# Shared Flashcard Set

## Details

Lecture 14 - Security PART 2
Alejandro Saucedo - Comp2008 Lecture 14 - Security PART 2
17
Computer Networking
05/28/2013

## Additional Computer Networking Flashcards

Term
 What are the principles of Asymetric Encryption?
Definition
 Uses public and private key Public key decripts a message encrypted by the private key and vice-versa
Term
 What are the principles of Public Key Algorithms?
Definition
 Public Key known by everyone Private key kept secret To send information, encrypt with public key and then it is decrypted by user at the other end with the private key Authentication: Encrypt something with your private key, we can be sure its coming from a specific person, then it can be decripted using the public key
Term
 What are the principles of RSA?
Definition
 The public key is e,N The private key is d,N Getting the numbers Pick 2 large prime numbers called p and q N = P*Q Z = (P-1)*(Q-1) e = any number relatively prime to Z e.d. mod Z = 1 Encryption using public key Plaintexte mod N Encryption with private key Plaintextd mod N
Term
 What are the principles of Diffie-Hellman Key Exchange?
Definition
 Allows 2 parties to agree on a shared session key on an unsecured line Both parties do not give up their a and b values so it can't be evaesdropped
Term
 What is the algorithm for the Diffie-Hellman Key Exchange?
Definition
 Agree on 2 numbers, a large prime number m and an integer g Alice generates a large, random number a, and keeps it secret Alice computes X = ga mod m sends X to Bob Bob generates a large, random number b, and keeps it secret Bob computes Y = gb mod m and sends it to Alice Alice makes her session key = Ya mod m Bob makes his session key = Xb mod m These keys are both equal
Term
 What is the man in the middle attack?
Definition
 Not the same as meet in the middle attack A person sits in the middle and intercepts all information before sending it on the other side Middle person negotiates 2 different secret keys with both sides
Term
 What are message digests?
Definition
 Message digests are a way to represent data. Every time you hash a value with a hashing algorithm you will get the same digest, but it is not possible to work backwards from a hash to obtain the original value. The hashing function should also be collission recistant, it should be unlikely that two messages produce the same hash.
Term
 What are the principles of message signing?
Definition
 Digests are useful as the message can be 'signed' by your private key without having to encrypt the entire message A sender gets the digest of a message They can then encrypt the digest with their private key The message is then sent with the digest The receiver will take a digest of the message they receive They will then decrypt the received message with the sender's public key If the two digests are the same then the message was sent by the correct person and the message hasn't been changed
Term
 What is the algorithm for SHA-1?
Definition
 Split the message into 512-bit chunks 5 variables H0-H4 are predefined with a 32-bit number Repeat steps 4-17 for each 512-bit chunk We take the 16 32-bit words and make an 80-word array 'w' We initialize variables A-E with what's in H0-H4 Repeat steps 6-12 for each word in the array temp = (A left rotate 5) + fi(B, C< D) + E + ki + w[i] Every 20 words fi is made a different combination of B, C  & D Every 20 words ki is a different constant E = D D = C C = (B left rotate 30) B = A A = temp H0 = H0 + A H1 = H1 + B H2 = H2 + C H3 = H3 + D H4 = H4 + E Final hash = H0+H1+H2+H3+H4
Term
 What are the principles of Authentication protocols?
Definition
 Shared Secret Key Process Public Key Process Key Distribution Centre X.509
Term
 What is the Shared Secret Key process?
Definition
 A and B share a key A unique nonce is used for each message A takes the hash of the message, the nonce and the secret key combined A sends the message, the hash and the nonce to B B takes the hash of the received message, the nonce and the secret key combined B compares it with the hash sent for validation The nonce ensures the attacker cannot resend the same "Signaled" message because the nonce may only be used once
Term
 What is the Public Key Process?
Definition
 A hashes their message A encrypts the hash with their private key to make a signature A sends their message and signature to B B decrypts the hash using A's public key B hashes the message from A B compares the two hashes for validation
Term
 What is the K distribution centre?
Definition
 Usually if N people need to communicate, N2 passwords are needed KDC allows for only N passwords to be needed A KDC is trusted if each user has a single secret shared with the KDC A passes a on sender(A), receiver(B) and the session key encrypted in A's secret key to the KDC The KDC then sends the message on to the receiver(B) with the sender(A) and the session key encrypted in B's secret key The sender and receiver can then communicate without the KDC This is vulnerable to replay attacks, but nonces or timestamps can be used to avoid this problem
Term
 What are the principles of X.509?
Definition
 Allows you to be sure that the public key is form the person you think it is A trusted certification authority certifies the public key for someone Public keys are distributed with certificates You append the message digest with the CA's private key This uses chain of trust, a CA can be signed by a parent CA etc You will eventually need to know the public key of a root CA There are multiple root CAs and these are preloaded into computers and browsers Root certificates sign themselves
Term
 What are the principles of Electronic Contracts?
Definition
 Agreeing on a contract and a hash function A and B both have a public and private key and a copy of the contract Signing Validating
Term
 What is the process of signing in an Electronic Contract?
Definition
 hash A is made of the contract A signs the contract B signs the contract A signs B's signature B signs A's signature The contract is stored with the doubly signed message digests
Term
 What is the process of validating a contract?
Definition
 Decrypt the two doubly signed message digests Compare to see if they are equal
Supporting users have an ad free experience!