Vulnerability of a Cryptosystem

The assignment asks that the student portray a newly hired IT person at a University. It is told to you by a supervisor that the University cryptosystem and would like research done on the vulnerability. Once the research is complete, come up with things that the University should do to handle the problem.

The University used the Message-Digest algorithm 5 (MD5) in most of the areas at the University. It provides the hashes to check for file integrity of downloaded files by using MD5 based certificates that have been approved by and internal Certificate Authority. The University uses Cisco ASA firewall devices that create and sign digital certificates that authenticate the users and the systems. In addition, the default setting for the Cisco ASA devices in the MD5.

It was discovered back in 2008 that the MD5 based systems have a problem; there is the feasibility of collision attacks. This means that attackers could generate extra digital certificates with different content but have the same digital signature as the original certificate. This basically means that if an attacker can get a hold of a digital certificate, they might be able to gain access to information by creating a replica of the certificate but adding different information or contents to it.

According to the research, the likeliness of this vulnerability is very little due to the fact that most attackers do not know how to obtain rogue certificates. There does exist tools that will assist the attackers in the creation of rogue certificates but is not something that is commonly learned without practice and time as well as connection or a point of contact at a Certificate Authority. It would be wise for the University to change from the use of the MD5 and use a more secure hashing system like the SHA-1.

I hope that this information will assist