Public key infrastructure pki lab solution

You need to submit a detailed lab report to describe what you have done and what you have observed; you also need to provide explanation to the observations that are interesting or surprising. In your report, you need to answer all the questions listed in this lab.

SEED Labs – PKI Lab 1 Public-Key Infrastructure (PKI) Lab Copyright © 2018 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award No. 1303306 and 1718086. This work is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.0 International License. A human-readable summary of (and not a substitute for) the license is the following: You are free to copy and redistribute the material in any medium or format. You must give appropriate credit. If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. You may not use the material for commercial purposes. 1 Lab Overview Public key cryptography is the foundation of today’s secure communication, but it is subject to man-in-themiddle attacks when one side of communication sends its public key to the other side. The fundamental problem is that there is no easy way to verify the ownership of a public key, i.e., given a public key and its claimed owner information, how do we ensure that the public key is indeed owned by the claimed owner? The Public Key Infrastructure (PKI) is a practical solution to this problem. The learning objective of this lab is for students to gain the first-hand experience on PKI. SEED labs have a series of labs focusing on the public-key cryptography, and this one focuses on PKI. By doing the tasks in this lab, students should be able to gain a better understanding of how PKI works, how PKI is used to protect the Web, and how Man-in-the-middle attacks can be defeated by PKI. Moreover, students will be able to understand the root of the trust in the public-key infrastructure, and what problems will arise if the root trust is broken. This lab covers the following topics: • • • • • • Public-key encryption Public-Key Infrastructure (PKI) Certificate Authority (CA) and root CA X.509 certificate and self-signed certificate Apache, HTTP, and HTTPS Man-in-the-middle attacks Readings and related topics. Detailed coverage of PKI can be found in Chapter 18 of the SEED book, Computer Security: A Hands-on Approach, by Wenliang Du. A topic related to this lab is the Transport Layer Security (TLS), which is based on PKI. How TLS works and how to write secure programs using TLS are covered in details in Chapter 19 of the SEED book. We also have a separate lab, RSA Public-Key Encryption and Signature Lab, for students who are interested in learning how the underlying public-key algorithm works. Lab environment. This lab has been tested on our pre-built Ubuntu 12.04 VM and Ubuntu 16.04 VM, both of which can be downloaded from the SEED website. In this lab, we will use openssl commands and libraries. They have already been installed in our VMs. SEED Labs – PKI Lab 2 2.1 2 Lab Tasks Task 1: Becoming a Certificate Authority (CA) A Certificate Authority (CA) is a trusted entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. A number of commercial CAs are treated as root CAs; VeriSign is the largest CA at the time of writing.