comp 3271 chapter 13

Questions and Answers

In information security, what does integrity primarily ensure?

• Information is accessible to authorized entities when needed.
• Information is efficiently stored and retrieved.
• Information is hidden from unauthorized access.
• Information is protected from unauthorized modification. (correct)

Which of the following attacks primarily threatens the availability of information?

• Denial of service (correct)
• Traffic analysis
• Snooping
• Masquerading

Which technique focuses on concealing the existence of a message rather than its contents?

• Encipherment
• Steganography (correct)
• Hashing
• Cryptography

What is a key characteristic of symmetric-key ciphers?

They use the same key for encryption and decryption. (D)

In cryptography, what is the function of a 'nonce' in challenge-response authentication?

It is a random number used to prevent replay attacks. (A)

Which security goal is most directly achieved through the use of ciphers?

Confidentiality (B)

What is the primary purpose of a message digest?

To ensure the message remains unchanged. (D)

How does a digital signature differ from a message authentication code (MAC)?

A digital signature uses private-public keys, while a MAC uses a secret key. (D)

What is the main function of a Key Distribution Center (KDC)?

To manage and distribute symmetric keys. (A)

During key generation in RSA, what is the purpose of the modulus n?

It is used for the modular arithmetic in encryption and decryption. (A)

Which of the following is a key objective of entity authentication?

To verify the identity of a communicating party (B)

In network security, what primary role does a firewall serve?

Controlling network access (B)

Which of the following is a characteristic of a packet-filter firewall?

It filters packets based on network and transport layer headers. (C)

What is the purpose of the Internet Key Exchange (IKE) protocol?

To establish secure associations in IPSec (A)

Which protocol primarily provides security at the transport layer?

SSL/TLS (D)

What does a 'cipher suite' define in the context of SSL?

The combination of algorithms for key exchange, hash, and encryption (A)

Which three security services can a digital signature directly provide?

Message integrity, authentication, and non-repudiation. (A)

Which feature is unique to ESP (Encapsulating Security Payload) compared to AH (Authentication Header) in IPSec?

Confidentiality (D)

What is the purpose of 'key rings' in Pretty Good Privacy (PGP)?

To store and manage multiple public and private keys (A)

What is Virtual Private Network (VPN) primarily used for?

Secure Communication over Internet (A)

In what mode does IPSec protect the entire IP packet, including the header?

Tunnel mode (B)

What is the primary role of the Handshake Protocol in SSL/TLS?

To negotiate cipher suites (B)

What is the purpose of the Change Cipher Spec protocol?

It signifies that the cryptographic parameters are about to change (C)

Which of the following distinguishes S/MIME from PGP regarding certificate authorities?

S/MIME depends on centralized certificate authorities while PGP uses a web of trust. (C)

Which statement best describes how Pretty Good Privacy (PGP) secures email?

PGP provides secure emails through privacy, integrity, and authenticity. (C)

Refer to the topology used in PGP, what kind of entity is Luise?

Untrusted (D)

An organization needs to ensure secure communication between its branches over the internet. Which technology would be the most appropriate to implement?

A Virtual Private Network (VPN) (B)

In the context of information transmission, what is the best description for why steganography might be chosen over cryptography?

Steganography attracts less attention than encryption. (B)

There is a shared key between Alice and Bob. Alice sends Bob an encrypted message and also generates a Message Authentication Code (MAC). What does the use of the MAC achieve?

Provides integrity and data origin authentication. (A)

When is asymmetric-key cryptography more efficient than symmetric-key cryptography?

Encrypting large messages (C)

What should be the ideal ideal for a 309-digit RSA exponent?

65537 (C)

If Alice wants to send message to N people, how many keys are needed?

N (B)

What are the 2 protocols defined by IPCsec to provide authentication and/or encryption for packets at the IP level?

Authentication Header (AH) Protocol and the Encapsulating Security Payload (ESP) Protocol (D)

What does a Security Policy Database determine for packets?

If there is SA for that type of traffic. (B)

Given the goals of security, Confidentiality, Integrity, and Availability, which goal applies to changes made by an authorized entity?

Integrity (B)

In the context of cryptography, what is the significance of modulo 26?

It is frequently used in ciphers that involve alphabetic characters. (A)

Under what conditions is the One-Time Pad (OTP) encryption method considered completely secure?

If the OTP is truly random, never reused and the same length as the message (D)

What is the primary component used to preserve the integity of a document

Fingerprint (C)

What is an advantage for using steganography instead of cryptography

The message does not obviously exist (D)

What is correct asymmetric protocol?

