Internet Security - Dang Thanh Binh's Page

More documents

Recommendations

Info

Message packet M T FN H(M) ELECTRONIC MAIL SECURITY: PGP, S/MIME 319 E KSa M : Data T : Timestamp FN : Filename H(M) : Message digest Content Signature packet Leading two octets of H(M) Radix-64 conversion function KS : Session key EKSa : Encryption with user a’s private key E KPb : Encryption with user b’s public key ZIP E KS Operation Key ID of KP a Figure 9.5 PGP message format. T K S E KPb Session key packet Key ID of KP b signature packet and the literal data packet. In either case, the ciphertext is referred to as a conventional-key-encrypted data packet. As shown in Figure 9.5, the entire block of PGP message is usually encoded with radix-64 encoding. 9.1.7 Key Material Packet A key material packet contains all the information about a public or private key. There are four variants of this packet type and two versions. 9.1.7.1 Key Packet Variants There are: • Public-key packet (tag 6): This packet starts a series of packets that forms a PGP 5.x key. • Public subkey packet (tag 14): This packet has exactly the same format as a publickey packet, but denotes a subkey. One or more subkeys may be associated with a
320 INTERNET SECURITY top-level key. The top-level key provides signature services, and the subkeys provide encryption services. PGP 2.6.x ignores public-subkey packets. • Secret-key packet (tag 5): This packet contains all the information that is found in a public-key packet, including the public-key materials, but also includes the secret-key material after all the public-key fields. • Secret-subkey packet (tag 7): A secret-subkey packet is the subkey analogous to the secret-key packet and has exactly the same format. 9.1.7.2 Public-key Packet Formats There are two variants of version 3 packets and version 2 packets. Version 3 packets were originally generated by PGP 2.6. Version 2 packets are identical in format to version 3 packets, but are generated by PGP 2.5. However, v2 keys are deprecated and they must not be generated. PGP 5.0 introduced version 4 packets, with new fields and semantics. PGP 2.6.x will not accept key-material packets with versions greater than 3. PGP 5.x (or PGP3) implementation should create keys with version 4 format, but v4 keys correct some security deficiencies in v3 keys. A v3 key packet contains: • A one-octet version number (3). • A four-octet number denoting the time that the key was created. • A two-octet number denoting the time in days that this key is valid. • A one-octet number denoting the public-key algorithm of this key. • A series of multiprecision integers (MPIs) comprising the key material: an MPI of RSA public module n; an MPI of RSA public encryption exponent e. A key ID is an eight-octet scalar that identifies a key. For a v3 key, the eight-octet key ID consists of the low 64 bits of the public modulus of the RSA key. The fingerprint of a v3 key is formed by hashing the body (excluding the two-octet length) of the MPIs that form the key material with MD5. Note that MPIs are unsigned integers. An MPI consists of two parts: a two-octet