DOC PREVIEW
CU-Boulder CSCI 6268 - Lecture #14

This preview shows page 1-2-3-22-23-24-44-45-46 out of 46 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Foundations of Network and Computer SecurityAnnouncementsPassword Protected Private KeyWhat does key look like now?CSR: Certificate RequestCreating a CSRViewing a CSRCSRsSample CertificateViewing a CertificateWhat have we Accomplished?CA’s Verification Key is a Cert!Martin’s Root CertHow to Distribute the Root Cert?Distributing the Root CertRoot Cert FingerprintOverall Idea of the ProjectSample Message from A to BThe Big (Partial) PictureNetwork SecurityCrypto …. GoodBreaking into a “Friend’s” AccountOk, Breaking into a “Friend’s” AcctNetworking RefresherBasic NetworkingRunning out of IP addressesSending a UDP packetPack it Up!Routing on a NetworkLocal Routing TableGetting to the GatewaySending to the GatewayGateway Receives Eth PacketUser2 Receives PacketOther ProtocolsMTU – Maximum Transmission UnitIP – Best Effort DatagramsTCP – Transmission Control ProtocolCrypto on a NetworkNetwork Security: The Biggest ChallengesViruses (Worms)Viruses: HistoryMorris Worm (cont)CERT -- They were firstModern VirusesViruses: Why?Foundations of Network and Foundations of Network and Computer SecurityComputer SecurityJJohn BlackLecture #14Oct 18th 2005CSCI 6268/TLEN 5831, Fall 2005Announcements•Quiz #2 back today–We’ll go over some points before we start the lecture•Project #0 due today–Please hand in on paper–CAETE students can email to grader: [email protected] Protected Private Key•Shouldn’t leave your private key lying around without password protection; let’s fix this% openssl genrsa -aes128 -out john-priv.pem 1024Generating RSA private key, 1024 bit long modulus...........................................++++++..........................++++++e is 65537 (0x10001)Enter pass phrase for john-priv.pem:Verifying - Enter pass phrase for john-priv.pem:% openssl rsa -in john-priv.pem -text -nooutEnter pass phrase for john-priv.pem:Private-Key: (1024 bit)modulus: 00:ca:40:b9:ef:31:c2:84:73:ab:ef:e2:6d:07:17... ...What does key look like now?-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: AES-128-CBC,1210A20F8F950B78E710B75AC837599BfFbkGjYxpp9dEpiq5p61Q/Dm/Vz5X2Kpp2+11qFCKXLzxc8Z8zL7Xgi3oV5RUtSlwFjkiJaPP7fyo/X/Swz0LO1QKVQ7RDUe9NpnwTUBV44rtQVsSWfbgzdA9MAQT945wBI27OAJWYQTApEeM2JhgvqCSPtdIn9paC9yeIzXLxwqrnlLCscGKncX53y3J3QGKP1UqujpdTY9FRMvbL6bM5cn1bQ16pSbjntgFi5q4sdcwBNiWveFy5BNf4FnWtk6KdAQ4jFeZqnwR3eAP0kdleosucPNZMxoQKafsi19bGi9BDdR4FoBdHy+K1sbXEm0Z5+mcVPIITmB9MgUQLZ/AFguXHsxGDiH74es2Ahe6OACxWlqe4nfFxikXJfJw8EY9nzw8xSZV5ov66BuT6e/K5cyrd2r0mlUb9gooYoVZ9UoCfO/C6mJcs7i7MWRNakvtC1Ukt9FqVF14Bcr1oB4QEeK1oWW3QU2TArCWQKc67sVcSBuvMJjBd18Q+8AZ7GYJtt4rcOEb0/EUJuMauv4XlAQkiJcQ46qQjtkUo346+XMeRjWuUyQ/e5A/3Fhprat7C10relDQonVi5WoXrEUTKeoaJgggZaeFhdpoee6DQePSWfLKB06u7qpJ6Gr5XAdNnBoHEWBYH4C0YcGm77OmX7CbPaZiIrha/WU7mHUBXPUHDCOhyYQK8uisADKfmEVXEzyl3iK6hF3cJFDZJ5BBmI774AoBsB/vahLquBUjSPtDruic24h6n2ZXcGCLiycredr8OiGRJ0r6XF85GYKUO82vQ6TbSXqBgM5Llotf53gDZjMdT71eMxI4Fj3PH91-----END RSA PRIVATE KEY-----This private key file is encryptedCSR: Certificate Request•You will generate a CSR–Certificate Request•Has your name, email, other info, your public key, and you sign it•Send your CSR to the CA–CA will sign it if it is properly formatted–His signature overwrites your signature on the CSR•Once CA signs your CSR it becomes a certificateCreating a CSR% openssl req -key john-priv.pem -new -out john-req.pemEnter pass phrase for john-priv.pem:You are about to be asked to enter information that will be incorporated into your certificate request.Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:ColoradoLocality Name (eg, city) []:BoulderOrganization Name (eg, company) [Internet Widgits Pty Ltd]:University of ColoradoOrganizational Unit Name (eg, section) []:Computer ScienceCommon Name (eg, YOUR name) []:John BlackEmail Address []:[email protected](Leave the rest blank)This outputs the file john-req.pem which is a cert requestViewing a CSR% openssl req -in john-req.pem -text -nooutCertificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Colorado, L=Boulder, O=University of Colorado, OU=Computer Science, CN=John Black/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ca:40:b9:ef:31:c2:84:73:ab:ef:e2:6d:07:17: 83:5e:96:46:24:25:38:ed:7a:60:54:58:e6:f4:7b:... 27:de:00:09:40:0c:5e:80:17 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 32:e1:3f:e2:12:47:74:88:a3:f9:f4:44:8a:f3:b7:4e:d1:14: 1f:0b:be:b8:19:be:45:40:ed:5b:fb:ab:9b:01:e8:9a:26:0c: ... 9c:e0CSR is signed by youNote: not password protectedCSRs•Why is your CSR signed by you?–Ensures that the CSR author (you) have the private key corresponding to the public key in the CSR•If we didn’t do this, I could get the CA to sign anyone’s public key as my own–Not that big a deal since I can’t decrypt things without the corresponding private key, but still we disallow this•Why does the CA sign your public key–Well, because that’s his reason for existence, as discussed previously–Ok, let’s say I email my CSR to Martin and he signs it… then what?Sample Certificate-----BEGIN


View Full Document

CU-Boulder CSCI 6268 - Lecture #14

Download Lecture #14
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture #14 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture #14 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?