People do not need to know a symmetric shared key (C)

What is an advantage a symmetric-key algorithm has over an asymmetric-key algorithm

More efficient than asymmetric-key algorithm for enciphering larger messages (A)

What has to be determined in order to figure out if the IPSec provides proper access control indirectly?

If there is no Security Association already established for this packet (B)

With digital signatures, what aspect can directly provide the last three regarding several security services (message confidentiality, message authentication, message integrity, and non-repudiation)?

Digital Signing (A)

What security services does the Authenticating Header (AH) provide in IPSec?

Ensure Data Origin Authentication and Message Integrity. (D)

If 𝑁 number of members require communication with each other, how many keys are required when two people use two keys for bidirectional communication?

𝑁(𝑁 - 1) (A)

Within IPSec, if confidentiality is needed for one should choose?

ESP over AH (B)

Assuming the roles Alice and Bob are using the Diffie-Hellman key exchange, what conditions are required in order to implement?

Values of p and g public (B)

Which of the following is an example of an attack that threatens confidentiality?

Interception of network traffic containing sensitive data. (C)

In the context of security attacks, what does 'masquerading' primarily threaten?

Integrity (D)

Which of the following best describes the purpose of steganography?

To hide the existence of a message by embedding it within another medium. (B)

In a symmetric-key cipher, if Alice and Bob wish to communicate, what must they do?

Establish a secure channel to exchange the secret key. (B)

In cryptography, what is the Caesar cipher an example of?

A substitution cipher (B)

What is a primary characteristic of a transposition cipher?

It rearranges the order of characters in the message. (B)

How do modern ciphers differ from traditional ciphers in terms of data handling?

Traditional ciphers are character-oriented, while modern ciphers are bit-oriented. (B)

What is a fundamental difference between a block cipher and a stream cipher?

Stream ciphers encrypt data bit-by-bit, while block ciphers encrypt data in fixed-size blocks. (D)

What is the purpose of the S-boxes in the DES (Data Encryption Standard) algorithm?

To introduce non-linearity, which is crucial for security. (D)

Why is it important for the S-boxes in DES to be non-linear?

To make the cipher more resistant to linear cryptanalysis. (A)

In the context of cryptography, what is the primary advantage of using asymmetric-key ciphers?

Simplified key distribution, since only the public key needs to be transmitted. (D)

In RSA, what is the purpose of the public exponent e and the private exponent d?

e is used for encryption, while d is used for decryption. (C)

In RSA cryptography, which key is used to encrypt the plaintext message by the sender?

The receiver's public key (B)

What is a message digest primarily used for?

To ensure the integrity of a message. (B)

Which statement best describes the function of a cryptographic hash function?

It converts a variable-length input into a fixed-size output. (C)

What is the main purpose of a Message Authentication Code (MAC)?

To verify the integrity and authenticity of a message. (C)

How does a digital signature provide non-repudiation?

By using the sender's private key, which only the sender should possess. (A)

In digital signatures, what key is used to create the signature?

The sender's private key (A)

Which of the following best describes entity authentication?

Confirming the identity of a sender or receiver in a communication. (A)

What is a 'nonce' primarily used for in authentication protocols?

To prevent replay attacks. (D)

In what category of authentication does a password fall?

Something known (D)

What is the main goal of key management in cryptography?

To securely distribute and maintain cryptographic keys. (A)

What is the main challenge associated with symmetric-key distribution?

Securely transmitting the secret key to all parties. (D)

What is the purpose of a Key Distribution Center (KDC)?

To securely distribute secret keys between communicating parties. (C)

Which cryptographic scheme does Diffie-Hellman primarily address?

Secure key exchange over an insecure channel (B)

In the context of IPSec, what does 'transport mode' primarily protect?

The payload of the IP packet. (C)

Which of the following describes the main function of IPSec's tunnel mode?

It encrypts the entire IP packet, including the header. (B)

What is the role of the Security Policy Database (SPD) in IPSec?

To determine what security associations should be applied to packets. (C)

Which component is used by IKE?

The SPD (B)

What is the main purpose of the Internet Key Exchange (IKE) protocol?

To establish and manage Security Associations (SAs) in IPSec. (B)

At which layer of the OSI model does SSL/TLS primarily operate?

Transport Layer (B)

When establishing an SSL/TLS connection, what parameters are negotiated to define how the connection will be secured?

All of the above (D)

What is the purpose of the SSL/TLS Handshake Protocol?

