Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

User authentication & Signing,Verifying

advertisement 
Signing and verifying files, User Authentication.
1 Objective
CS681 & CS392 Computer Security
Fall 2005
Due 13/06/2005
October 06, 2005
The objectives of this assignment are 1) Design and implement file signing and verification
features for FEAU using MD5. 2) Design and develop a user authentication mechanism for
FEAU.
2 User Authentication
Read more about user authentication from the following:
Chapter 12 from the class text book.
http://www.informit.com/content/images/013026332X/samplechapter/013026332X.pdf
2.1 FEAU User Authentication System
In this assignment you will design and build a user authentication mechanism for FEAU.
Your mechanism must at-least have the following attributes:
User information file must be secured such that it is inaccessible even if FEAU is offline.
Must generate RSA private and public key pairs upon user creation and when a user is
removed her key must be removed.
Users RSA private keys must be protected, such that even an administrator cannot
access them.
A user should be able to share a different set of his files with different set of users. For
e.g. he should be able to share file1 with users A, B and file2 with users B, C, D.
A login mechanism as soon as the FEAU is started up.
Some method to reset user’s password, in case they forget it.
Hint: This means that you will have new functions like createUser, createGroup, changePasswd,
givePerms, revokePerms etc in your FEAU. You will also have to have a pre-installed admin who
can create other users.
3 MD5
You should be familiar with the MD5 algorithm. This was covered extensively in class this week.
You can learn more about MD5 from: http://www.freesoft.org/CIE/RFC/1321/3.htm
Use the MD5 code that came with RSA code that you used in the previous lab.
Get familiarized with MD5 sample code.
3.1 Warm Up
Answer the following questions:
1. You have learnt that a good cryptographic function can also work as a hash function, so can a
hash function be used for encryption and decryption? If so, explain.
2. What would be the advantages and disadvantages for doing the above? Explain in terms of
local laws, computational complexity, and cryptographic strength.
3.2 File Signing and Verification
Design and implement the file signing and sign verification commands using MD5. Please note: a
user should be able to sign both encrypted and non-encrypted files.
Snfl - Sign files
Synopsis - snfl [file...]
Description snfl signs both encrypted and plain file with current users private key.
vfy - Verify file integrity
Synopsis - vfy [files...]
Description vfy check file integrity.
4 What and how to Handin
Handin: You should submit assignment through my.poly drop box no later then 12 AM midnight
on the due date.
You must zip all files related to the assignments and use the following convention to name the zip
file:
<First Name>_<Last Name>_<Lab#>.zip
Submit using the name of only one of the members in your group.
REMEMBER IF YOU DO NOT USE THIS NAMING CONVENTION YOUR ASSIGNMENT WILL
NOT BE GRADED AND YOU WILL NOT RECEIVE ANY CREDIT.
PLEASE SUBMIT HOMEWORK ON TIME.
Related documents
101 - File Hash Identification
101 - File Hash Identification
Operations and Supply Chain Management
Operations and Supply Chain Management
CS 2813 - Loyola College
CS 2813 - Loyola College
Security Outline Encryption Algorithms Authentication Protocols
Security Outline Encryption Algorithms Authentication Protocols
Frequently Asked Questions
Frequently Asked Questions
Chapter 11 HW
Chapter 11 HW
How to Order Textbooks
How to Order Textbooks
Visitor Sign
Visitor Sign
AM8 MIGRATION * JUNE SALES LETTER
AM8 MIGRATION * JUNE SALES LETTER
Padhi Lecture Scales Of Inhabitation
Padhi Lecture Scales Of Inhabitation
Private Health Insurance Circular
Private Health Insurance Circular
IRJET- Verbal Authentication for Personal Digital Assistants
IRJET- Verbal Authentication for Personal Digital Assistants
Download
advertisement