Data Loss Prevention 4. Encryption Public/private key. Hashing. Digital Certificates. Disk Encryption. Tunnels.
|
|
- Scarlett Watkins
- 5 years ago
- Views:
Transcription
1 Data Loss Prevention 4. Encryption Public/private key. Hashing. Digital Certificates. Disk Encryption. Tunnels.
2 Encryption Introduction Intruder Eve Privacy (Private Key) Identity (Public Key) Integrity (Public/Private Key) Bob Alice John John Trent Trusted third party
3
4
5
6 Encryption Conclusion Encryption Bob Eve Public key Encryption/ Decryption Typical application: Diffie-Hellman used to generate private-key. Public-key used for authentication. Private-key used for encryption. Encryption/ Decryption Key exchange (Diffie-Hellman) Secret key used to encrypt/decrypt (DES/3DES/AES) Communications Channel Used to authenticate (RSA) Encryption/ Decryption Alice Private key Private key Key exchange (Diffie-Hellman) John John Public key Secret key used to encrypt/decrypt (DES/3DES/AES) Public key Used to authenticate (RSA) Private key Private key John John RSA 2048 bits Replace by: ElGamal 160bits Public key
7 Data Loss Detection/ Prevention Block or Stream?
8
9
10 RC4. This is a stream encryption algorithm, and is used in wireless communications (such as in WEP) and SSL (Secure Sockets). IV and Key RC4 Pseudo infinite stream (eg ) + Cipher stream (eg ) Private-key methods The IV (Initiation Vector) gives variation in the output for the same key Ex-OR operator Data stream (eg ) Data stream Pseudo infinite stream Cipher stream Encryption
11 Data Loss Detection/ Prevention Private Key
12 Encryption Private key DES AES Blowfish DES (Enc) DES (Dec) DES (Enc) K 1 K 2 K 1 DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key. 3DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key (of which only 56 bits are actively used in the encryption process). Unfortunately DES has been around for a long time, and the 56-bit version is now easily crackable (in less than a day, on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3- DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (2x54 bits - with a combination of the three keys - of which two of the keys are typically the same). The algorithm is EncryptK3( DecryptK2( EncryptK1(message), where K1 and K3 are typically the same (to keep compatibility). Twofish Bruce Schneier created Twofish with a general-purpose private key block cipher encryption algorithm. AES. AES (or Rijndael) is a new block cipher, and is the new replacement for DES, and uses 128- bit blocks with 128, 192 and 256 bit encryption keys. It was selected by NIST in 2001 (after a five year standardisation process). The name Rijndael comes from its Belgium creators: Joan Daemen and Vincent Rijmen. RC2 RC2. RC2. RC2 ("Rivest Cipher") is a block cipher, and is seen as a replacement for DES. It was created by Ron Rivest in 1987, and is a 64- bit block code and can have a key size from 40 bits to 128-bits (in increments of 8 bits). The 40-bit key version is seen as weak, as the encryption key is so small, but is favoured by governments for export purposes, as it can be easily cracked. In this case the key is created from a Key and an IV (Initialisation Vector). The key has 12 characters (96 bits), and the IV has 8 characters (64 bits), which go to make the overall key. Blowfish. Bruce Schneier created Blowfish with a general-purpose private key block cipher encryption algorithm. Blowfish (with CBC). Blowfishcbc. With CBC we split the message into blocks and encrypt each block. The input from the first stage is the IV (Initialisation Vector), and the input to the following stages is the output from the previous stage. In this example we will use Blowfish to encrypt, using CBC. Others Skipjack. Skip jack. Skipjack is a block cipher, using private-key encryption algorithm, and designed by NSA. Camellia. Camillia is a block cipher created by Mitsubishi and NTT. RC4. RC4 is a stream cipher used in WEP (in wireless encryption). Affine. Affine is a stream cipher which uses an equation to encrypt.