To negotiate the cipher suite and establish cryptographic keys. (D)

Within SSL/TLS, what action triggers the use of new cryptographic parameters?

The Change Cipher Spec message is sent. (B)

How is an email addressed to Bob encypted?

Bob's public key (D)

How does PGP primarily certify keys?

By relying on a web of trust (C)

In PGP, what is the main purpose of 'key rings'?

To store a collection of public keys and private keys used by a user. (A)

What does Mime stand for?

Multipurpose Internet Mail Extension (A)

What is a packet filter firewall primarily designed to do?

Block or forward packets based on network and transport layer information. (B)

Proxy firewalls operate at which layer, compared to packet-filter?

application (A)

What is the primary advantage of a proxy firewall over a packet-filter firewall?

Ability to filter traffic based on application-layer content. (D)

What is a critical requirement for information to maintain its integrity?

Changes should only be made by authorized entities through authorized mechanisms. (A)

Which of the following attacks directly targets the integrity of a message by falsely claiming it is from a different user?

Masquerading (B)

What distinguishes steganography from cryptography as a security technique?

Steganography hides the existence of the message; cryptography transforms its content. (C)

How does the use of symmetric-key ciphers affect communication security when only confidentiality is a concern?

It necessitates a secure channel for exchanging the secret key. (C)

In the context of security, what is the purpose of 'Repudiation'?

Ensuring authorized parties cannot deny sending a message. (D)

Consider Alice using RSA to send a confidential message to Bob. What key does Alice use to encrypt her message?

Bob's public key. (A)

How do message digests contribute to data security, specifically in verifying the integrity of a transmitted file?

By providing a one-way hash of the file, which can be used to detect alterations. (B)

Which of the following characteristics distinguishes a digital signature from a simple Message Authentication Code (MAC)?

Digital signatures provide non-repudiation, while MACs do not. (D)

What is a primary challenge in symmetric-key distribution that Key Distribution Centers (KDCs) are designed to solve?

Managing the large number of keys required in a fully connected network. (A)

How does the Diffie-Hellman key exchange protocol establish a shared secret key over an insecure channel?

By exchanging public keys and performing a mathematical operation. (C)

In the context of network security, what is the main goal of implementing IPSec?

To secure IP packets by providing confidentiality, integrity, and authentication at the network layer. (B)

Consider the use of IPSec in 'transport mode.' What part of the IP packet is typically protected?

The payload (data) of the IP packet. (C)

What defines the behavior of an IPSec connection determining whether a packet is protected by IPSec, bypassed, or dropped?

Security Policy Database (SPD). (A)

What is the primary function of the Internet Key Exchange (IKE) protocol in the context of IPSec?

To manage and negotiate Security Associations (SAs) between hosts. (A)

Why is the 'Change Cipher Spec' protocol important in SSL/TLS?

It signals that the negotiated cryptographic parameters should be used for subsequent records. (C)

In PGP, how are keys typically certified to establish a 'web of trust'?

By having users digitally sign each other's keys, indicating trust. (C)

What is the main purpose of 'key rings' in PGP?

Managing and storing public and private keys. (A)

What distinguishes S/MIME's approach to certificate validation from PGP's?

S/MIME uses Certification Authorities, whereas PGP relies on a web of trust. (B)

What best describes the role of a proxy firewall in network security?

It acts as an intermediary, interpreting and inspecting traffic at the application layer. (B)

What is a significant difference in how proxy firewalls operate compared to packet-filter firewalls?

Proxy firewalls operate at a higher layer, inspecting the application data, while packet-filter firewalls operate at the network or transport layer. (C)

Flashcards

Confidentiality

Hiding information from unauthorized access.

Integrity

Protecting information from unauthorized changes.

Availability

Ensuring information is available to authorized entities when needed.

Security Attack

An attempt to breach security, confidentiality, integrity and availability.

Snooping

Illegally obtaining access to sensitive data.

Traffic Analysis

Interception and analysis of network traffic patterns.

Modification Attack

Unauthorized data alteration.

Masquerading Attack

Pretending to be someone else.

Replaying Attack

Capturing and resending data to produce an unauthorized effect.

Repudiation Attack

Denying a performed action.

Denial of Service (DoS)

Preventing legitimate users from accessing resources.

Security Services

Security measures designed to prevent attacks.

Cryptography

The art of transforming messages to secure them.

Steganography

Hiding the existence of a message.

Confidentiality

Achieved via ciphers divided into symmetric-key and asymmetric-key types.

