ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT Bldg.

Slides:



Advertisements
Similar presentations
AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.
Advertisements

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.
Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Science Public Key Management Lecture 5.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
CSCI 6962: Server-side Design and Programming
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Advanced Unix 25 Oct 2005 An Introduction to IPsec.
Unit 1: Protection and Security for Grid Computing Part 2
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Chapter 15: Electronic Mail Security
AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala.
Computing the chromatic number for block intersection graphs of Latin squares Ed Sykes CS 721 project McMaster University, December 2004 Slide 1.
Pretty Good Privacy (PGP) Security for Electronic .
CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
Chapter 11 – Counting Methods Intro to Counting Methods Section 11.1: Counting by Systematic Listing.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.
ECE-8813 / CS Prof. John A. Copeland fax Office:
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
AES Encryption FIPS 197, November 26, Bit Block Encryption Key Lengths 128, 192, 256 Number of Rounds Key Length Rounds Block.
Digital Signatures and Digital Certificates Monil Adhikari.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
What is wrong with PKI? Risks, Misconceptions, Design-issues,...
or call for office visit Chapter 4b - X.509 Authentication
Chapter 4 a - X.509 Authentication
Security is one of the most widely used and regarded network services
or call for office visit, or call Kathy Cheek,
Combinations COURSE 3 LESSON 11-3
The Advanced Encryption Standard: Rijndael
Make an Organized List and Simulate a Problem
Single Source Shortest Paths Bellman-Ford Algorithm
Digital Certificates and X.509
Rotors and Secret-Key Encryption
Chapter 3 - Public-Key Cryptography & Authentication
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

ECE Prof. John A. Copeland fax Office: GCATT Bldg 579 or call for office visit, or call Kathy Cheek, Chapter 4b - X.509 Authentication

X.509 Authentication Service An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network. An X.509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

Certificate Authority generates the “signature” that is added to raw “Certificate” MIC Hash Raw “Certificate” has user name, public key, expiration date,... Raw Cert. Signed Cert. 3 Generate hash code of Raw Certificate Encrypt hash code with CA’s private key to form CA’s signature Signed Certificate Recipient can verify signature using CA’s public key.

4

//investing.schwab.com/trading/ has the following structure: Form 1: Action URL: 1 Encoding: application/x-www-form-urlencoded (default) Method: Post Image: 5

This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by: Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 6

Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation US Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 7

X.509 Chain of Authentication CA > = CA {A’s id and information} X > = certificate of A “signed” by X To authenticate X >, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z >) Z in turn may have to get X’s certificate from a higher level CA. Ultimately there must be an “Authentication Tree” of CA’s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 8

X.509 Chain of Authentication 9

Examples: "A" = decimal 65 = , "z" =

Making a DES Key from a Password or Phrase password, n 7-bit ASCII characters (little endian - least significant bit first) flattened bit stream (7 x n bits) fanfold into 56 bits bitwise XOR 64-bit key Every eighth bit is a parity bit 11

Programs Available from hextext.c - allows you to view files in both hex and ascii formats. char_count.c - shows the number of different characters in a file, computes the character entropy. To use, you must first compile them. On a UNIX or LINUX: gcc hextext.c -o hextext (the executable file is “hextext”)./hextext for help./hextext filename 3000file and max. bytes./hextext filename 3000 | less see one screen at a time gcc char_count.c -lm -o char_count (note the “-lm” for math library)./char_count filename If “gcc” is not available, try “cc”. “less” is better than “more” (use “^u” to back up, “space” for next page). 12

Maximum Lines (p_limit) value: 30 Input File is s100.raw Byte No. HEX VALUES TEXT : d4c3 b2a : d... 20: e ead e e :.....DH8....N...N... 40: da3 : : f11 16fc f : c 90c7 061a :.B...5., : : : e fd a400 : u......DH8!...r : f00 : P.. 160: 308c acf 4000 fc11 d : 180: f a8a 061a :.X0/.5....z : : : c00c a1ce 0010 : edu Lines: 30, hextext.c by John Copeland 12/5/99 Output from ‘hextext’ 13

