Page 152 - DCAP516_COMPUTER_SECURITY
P. 152
Computer Security
Notes
Did u know? PKI is often considered to be a standard, but in fact it is a set of policies,
products, and procedures that leave some room for interpretation. The policies define the
rules under which the cryptographic systems should operate. In particular, the policies
specify how to handle keys and valuable information and how to match level of control to
level of risk. The procedures dictate how the keys should be generated, managed, and
used. Finally, the products actually implement the policies, and they generate, store, and
manage the keys.
4. SSH Encryption: SSH (secure shell) is a pair of protocols (versions 1 and 2), originally
defined for Unix but also available under Windows 2000, that provides an authenticated
and encrypted path to the shell or operating system command interpreter. Both SSH
versions replace Unix utilities such as Telnet, rlogin, and rsh for remote access. SSH protects
against spoofing attacks and modification of data in communication.
The SSH protocol involves negotiation between local and remote sites for encryption
algorithm (for example, DES, IDEA, AES) and authentication (including public key and
Kerberos).
SSL Encryption
The SSL (Secure Sockets Layer) protocol was originally designed by Netscape to protect
communication between a web browser and server. It is also known now as TLS, for
transport layer security. SSL interfaces between applications (such as browsers) and the
TCP/IP protocols to provide server authentication, optional client authentication, and an
encrypted communications channel between client and server. Client and server negotiate
a mutually supported suite of encryption for session encryption and hashing; possibilities
include triple DES and SHA1, or RC4 with a 128-bit key and MD5.
To use SSL, the client requests an SSL session. The server responds with its public key
certificate so that the client can determine the authenticity of the server. The client returns
part of a symmetric session key encrypted under the server’s public key. Both the server
and client compute the session key, and then they switch to encrypted communication,
using the shared session key.
The protocol is simple but effective, and it is the most widely used secure communication
protocol on the Internet.
5. IPSec: As you know that the address space for the Internet is running out. As domain
names and equipment proliferate, the original, 30-year old, 32-bit address structure of the
Internet is filling up. A new structure, called IPv6 (version 6 of the IP protocol suite),
solves the addressing problem. This restructuring also offered an excellent opportunity
for the Internet Engineering Task Force (IETF) to address serious security requirements.
6. Encrypted E-Mail: An electronic mail message is much like the back of a post card. The
mail carrier (and everyone in the postal system through whose hands the card passes) can
read not just the address but also everything in the message field. To protect the privacy of
the message and routing information, we can use encryption to protect the confidentiality
of the message and perhaps its integrity.
7. Content Integrity: Content integrity comes as a bonus with cryptography. No one can
change encrypted data in a meaningful way without breaking the encryption. This does
not say, however, that encrypted data cannot be modified. Changing even one bit of an
encrypted data stream will affect the result after decryption, often in a way that seriously
alters the resulting plaintext. We need to consider three potential threats:
(i) malicious modification that changes content in a meaningful way
146 LOVELY PROFESSIONAL UNIVERSITY