Symmetric-Key Cipher

A cipher using the same key for encryption and decryption.

Substitution Cipher

Encryption using letter subsitution

Transposition Cipher

Encryption using position shifting

Block Cipher

A modern cipher that encrypts data block by block.

Stream Cipher

A modern cipher that encrypts data bit by bit.

Bit-Level Encryption

Each character is replaced by 8 (or 16) bits which increases security

Additive Cipher

A symmetric-key cipher where the key is added to plaintext modulo 26.

Monoalphabetic Subsitiution

a key from figure 13.5 is used

Autokey Cipher

A symmetric-key cipher where part of the plaintext is used in stream key.

Transposition cipher

A type of cipher that rearranges the order of letters.

One-time Pad

A plaintext is easy to read but the key must to kept secret

Asymmetric-Key Cipher

Uses different keys for encryption and decryption.

RSA Cryptosystem

A widely-used asymmetric encryption algorithm.

RSA Cryptosystem

A bank requires that money transactions must only be accessible by specific accounts.

Message Integrity

Guarantees data remains unchanged.

Message Digest

Document fingerprinting preserving document integrity.

Cryptographic Hash Function

Takes a message of certain length and creates a message of certain size.

Message Authentication

Ensure the source and the integrity of a message.

HMAC (Hashed MAC)

Standard for Nested MAC which is a hashed MAC.

Digital Signature

Pair of private- public keys used to sign a MAC to protect message.

Comparaison

It is the opposite of conventional signatures and digital signatures.

Process

Sender signs messages.

Services

It includes confidentiality message authentication.

Digital Signatures

Using a trusted center and has secure messages.

RSA Digital Signature

In this Scheme the roles of the private and public keys are switched.

DSS

Digital Signature Standard.

Entity Authentication

Technique designed to let one party verify the identity of another party.

Message authentication

Might not happen in real time but entity authentication

Verification Categories

Claimant must identify itself to the verifier.

Passwords

simpliest and oldest method of authentication.

Challenge-Response

Proves a secret without sending it to verifier.

Key Management

Distribution of symmetric and asymmetric keys.

Symmetric-Key Distribution

Needs shared secret key between 2 parties.

Exchange Confidential Messages

Needed confidentiality with N people.

International KDC

Has connections with National KD c's.

Symmetric-Key Agreement

Can create a session key between themselves.

Public-Key distribution

Know the Public keys.

Network-Layer Security

At the network layer, security is applied between 2 host and routers.

Transport Mode

IPSec protects what is delivered from the transport.

Host B

Has virtual communication .

Tunnel Mode

IPSec protects the entire IP packet.

Tunnel Mode

Protects virtual communication.

Services provided by IPSec

AH and ESP.

Security Association Database

Can be discarded and is used to get access control

The Internet Key Exchange

Created inbound and outbound Security Associations.

Virtual Private Network

Gaining popularity among organizations that use the global Internet.

Transport-Layer Security

Protects the application with connection oriented protocol.

SSL Architecture

Provides security compression services to data.

Payload

Services for SSL.

Key Exchange Algorithms

Clients and servers need to share a key.

Hash Algorithms

Sll uses hash for message integrity.

Cipher Suite

Key exchange, hash, and encryption algoritm

Compression Algorithm

Optional in SLL; no specific compression algorithm is made.

Cryptographic Parameter Generation

Sll requires 6 cryptographic Secrets.

Session

The association beetween a clients and a server.

Protocols

Sll shows four processes.

Handshake Protocol

Uses messages to negotiate the cipher suite.

Change cipher spec

Can use specific protocles

Alert Protocols

Uses a singular mssage and is fatal.

Record Protocol

Helps move messages from layer.

13.6 APllICATION-LAYER SECURITY

The process by which this is to be done

E-mail Security

Security protocols for e-mail

Cryptographic Algorithms

how can the sender and receiver agree on a cryptographic algorithm to use for e-mail security

E- mail security

If there is no one to negotiate.

Certificates

It obvious because it has to be

PGP (Pretty Good Privacy)

Email which provides security and authentication.

Scenarios

Term that shows what message

Key Rings

Pgp helps you.

PgP AlgorithmS

PgP defines a set of algorithms.

PgP Certificate

Other protocols use certificates .

PGP Packet

Message can consistsis of one or more pakerts.

Applications of Pgp

Used for pesronal emails

Service Email System

Provides security for e- mail

Cryptographic Message Syntac

adds to MIME content to define security

Segmenatation

Allows fragmentation of msg before transmission via Radix

Firewall

designed to forward some packets and filter others.

