### Create a StudySoup account

#### Be part of our community, it's free to join!

Already have a StudySoup account? Login here

# Network Security CPSC 6128

GPA 3.91

### View Full Document

## 15

## 0

## Popular in Course

## Popular in ComputerScienence

This 8 page Class Notes was uploaded by Earlene Cremin III on Sunday October 11, 2015. The Class Notes belongs to CPSC 6128 at Columbus State University taught by Staff in Fall. Since its upload, it has received 15 views. For similar materials see /class/221211/cpsc-6128-columbus-state-university in ComputerScienence at Columbus State University.

## Similar to CPSC 6128 at

## Popular in ComputerScienence

## Reviews for Network Security

### What is Karma?

#### Karma is the currency of StudySoup.

#### You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/11/15

Chapter 1 What is Information Security In this course we shall present information security as an essential element in the management of any large organization it does not guarantee success but is required for success In mathematical terms a good information security program is necessary but not sufficient for the success of the organization One key part of information security is risk assessment What is the value of the assets to be protected and how does that relate to the cost of protecting the asset This course will address risk assessment brie y the topic is covered in detail in another course In most business environments risk is assessed in monetary terms We should note that there are some settings for which monetary assessments are not appropriate We consider two scenarios here First consider the story of Midway correctly recounted on page 5 of the textbook A clever trick was used to induce the Japanese to reveal that the code phrase AF stood for Midway Island in the Paci c and thus that their next attack would be on Midway This persuaded the Americans to concentrate their sparse assets on the defense of Midway and to win the battle What would have happened if the Americans had followed another strategy and lost the battle of Midway is hard to imagine it is impossible to place a monetary value on such a loss As another example consider a 500kiloton hydrogen bomb along with whatever information is required to arm and detonate the bomb The cost of producing such a bomb is almost certainly classified but it could be stated Compare the bomb to a pile of gold of equal value We see immediately that the monetary value of the object is not a true measure of the importance of protecting it A terrorist with access to that amount of gold would have trouble transporting it and could do little harm by using it directly What a terrorist could do with a 500kiloton weapon has been imagined many times in the movies it is not pleasant This course will not focus on the assignment of value to assets but will just assume that the value is sufficient to warrant their protection Another aspect of information security is the portability of wealth In ancient times wealth was not very portable if I wanted to steal a man s assets I would have to steal quite a few donkeys camels goats etc Later wealth became codi ed into inanimate objects such as piles of gold While gold may be more portable than some livestock it is still not convenient to carry At the current value of about 300 per ounce or 5000 per pound one would have to steal ve tons of gold to have stolen fty million dollars In the nineteenth century and somewhat earlier paper currency came into wide usage This allowed greater ease in transfer of assets 7 in fact the US government printed notes with values of 10000 and 100000 Although the 100000 notes were never available to the general public one could at one time get the 10000 notes The transfer of 50 million using these notes required that one have only 5000 of them 7 a matter for a large briefcase Today one can steal 50 million just by stealing a number of an account and knowing what to do with it In the world of Electronic Funds Transfer EFT a 50 million transaction is only a bit larger than usual 7 it would not cause any special concern Just transfer the money to another account and then disperse it before the money is noted as missing The purpose of this last discussion is not to encourage theft but to note that as the commercial world evolves to facilitate transfer of wealth that information itself becomes valuable More on Communications Security There are numerous stories about attempts by some to communicate information securely and the attempts by others to disrupt those communications We mention a few by way of illustrating certain aspects of the problem of communication security We here focus on methods of communication that require the information to be written on a physical medium One of the earlier methods for such communication has been called the Caesar Cipher after Julius Caesar who reputedly invented it A correct assessment of this cipher must account for the fact that most people in that day were illiterate so that the mere act of writing something on paper was enough to obscure the message The story of the Enigma machine is quite compelling when told completely What the book reports is true 7 if the machine had been used correctly it would have been extremely difficult for the allies to decipher any of the messages The most serious aws were human 1 The Germans ignored the lessons that should have been learned from the First World War During that con ict the British had captured a submarine with its cipher system not an Enigma intact and had been able to read the German ciphers for quite some time This had become known to the German High Command sometime before the beginning of the Second World War but they did not take any precautions when they again lost a few submarines during that war As a result the British had a few free rides when they were using the actual German cipher book to decrypt German messages immediately 2 As a precaution the Germans changed cipher keys periodically When this happened it caused the British some problems Unfortunately for the Germans it caused their operators some problems also and they frequently requested and received the same message in the older key If the older key were known to the British it facilitated breaking the new one 3 German military messages were highly structured with standard salutations and closures Since these text segments were always present in the messages it gave the British known text for which to search greatly facilitating decryption 4 The Germans never showed a proper skepticism of the security of their system even when presented with evidence of possible compromises Bottom line One can badly misuse even the best system Put another way 7 no system is perfect if humans