CSCI6268L16 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #16 Oct 7, 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSH (A Different Model) SSH (Secure SHell) Replacement for telnet Allows secure remote logins Different model Too many hosts and too many clients How to distribute pk of host? Can be done physically Can pay a CA to sign your keys (not likely) Can run your own CA More reasonable, but still we have a bootstrapping problem
Background image of page 2
SSH: Typical Solution The most common “solution” is to accept initial exposure When you connect to a host for the first time you get a warning: “Warning: host key xxxxxx with fingerprint xx:xx:xx is not in the .ssh_hosts file; do you wish to continue? Saying yes may allow a man-in-the-middle attack.” (Or something like that) You take a risk by saying “yes” If the host key changes on your host and you didn’t expect that to happen, you will get a similar warning And you should be suspicious
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Key Fingerprints The key fingerprint we just saw was a hash of the public key Can use this when you’re on the road to verify that it’s the key you expect Write down the fingerprint on a small card and check it When you log in from a foreign computer, verify the fingerprint Always a risk to log in from foreign computers!
Background image of page 4
X.509 Certificates X.509 is a format for a certificate It contains a public key (for us, at least), email address, and other information In order to be valid, it must be signed by the CA In this class I will be the CA
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Project #1 The next phase of the project Won’t be assigned for a while, but here is a heads-up You will generate an RSA pk,sk pair using OpenSSL ( genrsa command) Your private key should be password protected PEM stands for “Privacy Enhanced Mail” and is the default format used by OpenSSL % openssl genrsa –out john-priv.pem 1024 Generating RSA private key, 1024 bit long modulus .......... ++++++ .++++++ e is 65537 (0x10001)
Background image of page 6
What does secret key look like? -----BEGIN RSA PRIVATE KEY----- fFbkGjYxpp9dEpiq5p61Q/Dm/Vz5X2Kpp2+11qFCKXLzxc8Z8zL7Xgi3oV5RUtSl wFjkiJaPP7fyo/X/Swz0LO1QKVQ7RDUe9NpnwTUBV44rtQVsSWfbgzdA9MAQT945 wBI27OAJWYQTApEeM2JhgvqCSPtdIn9paC9yeIzXLxwqrnlLCscGKncX53y3J3QG KP1UqujpdTY9FRMvbL6bM5cn1bQ16pSbjntgFi5q4sdcwBNiWveFy5BNf4FnWtk6 KdAQ4jFeZqnwR3eAP0kdleosucPNZMxoQKafsi19bGi9BDdR4FoBdHy+K1sbXEm0 Z5+mcVPIITmB9MgUQLZ/AFguXHsxGDiH74es2Ahe6OACxWlqe4nfFxikXJfJw8EY 9nzw8xSZV5ov66BuT6e/K5cyrd2r0mlUb9gooYoVZ9UoCfO/C6mJcs7i7MWRNakv tC1Ukt9FqVF14Bcr1oB4QEeK1oWW3QU2TArCWQKc67sVcSBuvMJjBd18Q+8AZ7GY Jtt4rcOEb0/EUJuMauv4XlAQkiJcQ46qQjtkUo346+XMeRjWuUyQ/e5A/3Fhprat 7C10relDQonVi5WoXrEUTKeoaJgggZaeFhdpoee6DQePSWfLKB06u7qpJ6Gr5XAd NnBoHEWBYH4C0YcGm77OmX7CbPaZiIrha/WU7mHUBXPUHDCOhyYQK8uisADKfmEV XEzyl3iK6hF3cJFDZJ5BBmI774AoBsB/vahLquBUjSPtDruic24h6n2ZXcGCLiyc redr8OiGRJ0r6XF85GYKUO82vQ6TbSXqBgM5Llotf53gDZjMdT71eMxI4Fj3PH91 -----END RSA PRIVATE KEY----- (Not very useful, is it?)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
OpenSSL RSA Private Key % openssl rsa -in john-priv.pem -text -noout Private-Key: (1024 bit) modulus :
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/11/2010 for the course CS 6268 taught by Professor Black during the Spring '09 term at University of Colombo.

Page1 / 24

CSCI6268L16 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online