Packet Filter

Can be used as packet fillter.

The packet and system

Has messages available

Study Notes

Introduction to Computer Network Security

• Information is a valuable asset requiring security measures to protect against attacks.
• Securing information involves confidentiality, integrity, and availability.
  • Confidentiality: Hiding information from unauthorized access.
  • Integrity: Protecting information from unauthorized modification.
  • Availability: Ensuring information is accessible to authorized entities when needed.

Security Goals

• Confidentiality, integrity, and availability are key security goals.

Security Ataacks

• Security attacks threaten confidentiality through snooping and traffic analysis.
• Data integrity is threatened by modification, masquerading, replaying, and repudiation attacks.
• Availability is threatened by denial-of-service attacks.

Secuity Services and Techniques

• ITU-T defines security services for achieving security goals and preventing attacks.
• Implementing security involves techniques like cryptography and steganography.
  • Cryptography is a general technique involving symmetric-key encipherment, asymmetric-key encipherment, and hashing.
  • Steganography is a specific technique that focuses on covered writing, different from cryptography's "secret writing".

Confidentiality and Ciphers

• Confidentiality is achieved using ciphers divided into symmetric-key and asymmetric-key categories.

Symmetric-Key Ciphers

• A symmetric-key cipher uses the same key for encryption and decryption, enabling bidirectional communication.
• Traditional ciphers include substitution and transposition ciphers.

Modern Symmetric-Key Ciphers

• Modern symmetric-key ciphers are bit-oriented and can be block or stream ciphers.
• They address the need to encrypt numbers, graphics, audio, and video data, not just text.
• Using 8 or 16 bits per character increases the number of symbols and security.

Asymmetric-Key Ciphers

• Asymmetric-key ciphers complement symmetric-key, offering advantages that compensate for each other's disadvantages.

RSA Cryptosystem

• The RSA cryptosystem, named after Rivest, Shamir, and Adleman, is a common public-key algorithm.
• RSA uses two exponents, e (public) and d (private).
• Alice creates ciphertext C from plaintext P using: C = Pe mod n.
• Bob retrieves P using: P = Cd mod n.
• Modulus n, a large number, is created during key generation.

Other Aspects of Security

• Modern communication requires considering integrity, message/entity authentication, nonrepudiation, and key management in addition to confidentiality.

Message Integrity

• Message integrity ensures that a message remains unchanged.

Message and Message Digest

• Message integrity can be preserved using a fingerprint.
• A message digest is similar to a fingerprint, which can be compared to ensure it is the same.

Hash Functions

• Cryptographic hash functions produce a fixed-length message digest from a message of arbitrary length.
• Iteration is used, incorporating a fixed-size input function (compression function).

Message Authentication

• Including a secret shared between Alice and Bob that Eve doesn't possess during the process; we need to create a message authentication code (MAC).

Digital Signature vs HMAC

• A MAC uses a secret key to protect the digest, while a digital signature uses a pair of private-public keys.

Digital Signatures

• With digital signatures, the sender uses a signing algorithm; the receiver verifies using a verifying algorithm.

Security Services Through Digital Signatures

• Digital signatures provide message authentication, message integrity, and non-repudiation.
• Confidentiality still requires encryption/decryption.

RSA for Digital Signatures

• RSA can also be used for signing and verifying a message and is known as the RSA digital signature scheme.
• Only the sender's private and public keys are used, unlike during RSA encryption.

Entity Authentication

• Entity authentication is a technique where one party verifies the identity of another.
• The entity to be proven is the claimant; the verifying party is the verifier.

Types of Authetication

• The claimant must identify via something known, possessed, or inherent.

Passwords

• Password is the oldest method of entity authentication that is considered prone to attack.

Challenge-Response Authentication

• Challenge-response authentication involves proving knowledge of a secret without sending it. The verifier either possesses or retrieves the secret.

Key Management

• Secret keys must be handled and distributed with appropriate care.
• Public keys in asymmetric-key cryptography need to be handled in a similar fashion.

Symmetric-Key Distribution

• Symmetric-key cryptography requires a shared secret key between two parties and is more efficient than asymmetric-key methods for large messages.
• Exchanging confidential messages with N people requires N distinct keys.
• Two people are required to use two keys when communicating back and forth.

Public-Key Distribution

• People don’t need to share the same key as they do in symmetric approaches.
• Public keys are open and available to everyone to use.

