Beruflich Dokumente
Kultur Dokumente
Role of trusted authority (CA) - who (is/are) the top level CA(s). How
does your browser use them.
Man-in-the-middle attack (when is it effective, how do you defeat it).
MAC and MIC, one-way hashes (desired characteristics)
RSA and Diffie-Hellman (basic operation), uses. How does modulo
arithmetic simplify calculations, add to security? RSA security
depends on the difficulty of factoring large prime numbers.
Digital Signatures, certificates, CA, Web transactions.
PKI (Public Key Infrastructure): What is needed besides distribution
of Public-Private Keys? (Revocation database).
Email Encryption and Signing: Use of session key per message and
it’s encryption with each recipient’s Public Key.
4
Chapter 4 - Authentication Applications
Kerberos: How is user (person) authenticated, tickets, role of KDC, and
Nonce (replay attack). How does it solve the key distribution problem for
n*(n-1)/2 pairs of hosts.
X.509 Authentication (certificates, steps of a Web buy)
Review slides from Feb. 4, 2013 lecture – “07b-SSL_TLS 2013.pdf”
Chain of authentication (CA hierarchy). Theory and Practice
Certificate Authority (who, where found)
Digital Signature - how is it done, what does it do?
SSH (SCP and SFTP): How do they securely replace Telnet and FTP?
What’s needed to allow secure login without a password? What is an
“SSH Tunnel”?
How are passwords safely stored, and compared to typed-in password?
What is a Dictionary Attack, and how is it foiled?
How are keys safely stored on a computer, and accessed?
5
Raw “Certificate” has user name, public key, expiration date, ...
Generate hash code
of Raw Certificate
Raw MIC
Cert.
Hash
Multiple Recipients
• Encrypt message m with session key, S
• Encrypt S with each recipient's key
• Send: {S; Kbob}, {S; Kann}, ... , {m; S}
Authentication of Source (digital signatures)
• Hash (MD5, SHA2) of message, encrypted with signer's
private key. Check by decrypting with signer's public
key, and compare to new hash.
7
Digital Signature
8
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
Typed Passphrase PGP Email Receiver
Your Private Key Ring Public Key Ring
H - Hash
DC - Symmetric
Decryption
Receiver’s DP - Pub./Priv.
Decryption
Private Key
Sender’s
Public Key
Session Key
Check Signature
Message
ZIP Decompress
R64 Decode to binary
p.144-145 ed.3 9
R64 Encode: Every 3 bytes split into 4 6-bit numbers
011001001011010101101010
n = 0 to 63
10
Simple Mail Transfer Protocol (SMTP, RFC 822)
Original SMTP Limitations - Can not transmit, or has a problem with:
• executable files, or other binary files (jpeg image).
• “national language” characters (non-ASCII, 2-byte character sets)
• messages over a certain size
• ASCII to EBCDIC (or other character set) translation problems
• lines longer than a certain length (72 to 254 characters)
MIME Defined Five New Headers
• MIME-Version. Must be “1.0” -> RFC 2045, RFC 2046
• Content-Type. More types being added by developers (application/word)
• Content-Transfer-Encoding. How message has been encoded (radix-64)
• Content-ID. Unique identifying character string.
• Content Description. Needed when content is not readable text (e.g., mpeg)
Canonical Form: Standard format for use between systems ( not a “native” format - GIF).
11
Investigating Email You Receive
Look at “Raw” or “Source” Message to see:
Headers (from? -“Received:” headers (IP, time zone)
HTML Links (where they will take you)
Investigate
Source (who sent it) -
Lowest "Received:” header
Active Links in
<a href= “http://{IP or URL}”>, {text} </a>
Images (can compromise, or “Web Bug”) in
<img src=“{IP, URL or filename}” … >
Programs to Use
nslookup (dig, host) - IP from URL, or URL from IP
whois - Register of domain (not URL)
traceroute - path of packets through routers
Configure email reader to not download links automatically
12
Summary - Problems and Solutions
64-bit Keys can be found by a Brute-Force Attack
Use a 128-bit or larger key.
Code-book encrypting allows interchange and duplication of blocks
Use Cipher-Block Chaining (Crypto-Feedback).
The same Plaintext encrypted with the same key = same Ciphertext
Use a random, non-repeating Initial Vector.
How do you know the Ciphertext was not altered?
Include a Message Digest (Hash of Plaintext ).
How do you know the authenticity of the sender?
Encrypt the Message Digest with the sender’s Private Key (3).
How do you manage encryption keys securely and efficiently?
Key Management System (Kerberos) (4a)
X.509 Certificates (SSL) – high level covered, and in talk on Monday
PGP Email (5a) – only high level covered
PKI (Public Key Infrastructure) (3) CA, Revocation Database.
How do you authenticate passwords without storing them on the computer?
Store crypto-hashes of the passwords (with “Salt”)
13
The test will also cover these slide sets:
05a-PGP-Email.ppt (encrypt, sign, armor [base64])
05c-Phishing Email.ppt (information in headers*)
05e-Plain Text Email.ppt (how to view raw email)
06-IP Networks.ppt (Through Slide 9)
Ethernet Addresses (how far do they go?),
ARP (ARP spoofing – Man-in-the-Middle)
AS (Autonomous System)
Routing Protocols: OSPF within AS, BGP between AS)
* Know uses of: nslookup, whois, traceroute, google.
14
Homework Problems
Answers are posted in “Resources” on T-square
HW_1
Five basic Security Services, Mechanisms to provide those services
Safer use of the Internet with email configuration, and HTTPS use.
16
Old quizzes are posted in “Resources” on T-square
Rules:
i This quiz is closed book. One sheet of notes (8.5"x11") may be used
(both sides, your handwriting only). Pen or pencil, and a simple calculator are allowed.
ii Answer all questions and show all work to receive full credit.
iii Each regular sub-question counts 4 points (4 deducted from 100 for
each missed question) unless otherwise noted.
iv Please do not ask the proctors any questions during the exam about
exam questions. Part of the test is understanding the question, as written, without
supplemental information. If you feel additional data is needed to solve the problem, make
(and state) an assumption and then work the problem.
17