scalar that is the length of the MPI in bits followed by a string of octets that contain the actual integer. Example 9.4 Suppose the string of octets [0009 01ff] forms an MPI. The length of the MPI in bits is [00000000 00001001] or 9 (= 2 3 + 2 0 ) in octets. The actual integer value of the MPI is: [01ff] = 2 8 + 2 7 + 2 6 + 2 5 + 2 4 + 2 3 + 2 2 + 2 1 + 2 0 = 511 The MPI size is: TEAMFLY ((MPI.length + 7)/8) + 2 = ((9 + 7)/8) + 2 = 4 octets which checks the given size of the MPI string. The v4 format is similar to the v3 format except for the absence of a validity period. Fingerprints of v4 keys are calculated differently from v3 keys. A v4 fingerprint is the Team-Fly ®
Page 1 and 2:
TEAMFLY
Page 4:
Internet Security
Page 7 and 8:
Copyright © 2003 John Wiley & Sons
Page 9 and 10:
vi CONTENTS 2.3 World Wide Web 47 2
Page 11 and 12:
viii CONTENTS 5.6 The Elliptic Curv
Page 13 and 14:
x CONTENTS 10.2.5 De-militarised Zo
Page 16 and 17:
Preface The Internet is global in s
Page 18 and 19:
PREFACE xv Policy Approval Authorit
Page 20 and 21:
PREFACE xvii classified into three
Page 22 and 23:
1 Internetworking and Layered Model
Page 24 and 25:
INTERNETWORKING AND LAYERED MODELS
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Layer No. 7 6 5 4 3 2 1 OSI Layer A
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
2 TCP/IP Suite and Internet Stack P
Page 38 and 39:
TCP/IP SUITE AND INTERNET STACK PRO
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Class A Class B Class C Class D Cla
Page 48 and 49:
Page 50 and 51:
H Host H TCP/IP SUITE AND INTERNET
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Bits IP header TCP/IP SUITE AND INT
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
3 Symmetric Block Ciphers This chap
Page 80 and 81:
S-boxes L i−1 S 1 L i SYMMETRIC B
Page 82 and 83:
K 1 48 bits K 2 48 bits K 16 48 bit
Page 84 and 85:
Table 3.4 Initial permutation (IP)
Page 86 and 87:
SYMMETRIC BLOCK CIPHERS 65 Table 3.
Page 88 and 89:
SYMMETRIC BLOCK CIPHERS 67 This 48-
Page 90 and 91:
SYMMETRIC BLOCK CIPHERS 69 The 48-b
Page 92 and 93:
SYMMETRIC BLOCK CIPHERS 71 Thus, th
Page 94 and 95:
SYMMETRIC BLOCK CIPHERS 73 Round K1
Page 96 and 97:
SYMMETRIC BLOCK CIPHERS 75 Example
Page 98 and 99:
64-bit plaintext X 1 X 2 X 3 X 4 Ro
Page 100 and 101:
Page 102 and 103:
SYMMETRIC BLOCK CIPHERS 81 The outp
Page 104 and 105:
SYMMETRIC BLOCK CIPHERS 83 the corr
Page 106 and 107:
Page 108 and 109:
SYMMETRIC BLOCK CIPHERS 87 of S and
Page 110 and 111:
Step 3 i = j = 0; A = B = 0; SYMMET
Page 112 and 113:
3.3.3 Encryption SYMMETRIC BLOCK CI
Page 114 and 115:
A SYMMETRIC BLOCK CIPHERS 93 A B
Page 116 and 117:
3.4 RC6 Algorithm SYMMETRIC BLOCK C
Page 118 and 119:
Mixing in the secret key S A = B =
Page 120 and 121:
Magic constants: Pw = b7e15163 Qw =
Page 122 and 123:
A = ((A − S[2i]) >>> u) ⊕ t } D
Page 124 and 125:
Converting the secret key from byte
Page 126 and 127:
The final decrypted plaintext is: b
Page 128 and 129:
Thus, the final decrypted plaintext
Page 130 and 131:
Multiplication SYMMETRIC BLOCK CIPH
Page 132 and 133:
where c0 = a0b0 c1 = a1b0 ⊕ a0b1
Page 134 and 135:
