Tuesday, January 10, 2012

X.500 Security Feature



What is X.500?

X.500 is a series of computer networking standards that is very similar to the concept of a physical telephone directory. The purpose of X.500 is to centralize an organization's contacts. This is so that anyone who is within the organization who has internet access can look up other people who are in the same organization, either by name or department. This would save time and also for convenience. X.500 is an Open Systems Interconnection (OSI) protocol for managing online directories of users and resources. It was developed by the ITU-IT (ITU Telecommunication Standardization Sector is one of the three sectors of the International Telecommunication Union) and was first approved in 1988. To add on, X.500 can be used to support X.400 and other messaging systems, not just for email usage.

X.500 is originally designed to give humans information such as telephone numbers and postal addresses. It is also designed for message handling, file transfer and name mapping for X.400 addresses. X.500 Client Server model are:
  • Directory Service Agent (DSA) - A server that holds directory information.
  • Directory User Agent (DUA) - A client that connects to a DSA to access information.
  • The DUA and DSA communicates via an Access Protocol DAP.
  • A lightweight version of DAP is Lightweight Directory Access Protocol (LDAP).

What are the Security Features for X.500?


  • Strong Authentication and Asymmetric Encryption (Hashing)
Hashing is a transformation of a message into a usually shorter or a fixed-length value string. The algorithm that is used must have the characteristic that it is virtually difficult to create a message. To allow message integrity, the hash value would typically change noticeably if one bit is changed into the original message.
Asymmetric encryption requires the use of an encryption key pair that consists of a private and a public key. A message that is encrypted using either the private or the public key can only be decrypted by using the other key. The owner of the key pair is in the position of the private key. The copies of the public key can be distributed to a few parties.

  • Decryption (Digital Signatures)
A message that is encrypted by the private key can be decrypted by anyone who holds the public key. If decryption is possible, only the user who holds the private key can send the message. This is used to create digital signatures. When a message is digitally signed, a hash is created. The hash would then be encrypted using the private key. The receiver decrypts the signature using the public key. If the two hashes are similar, the receiver would know that the message has been transmitted without a change and that the receiver would know if the sender is real and not a fake. This digital signatures also gives an end-to-end security in a distributed environment.


References:
Posted by at

2 comments:

  1. AnonymousJanuary 12, 2012 at 12:51 PM

    Hey. you got good content and the diagram is very easy to understand. i like your security feature because it is very good. you could explain more on DSA and DUA, it is very short. overall, you done a good job, keep it up.

    ReplyDelete
  2. Jolene LeeJanuary 12, 2012 at 9:42 PM

    Yo Tiqqie!
    After reading your blog post, it made things easier to understand.
    However, based on my research for X.500 security feature, the authentication method is further broken down into two parts which simple authentication and strong authentication. perhaps you might want to research indepth about those.

    ReplyDelete

Subscribe to: Post Comments (Atom)