William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Monday, September 19, 2011

Post 011 - CYBR 515











PKI Architecture Picture


Week Three Assignments
Theme for the Week - Asymmetric Encryption
Learning Objectives:
Explain the use of public and private keys in Public-Key Cryptography.
Demonstrate a simple one-way hashing function.
Differentiate between RSA, Diffie-Hellman, DSS, and Elliptic curve algorithms for public key cryptosystems.
Describe the process used by the Diffie-Hellman algorithm to exchange secret keys.
Readings:
Chapter 3 in your textbook.
ASCII Table
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", R.L. Rivest, A. Shamir, and L. Adleman
"Multi-user cryptographic techniques" Diffie and Hellman
This week:
Our lesson this week covers asymmetric encryption, which uses different keys to encrypt and decrypt. It solves a fundamental problem with symmetric encryption caused by the need to securely distribute the same key to both sender and receiver. With asymmetric encryption, one key may be freely distributed to everyone, and the other is kept secret. For example, if I want to send you an encrypted message, I would ask for your public key and you could freely send it to me as clear text. I would use your key to encrypt the message and you use your private key to unencrypt it.
Asymmetric encryption is less efficient than symmetric encryption because the algorithms are more computationally intensive. Because of this, it is not often used to encrypt data for transmission across a network. However, it can be used very effectively for secure exchange of symmetric keys and for authentication.

Regarding authentication, you should keep in mind that authenticity is very important when it comes to data. In an exchange of data, a recipient must have a reasonable expectation that both the data and originator are genuine. If the architecture is not designed to provide that assurance, then hackers will capitalize on its weaknesses, damage will occur, users will develop other means of obtaining reliable data, and the system will fall into disuse. Therefore, it is a very important element of a secure network architecture.
You are now ready to proceed with the assignments below. Please read the directions carefully and submit the assignments as directed.

Assignment 3_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.
Assignment 3_2 (Post to this week's discussion forum)
This week's discussion forum is similar to the one we had last week. Your assignment is to post a substantive answer to one of the following questions that is at least 3 paragraphs in length with proper attention given to spelling and grammar. Again, we ask you to select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.
1. If a digital signature is merely composed of a string of ones and zeros, why can't I successfully alter it?
2. How can the Diffie-Hellman key exchange process transfer keys or other secrets without compromising them? If possible, provide a figure that shows an example.
3. When you receive something that was encrypted using your public key, how can you tell who sent it?
4. What is it about asymmetric encryption algorithms that makes them significantly more computationally intense than symmetric encryption algorithms?
5. Why can't I decrypt a password that has been encrypted using a hashing function? Include an explanation of how hashing works.
6. What is the difference between RSA, Diffie-Hellman, DSS, and Elliptic curve algorithms for public key cryptosystems?
7. Why doesn't encryption provide a secure form of authentication? As part of your post, explain what this question means.
8. Why does our author write stuff like MDm = H(SAB||M)2? Why not leave the formulas out and just explain these concepts using the English language?
9. Your book states that encryption protects against passive attack and message authentication protects against active attack. What does that mean and how does it work?
10. If I have an asymmetric key pair, how do I determine which key is used for encryption and which one is used for decryption? In your post also answer how I determine which one is public and which one is private.
Our trivia question for the week: What computer was used to break the German Enigma Cipher during World War II, and where was it located?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 3_3 (Attach to this assignment)
This assignment provides you with the opportunity to work with hashing functions. Study the simple hash function on pp 68 and 69 of your text. Once you are comfortable with the way that it works, complete the attached worksheet and save it to a Microsoft Word document as CYBR515 Assignment 3_3 and attach it to this assignment.


Assignment 3_4 (Semester Project, First Deliverable - Due Week 4)
We begin our semester project this week. Our goal is to create a plan for a secure network that incorporates authentication, authorization, and auditing, encryption, protection against malware and spam, defense in depth, and monitoring. Your first assignment is to read the scenario located in the Course Documents area of this course and produce the first set of deliverables. You have two weeks to complete this assignment, and your first deliverables are due at the end of Week 4. Those deliverables consist of a Visio diagram that depicts your interpretation of the current network and a written summary of network vulnerabilities that you uncover. As in other diagrams that you will make for this course, your network diagram doesn't have to depict every object. Instead, you can summarize objects.

No comments:

Post a Comment