Checksums, your best friends, for security
|
|
- Polly Andrews
- 8 years ago
- Views:
Transcription
1 Published in Linux for You, August 2008 issue Checksums, your best friends, for security S. Parthasarathy drpartha@gmail.com Imagine that you write an electronic cheque for Rs. 1000, payable to your friend, and send this cheque electronically to your friend. How do you,or your friend, or the bank ensure that the cheque has not been tampered with, or altered enroute. How do you ensure the authenticity of the cheque, particularly the amount payable and the person to whom payable? This same problem can appear in various other forms in your day to day experience. How are you sure that the file you received as an attachment has not been altered on its way? How are you sure that the iso image you downloaded is not the one created by an impostor? Do you know why your passwords are so safe in a Linux system? Whenever you receive any software that includes documentation and scripts from any source, it is important to ensure that there are no hidden risks and traps which have been planted by intruders. Or, when you transfer or copy files over a network, you want to ensure that the file has not got modified by transmision errors. When downloading software from online repositories, or when you receive prerecorded software (e.g. on a CDROM) from any source, it is important to consider the possibility that the site may have been compromised. One of the threats that users face, is that intruders could include malicious code in the software packages distributed by those sites. This code could take the form of Trojan horse programs, or backdoors. In large collections of files, intruders could slip in their own files containing malicious programs, or they could modify files which contain important material, particularly, intrusion detection software or procedures. In the simplest of cases, they could replace your material with material which would embarass you or damage your reputation. You want an effective and simple solution, to protect you in all such scenarios. The answer to all these questions lies in a simple idea called checksum. A checksum is something like your fingerprint. Technically speaking, a checksum (also known as a hash digest) is a form of redundancy check. This is a simple way to protect the integrity of data, by detecting errors (modifications) in data that are sent through space (telecommunications) or time (storage). A redundancy check, like the name implies, is the approach of adding redundant information to the data, such that any modificiation or alteration of the data can be detected (in theory) by just looking at the checksum. Note that this is just a way of ensuring that your data has not been modified. It does not automatically lead you to the modifications actually made. Nor does it prevent data being modified by unscrupulous agents. Nor will it tell you who modified the data and when.
2 Now, this how it works. Let us say you have a file X which you want to protect with a checksum. You can use some algorithm of your own, and generate a checksum x which is derived from X. You append x to X (whenever you send the file X). the receiver will use the same algorithm you used, on the file X and get his checksum say y. If X has not been altered, x should be the same as y. If they are not, you can suspect some mischief somewhere from the time X was created, and till it was received by you. Let us take a simple, childish, example. Let us asume that your X is the file containg this article. Let us asume that we count all the characters (including punctuation marks) in this file, say x1. Count the number of spaces, say x2. Now concatenate x2 with x1, to get x1x2. Now, when we send X we will send x1x2 also, along with X. It is just a small operation for the receiver to ensure that the file has not been altered, by just recomputing the number of characters (say y1), and the blank spaces (say y2) in his copy of X. He can then compare y1y2 with x1x2 and find out if the file X has been altered before reaching him. Of course, this approach has a lot of glaring loopholes. For instance, if the miscreant, replaces one character by another, his mischief will never get caught. Or if he changes X, and also recomputes the checksum, and sends the recomputed checksum, the mischief will go unnoticed. Or, if he adds one blank space at one place, and removes a blank space from another place (compensating errors), he will never get caught. Do not despair. There are powerful schemes and extensions to checksums that are immune to such mischiefs. Checksums also come in handy in many other ways too. For instance if you have two jpeg files of the same image. Visually inspecting the two images will not show you any differences if the difference is at a pixel level (a picture may consist of several thousands of pixels). If you have a thousand similar looking images, it would not be easy to point out which ones are duplicates of each other. A simple way to solve this problem, will be to compute the checksum of each jpeg file. Now by comparing the checksums, you can get to recognise duplicates easily. The slightest difference in the images will show up us a different checksum for the jpeg file. Comparing pictures visually, will not always show differences, if any. Also, when the number of files is large, such a task would be too cumbersome for any human. Your own Linux machine uses a clever combination of checksum (md5/sha) and encryption (one way encryption plus Data Encryption Standard), to store your Linux password securily. When dealing with passwords, there are three things we are protecting against: storing the password (can someone sneak into your machine and steal the password?), transmission of password (example when logging in over the web), and the replay of the password (example, verifying the password entered by a user during login). Hash functions come in handy in all these cases. You can find out how this is done, by reading any good book on Linux/Unix internals. By storing passwords using a hash digest, even if your password file is compromised, the passwords cannot be decoded. The only disadvantage will be that users cannot retrieve lost passwords, they must reset them. Some important properties of good checksums are:
3 1. Two different sets of data will always give different checksums (Two different persons will have different fingerprints) 2. It is impossible (or extremely difficult) to reconstruct the original data set from the checksum of that data set (Can you get a person's photograph, just from his fingerprint? If you could, you can help our Police enormously) 3. A given data set will always lead to a unique checksum (the same person cannot have two fingerprints for the same finger) 4. Just like making a fingerprint of a person, computing the checksum for any arbitrary data set should be feasible and relatively easy (read efficient). Two of the most popular checksum algorithms (also known as hash digest algorithms or hash functions) are: sha, and md5. Of course there are other hash functions also available. Each has its own strengths and weaknesses. For a good briefing on hash functions, visit the hash function lounge, at: /hflounge.html Another interesting site about hash digests is : Hashing is closely related to cryptography, and is the basis of a technique called digital signature. A digital signature itself is an encrpted form of a hash digest. sha According to wikipedia SHA stands for Secure Hash Algorithm. Hash algorithms compute a fixed length digital representation (known as a message digest) of an input data sequence (the message) of any length. The term SHA collectively denotes five cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. The original specification of the algorithm was published in 1993 as the Secure Hash Standard, FIPS PUB 180, by US government standards agency NIST (National Institute of Standards and Technology). This version is now often referred to as "SHA0". SHA 0 was withdrawn by the NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB and commonly referred to as "SHA1". The youngest in this series is SHA 512 and was born in The new hash functions SHA 224, SHA 256, SHA 384, and SHA 512, are collectively called the SHA 2 family. The Secure Hash Signature Standard (SHS) (FIPS PUB 180 2) specifies four secure hash algorithms SHA 1, SHA 256, SHA 384, and SHA 512 for computing a condensed representation of electronic data (message). When a message of any length < 264 bits (for SHA 1 and SHA 256) or < 2128 bits(for SHA 384 and SHA 512) is input to an algorithm, the result is an output called a message digest. Message digests range in length from 160 to 512 bits, depending on the algorithm. Notice that in all the above, for a given message (of any arbitrary length), and a given SHA function, the length of the digest is fixed. This makes it easy to strip out the hash digest from the received padded message (message plus digest).
4 md5 MD5 (message digest 5) was designed by Ronald Rivest in 1991 (the R in the famous technique called RSA cryptography). The MD5 homepage at gives details of this tool. MD5 replaces an earlier hash function: MD4 (also created by Ronald Rivest). MD5 is more secure than MD4. However a number of weaknesses of MD5 have been found in recent years. A recent paper, published in this area, claims that a collision of MD5 can be found within one minute on a standard PC, using a method called tunneling. Despite its weaknesses, MD5 is widely used in digital signature processes. It has been implemented in many programming languages. MD5 algorithm is described in RFC 1321 (see The algorithm takes a message of arbitrary length and produces a 128 bit message digest. MD5 is a very popular scheme, and is used in SSL, PGP, HTTP authentication, Tripwire, and many other places. MD5 hash is commonly used to verify the integrity of files (i.e., to verify that a file has not changed as a result of file transfer, disk error, meddling, etc.). In general, sha is considered to be more secure than md5. But, sha is slower than md5. All this is still a matter of research and work arounds, so the comparison can be misleading. Sometimes, these tools are referred to as encryption tools. This is technically not correct. Encryption always involves scrambling the original text, to make it illegible to an unauthorised agent. Hash digests do not scramble the original text/message per se. It is a different matter that you may decide to add another layer of security. You may choose to do some encryption, in addition to computing a checksum/hash digest. Linux and hash functions In addition ot using hash digests (sha, md5) for password handling, Linux gives you commands to help you create hash digests or verify hash digests. The md5sum program is installed by default in most Unix, Linux, and Unix like operating systems.. In fact, you would have noticed that many Linux distribution CDs give you md5 checksums for all the files on the CD. Hereis an extract of the MD5 sums of all files in the Ubuntu distro DVD which was supplied with the June 2008 issue of LFY: f3103b8f8a77dc85a15060./casper/filesystem.manifest 62d20d5168ce34daee90cb5ece46659c./casper/filesystem.manifest-desktop 7f bf00a645972ed46ccb710./casper/initrd.gz 3f5a29371c9a3032a968895ce5c8ad55./casper/filesystem.squashfs 1bf6dca81a4496dd2c29d517b30f087a./casper/vmlinuz c09db48c645f ecf6d920./dists/hardy/release dec458a3f c2e /dists/hardy/restricted/debian-installer/binaryi386/packages.gz 2b a2138bae2aa21df400b9a6./dists/hardy/restricted/debian-installer/binaryi386/Packages 583ab564952d4ce47b887c8b5b0ea30f./dists/hardy/restricted/binary-i386/Packages.gz
5 285c43d848f34ba43ce2e23414e22cf9./dists/hardy/restricted/binary-i386/Release b0861b853731d9b87e952a4e6ea885bb./dists/hardy/restricted/binary-i386/packages eef fd7fcd3e23cd0cf7ea2ca9./dists/hardy/release.gpg 1422cfaedc2f8fd49d92489bbf240c08./dists/hardy/main/debian-installer/binaryi386/Packages.gz 9cfc07519ad901db6fdc6cdf508e4120./dists/hardy/main/debian-installer/binaryi386/Packages b3fcfd7f4a904026bdd1d dbe4./dists/hardy/main/binary-i386/packages.gz b5c09269e28533a41ce04df0fd4cff0c./dists/hardy/main/binary-i386/release bf ed27fa8fc115b18./dists/hardy/main/binary-i386/Packages The second field in each of the above, is the name/path of the file. the first field is the md5 sum of that file. The Linux command md5sum can be used to generate MD5 message digests. It can also be used to check the MD5 digests of files. Linux also gives similar commands for sha (sha1sum sha256sum sha512sum sha224sum sha384sum). With a little practice and experimentation, you will easily be able to perform many tricks with these tools. You can put md5sum or shaxsum into shell scripts to get more elaborate usages. Combining these with GPG (an encryption/decryption package), you can create digital signatures and really protect all your data. In fact, since GPG comes bundled for free, with Linux distros, it is easy to manage message digests and digital signatures on your own. With the GPG program ( ) you can digitally "sign" files, and ensure tamper detection easily. But, the catch is, with GPG you can "sign" only one file at a time. With MD5 you can create checksums of several files at a time (using a small one line script) But, the catch is that if an intruder can tamper the file, he can also tamper the md5 checksum, and destroy all traces of his mischief. So, we use both these tools in tandem. First, we compute the MD5 checksums of all the files in the directory "/pypath/myfiles" these MD5 checksums are stored in the file:, say allfiles.md5. We then "digitally" sign this md5 file using GPG and a GPG key This key is a secret, and is known only to the person who created it. Any modification to any of the files is detected by verifying the md5 checksum. To verify that these md5 checksums are okay, use the command : md5sum -c allfiles.md5 Any modification to the md5 checksum file gets detected by verifying, using GPG, the digital signature of the checksum file. Here is an example of a sha and an md5 digest of an earlier version of this article (checksums.odt): f8244cc06a0c7135b3f9dc2301 checksums.odt 5a58e39daa45e645dee4c515b d46d checksums.odt These checksums were created using the sha1sum and md5sum commands of Linux. The md5 digest was stored in a file called sum. We then modified the source file (checksums.odt) slightly, and issued the md5 checking command: md5sum -c sum.this is what we got :
6 checksums.odt: FAILED md5sum: WARNING: 1 of 1 computed checksum did NOT match You can try out the above experiment yourself, and get an idea of how md5sum works. It is easy. It is also possible to create and check the hash digests of several files, using a small script. Thanks to all these features, you feel very secure when working with Linux. Closing remarks This article was a quick overview of checksums (hash digests). This subject is very profound mathematically. We have tried to avoid all the maths, and have made some simplifications in the presentation. Checksums form an ideal starting point for ensuring security. You can create an elaborate security arrangement, by cleverly combining checksums with digital signatures or encryption (or both). A good book on cryptography will give you details which we have not covered (deliberately) in this introductory article. About the Author Parthasarathy is an aggressive supporter of FOSS. He teaches discrete mathematics, and preaches LaTeX and Linux, to students of Computer Science. His website : algolog.tripod.com\nupartha.htm will give more specific details about him. His contact address is : drpartha@gmail.com ***********end
DRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationFixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006
Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationA Study on Secure Electronic Medical DB System in Hospital Environment
A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationJohn Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011
John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationPractical Attacks on Digital Signatures Using MD5 Message Digest
Practical Attacks on Digital Signatures Using Message Digest Ondrej Mikle Department of Software Engineering at Faculty of Mathematics and Physics, Charles University, Prague, Czech Republic Ondrej.Mikle@Gmail.com
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationElements of Security
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationTHE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT. April 2009 EXAMINERS' REPORT. Network Information Systems
THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT April 2009 EXAMINERS' REPORT Network Information Systems General Comments Last year examiners report a good pass rate with
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationOctober 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationSecure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,
Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main
More informationTOPICS IN COMPUTER SECURITY
TOPICS IN COMPUTER SECURITY for the undergraduate student Jim Griffin Cabrillo College Abstract: Key words: Cabrillo College has just adopted a new program in Computer Network and System Administration
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationDigital Forensics Tutorials Acquiring an Image with Kali dcfldd
Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can
More informationLOCKING DOWN LOG FILES: ENHANCING NETWORK SECURITY BY PROTECTING LOG FILES
LOCKING DOWN LOG FILES: ENHANCING NETWORK SECURITY BY PROTECTING LOG FILES Bernie Lantz, Utah State University, bernie.lantz@usu.edu Rob Hall, Utah State University, rob.hall@usu.edu Jason Couraud, Utah
More informationMcAfee SMC Installation Guide 5.7. Security Management Center
McAfee SMC Installation Guide 5.7 Security Management Center Legal Information The use of the products described in these materials is subject to the then current end-user license agreement, which can
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationAn Introduction to Cryptography and Digital Signatures
An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through
More informationNetwork Security and Firewall 1
Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationDesign and Analysis of Methods for Signing Electronic Documents Using Mobile Phones
Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Pramote Kuacharoen School of Applied Statistics National Institute of Development Administration 118 Serithai Rd. Bangkapi,
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationThe Case For Secure Email
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
More informationCryptography and Security
Cunsheng DING Version 3 Lecture 17: Electronic Mail Security Outline of this Lecture 1. Email security issues. 2. Detailed introduction of PGP. Page 1 Version 3 About Electronic Mail 1. In virtually all
More informationINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY AUTHOR: ANAS TAWILEH anas@tawileh.net Available online at: http://www.tawileh.net/courses/ia This work is released under a Creative Commons Attribution-ShareAlike 2.5 License
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationAccellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.
Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationHMRC Secure Electronic Transfer (SET)
HM Revenue & Customs HMRC Secure Electronic Transfer (SET) Installation and key renewal overview Version 3.0 Contents Welcome to HMRC SET 1 What will you need to use HMRC SET? 2 HMRC SET high level diagram
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationUnderstanding and Integrating KODAK Picture Authentication Cameras
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
More informationWS_FTP Professional 12. Security Guide
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method... 1 About SSL... 2 About SSH... 2 About OpenPGP... 2 Using FIPS 140-2 Validated Cryptography...
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationGlobal Telehealth Conference 2012
A Best Practice Guide to Encryption for Telehealth Liam Caffery PhD Centre for Online Health The University of Queensland Recommendations on best practice Slide 1 of 33 Slide 2 of 33 Introduction Security
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationInternet Programming. Security
Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationWiMAX Public Key Infrastructure (PKI) Users Overview
WiMAX Public Key Infrastructure (PKI) Users Overview WiMAX, Mobile WiMAX, Fixed WiMAX, WiMAX Forum, WiMAX Certified, WiMAX Forum Certified, the WiMAX Forum logo and the WiMAX Forum Certified logo are trademarks
More informationRelease: 1. ICANWK502A Implement secure encryption technologies
Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationNEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures
NEMA Standards Publication PS 3 Supplement 1 Digital Imaging and Communications in Medicine (DICOM) Digital Signatures Status: Final Text Sep 001 Prepared by DICOM Standards Committee, Working Group 1
More informationSignificance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
More informationMobility-Enhanced File Integrity Analyzer For Networked Environments
Mobility-Enhanced File Integrity Analyzer For Networked Environments Guantong Wang, Ronald F. DeMara, Adam J. Rocke Department of Electrical and Computer Engineering University of Central Florida Orlando,
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationOverview Keys. Overview
Overview Keys Overview The PGPmail program performs fast, high-security, public-key encrypting (with optional compression), decrypting, and authenticating of electronic messages and files. The program
More informationSSL Tunnels. Introduction
SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationSecuring Data at Rest ViSolve IT Security Team
Securing Data at Rest ViSolve IT Security Team 1 Table of Contents 1 Introduction... 3 2 Why Data at Rest needs to be secure?... 4 3 Securing Data... 4 3.1 Encryption - Access Control Approach... 5 3.1.1
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More information1.2 Using the GPG Gen key Command
Creating Your Personal Key Pair GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationNational Security Agency Perspective on Key Management
National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationHASH CODE BASED SECURITY IN CLOUD COMPUTING
ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security
More informationCS3235 - Computer Security Eleventh topic: Hashes and sign
Hash functions CS3235 - Computer Security Eleventh topic: Hashes and signatures National University of Singapore School of Computing March, 2016 Life... Outline Hash functions 1 Hash functions Outline
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 11: Email security: PGP and S/MIME Ion Petre Department of IT, Åbo Akademi University February 14, 2012 1 Email
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More information