Rcon[2] = [x 1 , {00}, {00}, {00}]
Page 136 and 137:
Table 3.16 AES key expansion i Temp
Page 138 and 139:
SYMMETRIC BLOCK CIPHERS 117 ShiftRo
Page 140 and 141:
Start of round After SubByte SYMMET
Page 142 and 143:
SYMMETRIC BLOCK CIPHERS 121 Figure
Page 144 and 145:
4 Hash Function, Message Digest and
Page 146 and 147:
M = 64 bits C 0 = 28 bits D 0 = 28
Page 148 and 149:
HASH FUNCTION, MESSAGE DIGEST AND H
Page 150 and 151:
⊕ : Bit-by-bit XORing of 16-bit s
Page 152 and 153:
P(Ω 1 )
Page 154 and 155:
Page 156 and 157:
K r : Concatenation IP : Initial pe
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
a b c d HASH FUNCTION, MESSAGE DIGE
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
H2 = 98badcfe H3 = 10325476 H4 = c3
Page 176 and 177:
Page 178 and 179:
opad 160 bits (SHA-1) 128 bits (MD5
Page 180 and 181:
Page 182 and 183:
5 Asymmetric Public-key Cryptosyste
Page 184 and 185:
User A Generate secret random integ
Page 186 and 187:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
Page 188 and 189:
Message m −1 E p q ASYMMETRIC PUB
Page 190 and 191:
Page 192 and 193:
Message m −1 User A A′ private
Page 194 and 195:
Page 196 and 197:
To decipher the message m, first co
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
a q ≡ 1(modp) a ASYMMETRIC PUBLIC
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Receiver: (verifying) Compute: w
Page 210 and 211:
� y2 − y1 x3 = ASYMMETRIC PUBLI
Page 212 and 213:
The square of the integers in Z ∗
Page 214 and 215:
Page 216 and 217:
and y3 = x2 1 + � x1 + y1 = α 12
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
6 Public-key Infrastructure This ch
Page 224 and 225:
PUBLIC-KEY INFRASTRUCTURE 203 LDAP
Page 226 and 227:
Session key DES Plaintext m One-way
Page 228 and 229:
PUBLIC-KEY INFRASTRUCTURE 207 Let u
Page 230 and 231:
PUBLIC-KEY INFRASTRUCTURE 209 sent
Page 232 and 233:
Publication of PAA’s public key G
Page 234 and 235:
PUBLIC-KEY INFRASTRUCTURE 213 • P
Page 236 and 237:
Carry out identification and authen
Page 238 and 239:
PUBLIC-KEY INFRASTRUCTURE 217 With
Page 240 and 241:
PUBLIC-KEY INFRASTRUCTURE 219 The s
Page 242 and 243:
6.4.4 X.500 Distinguished Naming PU
Page 244 and 245:
PUBLIC-KEY INFRASTRUCTURE 223 certi
Page 246 and 247:
PUBLIC-KEY INFRASTRUCTURE 225 • I
Page 248 and 249:
Certificate fields v1 = v2 = v3 (fo
Page 250 and 251:
PUBLIC-KEY INFRASTRUCTURE 229 CRL s
Page 252 and 253:
Subject directory attributes extens
Page 254 and 255:
PUBLIC-KEY INFRASTRUCTURE 233 the s
Page 256 and 257:
PUBLIC-KEY INFRASTRUCTURE 235 • S
Page 258 and 259:
PUBLIC-KEY INFRASTRUCTURE 237 not h
Page 260 and 261:
6.7.1 Basic Path Validation PUBLIC-
Page 262:
PUBLIC-KEY INFRASTRUCTURE 241 It is
Page 265 and 266:
244 INTERNET SECURITY The set of se
Page 267 and 268:
246 INTERNET SECURITY • Key manag
Page 269 and 270:
248 INTERNET SECURITY 7.1.3 Hashed
Page 271 and 272:
250 INTERNET SECURITY A B C D IV 67
Page 273 and 274:
252 INTERNET SECURITY Next header (
Page 275 and 276:
254 INTERNET SECURITY IPv4 IPv4 IPv
Page 277 and 278:
256 INTERNET SECURITY within a 32-b
Page 279 and 280:
258 INTERNET SECURITY addresses, wh
Page 281 and 282:
