عدد المساهمات : 2370
نقاط : 162147
السٌّمعَة : 4
تاريخ التسجيل : 20/09/2008
العمر : 47
الموقع : www.aoua.123.st
|موضوع: T325: Technologies for digital media ___________________________________________________________________________ Tutor-marked Assignment ___________________________________________________________________________ T325: الثلاثاء مارس 29, 2016 4:49 am|| |
T325: Technologies for digital media
T325: TMA, Spring 2015-2016 Cut-off date: May 4th 2016
Total Marks: 100
Part 1 (40 marks) ………………………………………………………………………………
Part 2 (60 marks) ………………………………………………………………………………
As per AOU rules and regulations, all students are required to submit their own TMA work and avoid plagiarism. The AOU has implemented sophisticated techniques for plagiarism detection. You must provide all references in case you use and quote another person's work in your TMA. You will be penalized for any act of plagiarism as per the AOU's rules and regulations.
As you have seen in Block 2, Public Key Infrastructure is “a combination of services and encryption techniques that together are used to protect the security of data over networks”. It includes a number of entities such as: Registration authority (RA), certification authority (CA), directory services and certificate and key management services.
An organization might have one or more certification authorities depending on the organization structure. The certification authorities are structured in a tree-like organization where a “root CA” is at the root level and the rest of CAs are placed as internal nodes. The certificate generated for the users are the leaves of the tree. Figure 1 illustrates such a structure.
Figure 1- Certification Authority Hierarchy
The objective of this question is to create a CA hierarchy with multiple levels. As a practical example, you will be by creating a Root Certification authority for the AOU headquarters, a CA for your branch and a CA for the ITC department at your branch. Then you will request a certificate for your self from the ITC department CA. The hierarchy is illustrated in Figure 2.
Figure 2- CA hierarchy to be implemented
This question consists of two parts; the first part aims at providing you with a good understanding of the digital certificate structure and usage. The second part is more practical and includes the use of a simple PKI tool to generate the above mentioned hierarchy.
You shall provide your tutor a report that shows your activities throughout the different TMA parts and steps in addition to your answers to the questions you will encounter during some phases of the TMA. In addition, you shall provide your tutor with all the files you have collected or generated throughout the TMA.
Part I (40 marks)
Web servers often provide their users with secure access to the hosted web applications in order to gain more trust and protect the different transactions from potential attacks. Web servers use digital certificates for this purpose.
In this part, you will select any secure web site (using https protocol) and download the web server certificate for further analysis. You shall follow the below steps:
1- Select a secure website of your choice (you should provide the URL of the website in your report) (2 marks)
2- Download the digital certificate of the server hosting the website using your browser (3 marks)
3- List the following about the certificate
a. Certificate version (1 mark)
b. Certificate holder information (2 marks)
c. Certificate issuer information (2 marks)
d. Validity date (2 marks)
e. Certificate usage: for what purpose the public key included in the certificate can be used (4 marks)
4- As you can notice, the certificate includes a number of extensions.
a. Identify five extensions in the certificate (5 marks)
b. Explain each extension and how it can be used (10 marks)
5- The web browser needs to make sure that a certificate is valid before using it. Explain three aspects that indicates whether a certificate is valid or not (9 marks)
The deliverables of this part (part I) are:
1- A report that covers all the information and explanations requested in the different questions. It is better to structure the report into bullet points where each bullet point covers the answer to one question.
2- The certificate of the secure server you have selected. The question will not be validated if the file is not uploaded along with the TMA
Part II (60 marks)
In this part, you will generate the certificate hierarchy illustrated in Figure 2. A quick internet search can easily show the availability of several tools for creating and managing CAs (sometimes referred to as Public key infrastructure management tools). In this TMA, you will be using a simple CA tool named xCA .
In order to construct the CA hierarchy, the following steps needs to be followed:
1- Generation of a self-signed certificate for the Root CA (HQ CA)
2- Generation of a certificate for the CA of the AOU branch. This certificate is signed by the root CA certificate.
3- Generation of a certificate for the the ITC department CA at the AOU branch. This certificate is signed by the CA of the AOU branch.
4- Generation of a certificate for your self to be used by the SSL client in your browser for financial transactions. This certificate is signed by the the the ITC department CA at your AOU branch.
The generation of a certificate consists of the following steps:
1- Generation of a key pair (public/private)
2- Generation of certificate signing request (CSR) that includes all the necessary information about the certificate subject (the entity requesting the certificate) in addition to further information, in particular the requested certificate extensions.
3- Signature of the certificate by the certification authority (or self-signature in the case of root CA)
While doing the abovementioned steps, the following shall be taken into account:
1. The public key algorithm is RSA
2. The key sizes should be at least 4096 bits for the root CA, 2048 bits for the intermediate CA and 1024 for users.
3. The information for each certificate shall be clear and significant; for instance, use appropriate common names for the certificate subject information (e.g., CA-HQ as a common name for the root CA)
4. The extensions for each certificate shall be carefully selected for the certificate usage; certificate extensions might differ between root certification authority, intermediate certification authorities and user certificates.
5. All the certificates shall be exported and saved in DER format with file extension (.crt)
6. The naming for the certificate shall be done as follows:
a. Root CA certificate: CA-AOU-ROOT-(StudentName)-(StudentID) where (StudentName) and (StudentID) needs to be replaced by your name and your ID
b. AOU branch CA: CA-AOU-(BranchName)-(StudentName)-(StudentID) where (BranchName) should be replaced by the short name of the country of the AOU branch in which you are enrolled (KSA, LB, OM, KW, BH, EG, JO)
c. AOU ITC department CA: CA-AOU-(BranchName)-ITC-(StudentName)-(StudentID)
d. Your certificate: (StudentName)-(StudentID)
The deliverables of this part (part II) are:
1- A report that explains how you generate each certificate
o You should take screenshots of each step that clearly shows the inputs.
o The screenshot should be clear and at the same time you should not use a very high resolution in order to keep the size of the TMA file reasonable.
o You should explain the choices you have taken in each step in particular regarding the choice of extensions for each certificate.
2- The four certificates you have generated during the exercise. The question will not be validated if the files are not uploaded along with the TMA
The marks are distributed as follows:
• Thirty (28) marks for correctly generating the four certificate. These marks are distributed as follows:
o Respecting the certification hierarchy (8 marks)
o correct algorithm (RSA) and key sizes (4 marks)
o Appropriate subject information (4 marks)
o Correct choice of extensions (8 marks)
o Correct naming convention (4 marks)
• Thirty (32) marks for the report distributed as follows:
o Screenshots of the different steps (including key generation, certificate signing request, certificate signature and export) (16 marks: 4 marks for each certificate generation process)
o Explanation of the different steps for certificate generation (16 marks: 4 marks for each certificate process)
One marks of each four marks will be allocated for the explanation of your choice of extension for the certificate
حلول جميع الواجبات
موبايل – واتس أب
حلول مضمونة لجميع الواجبات ومشاريع التخرج
حلول الواجبات غير مكررة ونسبة التشابه أقل من 10%