1)[Ch 3, Thought Questions, nos 7, 8, 9]—How are digital certificates and passports similar and how are they different? How are digital certificates and university diplomas similar and how are they different? How are digital certificates and movie tickets similar and how are they different?
Digital signatures comprise of a hash message that specifically recognize the message sender and ensures that the message is not modified or replaced during or prior to transmission. Likewise, any user on the computer network will review the signature to evaluate the data authenticity and integrity. However, a Digital Signature Algorithm (DSA) is used in this process that is considered to be an asymmetric cryptographic algorithm that constructs digital signatures in pairs of large numbers. Moreover, the signature is matched by utilizing rules and parameters including signer identification and data integrity of the data. Passports are travel documents that are physical in nature and are characterized by unique number that provides information of a particular person from a database. Furthermore, tickets are also a physical or online document that is booked against a passport number.
2)[Ch 3, Harder Thought Questions, no. 1]—Identify potential security threats associated with authentication via digital signatures and digital certificates. Explain each and describe how you would address each threat.
Digital signatures incorporate various threats, as the process of digital signatures initiates on the Internet; threats can exploit verification data if not encrypted. SSL VPN provides an efficient illustration of hashing algorithms along with encryption keys. SSL VPN operates on a web browser, in comparison to the Internet Protocol Security (IPsec) VPN that requires installation on a workstation. Moreover, web access is also provided for users to remotely access the Internet. SSL VPN encrypts the data by symmetric key algorithms that exchange and authenticate keys. The authentication process in SSL VPN use hashes and clear text passwords that are never exchanged. IPsec and SSL VPN both specify similar methods to negotiate encryption algorithms in order to transform data. Furthermore, SSL VPN does not only secure electronic transactions, but also secure email protocols, for example, SMTP, IMAP, POP3 and FTP.
These seals ensure data privacy for consumers who provide data online. These security seals implements certain rules and policies when they are incorporated with any website. This gives customers some assurance of their personal data, as identity theft is a debatable issue that is still rising. As the servers of these websites, contain all the personal information of the customer and most importantly credit card numbers due to e commerce transactions. Some of the seals are defined as each of them specifies their own rules and policies.
3) [Ch 3, Harder Thought Questions, no. 2]—The Panko text describes how public key authentication is used for message-by-message authentication in digital signatures. However, public key authentication is widely used for initial authentication.
a. Describe the processes that the supplicant and verifier would use if public key encryption were used in initial challenge-response authentication.
b. Draw heavily on your understanding of digital signatures, but put this information in challenge–response context.
“Rivest Cipher 6 Security RC6, includes a symmetric key block cipher inherited from the RC5. It is proprietary of RSA Security designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and was also submitted to the NESSIE and CRYPTREC projects. RC6 proper has a block size of 128 bits and supports key sizes of 128, 192 and 256 bits, but, like RC5, it can be parameterised to support a wide variety of word-lengths, key sizes and number of rounds. RC6 is very similar to RC5 in structure, using data-dependent rotations, modular addition and XOR operations; in fact, RC6 could be viewed as interweaving two parallel RC5 encryption processes. However, RC6 does use an extra multiplication operation not present in RC5 in order to make the rotation dependent on every bit in a word, and not just the least significant few bits”
4)[Ch 4, Thought Questions, no. 2]—Why would it be desirable to protect all of a corporation’s IP traffic by IPsec? Give multiple reasons.
In my opinion, it is not necessary to protect all the digital traffic running on a computer network of a particular organization. However, only sensitive data transmission needs protection. This does not conclude that other non-sensitive data must not be protected. The safeguard must enforce first layer of security on the whole computer network and an additional second layer of defense must be incorporated with highly sensitive data transmission. This specifically can be carried out by IPsec, as it is defined as “IPsec VPN refers to the virtual private nework based on the IPsec technologies, which is the primary layer 3 VPN technology. The IPSec protocol typically works on the edges of a security domain, which encapsulates a packet by wrapping another packet around it. It then encrypts the entire packet. This encrypted stream of trafﬁc forms a secure tunnel across an otherwise unsecured IP network.” (IPsec VPN.2007)
5)[Ch 4, Harder Thought Questions, no. 4]—Pretty good privacy uses public key encryption and symmetric key encryption to encrypt long documents. How can this be done?
The symmetric key algorithm is defined as “Symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key. Symmetric algorithms can be divided into two types – stream ciphers and block ciphers. Stream ciphers encrypt a single bit of plaintext at a time, whereas block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit” (John Rittinghouse & Hancock, 2003). Some of the advantages that this technique shares are:
- It is relatively a simple process
- Parties at both ends of the network i.e. the receiver and the sender have the freedom to use the same encryption algorithm that is used publicly.
- Likewise, there is no requirement for developing and sharing algorithms that are undisclosed in nature.
- Moreover, there is a dependency for the security factor in the length of the key.
6) [Ch 4, Thought Questions, no. 3]—what wireless LAN security threats do 802.11i and WPA not address?
WPA is considered to be a state of the art retro engineering technology. It covers the vulnerabilities of WEP, as the output is a solid secure security system with backward compatibility with almost every wireless fidelity compatible device. Moreover, WPA provides adequate security for most of the wireless networks. However, it is dependent on RC4 encryption algorithm and TKIP (Temporary Key Integrity Protocol). As always, there is always a possibility of exploiting weaknesses. After redesigning security issues by the WiFi Alliance, 802.11i that is also known as WPA2 was developed.
7)[Ch 4, Thought Questions, no. 4]—Given the weakness of commercial WAN security, why do you think companies continue to use WAN technology without added cryptographic protections?
Organizations must ensure an adequate protection mechanism for Wireless networks, as one weakness may lead to a security breach, resulting in data loss, reputation loss and system loss.
IPsec VPN. (2007). Network Dictionary, , 261-261.
John Rittinghouse, P. D. C., & Hancock, W. M. (2003). Cybersecurity operations handbook Elsevier Science.