Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

övning 15. kontrollfrågor om kryptografisk programvara

advertisement 
ÖVNING 15. KONTROLLFRÅGOR OM KRYPTOGRAFISK
PROGRAMVARA
Q1. E-Commerce Software
a) Describe the use, creation and verification of the Dual Signature in SET
The purpose of the dual signature is to create a unique, unambiguous and irreproducible
association between specific order information and specific payment information.
It links two messages that are intended for two different recipients. In this case, the
customer wants to send the order information to the merchant and the payment
information to the bank. The merchant does not need to know the customer's credit card
number, and the bank does not need to know the details of the customer's order. The link
is needed so that the customer can prove that the payment is intended for this order.
The hash pattern/random number/message digest of the order information and the
payment information are independently calculated by the customer. The dual signature is
the encrypted hash pattern (with the customer's secret key) of the linked hash patterns of
payment information and order information. The dual signature is sent to both the
merchant and the bank. The protocol arranges for the merchant to see the hash pattern of
the payment information without seeing the payment information itself, and the bank sees
the hash pattern of the order information but not the order information itself. The dual
signature can be verified using the hash pattern of the order information or payment
information. It doesn't require the order information or product information itself. Its hash
pattern does not reveal the content of the order information or product information, and
thus privacy is preserved.
b) Treatment of Credit Card Numbers in SET
The merchant does not have access to the customers credit card number.
The purchase request will be registered and checked that the credit limit of the customers
visa account will not be exceeded. The customers visa account number has been sent only
encrypted over the internet. Only the bank of the merchant has the private key to decrypt
the visa account number. The certificates of the customer, merchant, and merchants bank
are all signed by the same certification authority, the police CA.
Q2. Cryptographic Software for Internet System Security
a) How is spoofing of DNS Names/IP Numbers prevented in DNSSEC?
SEC is a set of extensions to DNS which provide to DNS clients origin authentication of
DNS data, data integrity, but not availability or confidentiality, and authenticated denial
of existence. DNSSEC was designed to protect Internet clients from forged DNS data,
such as that created by DNS cache poisoning. All answers in DNSSEC are digitally
signed. By checking the digital signature, a DNS resolver is able to check if the
information is identical (correct and complete) to the information on the authoritative
DNS server. DNSSEC works by digitally signing answers to DNS lookups using publickey cryptography.
b) Security Features in NTPv4
The NTPv4 implementation adds a number of extensions and refinements to the previous
version, including an autonomous configuration and authentication capability, improved
clock discipline algorithms capable of submicrosecond accuracy and many other
refinements. NTPv4 includes support for both symmetric key and public key
cryptography to prevent accidental or malicious protocol attacks, as well as automatic
server discovery using IP multicasting.
Examples on new features:
-
Generic Nanosecond Kernel Timekeeping Support.
Support for IP Multicasting.
A new hybrid phase/frequency-lock clock discipline.
Simple Network Monitoring Protocol (SNMP) monitoring tools.
A new security model and authentication scheme based on public-key
cryptography called Autokey.
Support for the MD5 cryptographic hash algorithm, in addition to the DES-CBC.
The prefer-peer scheme.
Specification for the Simple Network Time Protocol (SNTP).
c) Security Features in SNMPv3
The version 3 of SNMP provides the management system with crucial security functions
by using two different models of security:
-
-
The User-based Security Model (USM) delivers the authentication between the
manager and the agent so that only the authenticated messages are trusted. The
USM also adds privacy by providing encryption of the SNMP payload.
The View-based Access Control (VACM), on the other hand, brings a flexible,
group-based access control to the authenticated users.
Perhaps one of the biggest changes in SNMPv3 compared to the previous versions was
that the managers and agents became SNMP applications.
USM is the security model that implements the actual security services for authentication
and privacy. Two different secret keys are needed, one for privacy (encryption key or
privacy key, privKey) and the other for authentication (authentication key, authKey).
The VACM is specified to determine the access rigths per group basis. This is different
from the USM which specifies the authentication of users individially. In VACM each
user has to be included in some group and the different groups can then be granted
different security levels.
d) For which security purposes is middleware used?
Middleware is a software layer between the network and the applications for providing
services like identification, authentication, authorization, directories, and security.
Shibboleth is an example of open source authentication and authorization middleware.
SSH Tectia is an example of commercial security middleware based on the SHH
protocol.
Middleware is a computer software that connects software components or applications.
The software consists of a set of services that allows multiple processes running on one
or more machines to interact.
Middleware is used for example for modern information technology based on XML, Web
services, and service-oriented architecture.
e) Features of Secure Routing Software
Routing protocols and their hardware/software implementations in computer networks
are usually open and the functionally unprotected.
In general, routing protocols share the following functions:
-
-
-
Transport Subsystem: The routing protocol transmits messages o its neighbors
using some underlying protocol. For example, OSPF (Open Shortest Path First)
uses IP, while other protocols may run over TCP.
Neighbor State Maintenance: Neighboring relationship formation is the first step
for topology determination. For this reason, routing protocols may need to
maintain state information. Each routing protocol may use a different mechanism
for determining its neighbors in the routing topology. Some protocols have
distinct exchanges through which they establish neighboring relationships, e.g.,
Hello exchanges in OSPF.
Database Maintenance: Routing protocols exchange network topology and
reachability information. The routers collect this information in routing databases
with varying detail. The maintenance of these databases is a significant portion of
the function of a routing protocol.
In a routing protocol, there are message exchanges that are intended for the control of the
state of the protocol. For example, neighbor maintenance messages carry such
information. On the other hand, there are messages that are used to exchange information
that is intended to be used in the forwarding function, for example, messages that are
used to maintain the database. These messages affect the data (information) part of the
routing protocol.
SAMULI KETOLA, MT4
8.2.2010
Related documents
Tutorial 7 - Prince Sultan University
Tutorial 7 - Prince Sultan University
Final Exam Review
Final Exam Review
CS 2813 - Loyola College
CS 2813 - Loyola College
Attribute Based Encryption with Privacy Preserving In Clouds Abstract
Attribute Based Encryption with Privacy Preserving In Clouds Abstract
Chapter 10
Chapter 10
Yuzheng
Yuzheng
Chapter 11 HW
Chapter 11 HW
Optimized routing is..
Optimized routing is..
Optimized Route Planning in Traffic and Logistics
Optimized Route Planning in Traffic and Logistics
Download
advertisement