$./char_count char_count.c char_count vers File is char_count.c No. Char.s to EOF = 7396, No. Lines = 183 Occurrence of Single Characters 0 | ^P- 0 | | | P- 12 | `- 0 | p- 154 ^A- 0 | ^Q- 0 | !- 1 | | A- 16 | Q- 0 | a- 202 | q- 0 ^B- 0 | ^R- 0 | "- 75 | | B- 5 | R- 14 | b- 48 | r- 316 ^C- 0 | ^S- 0 | #- 9 | | C- 16 | S- 14 | c- 262 | s- 243 ^D- 0 | ^T- 0 | $- 0 | | D- 8 | T- 25 | d- 95 | t- 263 ^E- 0 | ^U- 0 | %- 32 | | E- 27 | U- 8 | e- 296 | u- 108 ^F- 0 | ^V- 0 | &- 1 | | F- 13 | V- 0 | f- 154 | v- 45 ^G- 0 | ^W- 0 | '- 18 | | G- 0 | W- 0 | g- 78 | w- 8 ^H- 0 | ^X- 0 | (- 116 | | H- 0 | X- 0 | h- 100 | x- 31 ^I- 18 | ^Y- 0 | )- 116 | 9- 4 | I- 27 | Y- 2 | i- 338 | y- 64 ^J- 247 | ^Z- 0 | *- 232 | :- 5 | J- 0 | Z- 0 | j- 13 | z- 4 ^K- 0 | ^[- 0 | | ;- 193 | K- 1 | [- 104 | k- 6 | {- 24 ^L- 0 | ^\- 0 |,- 109 | <- 35 | L- 22 | \- 29 | l- 152 | |- 4 ^M- 0 | ^]- 0 | | =- 121 | M- 5 | ]- 102 | m- 123 | }- 24 ^N- 0 | ^^- 0 |.- 51 | >- 31 | N- 29 | ^- 4 | n- 342 | ~- 0 ^O- 0 | ^_- 0 | /- 255 | ?- 0 | O- 17 | _- 27 | o- 213 | - 0 Occurrence of Single Characters - Sorted | "- 75 | F- 13 | `- 0 | | A0- 0 | C0- 0 | E0- 0 Output from ‘char_count’ 14

Occurrence of Single Characters - Sorted | "- 75 | F- 13 | `- 0 | | A0- 0 | C0- 0 | E0- 0 n- 342 | | P- 12 | Q- 0 | | A1- 0 | C1- 0 | E1- 0 i- 338 | y- 64 | | ^B- 0 | | A2- 0 | C2- 0 | E2- 0 r- 316 |.- 51 | #- 9 | ^C- 0 | | A3- 0 | C3- 0 | E3- 0 e- 296 | b- 48 | D- 8 | $- 0 | | A4- 0 | C4- 0 | E4- 0 t- 263 | v- 45 | w- 8 | ^E- 0 | | A5- 0 | C5- 0 | E5- 0 c- 262 | | U- 8 | ^F- 0 | | A6- 0 | C6- 0 | E6- 0 /- 255 | <- 35 | k- 6 | G- 0 | | A7- 0 | C7- 0 | E7- 0 ^J- 247 | %- 32 | :- 5 | H- 0 | | A8- 0 | C8- 0 | E8- 0 s- 243 | x- 31 | B- 5 | ^A- 0 | | A9- 0 | C9- 0 | E9- 0 *- 232 | >- 31 | M- 5 | J- 0 | 8A- 0 | AA- 0 | CA- 0 | EA- 0 o- 213 | | |- 4 | ^K- 0 | 8B- 0 | AB- 0 | CB- 0 | EB- 0 a- 202 | \- 29 | ^- 4 | ^L- 0 | 8C- 0 | AC- 0 | CC- 0 | EC- 0 ;- 193 | N- 29 | z- 4 | ^M- 0 | 8D- 0 | AD- 0 | CD- 0 | ED- 0 p- 154 | _- 27 | 9- 4 | ^N- 0 | 8E- 0 | AE- 0 | CE- 0 | EE- 0 f- 154 | I- 27 | Y- 2 | ^O- 0 | 8F- 0 | AF- 0 | CF- 0 | EF- 0 l- 152 | E | ^P- 0 | | B0- 0 | D0- 0 | F0- 0 m- 123 | | &- 1 | q- 0 | | B1- 0 | D1- 0 | F1- 0 =- 121 | T- 25 | K- 1 | ^R- 0 | | B2- 0 | D2- 0 | F2- 0 (- 116 | {- 24 | !- 1 | ^S- 0 | | B3- 0 | D3- 0 | F3- 0 )- 116 | }- 24 | ^H- 0 | ^T- 0 | | B4- 0 | D4- 0 | F4- 0,- 109 | L- 22 | 0 | ^U- 0 | | B5- 0 | D5- 0 | F5- 0 u- 108 | '- 18 | ^V- 0 | V- 0 | | B6- 0 | D6- 0 | F | ^I- 18 | ^G- 0 | W- 0 | | B7- 0 | D7- 0 | F7- 0 [- 104 | | ^X- 0 | X- 0 | | B8- 0 | D8- 0 | F8- 0 ]- 102 | O- 17 | ?- 0 | ^Y- 0 | | B9- 0 | D9- 0 | F9- 0 h- 100 | | ^Z- 0 | Z- 0 | 9A- 0 | BA- 0 | DA- 0 | FA | C- 16 | ^W- 0 | ^[- 0 | 9B- 0 | BB- 0 | DB- 0 | FB- 0 d- 95 | A- 16 | ^D- 0 | ^\- 0 | 9C- 0 | BC- 0 | DC- 0 | FC- 0 g- 78 | R- 14 | ^Q- 0 | ^]- 0 | 9D- 0 | BD- 0 | DD- 0 | FD | S- 14 | ^^- 0 | ~- 0 | 9E- 0 | BE- 0 | DE- 0 | FE | j- 13 | ^_- 0 | bs- 0 | 9F- 0 | BF- 0 | DF- 0 | FF- 0 Entropy is 4.5 bits/byte. Maximum character-wise compression = 56.5 % No. Char.s > 127 (not ASCII text) = 0, 0 % 15