can get at it CPSC 6128 7 Network Security Name Spring 2004 LABORATORY EXERCISE 2b Second Encryption Exercise Key Recovery and Key Escrow This is an experiential lab exercise You must complete this exercise with your classmates One of the problems with any type of encryption system 7 publickey or secretkey 7 is key management Decryption keys and moduli are usually very long numbers that are impossible for most human beings to remember Face it many people have trouble remembering their passwords or PINs much less a 100 or ZOOdigit key The solution is to store these numbers on a secondary memory device that s not easily accessible by unauthorized third parties 1 perhaps on a diskette that one keeps in a secure place There are two possible problems 39 Even a key that is kept in a secure location can be compromised 7 discovered or stolen by an unauthorized third party Anyone who suspects that hisher key has been compromised should get a new key The storage device on which the key is stored could be destroyed or corrupted In either case the key is lost One possible solution is to ask a trusted third party maintain a copy of the key This assumes that one can nd such a trusted third party An individual may be willing to trust a close friend but this is not possible for a business A second solution is to split the key into two or more parts and ask a ali erent third party to store each part The purpose of this laboratory exercise is to explore one method for doing this This method is based on a famous mathematical theorem called the Chinese Remainder Theorem To make things easy you will be using threedigit keys This is also the basic idea behind the various keyescrow proposals from the United States government All keys would be split into two or more parts with each part entrusted to a different public or private agency The idea is that the police could recover the key without the individual s knowledge by obtaining warrants against each of the escrowing agencies This would permit the police to listen in on encrypted communications or to read encrypted files without the key holder s knowledge We will be discussing these proposals in class 1 The sender and receiver of the encrypted message 7 usually called Alice and Bob 7 are the first and second party CMPT 109 Lab Exercise XIV N E 4 V39 05 gt1 Spring 1998 page 2 Launch Excel and open the le httpcsc colstate J NOTES61quot8 labs encrvptionkevsharxls Choose Add Ins from the Tools menu and be sure that the Analysis ToolPak is checked Click on the tab for labeled Key Splitting This reveals a worksheet for splitting a threedigit key into three parts Use the last three digits of your SSN as the threedigit key value Enter this value in cell B6 Record this value below Ifthey re not already there enter the values 11 13 and 16 in cells B14 B15 and B16 respectively These values are your moduli It is not absolutely necessary to use the three moduli above You could choose any three numbers between the cube root of 1000 7 10 7 and the square root of 1000 7 approximately 31 7 such that no pair of moduli has any common factor larger than 1 For example you could choose 14 15 and 23 Record your three moduli below The spreadsheet will split your key into three pieces by dividing by each of the moduli and taking the remainder The three pieces of your key will appear in cells C14 C15 and C16 Record the values ofthese pieces below In reality one would ask three different parties to each store one piece Instead write down your three moduli and the corresponding three pieces on sheet of paper and exchange pieces with a student at another computer Click on the tab labeled Key Recovery This reveals a worksheet for recovering a key from its three parts 2 Moduli is the plural of modulus a term you encountered in the first encryption exercise These moduli are not really the same as the modulus in the RSA publickey encryption method However they are both applications of the same basic mathematical concept CPSC 6128 7 Network Security Name Spring 2004 LABORATORY EXERCISE 2a PublicKey Encryption When one transmits data over a packetswitched network like the Internet a packet sni er at any node along the transmission path can detect packets with potentially useful information Unfortunately some of this information for example credit card numbers or other private information is most useful to people with dishonorable and often crimi nal intentions As commerce over the Internet 7 and other vulnerable longdistance networks 7 increases this problem becomes more critical Private data stored on a computer that s accessible over a network is also vulnerable One solution to this problem is to encipher data one wants to keep private In other words one can somehow scramble the data so that it s unrecognizable to anyone who does not have the necessary key to unscramble 7 or decipher 7 it In socalled traditional encryption techniques the same key is used for enciphering or encryption and deciphering or decryption The key is typically a large number that is used to mathematically transform the message The problem then becomes the secure transmission of the key itself One solution to this problem is to use two different keys 7 one for encryption and the other for decryption Alice could then send her encryption key to Bob 1 who could use it to send an encoded message back to Alice Provided Alice keeps her decryption key private no one who intercepts the message will be able to decode it2 In fact Alice could make her encryption key publicly available so that Carol David Egbert or anyone else who wants to do so can send her an encoded message So long as she keeps her decryption key secret no one else will be able to read messages meant only for Alice For this reason this type of system is called a public key encryption system Often the encryption key is called the public key and the decryption key is called the private key In this lab you will be working with a simplified 7 and not very secure 7 version of one of the most popular publickey systems the RSA public key encryption system3 Like all publickey systems the keys are derived using a trapdoor operation 7 an operation that is easy to do but difficult to undo In RSA this operation is the multiplication of two large prime numbers it is easy and fast to multiply the two numbers together but it is significantly more difficult and time consuming to factor the resulting number back into its prime components In this lab experience you will be using relatively small primes only three digits to see how this system works 1 Alice and Bob are the parties to encrypted data exchanges throughout the literature on encryption If a third party is needed she s often named Carol for some reason 2 I m assuming that Alice is using socalled strong encryption Otherwise a cryptanalyst7 someone whose profession is breaking codes 7 who intercepts the message will still be able to decode it Nam ed for its inventors 7 Ron Rivest Adi Shamir and Leonard Adelman CMPT 109 Name Lab VIII page 2 To explore this system in more depth you will be exchanging encrypted messages with your classmates 1 N E A Launch Microsoft Excel and open the spreadsheet httpcsc colstate J summersNOTES6128labsencrv quot xls You may see a warning message informing you that the workbook contains macros Since you will not need these macros to use the workbook they are left over from an older and less efficient version of this lab click on the Disable Macros button This spreadsheet makes use of some specialized functions that are not part of the standard function set in Microsoft Excel However they are included in an extra set of functions called the Analysis Toolpak From the Tools menu choose Addlns In the dialogue box click on the check box to the left ofthe entry Analysis Toolpak When a checkmark appears click on OK If necessary click on the tab for the Key Selection worksheet Use a random process to choose two different prime numbers p and q between 137 and 311 displayed in a list in cells g5l15 Enter these primes in cells B6 and B7 Be sure that cells C6 and C7 both display the message OK The spreadsheet automatically computes the modulus the product pq in cell B8 and the Euler totient the product p1q1 in cell B9 Note that the Euler totient would be difficult to determine from the modulus by itself one needs to know the two primes Write your two primes your modulus and your Euler totient below p q modulus Euler totient Choose a small number no more that two digits that has no factors except 1 in common with the Euler totient Enter this number as your public key and enter it in cell B15 If cell C15 displays the message Invalid Public Key you need to select a different public key When you have chosen a valid public key the message OK will appear in cell C15 The spreadsheet will automatically compute your private key in cell B20 The private key is chosen so that Public KeyPrivate Key leaves a remainder of one when divided by the Euler totient This would not be possible if the private had a factor other than 1 in common with the Euler totient Write your public and private keys below Public key Private key CMPT 109 Name Lab VIII page 3 V39 0 gt1 0 Once both you and your partner have each created a modulus and pair of keys you are ready to exchange encrypted messages Give your modulus and public key to your classmates Do n0t give your classmates your private key or Euler totient In return your classmate will give you herhis public key and modulus Click on the tab for the Encoding worksheet Enter your classmate s modulus and public key in cells B6 and B7 Write these values below Classmate s modulus Classmate s public key Enter a message in cell B1 1 This message should consist ofa string of fteen or more CAPITAL LETTERS with no spaces or punctuation marks The spreadsheet will encipher only the first fteen letters of your message Your message could be a short phrase or sentence your mother s name or your pet iguana s name For example I used ABCDEFGHIJKLMNO to test this spreadsheet Note that a message to be enciphered is usually called plaintext The enciphered form of the message is called the ciphertext The enciphered form of the message the cipherteXt should appear in cell B13 This may take a few seconds The spreadsheet determines the cipherteXt as follows Split the plainteXt up into blocks of three letters called trigraphs Obtain a numeric representation for each letter based on its position in the alphabet A gt0 B gtl etc Compute a numeric code for each trigraph using the formula First Letter Code 262 Second Letter Code 26 Third Letter code For the mathematically inclined this is interpreting each trigraph as a number in base twentysix Encipher each plainteXt trigraph code by computing Plaintext trigraph codePUbliC Key dividing the result by the Modulus and taking the remainder Convert each enciphered trigraph code into a quadragraph 7 a block of four letters 7 as follows 39 Divide the code by 26339 The quotient is the code for the first letter of the quadragraph The spreadsheet uses the remainder to get codes for the other three letters Divide the remainder from the first step by 262 The quotient is the code for the second letter The spreadsheet uses the remainder to get the codes for the other two letters CMPT 109 Name Lab VIII page 4 0 O 39 Divide the remainder from the second step by 26 The quotient is the code for the third letter and the remainder is the code for the fourth letter For the mathematically inclined this quadragraph calculation determines the representation of the enciphered message as a fourdigit number in base twentysix using the letters of the alphabet as our digits Some of the details of this calculation appear in cells A16K38 of the Encoding worksheet Enter the plainteXt and cipherteXt below Show the steps of the conversion process in the table Plaintext Ciphertext Give the cipherteXt but not the plaintext to your classmate In return your classmate will give you a cipherteXt message Record the cipherteXt message from your classmate below In the rest of this exercise you will be deciphering this message Ciphertext from classmate Click on the tab for the Decoding worksheet Enter your modulus and your private key in cells B6 and B7 of this worksheet Enter the cipherteXt you received from your classmate as the Encrypted Message in cell B13 The deciphering process is similar to the enciphering process 0 Split the cipherteXt up into quadragraphs instead of trigraphs 0 Obtain the numeric representation for each letter and compute a numeric code for each trigraph using the formula First Letter Code 263 Second Letter Code 262 Third Letter Code 26 Fourth Letter Code Encipher each cipherteXt quadragraph code by computing

### BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.

### You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

## Why people love StudySoup

#### "There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

#### "I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

#### "Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

#### "It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

### Refund Policy

#### STUDYSOUP CANCELLATION POLICY

All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email support@studysoup.com

#### STUDYSOUP REFUND POLICY

StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here: support@studysoup.com

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to support@studysoup.com

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.