CSCI6268L28 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #28 Nov 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Announcements Quiz #3 will be Nov 20 th (Friday) Project #2 has been assigned Due Dec 4th
Background image of page 2
Project #2: Secure Email System Our goal is to provide a secure email system to each member of the class. We are going to use both symmetric-key and public-key techniques in this project, thus tying together several of the concepts discussed in lecture. As usual, we’ll use OpenSSL as our toolkit, either via the command-line interface (easiest) or via system calls (you’ll need the OpenSSL book for this!) The program you write will have three main functions: 1. A mini-database utility to keep track of certs you have acquired from our class web site 2. A method to send encrypted and signed email 3. A method to verify and decrypt received email
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Format of the Message We’ll start by describing what a message will look like. Then we’ll back-fill the details about how to generate and digest messages in this format. Messages will look like this: -----BEGIN CSCI 6268 MESSAGE----- <session pwd encrypted under target’s public key> <blank line> <message encrypted under session pwd above> <blank line> <signature of above content> -----END CSCI 6268 MESSAGE-----
Background image of page 4
Message Format First -----BEGIN CSCI 6268 MESSAGE----- must appear exactly as shown; this is the indicator that the message begins immediately after this line. (This allows the message to be embedded in a bunch of other text without confusing the recipient’s parser.) The next line is the session password encrypted under the target’s public key. This password is a random string of 32 characters using A-Z, a-z, and 0-9 generated by the sender; the sender then encrypts his message with AES in CBC mode using this password. There is a blank line, followed by the AES-CBC encrypted message in base64 format. This is followed by another blank line. Next comes the signature of the sender which is generated using the sender’s private key. This signature will be the RSA sig of the SHA-1 hash of every line above from the first line after the BEGIN marker to the line just before the blank line ending the message. Exclude newlines (since they are different between Unix and DOS apps). Finally, -----END CSCI 6268 MESSAGE----- concludes the encrypted message.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The Cert Database Your program should maintain a simple catalog of certs which you have collected from the web site. You may store them in whatever format you prefer (a flat file is the simplest, but if you prefer to use MySQL or something fancier, be my guest). A cert should always be verified using the CA’s public key before being inserted into the database. A cert should always be verified using the CA’s public key after being extracted
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 53

CSCI6268L28 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online