Network-Layer Security

• Network-layer security is applied between hosts, routers, etc., to protect applications using the network layer.

IPSec Modes

• IPSec operates in transport or tunnel mode.
  • Transport mode protects data delivered from the transport layer.
  • Tunnel mode protects the entire IP packet by applying IPSec security methods to the entire packet then adds a new IP header.

IPSec Security Protocols

• IPSec defines the Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols for authentication for packets at the IP level.

Authentication Header (AH)

• Ensures the integrity of the payload, authenticates the origin of the packet; It uses a hash function and the secret key to create a message digest.
• AH doesn't provide confidentiality.

Encapsulating Security Payload (ESP)

• Provides source authentication, integrity, and confidentiality using both a header and a trailer.

AH and ESP for IPv4 and IPv6

• AH and ESP are part of the extension header for IPv6.

IPSec Provided Services

• AH and ESP protocols provide security services for packets at the network layer.

Services

• Access Control is provided by IPSec using a Security Association Database (SAD).
• Message integrity is preserved in AH and ESP.
• Entity authentication is possible via keyed-hash sent by the sender in both AH and ESP.
• AH doesn't provide confidentiality.
• Replay attacks are prevented through sequence numbers and a sliding receiver window in both protocols.

IPSec: Security Association

• Each IPSec header holds a sequence number when the association is made.
• When that number is maxed out, the association is deleted.
• Window size is fixed at receiver.

Internet Key Exchange (IKE)

• Designed to create inbound and outbound Security Associations as needed to send IP packets; consults the Security Policy Database (SPD).

Virtual Private Network (VPN)

• A virtual private network (VPN) has gained in popularity.

Transport-Layer Security

• It provides security for the application layer and uses the services of TCP or SCTP as a connection-oriented protocol.
• Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocol provide this security at the transport layer.

SSL Security

• SSL provides reliable transport layer protocol
• SSL architecture was developed to provides security and communication services for data from the application layer.
• Developed by Netscape

SSL - Services Provided

• Fragmentation
• Compression
• Message Integrity
• Confidentiality
• Framing

SSL: Four Protocols in Two Layers

• Defines four protocols in two layers for the idea itself.
  • Handles messages
  • SSL defines these protocols in it’s layers, as well as others.

SSL: Handshake Protocol

• Authenticates the server, client, and messages needed to send private data.

SSL: Change Cipher Set Protocol

• Exchange for cryptographic messages
• Send/receive messages during the procedure.

SSL: Alert Protocol

• Alerts used for reporting errors or abnormal activity

SSL: Record Protocol

• Carries messages from the upper layer
• Message is fragmented/compressed.
• Negotiated hash algorithm

E-Mail Security

• The creation of a session is not applicable to e-mails.
• Two protocols provide mail security through Pretty Good Privacy and Secure/Multipurpose Internet Mail Extension (S/MIME).

Security Algorithms

• Agree on cryptographic algorithms to use
• No session to negotiate a hand shake for algorithms.
• Alice includes her system information.
• Identifier for the MD5 message.

Secured Keys Through Crytography

• One time secret key sent with the message.
• Key to protect from interception, secret key encrypted with public key.

Certificates

• Certain algorithms must be used for e-mail key.
• Messages need to be signed to encrypt the secret.

Pretty Good Privacy

• Pretty Good Privacy (PGP) provides e-mail with privacy, integrity, and authentication.
• Is often used to creat secure messages for e-mail.

PGP Authentication

• Alice uses authentication that will need to show private data key and public data key.

Public Key Protection

• Can be made more secure with data compression.

PGP: Key Rings

• Used or needed for many individuals.
• Alice should have public keys
• In addition to PGP’s designer, specified a private /public key.

PGP Algorithms

• A set of asymmetric-key techniques ,cryptography hashing and compressions.

PGP Certificates

• Authentication is a key requirement to PGP
• Public Keys is the security, in all similar steps.

S/MIME

• Extension for e-mail access and secured communication via secured data.
• Uses the MIME protocol.

Cryptograph Message Syntax

• S/MIME defines how security services work.
• Syntax defines the scheme
• Referenced by RFC 3369/3370

Firewalls for Control

• Need firewall to keep out unwanted information.
• Forwards only some packets

Packet-Filter Firewalls

• Packet blocker, to base packets on IP.
• Transport/layer header
• TCP/UDP
• Router uses filtering patterns and discards unwanted content.

Proxy Firewalls

• Based on the layer of transport through the network,
• Can filter data based on message itself.