CSCI6268L14 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #14 Oct 1 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Next Up: SSL Next we’ll look at how to put all this together to form a network security protocol We will use SSL/TLS as our model since it’s ubiquitous But first, we’ll digress to talk about OpenSSL, and our first part of the project (a warm-up)
Background image of page 2
OpenSSL Was SSLeay Open Source Has everything we’ve talked about and a lot more Most everything can be done on the command line Ungainly, awkward, inconsistent Mostly because of history Have fun, it’s the only game in town http://www.openssl.org/
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Brief Tutorial This is a grad class; you can figure it out from the man page, but… Syntax is % openssl <cmd> <parms> cmd can be ‘enc’, ‘rsautl’, ‘x509’, and more We’ll start with the ‘enc’ command (symmetric encryption) Let’s look at the enc command in more detail
Background image of page 4
OpenSSL enc command openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [- a] [-K key] [-iv IV] [-p] [-P] -ciphername can be des-ecb (yuk!), des-cbc (hmm), des (same as des-cbc), des-ede3-cbc, des3 (same), aes-128-cbc, bf, cast, idea, rc5 Can omit the ‘enc’ command if specifying these… kind of hokey If you don’t specify filenames, reads from and writes to stdin/stdout Looks like garbage, of course If you don’t specify a password on the command line, it prompts you for one Why are command-line passwords bad? You can use environment variables but this is bad too You can point to a file on disk… less bad What does the password do? Password is converted to produce IV and blockcipher key
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
enc (cont) % openssl aes-128-cbc –P enter aes-128-cbc encryption password: salt is a random number generated for each encryption in order to make the key and iv different even with the same password Begins to get confusing… didn’t we just change the IV before? Use this mode only when deriving a new key for each encryption Eg, when encrypting a file on disk for our own use If key is fixed, we specify it and the iv explicitly % openssl aes-128-cbc –K FB7D6E2490318E5CFC113751C10402A4 –iv 6ED946AD35158A2BD3E7B5BAFC9A83EA salt=39A9CF66C733597E key=FB7D6E2490318E5CFC113751C10402A4 iv =6ED946AD35158A2BD3E7B5BAFC9A83EA
Background image of page 6
Specified IV and Key So there are two modes you can use with enc 1) Specify the key and IV yourself This means YOU are in charge of ensuring the IV doesn’t repeat Use a good random number source or – Use a counter (which you have to maintain… headache!) 2) Use a passphrase OpenSSL uses randomness for you by generating a salt along with the IV and AES key
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/11/2010 for the course CS 6268 taught by Professor Black during the Spring '09 term at University of Colombo.

Page1 / 31

CSCI6268L14 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online