13
14
15
16
17
18 Data Loss Detection/ Prevention Key Exchange
19
20
21 Encryption Logs Eve Bob A x A y A (x+y) Alice (A x ) y A xy John John
22 Encryption Logs Eve Random value x A Agreed number Random value y Bob A x A Y Alice A Y A x Private key
23 Encryption Logs Eve Random value x A Agreed number Random value y Bob A x A Y Alice A Y A x (A Y ) x (A x ) y
24
25
26
27 Data Loss Detection/ Prevention Public Key
28
29
30 Encryption RSA Select two primes (p,q) Next, the n value is calculated. Thus: n = p x q = 11 x 3 = 33 Next PHI is calculated by: PHI = (p-1)(q-1) = 20 e selected so that GCD(e,PHI)=1 Public key: (n,e)
31 Bob Select two prime numbers: a and b n = a x b e is chosen so that e and (a-1)x(b-1) are relatively prime (no common factor greater than 1) d = e-1 mod [(a-1)x(b-1)] Public-key encryption Public key is now: <e,n> Private key is now: <d,n> Encryption Generating public and private keys
32 Eve Public key generates two keys: A public key and a private one. These are special in that if one is applied to encrypt, the other can be used to decrypt Public-key Public key are keys which relate to extremely large prime numbers (as it is difficult to factorise large prime numbers). It is extremely difficult to determine a private key from a public key. Public-key encryption Bob Encryption Communications Channel Decryption Alice Public key Public key Private key Private key Encryption
33 Public-key Public-key encryption Bob Eve Public key Encryption A. Bob creates the message. B. Bob encrypts with Alice s public key and sends Alice the encrypted message C. Alice decrypts with her private key D. Alice receives the message A Hello Communications Channel B Once Bob encrypts the message, the only key which can decrypt it is Alice s private key. Bob and Alice keep their private keys secret. Decryption Alice Public key Encryption Private key H&$d. C D Private key Hello
34
35
36 Data Loss Detection/ Prevention Hash Values
37 MD5 hash algorithm How do we get a finger-print for data? Bob Hello. How are you? Is this okay? Data Message Hash Authentication Eve With a fingerprint we can hopefully tell if Eve has modified any of the data Solved by Prof Ron Rivest with the MD5 hash signature.
38 MD5 hash algorithm Bob Hashing Algorithm (MD5) bit signature hello Hello Hello. How are you? Napier XUFAKrxLKna5cZ2REBfFkg ixqzu8rhepaoj6v4xhge1w CysDE5j+ZOUbCYZtTdsFiw j4nxh5mkrk4j13n1mfxhtg Message Hash Authentication hello Hello Hello. How are you? Napier Base-64 5D41402ABC4B2A76B9719D911017C592 8B1A9953C A827ABF8C47804D7 CC BF9AD833BEBF90239BF0F 8F83571F9324AE4E23D C7B6 Hex
39 SHA-1 hash algorithm Bob Hashing Algorithm (SHA-1) bit signature hello Hello Hello. How are you? Napier qvtghdzf6klavt4po0gs2a6pq00= 9/+ei3uy4Jtwk1pdeF4MxdnQq/A= Puh2Am76bhjqE5lbTWtwsqbdFC8= v4gxnavod2b09gr2tqw4yopouro= Message Hash Authentication hello Hello Hello. How are you? Napier Base-64 AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D F7FF9E8B7BB2E09B70935A5D785E0CC5D9D0ABF0 3EE876026EFA6E18EA13995B4D6B70B2A6DD142F BF81B135A F4F464764EAC38CA8A4EBABA Hex
40 MD5 hash algorithm Bob Hashing Algorithm (MD5) bit signature Message Hash Authentication Security and mobility are two of the most important issues on the Internet, as they will allow users to secure their data transmissions, and also break their link with physical connections. Security and mobility are two of the mast important issues on the Internet, as they will allow users to secure their data transmissions, and also break their link their physical connections. F94FBED3DAE05D223E6B963B9076C4EC +U++09rgXSI+a5Y7kHbE7A== Base-64 8A8BDC3FF80A01917D CFBF iovcp/gkazf9bdkaaghpvw== Hex
41 Hash Hash methods OpenSSL echo -n hello openssl md5 (stdin)= 5d41402abc4b2a76b9719d911017c592 echo -n hello md5sum 5d41402abc4b2a76b9719d911017c592 - root@kali:~# openssl md5 pw MD5(pw)= 859b6a9be3b45262c4414bd1696ba91b root@kali:~# md5sum pw 859b6a9be3b45262c4414bd1696ba91b pw Hash methods supported: md2 md4 md5 rmd160 sha sha1
42 MD5 hash algorithm Files/folders Hashing Algorithm (MD5) bit signature Hash signature Hash signatures are used to gain a signature for files, so that they can be checked if they have been changed. Message Hash Authentication [Path] / filename MD5 sum [C:\Windows\System32\] cpx 0a0feb9eb28bde8cd b03b cpx d69ae057cd82d04ee7d311809abefb2a 8point1.wav beab165fa58ec f32e124685d5 aaclient.dll ad45dedfdcf69a28cbaf6a2ca84b5f1e AC3ACM.acm 59683d1e4cd0b1ad6ae32e1d627ae25f Ac3audio.ax 4b87d889edf278e5fa223734a9bbe79a ac3filter.cpl 10b27174d e7a05f3c36acd2a accessibilitycpl.dll ac4cecc86eeb8e1cc2e9fe022cff3ac1 ACCTRES.dll 58f57f2f2133a2a77607c8ccc9a30f73 acledit.dll 0bcee3f d1b09d18e ZSHP1020.CHM c671ed21e6d27c94a49a754e975f5e0a [Path] / filename ZSHP1020.EXE 96e45ab81a9e8da835009d [C:\Windows\system32\] ZSHP1020.HLP a076932c7b1d590d6fffab727a4abc6a cpx ZSPOOL.DLL fae332da4762c6779a f cpx ZTAG.DLL 7ca836648e d9f3bff56679ee 8point1.wav ZTAG32.DLL 27b026cc7ee3b42745c fbfc52 aaclient.dll MD5 sum AC3ACM.acm Ac3audio.ax Cg/rnrKL3ozYNXFjQ7A7FA== 1prgV82C0E7n0xGAmr77Kg== vqswx6woxsuxhfmuekaf1q== ruxe39z2mijlr2osqetfhg== WWg9HkzQsa1q4y4dYnriXw== S4fYie3yeOX6Ijc0qbvnmg==
43 MD5 hash algorithm Files/folders Hashing Algorithm (MD5) bit signature Hash signature Hash signatures are used to identify that a file/certificate has not been changed. Bob Message Hash Authentication The digital certificate has an SHA-1 hash thumbprint (3f6a...89) which will be checked, and if the thumbprint is different, the certificate will be invalid.
44
45
46 Risk 4: One Password Fits All 150 million accounts compromised # Count Ciphertext Plaintext EQ7fIpT7i/Q= j9p+hwtwwt86amjgzflzyg== L8qbAD3jl3jioxG6CatHBw== password BB4e6X+b2xLioxG6CatHBw== adobe j9p+hwtwwt/ioxg6cathbw== djv7ZCI2ws= qwerty dqi0aswpyvq= LqYzKVeq8I= PMDTbP0LZxu03SwrFUvYGA== photoshop e6mpxq5g6a8= million accounts 6.5 million accounts (June 2013) One account hack leads to others 1 million accounts in plain text. 77 million compromised Dropbox compromised ,000 client accounts
47 Advanced Crypto 3. Hashing and Authentication Bob Alice Eve Salting Trent
48
49 Encryption Salting password $1$fred$bATAk8UUH/IDAp9sd6IUv/ 1 fred batak8uuh/idap9sd6iuv/ password batak8uuh/idap9sd6iuv/ fred C:\openssl>openssl passwd -1 -salt fred password $1$fred$bATAk8UUH/IDAp9sd6IUv/
50 # cat /etc/shadow root:$1$etg2exuz$f9ntp7omafhkilqabmqng1:15651:0:99999:7::: # openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1 $ openssl version OpenSSL 1.0.1f 6 Jan 2014 $ openssl dgst -md5 file MD5(file)= b1946ac92492d2347c6235b4d $ openssl genrsa -out mykey.pem 1024 Generating RSA private key, 1024 bit long modulus e is (0x10001 $ openssl rsa -in mykey.pem -pubout > mykey.pub writing RSA key $ cat mykey.pub -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXv9HSFkpM+ZoOQcpdHBZiUwX8 EzIKm0nsgjc5ZTYVaF9CMLtmKoTzep7aQX9o9nKepFt1kQ73Ta9vOPd6CX61/cgY Xy2tShw0imrtFaVDFjX+7kLmc0uWbFFCoZMtJxIaXaa9SV2kARxOCTJ2uOjRTCCe XU09IJGHnIhSNJeIJQIDAQAB -----END PUBLIC KEY----- $ cat /etc/shadow root:$1$etg2exuz$f9ntp7omafhkilqabmqng1:15651:0:99999:7::: $ openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
51 Data Loss Detection/ Prevention Authentication with Private Key
52 Public key encryption secret identity... trust Eve Trent Bob s Private Key Alice s Public Key Bob s Public Key Alice s Private Key
53 Public key encryption secret identity... trust Eve Trent Bob s Private Key Alice s Public Key Bob s Public Key Alice s Public Key Alice s Private Key
54 Public key encryption secret identity... trust Eve Trent Bob s Private Key Alice s Public Key Bob s Public Key Alice s Public Key Alice s Private Key
55 Public key encryption secret identity... trust Eve Trent Alice s Public Key Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Alice s Private Key
56 Public key encryption secret identity... trust Eve Trent Alice s Public Key Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Bob s Private Key Alice s Private Key
57 Public key encryption secret identity... trust Eve Trent Alice s Public Key Bob s Private Key Alice s Public Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Alice s Private Key
58 Public key encryption secret identity... trust Eve Trent Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Which key to open the message? Alice s Private Key
59 Public key encryption secret identity... trust Eve Trent Bob s Private Key Alice s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Which key to open the message? Alice s Private Key
60 Public key encryption secret identity... trust Eve Trent Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Which key to we open the signature with? Alice s Private Key
61 Public key encryption secret identity... trust Eve Trent Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Bob s Public Key Alice s Private Key
62 Public key encryption secret identity... trust Eve Trent Bob s Private Key Hello Alice, Wish you were here! - Bob Alice s Public Key Bob. Bob s Public Key Alice s Private Key
63 Using Bob s private key to authenticate himself Message Message MD5 Encrypted MD5 The magic private key Bob s private key Bob Bob s public key Authentication
64 Bob encrypts the message/hash with Alice s public key Message Message MD5 Encrypted MD5 Bob The magic private key Bob s public key Bob s private key Encrypted Content Alice s public key Alice Authentication Alice s private key
65 Bob encrypts the message/hash with Alice s public key Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Authentication Bob s public key Encrypted Content Alice s public key Alice s private key Alice
66 Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Bob s public key Alice Authentication Encrypted Content Message Encrypted MD5 Alice s public key Alice s private key
67 Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Bob s public key Alice Authentication Encrypted Content Message Encrypted MD5 MD5 (message) MD5 (result) Alice compares the MD5 values. If they are the same Bob sent the message
68 Data Loss Detection/ Prevention Digital Certificates
69 Identity on the Internet Identifies it is trusted (Digital Certificate) Keeps communications secure (encryption) Trent Bob Trap-door Eve
70 Digital certificates should only be distributed with the public key Bob This certificate has only the public key This certificate has both public and private key Digital Cert. Authentication
71 Digital certificates should only be distributed with the public key Bob P7b format -----BEGIN CERTIFICATE----- MIID2zCCA4WgAwIBAgIKWHROcQAAAABEujANBgkqhkiG9w0BAQUFADBgMQswCQYD VQQGEwJHQjERMA8GA1UEChMIQXNjZXJ0aWExJjAkBgNVBAsTHUNsYXNzIDEgQ2Vy dglmawnhdgugqxv0ag9yaxr5mrywfaydvqqdew1bc2nlcnrpysbdqsaxmb4xdta2 MTIxNzIxMDQ0OVoXDTA3MTIxNzIxMTQ0OVowgZ8xJjAkBgkqhkiG9w0BCQEWF3cu YnVjaGFuYW5AbmFwaWVyLmFjLnVrMQswCQYDVQQGEwJVSzEQMA4GA1UECBMHTG90 aglhbjesmbaga1uebxmjrwrpbmj1cmdomrowgaydvqqkexfoyxbpzxigvw5pdmvy c2l0etelmakga1uecxmcsvqxgtaxbgnvbamtefdpbgxpyw0gqnvjagfuyw4wggei MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCFETyJL8VXAhbEMRzQI0gM81 ci75nmmsoamjzcb6fhgemgowmycoscmqkrvjaknos+4mxznhcy3mdob+szbwovax M5FOxhSrV+Q86hsK8cDc+1sqyJ8TQtufuDNs0NfNY6tR6q7CgGqQ8/VjSxNqzK39 iluf1ahhycet/ab6o/qwzl4ivsz2nml4dyauyilhlplvbpphgde6sdqxwyd0cpfv ZN7pauD5fqBESfO6bUkCieI47AzRMQj3kHuDt7MexVW7aoX+nXLP4wn7IamaxasF QvhdOKyCZhYs82JQDGatXRCqkklztmZW5i6GkPsE7XVuX265WJQ5afhp2hYlAgMB AAGjggEXMIIBEzAdBgNVHQ4EFgQUzyZ/YcCJwT5opPHLPlcQKkOlkJwwYwYDVR0j BFwwWoAUlP5Zh0V700k6CorvRMWB9ifVkBmhP6Q9MDsxCzAJBgNVBAYTAkdCMREw DwYDVQQKEwhBc2NlcnRpYTEZMBcGA1UEAxMQQXNjZXJ0aWEgUm9vdCBDQYIBDTBN BgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vd3d3LmFzY2VydGlhLmNvbS9PbmxpbmVD QS9jcmxzL0FzY2VydGlhQ0ExL2NsYXNzMS5jcmwwPgYIKwYBBQUHAQEEMjAwMC4G CCsGAQUFBzAChiJodHRwOi8vb2NzcC5nbG9iYWx0cnVzdGZpbmRlci5jb20vMA0G CSqGSIb3DQEBBQUAA0EATOCwGJ1tS0kTlupmpjkMl8IdxMmD5WuhszjBlGsMhPxI H+vXhL9yaOw+Prpzy7ajS4/3xXU8vRANhyU9yU4qDA== -----END CERTIFICATE----- Authentication Digital Cert. The main certificate formats include: P7b. Text format PFX/P12. Binary. SST. Binary.
72 Encrypting messages to Alice Eve A. Bob creates the message. B. Bob encrypts with Alice s public key and sends Alice the encrypted message C. Alice decrypts with her private key D. Alice receives the message Bob A Alice Encryption Communications Channel Decryption Digital Cert. Authentication Hello H&$d. C B D Hello Alice sends her digital certificate with her public key on it Alice s private key
73 Authenticating Bob Bob A Alice Encryption/ Decryption Communications Channel Encryption/ Decryption Hello B Digital Cert. Bob s private key Hash H&$d. C D Alice s private key Hello Authentication Bob sends his Digital certificate to authenticate himself Alice checks the hash using Bob s public key from his certificate Hash
74 Advanced Crypto Bob Alice 5. Disk Encryption Eve Introduction Trent
75
76 Disk Encryption EFS EFS Drive or Folder encryption CER file Contains certificate. PFX Contains certificate and private key. Public key Private key Encryption key Header EFS
77 Disk Encryption Market Microsoft Bitlocker File/Folder Encryption Disk Encryption Check Point Full Disk Encryption Software TrueCrypt McAfee Endpoint Encryption Encryption Software Sophos SafeGuard Disk Encryption Axanum (.AXX) Disk Encryption
78 Disk Encryption FIPS FIPS Level 4 Physical security requirements more stringent. Robustness against environmental attacks. FIPS Level 3 Physical tamper-resistance. Identity-based authentication. Physical or logical separation between the interfaces by which where the key security parameters are entered or passed. Identity access (Fred) Isolation barrier FIPS Level 2 O/S must be compliant for Level 2 and above Physical tamper-evidence. Role-based authentication. Role access (Admin) FIPS (Federal Information Processing Standards) Level 1 Lowest level with limited requirements. NIST publish 140 publication series for cryptography FIPS May 2001 FIPS Software limited to L1/L2. Disk Encryption
79 Disk Encryption Access Password or passphrase File/Folder Encryption NapI5r123$ Disk Encryption USB drive with encryption key Biometric device (eg fingerprint reader) with Trusted Platform Module which holds the actual encryption key OTP device such as an RSA token Multi-factor authentication uses two or more of these Disk Encryption
80 Disk Encryption Access Non-encrypted in transit Non-encrypted In memory Non-encrypted in storage Directory structure API/DLL Integration (c:, d:, etc) Encryption Layer Disk Storage Cloud Storage Disk Image File Image Disk Encryption
81 Data Loss Detection/ Prevention TrueCrypt
82 Disk Encryption TrueCrypt TrueCrypt Advantages: Open-source. Windows/Linux/OS X. Free Disadvantages: If you lose the pass phrase almost impossible to recover. Current support is patchy. Password Salt (512-bit) PBKDF2 (Passwordbased Key Derivation Function) RFC 2898 Header Key (dklen) Header (contains material keys) Encryption: AES, Serpent, Twofish Serpent AES Authentication: RIPEMD-160, SHA-512, Whirlpool AES-Serpent DK = PBKDF2(PRF, Password,Salt, c, dklen) DK = PBKDF2(HMAC-SHA1, passphase, ssid,4096,256) Serpent. Ross Anderson et al bit key. 128-bit block (one of the AES finalists). Twofish. Bruce Schneier et all bit key. 128-bit block (one of the AES finalists). AES. FIPS-approved (Rijndael) bit key. 128-bit block. Disk Encryption
83 Disk Encryption TC TrueCrypt
84 Data Loss Detection/ Prevention Detecting Enc/Comp
85 Disk Encryption Detecting File Compression PKZIP: 50 4B [PK] GZIP: 1F 8B 08 Tar: Zlib: 78 01, 78 9C or 78 DA [ ] 50 4B D 6C 39 DA 4D PK...l9.M [ ] B8 0F E...'...an [ ] 69 6D 2E D 6C ED 54 D1 4E D 37 im.xaml.t.n.0.}7 [ ] F1 1F 9A 7E 00 C5 69 4C 24 B0 C4 CD A9 0F 6A 96...~..iL$...j. [ ] 8D 64 CF 15 EE A0 B1 B4 A4 2D 8A 7F 6F 2D 6C 63.d...-..o-lc [ ] CA F 7C 90 A7 02 E7 9C 7B EF 39 E9 0D {.9..W [ ] 4C A4 F2 05 D5 C AD 23 BC 2A D C9 L...S.#.*..e. File Encryption 47 c3 dd 4e ce af 76 d6 94 9d 5d d3 db 0d e4 ae af 57 e fd 14 7e f5 7d 02 7a b 2c d 54 1c 75 bb 54 0b f8 95 a9 92 d7 33 ad 2f 00 cb 8c 9f b2 bd 0f e3 aa 0a 59 6b f 5b f e3 32 ed c3 f cb f 3b Detecting compression/enc
86 Data Loss Detection/ Prevention SSL/TLS
87 Tunnelling Stack HTTP, FTP Telnet, POP-3 IMAP, SMTP Application TCP, UDP, SPX Transport IP, IPX, ARP, ICMP Ethernet, PPP, HDLC Cables, Signals Network Data Link Physical Network protocols
88 Tunnelling Stack Ports HTTP 80 HTTPs 443 TELNET 23 SSH 22 SMTP 25 SMTPs 465 POP POP-3s 995 HTTP, FTP Telnet, POP-3 IMAP, SMTP Application Application HTTPS (HTTP + SSL) FTP (FTP+SSL) SSH (Telnet+SSL) Transport TCP, UDP, SPX IP, IPX, ARP, ICMP Transport Network SSL Network SSL 1.0 SSL 2.0 SSL 3.0 [0x0300] SSL 3.1 (TLS 1.0) [0x0301] TLS 1.1 and 1.2 [0x0302] Ethernet, PPP, HDLC Data Link Data Link Secure Socket Layer Transport Layer Socket Cables, Signals Physical Physical Network protocols
89 Tunnelling Stack TCP [SYN] to Port 443 TCP [SYN,ACK] from Port 443 TCP [ACK] to Port 443 Client Hello (Start of Handshake) Application Transport SSL Network Data Link Physical TLS
90 Tunnelling Stack Client Hello Server Hello TLS
91 Tunnelling Stack Client Hello Public key Server Hello Client Key Exchange TLS
92 Disk Encryption TC openssl s_client -connect CONNECTED( ) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/c=us/st=california/l=mountain View/O=Google Inc/CN= i:/c=us/o=google Inc/CN=Google Internet Authority G2 1 s:/c=us/o=google Inc/CN=Google Internet Authority G2 i:/c=us/o=geotrust Inc./CN=GeoTrust Global CA 2 s:/c=us/o=geotrust Inc./CN=GeoTrust Global CA i:/c=us/o=equifax/ou=equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIEdjCCA16gAwIBAgIISVyALWN+akUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE --- SOx4I5L0D0jZYqKfJuImGcFwdIETq0EpCmkhJfGNHjVdzC/h/T61TmaY -----END CERTIFICATE----- subject=/c=us/st=california/l=mountain View/O=Google Inc/CN= issuer=/c=us/o=google Inc/CN=Google Internet Authority G2 --- No client certificate CA names sent --- SSL handshake has read 3719 bytes and written 446 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 9D92CEC32FA9F86C6D902081EE186C4FC68234FFF7B903D6621A86C98092BD51 Session-ID-ctx: Master-Key: B8A14DB1D3021E80B53F30EA94D2EEA155A995B926879B08E3D971EB16873D16F E2FA368D374716DB14A412 B Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: (seconds) TLS session ticket: fa 8d cb d 99 c8-b c ca 53 e9 bd...ps=.....s f8 8e ec 82 c1 56-ab d9 9b 36 c2 56 b0 db...v...6.v b d a5 02 ac 1f-34 fa fd 7c ba V...4.r! a ae e ef 8a e5-a a c ac *.....W(:.g d 14 bf b0 6d 96 9f cb-eb 0c 0a f a6 84 }...m...@._ e2 3b 98 0b e7 f4 b1 e1-04 be 15 6b 36 a5 57 b3.;...k6.w f2 f4 20 fe b5 7f-6b 10 4e 7a f9 b5 6d k.Nz..m ec 07 e6 f0 c b 30 f9 b0 d3 c I.1k0...% f e8 25 cc e6 0e 76 b1 45 b..3.%."2.t..v.e a cf 1b b0 97 7d d9 8d :`...}..G )... 00a0-6f 5a b4 f2 oz.. Client Hello: Versions: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA (rfc5246) Server Hello: Version: TLS_RSA_WITH_RC4_128_SHA Key Exchange: Public key (RSA) Encryption: RC4 Hash: 128-bit SHA (SHA-1) TLS_RSA_WITH_AES_256_CBC_SHA256 Key: RSA Enc: AES_256_CBC Hash: SHA256 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Key ex: DH_DSS Enc: 3DES_EDE_CBC Hash: SHA Start Time: Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) TrueCrypt
93 Tunnelling SSL Client Hello: Versions: TLS_RSA_WITH_RC4_128_SHA (rfc5246) Server Hello: Version: TLS_RSA_WITH_RC4_128_SHA Key Exchange: Public key (RSA) Hash: 128-bit SHA (SHA-1) Encryption: RC4 Session key Public key Private key Tunnel created (RC4, Hash: SHA-1) SSL Tunnelling
94 Data Loss Prevention 4. Encryption Public/private key. Hashing. Digital Certificates. Disk Encryption. Tunnels.
Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan
Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine).
More informationAdvanced Crypto. Introduction. 5. Disk Encryption. Author: Prof Bill Buchanan. Bob. Alice. Eve.
Advanced Crypto Bob Alice 5. Disk Encryption Eve Introduction Trent http://asecuritysite.com/crypto Market Microsoft Bitlocker File/Folder Encryption Disk Encryption Check Point Full Disk Encryption Software
More informationChapter 2: Secret Key
Chapter 2: Secret Key Basics Block or Stream? Secret Key Methods Salting AES Key Entropy Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Conclusion Encryption
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationVerify certificate chain with OpenSSL
Verify certificate chain with OpenSSL 1 / 5 Author : Tobias Hofmann Date : February 18, 2016 A good TLS setup includes providing a complete certificate chain to your clients. This means that your web server
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationAdvanced Crypto. Author: Prof Bill Buchanan
Advanced Crypto Bob Alice Ciphers and Fundamentals. Public key, private key and key exchange. Hashing and Authentication. Digital Certificates and Signing. Disk Encryption, Encryption Cracking and Encryption
More informationIncident Response Introduction. Risk Analysis. Risk Management. Outline of threats. Data Loss. Fundamentals.
Stateful PIX/ASA firewall Incident Response Introduction. Risk Analysis. Risk Management. Outline of threats. Data Loss. Fundamentals. Eve Bob Trent Bob Alice Inc Response Types Stateful PIX/ASA firewall
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationTLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationThe Risks and Opportunities of Mobile Working within Cloud Environments
The Risks and Opportunities of Mobile Working within Cloud Environments http://asecuritysite.com Prof Bill Buchanan, Adrian Smales DFET Training in Napier Cloud Campus-based training On-site training Mac
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationFun with Certifictee Oitober 20, 2018
bc - an arbitrary precision calculator language Windows: http://gnuwin32.sourceforge.net/packages/bc.htm macos: should come built in Linux: should come built in Flags: -l : uses mathlib libraries and makes
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationThe Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.
The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationInternet and Intranet Protocols and Applications
Internet and Intranet Protocols and Applications Lecture 10: Internet and Network Security April 9, 2003 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu What is network
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationThreat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji
Threat Pragmatics & Cryptography Basics PacNOG20 3-7 July, 2017 Suva, Fiji Issue Date: [31-12-2015] Revision: [V.1] Why Security? The Internet was initially designed for connectivity Trust is assumed,
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationCIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. NOTE: Router E should only be used for Internet traffic. Router A Router
More informationCIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1
Version 1 1. (20 Points) Given the class A network address 117.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 4,000 subnets? b. (5 Points) What is
More informationEncryption 2. Tom Chothia Computer Security: Lecture 3
Encryption 2 Tom Chothia Computer Security: Lecture 3 This Lecture Counter Mode (CTR) enryption Diffie Helleman key exchange Public Key Encryption RSA Signing Combining public and symmetric key encryption
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationTransport Layer Security
Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationScan Results - ( Essentials - Onsharp )
Scan Results - www.onsharp.com ( Essentials - Onsharp ) Overview Open Ports (18) Scan ID: 7675527 Target: www.onsharp.com Max Score: 2.6 Compliance: Passing PCI compliance, Expires undefined Profile: 15
More informationIntroduction to Cyber Security Week 2: Cryptography. Ming Chow
Introduction to Cyber Security Week 2: Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Understand the difference between
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationCIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1
Version 1 1. (20 Points) Given the class A network address 121.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 8,100 subnets? b. (5 Points) What is
More informationSECURITY IN NETWORKS 1
SECURITY IN NETWORKS 1 GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity 2. 1 WHAT IS NETWORK SECURITY? Con dentiality:
More informationPGP: An Algorithmic Overview
PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More informationComputing Science: Now and The Future
Computing Science: Now and The Future Inc. Computer Security Prof Bill Buchanan, Twitter: @billatnapier Web: asecuritysite.com, brightredbooks.net Xmas Cyber Lectures (3000 pupils 4 cities) + IET Xmas
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity WHAT IS NETWORK SECURITY? Con dentiality: only
More informationContent and Purpose of This Guide... 1 User Management... 2
Contents Introduction--1 Content and Purpose of This Guide........................... 1 User Management........................................ 2 Security--3 Security Features.........................................
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationLet's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX
Let's Encrypt - Free SSL certificates for the masses Pete Helgren Bible Study Fellowship International San Antonio, TX Agenda Overview of data security Encoding and Encryption SSL and TLS Certficate options
More informationCIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1
Version 1 1. (20 Points) Given the class A network address 119.0.0.0 will be divided into a maximum of 15,900 subnets. a. (5 Points) How many bits will be necessary to address the 15,900 subnets? b. (5
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More information6 Cryptographic Techniques A Brief Introduction
6 Cryptographic Techniques A Brief Introduction 6.1 Introduction to Cryptography 6.2 Symmetric Encryption 6.3 Asymmetric (Public-Key) Encryption 6.4 Digital Signatures 6.5 Public Key Infrastructures Literature:
More informationCIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. Router A Router B Router C Router D Network Next Hop Next Hop Next Hop Next
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationProtocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec
Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Author: Gwen Dente, IBM Gaithersburg, MD Acknowledgments: Alfred Christensen, IBM Erin Farr, IBM Christopher Meyer, IBM Linwood Overby, IBM Richard
More informationTriple DES and AES 192/256 Implementation Notes
Triple DES and AES 192/256 Implementation Notes Sample Password-to-Key and KeyChange results of Triple DES and AES 192/256 implementation For InterWorking Labs customers who require detailed information
More informationComputer Communication Networks Network Security
Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1 Network Security Goals: understand principles of network security: cryptography and its many uses beyond confidentiality
More informationCIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1
Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationAlice in Cyber world
Alice in Cyber world Protecting Secrets in The Connected World K.S.Sreedharan Director IT Zoho Cast Alice Claude Eve Bob Govan Story So Far Symmetric Key Asymmetric Key Twist in the Tale Claude Convenience
More informationCisco VPN 3002 Hardware Client Security Policy
Introduction This non-proprietary Cryptographic Module Security Policy describes how the VPN 3002 and 3002 8E Hardware Client (Firmware version FIPS 3.6.7.F) meets the security requirements of FIPS 140-2,
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More information