Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Assignment # 3

advertisement 
Assignment # 3
1. Using the notation above describe in detail the following protocols:
a. Kerberos
b. Diffie-Hellman key exchange
a. Kerberos





KAS is a pre-established secret key known only to A and S
Likewise, KBS is known only to B and S
KAB is a session key between A and B, freshly generated for each run of the
protocol
TS and TA are timestamps generated by S and A, respectively
L is a 'lifespan' value defining the validity of a timestamp
A asks S to initiate communication with B
S generates a fresh KAB, and sends it to A together with a timestamp and the same
data encrypted for B.
A passes on the message to B, obtains a new TA and passes it under the new
session key
One can specify the protocol as follows in security protocol notation where Alice
(A) authenticates herself to Bob (B) using a server S. B confirms receipt of the
session key by returning a modified version of the timestamp to A. We see here
that the security of the protocol relies heavily on timestamps T and lifespans L as
reliable indicators of the freshness of a communication. In relation to the
following Kerberos operation, it is helpful to note that the server S here stands for
both authentication service (AS), and ticket granting service (TGS). In
,
is the client to server ticket,
is the authenticator, and
confirms B's true identity and its recognition of A. This is
required for mutual authentication.
b. Diffie-Hellman key exchange
The simplest, and original, implementation of the protocol uses the multiplicative group
of integers modulo p, where p is prime and g is primitive mod p. Modulo (or mod) means
that the integers between 0 and p − 1 are used with normal addition, subtraction,
multiplication, and exponentiation, except that after each operation the result keeps only
the remainder after dividing by p.
1. Alice and Bob agree to use a prime number p=23 and base g=5.
2. Alice chooses a secret integer a=6, then sends Bob (ga mod p)
o 56 mod 23 = 8.
3. Bob chooses a secret integer b=15, then sends Alice (gb mod p)
o 515 mod 23 = 19.
4. Alice computes (gb mod p)a mod p
o 196 mod 23 = 2.
5. Bob computes (ga mod p)b mod p
o 815 mod 23 = 2.
Both Alice and Bob have arrived at the same value, because gab and gba are equal. Note
that only a, b and gab = gba are kept secret. All the other values are sent in the clear. Once
Alice and Bob compute the shared secret they can use it as an encryption key, known
only to them, for sending messages across the same open communications channel. Of
course, much larger values of a,b, and p would be needed to make this example secure,
since it is easy to try all the possible values of gab mod 23 (there will be, at most, 22 such
values, even if a and b are large). If p was a prime of at least 300 digits, and a and b were
at least 100 digits long, then even the best known algorithms today can not find a given
only g, p, and ga mod p. g need not be large at all, and in practice is usually either 2 or 5.
2. A noted computer security expert has said that without integrity, no system can
provide confidentiality.
a. Do you agree? Justify your answer.
b. Can a system provide integrity without confidentiality? Again, justify your
answer.
a. No because when I looked up the word integrity it said knowing what is important to
you and living your actions accordingly. If someone think it is important that breaking
into someone’s computer and changing or stealing things, when they actually do it their
integrity is still in tact. I also think that just because someone has integrity in a positive
way that important information shouldn’t be protected.
b. Again my answer would still be no because if you are living a good life trying to do the
right things you would try to protect and look out for other people’s things and
information as well as your own. If you are living a life of bad integrity you would want
to protect yourself from getting caught.
3. For each of the following statements, give an example of a situation in which the
statements is true:
a. Prevention is more important than detection and recovery
b. Detection is more important than prevention and recovery
c. Recovery is more important than prevention and detection
a. Prevention would be more important when you’re trying to keep a system from being
stolen. Like when I lock my computer in my room or put the password when you turn it
on.
b. Detection is more important when you are doing something like writing a program and
something is not right. It would be better to catch it sooner rather than later.
c. When an accident happen with a computer that is the only one that has certain
information then recovery will be best for that. Like if this computer freezes while I’m
typing this and I have to restart. I would hope that recovery will save my paper so I won’t
have to start over.
CITE
Wikimedia Foundation, Inc. October 9, 2006. Wikipedia, the free encyclopedia.
www.wikipedia.org
Related documents
RSA – An Example
RSA – An Example
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
Exercise-skr5200
Exercise-skr5200
MOONEY N66ET SPECS
MOONEY N66ET SPECS
Assignment # 3
Assignment # 3
Variables Assessment
Variables Assessment
Sample Final Questions
Sample Final Questions
INSTRUCTIONAL POLICY - Tennessee School for the Blind
INSTRUCTIONAL POLICY - Tennessee School for the Blind
question_3-corrections1
question_3-corrections1
Diffie-Hellman Notes
Diffie-Hellman Notes
NETPRO LESSON PLAN WEEK OF 03NOV14 WK10 MONDAY
NETPRO LESSON PLAN WEEK OF 03NOV14 WK10 MONDAY
RSA implementation by Tom Chiari
RSA implementation by Tom Chiari
Homework due 12/14
Homework due 12/14
RSA Algorithm_and_ClassParticipation
RSA Algorithm_and_ClassParticipation
Set 11
Set 11
IETF Security Tutorial
IETF Security Tutorial
Efficient Proofs that a Committed Number Lies in an Interval
Efficient Proofs that a Committed Number Lies in an Interval
Download
advertisement