Скачать презентацию ECE-6612 http www csc gatech edu copeland jac 6612 Prof John Скачать презентацию ECE-6612 http www csc gatech edu copeland jac 6612 Prof John

d9b7e53bc3c8c7fccc118fc2f1a65e4d.ppt

  • Количество слайдов: 14

ECE-6612 http: //www. csc. gatech. edu/copeland/jac/6612/ Prof. John A. Copeland john. copeland@ece. gatech. edu ECE-6612 http: //www. csc. gatech. edu/copeland/jac/6612/ Prof. John A. Copeland john. [email protected] gatech. edu 404 894 -5177 fax 404 894 -0035 Office: Centergy Room 5138 email or call for office visit, or call Kathy Cheek, 404 894 -5696 Chapter 4 b - X. 509 Authentication

X. 509 Authentication Service • An International Telecommunications Union (ITU) recommendation (versus “standard”) for X. 509 Authentication Service • An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network. • An X. 509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). • Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

Raw “Certificate” has user name, public key, expiration date, . . . CA’s Secure Raw “Certificate” has user name, public key, expiration date, . . . CA’s Secure Area Generate hash code Raw Cert. of Raw Certificate MIC Hash Signed Certificate Recipient can verify signature using CA’s public key. Encrypt hash code with CA’s private key to form CA’s signature Certificate Authority generates the “signature” that is added to raw “Certificate” 3

4 4

Information Provided by Browser about a Certificate This Certificate belongs to: investing. schwab. com Information Provided by Browser about a Certificate This Certificate belongs to: investing. schwab. com trading subnet a 1199 Charles Schwab & Co. , Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6 B: 68: 2 F: 3 B: FD: 8 A: 46: 73: 04: 33: 10: 8 A: 32: 1 E: 47: 5 B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4 B: 80: C 6: C 5: 2 D: 63: 14: E 7: 6 F: 50: BD: 16: 39: 3 C: 96: FD 5

Certificates Can Be Deleted (and Added) Are you sure that you want to delete Certificates Can Be Deleted (and Added) Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor. mcom. com Netscape Communications Corp. US This Certificate was issued by: rootca. netscape. com Information Systems Netscape Communications Corporation US Serial Number: 01: 77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06: BF: 60: 88: D 9: E 7: 59: BF: 3 A: 35: 74: 33: 28: 8 E: 26: F 6 6

In practice, there is no single top -level Certificate Authority (CA), only a group In practice, there is no single top -level Certificate Authority (CA), only a group of CA’s that each Browser vendor deems fit to include in the installation program. X. 509 Chain of Authentication 8

Certificate Authorities in Mozilla (2006) 9 Certificate Authorities in Mozilla (2006) 9

Making a DES Key from a Password or Phrase password, n 7 -bit ASCII Making a DES Key from a Password or Phrase password, n 7 -bit ASCII characters (little endian - least significant bit first) flattened bit stream (7 x n bits) fanfold into 56 bits bitwise XOR 64 -bit key Every eighth bit is a parity bit 10

Programs Available from www. csc. gatech. edu/copeland/jac/6612/tools/ hextext. c - allows you to view Programs Available from www. csc. gatech. edu/copeland/jac/6612/tools/ hextext. c - allows you to view files in both hex and ascii formats. char_count. c - shows the number of different characters in a file, computes the character entropy. To use, you must first compile them. On a UNIX or LINUX: gcc hextext. c -o hextext (the executable file is “hextext”). /hextext for help. /hextext filename 3000 file and max. bytes. /hextext filename 3000 | less see one screen at a time gcc char_count. c -lm -o char_count. /char_count filename (note the “-lm” for math library) If “gcc” is not available, try “cc”. “less” is better than “more” (use “^u” to back up, “space” for next page). 11

Output from ‘hextext’ Maximum Lines (p_limit) value: 30 Input File is 120317 -s 100. Output from ‘hextext’ Maximum Lines (p_limit) value: 30 Input File is 120317 -s 100. raw Byte No. 0 0: d 4 c 3 20: 0100 40: 0000 60: 0800 80: 0142 100: 0000 120: 7500 140: 0000 160: 308 c 180: 1858 200: 0001 220: 6564 2 b 2 a 1 0000 4500 0400 0377 0001 0000 0800 302 f 0001 7500 4 0200 e 544 0800 0040 0035 7777 0001 0000 4500 0035 0377 0001 6 0400 4838 0300 0291 002 c 0363 e 544 0800 0096 0400 7777 0001 HEX 8 0000 1 ead 0000 90 c 7 7363 4838 0300 4 acf 0082 0363 c 00 c VALUES 10 12 0000 0200 4 e 00 0001 3 f 11 16 fc 061 a 0100 0667 6174 21 fd 0200 0000 4000 fc 11 7 a 8 a 061 a 7363 0667 0005 0001 Lines: 30, hextext. c by John Copeland 14 0000 0080 1858 0001 6563 7200 0001 d 166 8180 6174 0000 16 6400 4 e 00 1935 302 f 0000 6803 0000 0050 1858 0001 6563 a 1 ce 18 0000 8 da 3 1858 0000 6564 a 400 0 f 00 0142 0002 6803 0010 : : : TEXT 0 2 4 6 8. . . . d. . . . DH 8. . N. . . 5. . E. . @. . ? . . X 0/. X. B. . . 5. , . . . . www. csc. gatech. ed u. . . DH 8!. . . r. . . . . P. . 0. . . E. . . J. @. . f. X. B. X 0/. 5. . z. . . www. csc. gatech. edu. . . . 12/5/99 12

$. /char_count Output from ‘char_count’ char_count. c char_count vers 000601 File is char_count. c $. /char_count Output from ‘char_count’ char_count. c char_count vers 000601 File is char_count. c No. Char. s to EOF = 7396, No. Lines = 183 Occurrence of Single Characters ^@0 | ^P^A 0 | ^Q^B 0 | ^R^C 0 | ^S^D 0 | ^T^E 0 | ^U^F 0 | ^V^G 0 | ^W^H 0 | ^X^I- 18 | ^Y^J- 247 | ^Z^K 0 | ^[^L 0 | ^^M 0 | ^]^N 0 | ^^^O 0 | ^_- 0 0 0 0 | | | | - 3488 | 0!1 | 1"75 | 2#9 | 3$0 | 4%32 | 5&1 | 6'18 | 7(- 116 | 8)- 116 | 9*- 232 | : +78 | ; , - 109 | <-- 100 | =. 51 | >/- 255 | ? - 104 77 71 25 10 29 43 17 16 4 5 193 35 121 31 0 | | | | @ABCDEFGHIJKLMNO- 1 16 5 16 8 27 13 0 0 27 0 1 22 5 29 17 | | | | PQRSTUVWXYZ[]^_- 12 0 14 14 25 8 0 0 0 2 0 104 29 102 4 27 | | | | `abcdefghijklmno- 0 202 48 262 95 296 154 78 100 338 13 6 152 123 342 213 | | | | pqrstuvwxyz{|}~ - 154 0 316 243 263 108 45 8 31 64 4 24 0 0 Occurrence of Single Characters - Sorted -3488 | "- 75 | F- 13 | `- 0 | 80 - 0 | A 0 - 0 | C 0 - 0 | E 0 - 0 13

Occurrence of Single Characters - Sorted -3488 | Occurrence of Single Characters - Sorted -3488 | "- 75 | F- 13 | `0 | 80 n- 342 | 2 - 71 | P- 12 | Q 0 | 81 i- 338 | y- 64 | 4 - 10 | ^B 0 | 82 r- 316 |. - 51 | #9 | ^C 0 | 83 e- 296 | b- 48 | D 8 | $0 | 84 t- 263 | v- 45 | w 8 | ^E 0 | 85 c- 262 | 6 - 43 | U 8 | ^F 0 | 86/- 255 | <- 35 | k 6 | G 0 | 87^J- 247 | %- 32 | : 5 | H 0 | 88 s- 243 | x- 31 | B 5 | ^A 0 | 89*- 232 | >- 31 | M 5 | J 0 | 8 Ao- 213 | 5 - 29 | |4 | ^K 0 | 8 Ba- 202 | - 29 | ^4 | ^L 0 | 8 C; - 193 | N- 29 | z 4 | ^M 0 | 8 Dp- 154 | _- 27 | 94 | ^N 0 | 8 Ef- 154 | I- 27 | Y 2 | ^O 0 | 8 Fl- 152 | E- 27 | @1 | ^P 0 | 90 m- 123 | 3 - 25 | &1 | q 0 | 91=- 121 | T- 25 | K 1 | ^R 0 | 92(- 116 | {- 24 | !1 | ^S 0 | 93)- 116 | }- 24 | ^H 0 | ^T 0 | 94, - 109 | L- 22 | ^@0 | ^U 0 | 95 u- 108 | '- 18 | ^V 0 | 960 - 104 | ^I- 18 | ^G 0 | W 0 | 97[- 104 | 7 - 17 | ^X 0 | 98]- 102 | O- 17 | ? 0 | ^Y 0 | 99 h- 100 | 8 - 16 | ^Z 0 | 9 A-- 100 | C- 16 | ^W 0 | ^[0 | 9 Bd- 95 | A- 16 | ^D 0 | ^ | 9 Cg- 78 | R- 14 | ^Q 0 | ^]0 | 9 D+- 78 | S- 14 | ^^0 | ~0 | 9 E 1 - 77 | j- 13 | ^_0 | bs 0 | 9 F- 0 0 0 0 0 0 0 0 | | | | | | | | A 0 A 1 A 2 A 3 A 4 A 5 A 6 A 7 A 8 A 9 AAABACADAEAFB 0 B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 B 9 BABBBCBDBEBF- 0 0 0 0 0 0 0 0 | | | | | | | | C 0 C 1 C 2 C 3 C 4 C 5 C 6 C 7 C 8 C 9 CACBCCCDCECFD 0 D 1 D 2 D 3 D 4 D 5 D 6 D 7 D 8 D 9 DADBDCDDDEDF- 0 0 0 0 0 0 0 0 | | | | | | | | E 0 E 1 E 2 E 3 E 4 E 5 E 6 E 7 E 8 E 9 EAEBECEDEEEFF 0 F 1 F 2 F 3 F 4 F 5 F 6 F 7 F 8 F 9 FAFBFCFDFEFF- Entropy is 4. 5 bits/byte. Maximum character-wise compression = 56. 5 % No. Char. s > 127 (not ASCII text) = 0, 0 % 0 0 0 0 0 0 0 0 14