Describe the Direct Digital Signature

1 2 3 4 5 6 7

Explain the Hash function by using the general formula. Give an example of hash algorithm.

can be applied to any sized message M

produces fixed-length output h

is easy to compute h=H(M) for any message M

given h is infeasible to find x s.t. H(x)=h

one-way property

given x is infeasible to find y s.t. H(y)=H(x)

weak collision resistance

is infeasible to find any x,y s.t. H(y)=H(x)

strong collision resistance

ex:Bithday algorithm

Describe the Direct Digital Signature.

involve only sender & receiver

assumed receiver has sender’s public-key

digital signature made by sender signing entire message or hash with private-key

can encrypt using receivers public-key

important that sign first then encrypt message & signature

security depends on sender’s private-key

5) Kerberos: Give description, short dialogue between user and server.

trusted key server system from MIT

provides centralised private-key third-party authentication in a distributed network

allows users access to services distributed through network

without needing to trust all workstations

rather all trust a central authentication server

two versions in use: 4 & 5

obtain ticket granting ticket from AS

• once per session

obtain service granting ticket from TGT

• for each distinct service required

client/server exchange to obtain service

• on every service request

6) What is the algorithm of message sending in PGP? Number below operations in the right order.

… PGP prompts the user for the passphrase to recover the unencrypted private key.

1… The session key component of the message is constructed.

… PGP retrieves the sender's private key from the private-key ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is retrieved.

… PGP generates a session key and encrypts the message.

… PGP retrieves the recipient's public key from the public-key ring using her_userid as an index.

… The signature component of the message is constructed.

7) What are the types of ‘headers’ that involve in IPSec? Describe these headers in few words.

Support for these features is mandatory for IPv6 and optional for IPv4. In both cases, the security features are implemented as extension headers that follow the main IP header. The extension header for authentication is known as the Authentication header; that for encryption is known as the Encapsulating Security Payload (ESP) header.

8) Describe Alert Protocol involving in SSL.

Ø conveys SSL-related alerts to peer entity

Ø severity

· warning or fatal

Ø specific alert

· fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter

· warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown

Ø compressed & encrypted like all SSL data

9) Describe the Intrusion Detection System. What is a Statistical Anomaly Detection?

Ø inevitably will have security failures

Ø so need also to detect intrusions so can

· block if detected quickly