Page 220 - DCAP403_Operating System
P. 220
Unit 11: System Security
Box 11.2 shows a PGP encrypted message (PGP compresses the file, where practical, prior to Notes
encryption because encrypted files lose their randomness and, therefore, cannot be compressed).
In this case, public key methods are used to exchange the session key for the actual message
encryption using secret-key cryptography. In this case, the receiver’s e-mail address is the
pointer to the public key in the sender’s keyring; in fact, the same message can be sent to multiple
recipients and the message will not be significantly longer since all that needs to be added is the
session key encrypted by each receiver’s private key. When the message is received, the recipient
must use their private key to extract the session secret key to successfully decrypt the message
(Box 11.3).
Box 11.3: The Decrypted Message
Hi Gary,
“Outside of a dog, a book is man’s best friend.
Inside of a dog, it’s too dark to read.”
Carol
It is worth noting that PGP was one of the first so-called “hybrid cryptosystems” that combined
aspects of SKC and PKC. When Zimmermann was first designing PGP in the late-1980s, he wanted
to use RSA to encrypt the entire message. The PCs of the days, however, suffered signifi cant
performance degradation when executing RSA so he hit upon the idea of using SKC to encrypt
the message and PKC to encrypt the SKC key.
PGP went into a state of flux in 2002. Zimmermann sold PGP to Network Associates, Inc. (NAI)
in 1997 and himself resigned from NAI in early 2001. In March 2002, NAI announced that they
were dropping support for the commercial version of PGP having failed to find a buyer for the
product willing to pay what NAI wanted. In August 2002, PGP was purchased from NAI by PGP
Corp. Meanwhile, there are many freeware versions of PGP available.
11.6 User Authentication
A user authentication method includes the steps of: inputting, by a user, a predetermined
password having a plurality of digits; examining whether an input password includes an actual
password that is predetermined by using less digits than the input password; authenticating the
input password if the input password includes the actual password; and refusing to authenticate
the input password if the input password does not include the actual password.
The user authentication method using the password is very useful for reinforcing the security
by applying a simple processing, not necessarily consuming high costs and much time. Further,
even when the password may be exposed to others, it is still safe. Also, although a password may
be used in many cases in common, the security still can be reinforced by differentiating the input
password. Most of all, the user can remember the actual password very easily, and yet get the
same effect with changing the password.
In a wired, switched network, the policy that controls what traffic an authenticated user can
send and receive is typically based on the port through which the user is connected rather than
on the user’s identity. This works when only one user is connected via a given port. Also, where
physical barriers (locked doors, cardkeys etc.) are used to control access, it can be assumed that a
user who has physical access to a port is authorized to connect on that port.
When wireless access enters the picture, the identity of the user becomes crucial. Since multiple
users can connect through a single wireless access point, the assumption of one user per port
is no longer valid, and port-based access policies do not work. All sorts of users – visitors,
LOVELY PROFESSIONAL UNIVERSITY 213
