Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Assignment # 3

advertisement 
IS 413 Assignment # 3
WORK CITED
Wikimedia Foundation, Inc. October 9, 2006. Wikipedia, The Free Encyclopedia.
www.wikipedia.org
1. Using the notation above describe in detail the following protocols:
a. Kerberos
b. Diffie-Hellman key exchange
a. Kerberos





KAS is a pre-established secret key known only to A and S
Likewise, KBS is known only to B and S
KAB is a session key between A and B, freshly generated for each run of the
protocol
TS and TA are timestamps generated by S and A, respectively
L is a 'lifespan' value defining the validity of a timestamp
A asks S to initiate communication with B
S generates a fresh KAB, and sends it to A together with a timestamp and the same
data encrypted for B.
A passes on the message to B, obtains a new TA and passes it under the new
session key
One can specify the protocol as follows in security protocol notation where Alice
(A) authenticates herself to Bob (B) using a server S. B confirms receipt of the
session key by returning a modified version of the timestamp to A. We see here
that the security of the protocol relies heavily on timestamps T and lifespan L as
reliable indicators of the freshness of a communication. In relation to the
following Kerberos operation, it is helpful to note that the server S here stands for
both authentication service (AS), and ticket granting service (TGS). In
,
is the client to server ticket,
is the authenticator, and
confirms B's true identity and its recognition of A. This is
required for mutual authentication.
b. Diffie-Hellman key exchange
The simplest, and original, implementation of the protocol uses the multiplicative group
of integers modulo p, where p is prime and g is primitive mod p. Modulo (or mod) means
that the integers between 0 and p − 1 are used with normal addition, subtraction,
multiplication, and exponentiation, except that after each operation the result keeps only
the remainder after dividing by p.
1. Alice and Bob agree to use a prime number p=23 and base g=5.
2. Alice chooses a secret integer a=6, then sends Bob (ga mod p)
o 56 mod 23 = 8.
3. Bob chooses a secret integer b=15, then sends Alice (gb mod p)
o 515 mod 23 = 19.
4. Alice computes (gb mod p)a mod p
o 196 mod 23 = 2.
5. Bob computes (ga mod p)b mod p
o 815 mod 23 = 2.
Both Alice and Bob have arrived at the same value, because gab and gba are equal. Note
that only a, b and gab = gba are kept secret. All the other values are sent in the clear. Once
Alice and Bob compute the shared secret they can use it as an encryption key, known
only to them, for sending messages across the same open communications channel. Of
course, much larger values of a, b, and p would be needed to make this example secure,
since it is easy to try all the possible values of gab mod 23 (there will be, at most, 22 such
values, even if a and b are large). If p was a prime of at least 300 digits, and a and b were
at least 100 digits long, then even the best known algorithms today can not find a given
only g, p, and ga mod p. g need not be large at all, and in practice is usually either 2 or 5.
2. A noted computer security expert has said that without integrity, no system can
provide confidentiality.
a. Do you agree? Justify your answer.
b. Can a system provide integrity without confidentiality? Again, justify your
answer.
a. I agree that without integrity a system can’t provide confidentiality. I agree because in
some security properties integrity must be implemented in order to secure an attacker
from accessing and modifying the operating system or access control table. By protecting
the integrity we are also achieving confidentiality because the information is being
concealed from an outside source. Therefore, integrity becomes a part of confidentiality.
b. I believe it can provide integrity without confidentiality because there are such things
as intentional manipulations. Intentional manipulations can be looked at as a person
having access to an unauthorized modification but doesn’t mean that the modification is
meant for malicious acts or destruction. Sometimes it is something that has to be solved
when there is a problem in the structure of the program. So here the confidentiality of the
document or program is being revealed in order to solve the problem.
3. For each of the following statements, give an example of a situation in which the
statements are true:
a. Prevention is more important than detection and recovery
b. Detection is more important than prevention and recovery
c. Recovery is more important than prevention and detection
a. Prevention would be more important when main goal is to keep something from being
tampered with or destroyed. For example, by having a User ID and password when
logging into a system helps prevent any unauthorized user from gaining access to your
information.
b. Detection is more important when are working on a document or program and you
don’t want to lose any information due to a virus. For example, by installing an antivirus,
like Norton, the computer is able to scan for any possible detections of a virus and stop it
from infecting your computer and losing any information.
c. Recovery is more important when you are working on a document or program and the
information freezes or the computer system shuts down. By having recovery, the
computer is able to store and reboot your information without the possibility of losing
everything.
CITE
Wikimedia Foundation, Inc. October 9, 2006. Wikipedia, the free encyclopedia.
www.wikipedia.org
Related documents
RSA – An Example
RSA – An Example
Assignment # 3
Assignment # 3
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
MOONEY N66ET SPECS
MOONEY N66ET SPECS
Variables Assessment
Variables Assessment
Exercise-skr5200
Exercise-skr5200
Sample Final Questions
Sample Final Questions
INSTRUCTIONAL POLICY - Tennessee School for the Blind
INSTRUCTIONAL POLICY - Tennessee School for the Blind
question_3-corrections1
question_3-corrections1
Set 11
Set 11
Download
advertisement