Authentication allows received to verify that message is authentic Message has

Authentication allows received to verify that message

This preview shows page 37 - 47 out of 48 pages.

Authentication allows received to verify that message is authentic Message has not altered Message is from authentic source Message timeline
Image of page 37
Authentication Using Encryption Assumes sender and receiver are only entities that know key Message includes: Error detection code Time stamp Sequence number
Image of page 38
Message Authentication Code Generate authentication code based on shar e d key and message Command key shared between A and B If only sender and receiver know key and code matches: Receiver assured message has not altered Receiver assured message is from alleged sender If message has sequence number, receiver assured of proper sequence
Image of page 39
Authentication Without Encryption Authentication tag generated and appended to each message Message not encrypted Useful for: One side heavily loaded Encryption adds to worked Can authentication random message Message broadcast to multiple destinations Have one destination responsible for authentication Program authentication without encryption and can be executed ( without decoding)
Image of page 40
Message Authentication Using Message Authentication Code
Image of page 41
Cryptography-based protocols, applications & solutions Secure Socket Layer (SSL/TLS) Digital Signatures Digital Certificates Secure Electronic Transaction (SET) Authentication POP (APOP) Pretty Good Privacy (PGP/GPG) Kerberos Secure shell (SSH)
Image of page 42
Pretty Good Privacy (PGP/GPG) An application for encryption, digitally signing, decryption, and verifying the integrity and authenticity of messages. Allows user to encrypt/decrypt whole message using a veriety of public key encryption algorithms. Allow user to create and verify digital signatures. Now available, in a variety of ports and re- writes, for all popular operating systems.
Image of page 43
Authentication POP (APOP) Pop is “Post Office Protocol”, a standard Internet protocol for downloading received email on a mail server to workstation’s mail reader. Pop Send user ID and password over network as plain text Almost universal APOP Encrypts password Used MD5 algorithm Only available to mail client that support APOP
Image of page 44
Secure Electronic Transaction (SET) An open encryption and security specification for protecting payment card transaction on the internet Feature: 1) Protects privacy of transmitted payment and ordering 2) Ensures integrity of all transmitted data 3) Provides au t henti c ation that a payment card holder is a legitimate 4) Allows payment card holder to verify that the merchant has a relationship whit an institution that allow it to accept payment cards. Implemented by large e-commerce vendors for large finantial institutions….
Image of page 45
SET – Sample Transaction 1.
Image of page 46
Image of page 47

You've reached the end of your free preview.

Want to read all 48 pages?

  • Fall '17

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes