### Create a StudySoup account

#### Be part of our community, it's free to join!

Already have a StudySoup account? Login here

# CryptographyComp Netwk Sec ECE 646

Mason

GPA 3.94

### View Full Document

## 18

## 0

## Popular in Course

## Popular in ELECTRICAL AND COMPUTER ENGINEERING

This 25 page Class Notes was uploaded by Antonina Wuckert on Monday September 28, 2015. The Class Notes belongs to ECE 646 at George Mason University taught by Staff in Fall. Since its upload, it has received 18 views. For similar materials see /class/215031/ece-646-george-mason-university in ELECTRICAL AND COMPUTER ENGINEERING at George Mason University.

## Reviews for CryptographyComp Netwk Sec

### What is Karma?

#### Karma is the currency of StudySoup.

#### You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/28/15

ECE 646 Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M1 M2 M3 M4 M5 time EK Using Session Keys amp Key Encryption Keys K1 K2 K3 if if if i tlme ii i a IEKEKK1 EKEKK2 EKEKK3 M1 M2 M3 M4 M5 time Key Distribution Center KDC KBimC Kcm IDil C Simple key establishment protocol based on KDC KAil C KBilGC KCJGC IDil C let me talk Bob KBKDC A1iceaa 23 KAKDC BOb KAB Alice Bob KAVKDC KBVIQC Key establishment protocol based on KDC IAil C KBimC 1 let me talk with Bob 2 KAKDC BO KAB tiCketBob 3 ticketB0b KBKDC Alice K AB B Bob IArKDC KBrIGC Alice Key agreement Alice Bob A 5 private key B s private key A s public key B s public key V Secret derivation Key derivation Key derivation Key of A and B Key OfA and B Dif eHellman key agreement scheme Alice Bob 0t q global pubhc elements X yA0t Amodq yBotXBmodq XA Key derivation Key derivation l 1 Key K AB Key K AB Maninthemiddle attack Alice Bob A 5 private key B s private key A s public key B s public key Charlie Secret C s public C s public derivation key key I Key of A and C Key OfB and C Secret derivation Does public key cryptography have an Achilles heel Alice Bob Bob send me your public key Alice Bob s public key Bob message encrypted using Bob s public key Charlie Does public key cryptography have an Achilles heel Alice Bob Bob send me your public key Alice Bob spublirkey Bob Charlie s public key message encrypted using BoberpubHrkey Charlie s public key Charlie Does public key cryptography have an Achilles heel Alice Bob send me your public key Alice Bob spublirkey Bob Charlie s public key message encrypted message reencrypted using Charlies s 115mg BOb S public key Charlie PUbliC key Directory of public keys 1 On line 1 A L Alice Alice s public key Bob Bob s public key Charlie Charlie s public key Dave Dave s public key Eve Eve s public key Bob Bob s public key Alice message encrypted using Bob s public key Bob Charlie Directory of public keys 2 On line 1 A L Alice Alice s public key Bob Bob s public key Charlie Charlie s public key Dave Dave s public key Eve Eve s public key Alice message encrypted using WWuHirkey BOb Charlie s public key Charlie Directory of public keys 3 On line 1 A 1 Alice Alice s public key Bob Bob s public key Charlie Charlie s public key Dave Dave s public key Eve Eve s public key Alice BOb message encrypted message reencrypted using Charlie s using Bob s public key Charlie public key PGP Flow of trust Manual exchange of public keys Las Vegas Edinburgh Bob ltgt David David ltgt Betty Bob David Betty Washington New York London David send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key Certification Authority Proof of identity Certlflcatlon Authority Public key of Bob Certi cate Public key of Certi cation Authority Certificate User s distinguished name User s public key User s Credentials Serial number Issuer name Expiration date CA s signature Distinguished Name DN according to X500 Example Common name CN Kris Gaj Country name C US State or province name ST VA Locality name L Fairfax Organization name 0 George Mason University Organizational unit name OU ECE Other elds permitted Street address SA Description D Post office box PO BOX Telephone number TN Postal code PC Serial number SN Title T The exact X509 Certificate Format A t Version Signature identifier E Issuer Name N 5 5 Period of 5 validity p Subject Name Suhject39s public info v Extensions v I m x509 1minute Stalllngs 2003 Nonrepudiation only Alice Bob M SGNAM CertCAA KUA Alice s private key KR A CA s public key KUCA Notation KUX public key of X SGNXM signature of X KRX private key of X for the message M CertYX KUX certi cate issued by Y for the user X Confidentiality only On line 1 A L Cerium KUA Cerium KUB Cert C KU CertCAB KUB Ce 11 D KUE KABMa KUBKAB Alice Bob CA s public key KUCA Bob s private key KRB Confidentiality and Nonrepudiation On line J41 CertCAA KUA CertCAB KUB CertCAC KUC CenCAm KUD CenCAaa KUB SGNAM3 Ce CAA KUA3 KABM3 KUBKAB Alice Bob Alice s private key KR A CA s public key KUCA Bob s private key KRB CA s public key KUCA Public Key Infrastructure M SGNAM CertGMUA KUA CertFairfaXGMU KUGMU CertVAFairfaX KUFairm CertUSVA KUVA VeriSign PublicKey Certi cate Classes Sta ings 2003 Certi cate Revocation Lists CRLs Issue time Issuer CA s name Serial numbers of revoked certificates CA s signature Certificate is valid if 0 it has a valid signature of CA 0 did not expire 0 is not listed in the CA s most recent CRL The exact X509 CRL Format Signature identifier Issuer Name This Update Date Next Update Date Remked certificate Revoked certificate 1hA crlilimtvlhvorzltionList Stallinga Advantages of Certification Authorities over Key Distribution Centers CA does not need to be online CA is relatively easy to implement CA crash no new users in the network but all old users operate normally certi cates are not security sensitive they can be stored in a public database and transmitted over a public network compromised CA cannot decrypt messages without first impersonating one of the users only active attacks can be mounted using CAs private key Authenticated key agreement A ys static A s static B s static B s static private key 3939 3939 public key public key 1 39 private ke A s ephemeral B s ephemeral private key B s ephemeral public key private key A s ephemeral public key Key derivation 1 key key Pretty Good Privacy PGP Email Security email is one of the most widely used and regarded network services 0 currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system Pretty Good Privacy PGP widely used de facto secure email developed by Phil Zimmermann selected best available crypto algs to use integrated into a single program available on Windows UniX Macintosh and other systems originally ee now have commercial versions available also PGP Authentication Only Source A 4 Dcslinalion 3 hm Hum KU u unprin i1 Amhmuimlion om Notation M message H hash function EP public key encryption concatenation Z compression using ZIP algorithm KRa private key of user A KUa public key of user A Nonrepudiation Alice Bob Message Signature Message Signature function Hash value 1 39 Hash value2 39 l Public key cipher cipher Alice s private key Alice s public key PGP Con dentiality Only A Aulln nliculion uni hm N l Notation M message Z compression using ZIP algorithm EC DC classical secretkey encryption decryption EP DP public key encryption decryption concatenation KS session key KRb private key of user B KUb public key of user B Hybrid Systems Sender s Side 2 Alice 1 session key random Secret key cipher Public key cipher Bob s public 3 key Ses51011 key Message encrypted encrypted using k Bobs public key us1ng sess1on ey Hybrid Systems Receiver s Side 2 Bob Q session key I random Secret key cipher Public I key 5110116r Bob s private key 8655103 key Message encrypted encrypte usmg using session key Bob 5 public key PGP Con dentiality and Authentication hm JKiI Ku nmpm39c C 39umidcmiulil Lind authentication Notation M message H hash function Z compression using ZIP algorithm EP DP public key encryption decryption concatenation EC DC classical secretkey encryption decryption KS session key KRa KRb private key of user A B KUa KUb public key of user A B Transmission and Reception of PGP Messages com mi h x e 4 mm mdn gt4 71 w M V m am pl m X K DKRJhk39bhlksll WI 41 Yes unmpi Le X X e himblel H kid my com cm In rudi gt4 quip sign unrc mm X mil nulme 51mm Stallings 2003 PGP Operation Compression 0 by default PGP compresses message after signing but before encrypting so can store uncompressed message amp signature for later veri cation amp because compression is non deterministic uses ZIP compression algorithm 20 Major idea behind ZIP compression the brown fox jumped over the brown foxy jumping frog 13 1 54 the brown fox jumped over ogadnd y 0mm ing frog Stallings 2003 Radix64 Conversion 4 4 characters 32 bits Stallings 2003 21 Radix64 Encoding 6bit Value character 6bit value character el 39 en 39 to lug 6bit value character encoding at mg 0 A 7 Q B I7 R 2 C I8 S 3 D 19 T 4 E 20 l 5 F 2 V 1 G 22 W 7 ll 23 X 8 I 24 Y 9 25 Z 0 K 26 a L 27 I II M 28 C I N 29 I I4 0 30 c S P 3 I l39 6 Iit value character encoding 48 u 49 50 5 I Z 52 0 53 54 2 55 1 56 4 57 i 38 1 59 7 60 8 1 9 62 3 y pad Stallings 2003 General Format of PGP Message unlenl insinu km culnpnucm signature lemm Kc IL ormcipaum puhlic kc 5minquot kc mg Thnk39sl mp Dam t In 391 t Elm Operation A A 71139 HA V RIM Stallings 2003 22 Summary of PGP functions Function Algorithms Lsed Description A hash code ei39a mess is created using SI A7 I This message igcst is encrypted using D55 or RSA with the sender39s private lie and included with the message s encrypted using AS 128 t with a onetime session id The 10 Digital signature A or RSA SllA Message CIICJ39 piioii CAST oi39 IDEA or it lleliman or i public key and EC ii e Triple DES with Dit fierllellmanor 1 m i witi e 1 included with the mess I A mes may be compressed for storage Compiession le v k or tiani on using ZIP To provide transparency for email anlieations an ener 39 ted ii age mar be Email eompatibilitv Radix 64 conversion l l w g l convened to an ASCII sti using iadi 4 Com ei39sIOn To accommodate maximum message size limitations PGP ei39l39oi ms segmentation and reassembly Segmentation 7 Stallings 2003 Private Key Ring Private Key Ring Stallings 2003 23 Public Key Ring Public Key Ring 391 I icld ust 10 indc lahlc Stallings 2003 PGP Message Generation Without compression or radix64 conversion uhlic kc ring puxsph msc l39r u uc kc ring In sclccl IE Kc ll cncr mud prh mu kc puhlic kc I l7 message RNU 351ml kc A utpul signAlum musage mgr plcd xi gnulurc message Stallings 2003 24 PGP Message Reception without compression or radix64 conversion msphmsc l l39iHllC kc ring Public m ring cncr pied pm me kc CllCl39 pied message signuiurc nmlm39c message Stallings 2003 PGP Flow of trust Manual exchange of public keys Las Vegas Edinburgh Bob ltgt David David ltgt Betty Bob David Betty Washington New York London David send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key 25

### BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.

### You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

## Why people love StudySoup

#### "There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

#### "I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

#### "Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

#### "It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

### Refund Policy

#### STUDYSOUP CANCELLATION POLICY

All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email support@studysoup.com

#### STUDYSOUP REFUND POLICY

StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here: support@studysoup.com

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to support@studysoup.com

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.