CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT
|
|
- Lionel Gardner
- 8 years ago
- Views:
Transcription
1 112 CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT 5.1 Related Work Security in ad hoc network becomes a critical issue for the past few decades. Attacks will be avoided by authenticating users and by isolating attackers. Hence, key management and digital signatures are proposed for user authentication. There are many research works are proposed in the past, still authentication using key management is an important research issue. Key management segregates authorized user and attacker. The important aspect of the key management is, the key which is used by other authorized user cannot be identified or predicted by the attackers. Hence, hash based mathematical function, complex digital signatures are in use, for ex: keyed MD5, digital signatures (Chung et al., 2009). In MD5, the sender concatenates the pre-configured key with message m, where the pre-configuration is an initial process which is processed by using Kerberos. Let m be the message, k be the preconfigured key to transfer and the process in the keyed MD5 is
2 113 m + MD5 (m + k) (5.1) The digital signature is proposed by the National Institute for Standards and Technology (NIST). The digital signature is a specially designed and digitally signed document which is used for authentication. Now, the digital signature is implemented in many protocols such as X.509, Secured Shell (SSH), and Pretty Good Privacy (PGP) (Tashtoush and Alkasassbeh, 2013). Most of the web based applications and software using digital signature for their authentication. In the scenario called as a man-in-the-middle attack, in which an attacker could intercept and even manipulate communications secured with public key cryptography. The attack is possible because public key cryptography provides no means of establishing trust when used on its own. Public Key Infrastructure (PKI) established trust by binding public keys and identities(ahmed, 2012). Using public key cryptography, user can assure that only the encrypted data can be decrypted with the corresponding private key. If we combine this with the use of a message digest algorithm to compute a signature, the user can be authenticated that the encrypted data has not been tampered with. PKI is important to using public key cryptography effectively, and is essential to understanding and using the SSL protocol. Certificates works same as PKI, in simple terms, a certificate binds a public key with a distinguished name (Prem and Swamynathan, 2012). A distinguished name is simply the name of the person or entity that owns the
3 114 public key to which it's bound. Perhaps a certificate can be best compared to a passport, which binds a picture with a name, thus solidifying a person's identity. A passport is issued by a trusted third party (the government) and contains information about the person to whom it has been issued (the subject) as well as information about the government that issued it (the issuer). Similarly, a certificate is also issued by a trusted third party, contains information about the subject, and contains information about the third party that issued it. Not unlike a passport, which contains a watermark used to verify its authenticity, a certificate also contains safeguards intended to allow the authenticity of the certificate to be verified, and aid in the detection of forgery or tampering (Rahman et al., 2013). Also similar to a passport, a certificate is valid only for a defined period. Once it has expired, a new certificate must be issued, and the old one should no longer be trusted. A certificate is signed with the issuer's private key, and it contains almost all of the information necessary to verify its validity. It contains information about the subject, the issuer, and the period for which it is valid. The key component that is missing is the issuer's certificate. The issuer's certificate is the key component for verifying the validity of a certificate because it contains the issuer's public key, which is necessary for verifying the signature on the subject's certificate. By signing a certificate with the issuer's private key, anyone that has the issuer's public key can verify its authenticity. The signature serves as a safeguard to prevent tampering. By signing the subject's certificate, the issuer asserts that it has verified the authenticity of the public key that the certificate contains and states that it may be trusted. As long as the issuer is trusted, the certificates that it issues can
4 115 also be trusted. It's important to note that the issuer's certificate or public key may be contained in an issued certificate. It's more important to note that this information cannot be trusted to authenticate the certificate. If it was trusted, the element of trust established from a third party is effectively eliminated. Anyone could create another key pair to use in signing a certificate and place that the public key in the certificate. Certificates are also created with a serial number embedded in them. The serial number is unique only to the issuer of the certificate. No two certificates issued by the same issuer should ever be assigned the same serial number. The certificate's serial number is often used to identify a certificate quickly. A Certification Authority (CA) is an organization or company that issues certificates. By its very nature, a CA has a huge responsibility to ensure that the certificates it issues are legitimate. That is, the CA must ensure beyond all reasonable doubt that every certificate it issues contains a public key that was issued by the party that claims to have issued it. It must be able to produce acceptable proof for any certificate that it issues on demand. There are two basic types of CA. A private CA has the responsibility of issuing certificates only for members of its own organization, and is likewise trusted only by members of its own organization. A public CA, such as VeriSign or Thawte, has the responsibility of issuing certificates for any member of the public, and must be trusted by the public. The burden of proof varies depending on the type of the CA that has issued a certificate and the type of certificate that is issued.
5 116 A CA must be trusted, and so for that trust to be extended, its certificate containing its public key must be widely distributed. For public CAs, their certificates are generally published so that anyone can obtain them. More commonly, the software that makes use of them, such as a web browser, is shipped containing them. Most often, the software allows certificates from other CAs to be added to its list of trusted certificates, thus facilitating the use of private CAs with off-the shelf software. A private CA has been often ideal for use in a corporate setting. For example, a company could set up its own CA for , using S/MIME as the standard for encrypting and authenticating messages. The company's CA would issue certificates to each employee, and each employee would configure their S/MIME-capable clients recognize the company's CA as being trusted. For a private CA, verifying the identity of a subject is often a reasonably simple and straightforward matter. When used in a corporate environment, for example, employees are known, and their identities can be easily identified using information obtained from the company's human resources department. In such a scenario, the human resources department is said to be acting as a Registration Authority (RA). A public CA commonly issues certificates for public web sites requiring encryption and/or authentication, often for e-commerce in which customer information must be transmitted securely to place an order. For such operations, it's essential that the customers transmit their information to the site that is supposed to be receiving it without worrying about someone else obtaining the information.
6 117 For a public CA, verifying the identity of a subject is considerably more difficult than it is for a private CA. The information required from the subject to prove its identity to the CA varies depending on whether the subject is an individual or a business. For an individual, the proof required could be as simple as a photocopy of a government-issued ID, such a driver's license or passport. For a business or other organization, similar government documentation proving user right to use the name will also likely be required. Technically the job of an RA instead of a CA, but the CA generally deals with the RA transparently. It's important to note that most public CAs provide their services to make money, and not to simply benefit the public. They still have a responsibility to verify a subject's identity, but not actually guarantee anything the liability is too great to provide an absolute guarantee. Certainly, it is in the CA's best interests to verify a subject's identity to the best of its ability, however. If a CA gains the reputation of issuing certificates to anyone who asks (and pays them enough money), they're not going to remain in business for very long because nobody will trust them. A certificate that is issued by a CA can be used to issue and sign another certificate, if the issued certificate is created with the appropriate permissions to do so. In this way, certificates can be chained. At the root of the chain is the root CA's certificate. Because it is at the root of the chain and there is no other authority to sign its certificate, the root CA signs its own certificate. Such a certificate is known as a self-signed certificate. There is no way to digitally verify the authenticity of a self-signed certificate because the issuer and the subject are the same, which is why it has become a common practice to provide them with the software that uses them.
7 118 When they're included with an application, they are generally obtained by the software author through some physical means. For example, Thawte provides its root certificates on its website, free and clear, but strongly advises anyone making use of them to confirm the certificate fingerprints with Thawte via telephone before using or distributing them. To verify the authenticity and validity of a given certificate, each certificate in the chain must also be verified, from the certificate in question's issuer all the way up to the root certificate. If any certificate in the chain is invalid, each certificate below it in the chain must also be considered invalid. Invalid certificates typically have either expired or been revoked (perhaps due to certificate theft). A certificate is also considered invalid if it has been tampered with and the signatures on the certificate don't match with the ones that should have been used to sign it. The decision whether to employ a certificate hierarchy more complex than a single root CA depends on many factors. The most widely accepted format for certificates is the X.509 format, first introduced in There are three versions of the format, known as X.509v1, X.509v2, and X.509v3. The most recent revision of the standard was introduced in 1996, and most, if not all, modern software now supports it. A large number of changes were made between X.509v1 and X.509v3, but perhaps one of the most significant features introduced in the X.509v3 standard is its support of extensions.
8 119 Version 3 extensions allow a certificate to contain additional fields beyond those defined by previous versions of the X.509 standard. The additional fields may be standardized in X.509v3, such as the basic Constraints or key Usage fields, or they may be completely nonstandard, perhaps recognized only by a single application. Each extension has a name for its field, a designation indicating whether the extension is critical, and a value to be associated with the extension field (Eswaramurthi and Mohanram, 2013). When an extension is designated as critical, software that does not recognize the extension must reject the certificate as being invalid. If the extension is noncritical, it may be ignored. The X.509v3 standard defines 14 extensions in an effort to consolidate the most common extensions implemented by third parties. One example is the permissible uses for a certificate for instance, whether a certificate is allowed to sign another certificate, or is used in an SSL Server. The above discussed methodologies are providing better result in wired networks. Whereas, the ad hoc networks having resource constraint such as limited bandwidth, limited power and limited memory, hence improved key management is a major requirement. Therefore, an ant mobile agent based key management is proposed in this research work. 5.2 Proposed Ant Based Mobile Agent A mobile agent is an autonomous, kind of software which migrates in the network from one host to another host. The mobile agent-based
9 120 programming is attractive to design, implement and maintain distributed systems. Mobile agents used for transmitting messages, distributing network resources and interacting with other mobile agents or communicating with the distributed resource systems. The task assigned by the source node of the mobile agent will move to the network such as internet to perform the assigned task. The mobile agent will return to the source node after the assigned task is completed. The characteristics of the mobile agent are listed below (Chung et al., 2009): It should be able to achieve one or more goals automatically It should be able to clone and propagate itself It should be able to collaborate and communicate with other software and agents It has to have a scope of competence It should have some evolution states to record the computation status From the above characteristics, it is ambiguous that the ants in the ant colony system can be deployed as a mobile agent. The ant is a tiny agent, hence the space complexity of the proposed system is comparably low and which reduces the network traffic. There are many research issues around the mobile agents. Few important research issues and its literature are discussed further. Mobile agent in network security has two manifolds, security through mobile agent and securing mobile agent. In the first, the mobile agent, is used for providing security in computer networks. In the second, mobile
10 121 agent will meet attacks which are becoming a critical issue in the networking domain. Securing a mobile agent through the Elementary Object System, which offers mutual authentication between mobile hosts and its hosting platform. Generating sub-agent for privacy protection, free-roaming mobile agent addresses the code, data and itinerary security issues are few recent interesting research for security. Mobile agent causes an increase of data traffic, hence, many researchers proposed methodology to reduce a number of agent migration. Reducing the number of migrations will lead to performance degradation, therefore trade off condition to be reached. Higashino et al (2012) proposed a cached method for reducing the migration. In the cached method, the mobile agent runtime environment caches the agent codes and the agent status. The cached codes and status are reusable when a mobile agent comes back again. Thus, the method enables to reduce data traffics caused by mobile agent migration at the agent runtime environment level. The functionalities of mobile agent are shown in figure 5.1. The static security policy, security certificates and its access controls are defined as static objects and dynamic objects are defined as mutable objects.in the proposed model, the ants are defined as mobile agent which used to propagate routing packets for mobile routing and also utilized as mobile agent for predefined task such as security of wireless network. In this study, the ant based mobile agent, is used for providing authentication between mobile nodes and control centers.
11 122 Figure 5.1. Typical mobile agent Figure 5.2 The functional diagram of proposed ant mobile agent
12 123 The security model of the proposed paper implemented the Rivest- Shameer-Adelman (RSA) based cryptosystem with Chinese Reminder Theorem (CRT). 5.3 Proposed ACO Mobile Agent (ACO-MA) Based Key Management The methodology and the security requirements of proposed Request based IDS are discussed in this section. For this extended IDS, ACO is used as Identification Agent (IA) and Target Agent (TA). In the initialization of network phase, ACO flooded in the network as IA to identify all authenticated members in order to process handshake. In the later stage, the ACO is used as TA for authenticating member and preventing non-member. Hence, there are four components in the proposed system: Member: A member is an entity who belongs to the group. U G means that U belongs to the group G. Non-member: A non-member is an entity who does not belong to the group. U G means that U does not belong to the group G. ACO-IA is responsible for adding users into his group. ACO-TA is responsible for revealing users as well as checking whether handshake players belong to his own group. hereunder: The implementation of this attractive scenario is explained
13 124 i. Setup: The common parameter generation algorithm. Given a security parameter k, Setup outputs the public parameters (param) that are common to all groups. ii. KeyGen: The group public/secret key generation algorithm. KeyGen is run by ACO-IA and ACO-TA. Given param, KeyGen outputs agroup public key gpk, a secret key of ACO-IAisk and a secret key of ACO-TAtsk. iii. Add: The member addition algorithm. Add is executed by a nonmember A and ACO-IA. Given param, gpk and isk, Add outputs a membership certificate (certa), a secret key (ska), and ID of A (IDA). iv. Handshake: The authentication protocol executed between two players A and B, based on the public input param. The group public keys (gpka and gpkb), certificates (certa, certb) and secret keys (ska, skb) of A and B are input to Handshake. The output of the algorithm is either rej or acc. A Handshake B means the situation in which A and B executes Handshake. v. Group Trace: A handshake player s group trace algorithm. Given gpk, tsk and a transcript TA, B, Group Trace outputs yes if A, B G; otherwise, Group Trace outputs no. vi. Request Reveal: The handshake player tracing algorithm. Given gpk, tsk, certa, ska, a transcript TA, B and internal information that are used in Handshake by a player A, Request Reveal outputs the member B. The proposed mobile agent based secured model is shown in figure 5.3. In each node, two types of systems are defined, such that Alert system and analyzer. The analyzer consists of mobile agent which is defined and used as
14 125 program model to collect information regarding security information. The analyzer receives the security key and verifies the authentication. The alert system broadcast the alert messages to the authenticated neighbours when it identifies the intruder. This alert message also used for verification if the identified attacker may be authenticated user of other authenticated nodes of the concern node. Alert Sytem Node Analyzer Node Alert System Analyzer Figure 5.3 System design of proposed mobile agent model When an authenticated node of a group receives the message from unknown node, it initiates the mobile agent to collect security information of the unknown node. The MD5 hash function H is used to create message digest H(M) in the authenticated node. The authenticated node generates the following digital signature, if the unknown node is an authenticated node of the group. d sign =(H(M)) d mod n (5.2) The authenticated node is encrypting message by using its digital signature. Encrypting the message digest H(M) with its private key d where, n
15 126 = p q, p and q are random prime numbers with p q. The source node forwards d sign with data M, (d sign, M) to its neighbouring node through the path it takes to reach sink. A neighbouring node on reception of (d sign, M) and the path in the data packet, verifies the digital signature by comparing decrypted value of d e sign mod n with message digest H(M).The d e sign mod n is key (e, n) using the formula, decrypted using sender s public d e signmod n = ((H(M)) d mod n) e mod n (5.3) = (H(M)) ea mod n (5.4) shown that By applying Little Fermat s Theoremto above Equation, it can be d e sign mod n = H(M) (5.5) If the generated H(M) by the receiver and the decrypted H(M) of digital signature d sign is equal, then the receiver accepts the data; otherwise rejects the data and informs the sender that the data is altered through by generating route error packet. This process is repeated in every hop of the node disjoint path between source and destination. The proposed public key crypto system provides authentication, integrity and non-repudiation in the ad hoc network.
16 Results and Discussion The proposed work is simulated in NS2. The simulation parameters of the proposed work are shown in the following Table. The proposed work is compared with existing traditional Target Authority (TA) Model and Mobile Agent (MA) model. The Reliability and scalability are major research issues in the design of networking protocol. Hence, the proposed work are analysed the reliability and scalability of proposed work and compared with TA and MA. The reliability is computed based on the simulation data and result. The number of node is varied and number of attacker node also varied for performance comparison. Table 5.1 Simulation Parameters Parameters Values Simulation area m2 Propagation Two ray ground MAC type Antenna Omni Antenna Queue Drop Tail/Priority Queue Limit 50 No of Nodes 10 to 500 Packet Type CBR Packet Size 220 Bits
17 128 Figure 5.4 Reliability when 10% of Attacker Node Figure 5.5 Reliability when 20% of Attacker Node
18 129 The reliability is computed based on effective packet delivery, which analysed on different test cases, test case 1: when 10% of attacker node, test case 2: 20% of attacker node, and test case 3: 30% of attacker node are shown in following figures. Figure 5.6 Reliability when 30% of Attacker Node 5.5 Conclusion The scalability is observed from the above data, in which the system has 70% and above packet delivery ratio only accepted as scalable system. Hence, when 10% attacker nodes are inserted the TA supports up to 500 Nodes, whereas MA and proposed ACO-MA support 1000Nodes. When attacker nodes are increases, the TA supports up to 200 Nodes only, whereas MA supports 500 Nodes and proposed ACO-MA support even for 1000Nodes.
19 130 Similarly, the TA and MA supports only 100 Nodes when 30% of attacker nodes are inserted. The proposed system always supports above 80% packet delivery ratio. Hence, the proposed system proves better reliability and scalability than the existing systems.
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationCSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure
CSE543 - Introduction to Computer and Network Security Module: Public Key Infrastructure Professor Trent Jaeger 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationunderstanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES
understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES contents UNDERSTANDING SSL CERTIFICATES...1 What Is SSL and What Are SSL Certificates?...1 Features of SSL...1 Encryption...1
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationUnderstanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES
Understanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES Understanding SSL Certificates 2 Secure Socket Layer (SSL) certificates are widely used to help secure and authenticate
More informationPublic Key Infrastructure
UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationCS 6262 - Network Security: Public Key Infrastructure
CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor 1/30/13 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationCS 6262 - Network Security: Public Key Infrastructure
CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor Fall 2011 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More information18-731 Midterm. Name: Andrew user id:
18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationFighting product clones through digital signatures
Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationInternet Programming. Security
Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationSecure Client Applications
Secure Client Applications Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014 Common/Reports/secure-client-apps.tex, r900 1/26 Acronyms
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationMobile Security Wireless Mesh Network Security. Sascha Alexander Jopen
Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationVeriSign Code Signing Digital Certificates for Adobe AIR Technology
VeriSign Code Signing Digital Certificates for Adobe AIR Technology Realizing the Possibilities of Internet Software Distribution Contents + What is Code Signing and Why is it Important? 3 + Who Needs
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationThe Case For Secure Email
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationSecurity. 2014 Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -
Security - 1 - OPC UA - Security Security Access control Wide adoption of OPC SCADA & DCS Embedded devices Performance Internet Scalability MES Firewalls ERP Communication between distributed systems OPC
More informationConfiguring SSL Termination
CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL
More informationWhat Are Certificates?
The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationDigital certificates. Name Vivek kumar EM No 230409 Subject E-Business technologies Prof. Dr. Eduard heindl
Digital certificates Name Vivek kumar EM No 230409 Subject E-Business technologies Prof. Dr. Eduard heindl Certificate of Declaration I certify that the work in this term paper has been written by me.
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationCS 665: Computer System Security. Crypto Services. Hashing. Cryptographic Hash Functions. Information Assurance Module
CS 665: Computer System Security Crypto Services Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Hashing Primary Goal: Integrity Protection Guarding
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationChapter 7 Managing Users, Authentication, and Certificates
Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: Adding Authentication Domains, Groups, and Users Managing Certificates Adding Authentication Domains,
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationComputer and Network Security. Outline
Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationDIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI)
DIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI) Prof. Amir Herzberg Computer Science Department, Bar Ilan University http://amir.herzberg.name Amir Herzberg, 2003. Permission
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationCHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES
CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES 6.1 Introduction The process of dispersive routing provides the required distribution of packets rather
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More information