260 INTERNET SECURITY If authentica
Page 283 and 284:
262 INTERNET SECURITY 1 bit Next pa
Page 285 and 286:
264 INTERNET SECURITY The Situation
Page 287 and 288:
266 INTERNET SECURITY The Identific
Page 289 and 290: 268 INTERNET SECURITY The Hash Data
Page 291 and 292: 270 INTERNET SECURITY The Domain of
Page 293 and 294: 272 INTERNET SECURITY to the exchan
Page 295 and 296: 274 INTERNET SECURITY When a Key Ex
Page 297 and 298: 276 INTERNET SECURITY When a Notifi
Page 299 and 300: 278 INTERNET SECURITY SSL Handshake
Page 301 and 302: 280 INTERNET SECURITY SSL record he
Page 303 and 304: 282 INTERNET SECURITY SSLCompressed
Page 305 and 306: 284 INTERNET SECURITY • bad-certi
Page 307 and 308: 286 INTERNET SECURITY - Random: Thi
Page 309 and 310: 288 INTERNET SECURITY Note that Dis
Page 311 and 312: 290 INTERNET SECURITY The finished
Page 313 and 314: 292 INTERNET SECURITY key_block = M
Page 315 and 316: 294 INTERNET SECURITY opad 160 bits
Page 317 and 318: 296 INTERNET SECURITY - A B C D IV
Page 319 and 320: 298 INTERNET SECURITY The PRF is th
Page 321 and 322: 300 INTERNET SECURITY HMAC SHA1(S2,
Page 323 and 324: 302 INTERNET SECURITY 8.3.4 Certifi
Page 326 and 327: 9 Electronic Mail Security: PGP, S/
Page 328 and 329: ELECTRONIC MAIL SECURITY: PGP, S/MI
Page 348 and 349: Definition of multipart/encrypted:
Page 350 and 351: From: myrhee@tsp.snu.ac.kr To: kiis
Page 354 and 355: SignatureAlgorithmIdentifier ELECTR
Page 358: ELECTRONIC MAIL SECURITY: PGP, S/MI
Page 361 and 362: 340 INTERNET SECURITY conform to a
Page 363 and 364: 342 INTERNET SECURITY existing on a
Page 365 and 366: 344 INTERNET SECURITY 10.2.7 VPN So
Page 367 and 368: 346 INTERNET SECURITY Table 10.1 Te
Page 369 and 370: 348 INTERNET SECURITY Table 10.3 SM
Page 371 and 372: 350 INTERNET SECURITY Outside host
Page 373 and 374: 352 INTERNET SECURITY Internet Pack
Page 376 and 377: 11 SET for E-commerce Transactions
Page 378 and 379: 11.2 SET System Participants SET FO
Page 380 and 381: SET FOR E-COMMERCE TRANSACTIONS 359
Page 386 and 387: Example 11.2 Message Integrity Chec
Page 388 and 389: User A 0x135af247c613e815 Message d
Page 390 and 391:
SET FOR E-COMMERCE TRANSACTIONS 369
Page 392 and 393:
E KSC (CAC) + E KSC (MD) D CAC MD V
Page 394 and 395:
Page 396 and 397:
Page 398:
H MD D CRs K pg M’s cert E K#5 (C
Page 401 and 402:
380 INTERNET SECURITY DS Dual Signa
Page 403 and 404:
382 INTERNET SECURITY SA Security A
Page 405 and 406:
384 INTERNET SECURITY 17. Borman, D
Page 407 and 408:
386 INTERNET SECURITY 60. Harkins,
Page 409 and 410:
388 INTERNET SECURITY 106. Metzger,
Page 411 and 412:
390 INTERNET SECURITY 163. Wijnen,
Page 413 and 414:
392 INDEX Authentication Header 243
Page 415 and 416:
394 INDEX delete payload 269, 275,
Page 417 and 418:
396 INDEX HTML tag 49 ending tag 49
Page 419 and 420:
398 INDEX Java 48, 49 Joint Photogr
Page 421 and 422:
400 INDEX packet filter 339, 341, 3
Page 423 and 424:
402 INDEX secure payment processing
Page 425 and 426:
404 INDEX transform # field 264, 27
show all

Internet Security - Dang Thanh Binh's Page

Create successful ePaper yourself

Delete template?

Save as template?