Presentation is loading. Please wait.

Presentation is loading. Please wait.

or call for office visit, or call Kathy Cheek,

Published byAllyson Sparks Modified over 6 years ago

Similar presentations

Presentation on theme: "or call for office visit, or call Kathy Cheek,"— Presentation transcript:

1 email or call for office visit, or call Kathy Cheek, 404 894-5696
ECE-6612 Prof. John A. Copeland fax Office: Centergy Room 5138 or call for office visit, or call Kathy Cheek, Chapter 4b - X.509 Authentication

2 X.509 Authentication Service
• An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network. • An X.509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). • Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

3 Raw “Certificate” has user name, public key, expiration date, ...
CA’s Secure Area Generate hash code of Raw Certificate Raw Cert. MIC Hash Encrypt hash code with CA’s private key to form CA’s signature Signed Cert. Signed Certificate Recipient can verify signature using CA’s public key. Certificate Authority generates the “signature” that is added to raw “Certificate” 3

4 4

5 Information Provided by Browser about a Certificate
This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 5

6 Certificates Can Be Deleted (and Added)
Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 6

7 X.509 Chain of Authentication
CA<<A>> = CA {A’s id and information} X<<A>> = certificate of A “signed” by X To authenticate X<<A>>, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z<<X>>) Z in turn may have to get X’s certificate from a higher level CA. Ultimately there must be an “Authentication Tree” of CA’s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 7

8 Chain of Authentication
In practice, there is no single top-level Certificate Authority (CA), only a group of CA’s that each Browser vendor deems fit to include in the installation program. X.509 Chain of Authentication 8

9 Certificate Authorities in Mozilla (2006)
9

10 Making a DES Key from a Password or Phrase
password, n 7-bit ASCII characters (little endian - least significant bit first) flattened bit stream (7 x n bits) fanfold into 56 bits bitwise XOR 64-bit key Every eighth bit is a parity bit 10

11 Programs Available from
hextext.c - allows you to view files in both hex and ascii formats. char_count.c - shows the number of different characters in a file, computes the character entropy. To use, you must first compile them. On a UNIX or LINUX: gcc hextext.c -o hextext (the executable file is “hextext”) ./hextext for help ./hextext filename file and max. bytes ./hextext filename | less see one screen at a time gcc char_count.c -lm -o char_count (note the “-lm” for math library) ./char_count filename If “gcc” is not available, try “cc”. “less” is better than “more” (use “^u” to back up, “space” for next page). 11

12 Output from ‘hextext’ 12 Maximum Lines (p_limit) value: 30
Input File is s100.raw Byte No HEX VALUES TEXT 0: d4c3 b2a : d... 20: e ead e e : .....DH8....N...N... 40: da3 : 60: f11 16fc f : 80: c 90c7 061a : .B...5., 100: : ... 120: e fd a400 : u......DH8!...r..... 140: f00 : P.. 160: 308c acf 4000 fc11 d : 180: f a8a 061a : .X0/.5....z 200: : 220: c00c a1ce : edu Lines: 30, hextext.c by John Copeland 12/5/99 12

13 Output from ‘char_count’
$ ./char_count char_count.c char_count vers File is char_count.c No. Char.s to EOF = 7396, No. Lines = 183 Occurrence of Single Characters 0 | ^P- 0 | | | P | ` | p- 154 ^A- 0 | ^Q- 0 | ! | | A | Q | a | q- 0 ^B- 0 | ^R- 0 | " | | B | R | b | r- 316 ^C- 0 | ^S- 0 | # | | C | S | c | s- 243 ^D- 0 | ^T- 0 | $ | | D | T | d | t- 263 ^E- 0 | ^U- 0 | % | | E | U | e | u- 108 ^F- 0 | ^V- 0 | & | | F | V | f | v- 45 ^G- 0 | ^W- 0 | ' | | G | W | g | w- 8 ^H- 0 | ^X- 0 | ( | | H | X | h | x- 31 ^I- 18 | ^Y- 0 | ) | | I | Y | i | y- 64 ^J- 247 | ^Z- 0 | * | : | J | Z | j | z- 4 ^K- 0 | ^[- 0 | | ; | K | [ | k | {- 24 ^L- 0 | ^\- 0 | , | < | L | \ | l | |- 4 ^M- 0 | ^]- 0 | | = | M | ] | m | }- 24 ^N- 0 | ^^- 0 | | > | N | ^ | n | ~- 0 ^O- 0 | ^_- 0 | / | ? | O | _ | o | - 0 Occurrence of Single Characters - Sorted -3488 | "- 75 | F- 13 | `- 0 | | A | C | E0- 0 13

