Which of the following is NOT an issue with secret key cryptography?
A.
Compromise of the keys can enable the attacker to impersonate the key owners and, therefore,
read and send false messages.
B.
A networked group of m users with separate keys for each pair of users will require m (m-1)/2
keys.
C.
Security of the certification authority.
D.
Secure distribution of the keys.
Explanation:
The CAis used in public key cryptography, not secret key cryptography. A CA will certify that a public
key actually belongs to a specific individual and that the information associated with the individual’s
key is valid and correct. The CA accomplishes this certification by digitally signing the individual’s
public key and associated information. The certification professes to another person who wants to
send a message to this individual using public key encryption that the public key actually belongs to
the intended individual. The Consultation Committee, International Telephone and Telegraph,
International Telecommunications Union (CCITT-ITU)/ International Organization for Standardization
(ISO) X.509 Authentication framework defines a format for public key certificates. This structure is
outlined in Figure. Answer “A networked group of m users with separate keys for each pair of users
will require m (m-1)/2 keys” is an important issue in secret key cryptography; therefore it is not the
correct answer. If, among a network of m users, each user wants to have secure communications
with every other user on the network, then there must be a secret key for each pair of potential
users. This concept can be illustrated with five users as shown in Figure. Thus, with five users, the
number of independent keys is equal to (5 x 4)/2 or 10 as depicted by the ten connecting lines in
Figure A.6. *answer “Secure distribution of the keys” is incorrect since securely distributing the keys
to all users is, obviously, a very important requirement. Answer d is incorrect since a compromise of
the keys can, indeed, enable the attacker to impersonate the key owners and, therefore, read and
send false messages.