesis. 2017.
Gao, Zhicheng, and Jiliang Li. "Fuzzy analytic hierarchy process evaluation method in
assessing corrosion damage of reinforced concrete bridges." Civil Engineering Journal 4.4
(2018): 843-856.
3. References
Altaf, Ayesha, et al. "Trust models of internet of smart things: A survey, open issues, and
future directions." Journal of Network and Computer Applications 137 (2019): 93-111.
Basu, Chandrayee, and Mukesh Singhal. "Trust dynamics in human autonomous vehicle
interaction: A review of trust models." 2016 AAAI Spring Symposium Series. 2016.
Bing, Wong Chiet, Khalil Md Nor, and Ahmad Jusoh. "EVALUATING AND
INTEGRATING THE MCKNIGHT’S TRUST RELATED MODELS." Jurnal Kemanusiaan
17.1-S (2019).
Contreras-Nieto, Cristian, et al. "Bridge maintenance prioritization using analytic hierarchy
process and fusion tables." Automation in Construction 101 (2019): 99-110.
Djemai, M. C., M. Bensaibi, and K. Zellat. "Seismic vulnerability assessment of bridges
using analytical hierarchy process." IOP Conference Series: Materials Science and
Engineering. Vol. 615. No. 1. IOP Publishing, 2019.
Forsby, Filip, et al. "Lightweight x. 509 digital certificates for the internet of things."
Interoperability, Safety and Security in IoT. Springer, Cham, 2017. 123-133.
Fritiofsson, Michaela, and Patrik Olsson. Trust models in vehicular ad-hoc networks:
Towards an evaluation and comparison. MS thesis. 2017.
Gao, Zhicheng, and Jiliang Li. "Fuzzy analytic hierarchy process evaluation method in
assessing corrosion damage of reinforced concrete bridges." Civil Engineering Journal 4.4
(2018): 843-856.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16PRIVACY IN NETWORK
Govindaraj, Priya, and N. Jaisankar. "A review on various trust models in cloud
environment." Journal of Engineering Science & Technology Review 10.2 (2017).
Hedberg, Thomas D., Sylvere Krima, and Jaime A. Camelio. "Embedding x. 509 digital
certificates in three-dimensional models for authentication, authorization, and traceability of
product data." Journal of computing and information science in engineering 17.1 (2017).
Hussein, Aya, Sondoss Elsawah, and Hussein Abbass. "Towards Trust-Aware Human-
Automation Interaction: An Overview of the Potential of Computational Trust Models."
Proceedings of the 53rd Hawaii International Conference on System Sciences. 2020.
Karthikeyan, S., Rizwan Patan, and B. Balamurugan. "Enhancement of security in the
Internet of Things (IoT) by using X. 509 authentication mechanism." Recent Trends in
Communication, Computing, and Electronics. Springer, Singapore, 2019. 217-225.
Rashidi, Maria, Bijan Samali, and Pezhman Sharafi. "A new model for bridge management:
Part B: decision support system for remediation planning." Australian Journal of Civil
Engineering 14.1 (2016): 46-53.
Rashmi, M. R., and C. Vidya Raj. "A Review on Trust Models of Social Internet of Things."
Emerging Research in Electronics, Computer Science and Technology. Springer, Singapore,
2019. 203-209.
Rawashdeh, Enas F., Inas I. Abuqaddom, and Amjad A. Hudaib. "Trust models for services
in cloud environment: A survey." 2018 9th International Conference on Information and
Communication Systems (ICICS). IEEE, 2018.
Vaibhav, Akash, et al. "Security challenges, authentication, application and trust models for
vehicular ad hoc network-a survey." IJ Wireless and Microwave Technologies 3 (2017): 36-
48.
Govindaraj, Priya, and N. Jaisankar. "A review on various trust models in cloud
environment." Journal of Engineering Science & Technology Review 10.2 (2017).
Hedberg, Thomas D., Sylvere Krima, and Jaime A. Camelio. "Embedding x. 509 digital
certificates in three-dimensional models for authentication, authorization, and traceability of
product data." Journal of computing and information science in engineering 17.1 (2017).
Hussein, Aya, Sondoss Elsawah, and Hussein Abbass. "Towards Trust-Aware Human-
Automation Interaction: An Overview of the Potential of Computational Trust Models."
Proceedings of the 53rd Hawaii International Conference on System Sciences. 2020.
Karthikeyan, S., Rizwan Patan, and B. Balamurugan. "Enhancement of security in the
Internet of Things (IoT) by using X. 509 authentication mechanism." Recent Trends in
Communication, Computing, and Electronics. Springer, Singapore, 2019. 217-225.
Rashidi, Maria, Bijan Samali, and Pezhman Sharafi. "A new model for bridge management:
Part B: decision support system for remediation planning." Australian Journal of Civil
Engineering 14.1 (2016): 46-53.
Rashmi, M. R., and C. Vidya Raj. "A Review on Trust Models of Social Internet of Things."
Emerging Research in Electronics, Computer Science and Technology. Springer, Singapore,
2019. 203-209.
Rawashdeh, Enas F., Inas I. Abuqaddom, and Amjad A. Hudaib. "Trust models for services
in cloud environment: A survey." 2018 9th International Conference on Information and
Communication Systems (ICICS). IEEE, 2018.
Vaibhav, Akash, et al. "Security challenges, authentication, application and trust models for
vehicular ad hoc network-a survey." IJ Wireless and Microwave Technologies 3 (2017): 36-
48.
17PRIVACY IN NETWORK
Yanco, Holly A., et al. "Methods for developing trust models for intelligent systems." Robust
Intelligence and Trust in Autonomous Systems. Springer, Boston, MA, 2016. 219-254.
Yao, Xuanxia, et al. "Using trust model to ensure reliable data acquisition in VANETs." Ad
Hoc Networks 55 (2017): 107-118.
Zhu, Wen-Tao, and Jingqiang Lin. "Generating correlated digital certificates: Framework and
applications." IEEE Transactions on Information Forensics and Security 11.6 (2016): 1117-
1127.
Zink, Thomas, and Marcel Waldvogel. "X. 509 user certificate-based two-factor
authentication for web applications." (2017).
Yanco, Holly A., et al. "Methods for developing trust models for intelligent systems." Robust
Intelligence and Trust in Autonomous Systems. Springer, Boston, MA, 2016. 219-254.
Yao, Xuanxia, et al. "Using trust model to ensure reliable data acquisition in VANETs." Ad
Hoc Networks 55 (2017): 107-118.
Zhu, Wen-Tao, and Jingqiang Lin. "Generating correlated digital certificates: Framework and
applications." IEEE Transactions on Information Forensics and Security 11.6 (2016): 1117-
1127.
Zink, Thomas, and Marcel Waldvogel. "X. 509 user certificate-based two-factor
authentication for web applications." (2017).
1 out of 18
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.