14 14 Occurrence of Single Characters - Sorted
-3488 | "- 75 | F- 13 | `- 0 | | A | C | E0- 0 n- 342 | | P- 12 | Q- 0 | | A | C | E1- 0 i- 338 | y- 64 | | ^B- 0 | | A | C | E2- 0 r- 316 | | #- 9 | ^C- 0 | | A | C | E3- 0 e- 296 | b- 48 | D- 8 | $- 0 | | A | C | E4- 0 t- 263 | v- 45 | w- 8 | ^E- 0 | | A | C | E5- 0 c- 262 | | U- 8 | ^F- 0 | | A | C | E6- 0 /- 255 | <- 35 | k- 6 | G- 0 | | A | C | E7- 0 ^J- 247 | %- 32 | :- 5 | H- 0 | | A | C | E8- 0 s- 243 | x- 31 | B- 5 | ^A- 0 | | A | C | E9- 0 *- 232 | >- 31 | M- 5 | J- 0 | 8A- 0 | AA- 0 | CA- 0 | EA- 0 o- 213 | | |- 4 | ^K- 0 | 8B- 0 | AB- 0 | CB- 0 | EB- 0 a- 202 | \- 29 | ^- 4 | ^L- 0 | 8C- 0 | AC- 0 | CC- 0 | EC- 0 ;- 193 | N- 29 | z- 4 | ^M- 0 | 8D- 0 | AD- 0 | CD- 0 | ED- 0 p- 154 | _- 27 | | ^N- 0 | 8E- 0 | AE- 0 | CE- 0 | EE- 0 f- 154 | I- 27 | Y- 2 | ^O- 0 | 8F- 0 | AF- 0 | CF- 0 | EF- 0 l- 152 | E- 27 | @- 1 | ^P- 0 | | B | D | F0- 0 m- 123 | | &- 1 | q- 0 | | B | D | F1- 0 =- 121 | T- 25 | K- 1 | ^R- 0 | | B | D | F2- 0 (- 116 | {- 24 | !- 1 | ^S- 0 | | B | D | F3- 0 )- 116 | }- 24 | ^H- 0 | ^T- 0 | | B | D | F4- 0 ,- 109 | L- 22 | 0 | ^U- 0 | | B | D | F5- 0 u- 108 | '- 18 | ^V- 0 | V- 0 | | B | D | F6- 0 | ^I- 18 | ^G- 0 | W- 0 | | B | D | F7- 0 [- 104 | | ^X- 0 | X- 0 | | B | D | F8- 0 ]- 102 | O- 17 | ?- 0 | ^Y- 0 | | B | D | F9- 0 h- 100 | | ^Z- 0 | Z- 0 | 9A- 0 | BA- 0 | DA- 0 | FA- 0 | C- 16 | ^W- 0 | ^[- 0 | 9B- 0 | BB- 0 | DB- 0 | FB- 0 d- 95 | A- 16 | ^D- 0 | ^\- 0 | 9C- 0 | BC- 0 | DC- 0 | FC- 0 g- 78 | R- 14 | ^Q- 0 | ^]- 0 | 9D- 0 | BD- 0 | DD- 0 | FD- 0 | S- 14 | ^^- 0 | ~- 0 | 9E- 0 | BE- 0 | DE- 0 | FE- 0 | j- 13 | ^_- 0 | bs- 0 | 9F- 0 | BF- 0 | DF- 0 | FF- 0 Entropy is 4.5 bits/byte. Maximum character-wise compression = 56.5 % No. Char.s > 127 (not ASCII text) = 0, 0 % 14

Download ppt "or call for office visit, or call Kathy Cheek,"

Similar presentations

AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.

AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.

Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.
23 Oct 20081 PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.

23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Public Key Cryptography July 2011. Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Unit 1: Protection and Security for Grid Computing Part 2

Unit 1: Protection and Security for Grid Computing Part 2
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security

Chapter 15: Electronic Mail Security
AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala.

AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala.
Computing the chromatic number for block intersection graphs of Latin squares Ed Sykes CS 721 project McMaster University, December 2004 Slide 1.

Computing the chromatic number for block intersection graphs of Latin squares Ed Sykes CS 721 project McMaster University, December 2004 Slide 1.
Email Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
Chapter 11 – Counting Methods Intro to Counting Methods Section 11.1: Counting by Systematic Listing.

Chapter 11 – Counting Methods Intro to Counting Methods Section 11.1: Counting by Systematic Listing.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
CPS 290.2 Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

Similar presentations

Ads by Google