4. (10’) Describe four key exchange methods used in TLS. Which methods do not need to send server- key-exchange message? Why not needed?
1. Rivest–Shamir–Adleman (RSA)
The server sends a certificate containing an RSA (public)key; the
client validates the cert and uses the publickey to RSA encrypt the
random premaster secret. The server proves correct decryption (and
is implicitly authenticated) with the Finished message. The server
can optionally request client authentication; if so the client
sends its own cert and uses its matching privatekey to sign a
partial transcript, which the server validates and verifies, but
this is rarely used. Except possibly the client auth, this is
'pure' RSA.
2. Ephemeral Diffie-Hellman (DHE)
DHE (DH in ephemeral mode) is used in conjunction with a signing
certificate, which can be either RSA or DSA. The server sends its
cert which client validates, and also its DH group and ephemeral
publickey signed under its cert; client generates its ephemeral key
in the same group and sends that, plus its cert and signature if
client authentication is used.
3. Elliptic Curve Diffie-Hellman (ECDH)
There is also a method to use DH keyagreement without certificates
and authentication, which is in effect ephemeral, but SSL/TLS
doesn't call it that, it calls it DH-anon instead. This is usually
a bad idea; many people imagine only passive eavesdroppers and
think they only need encryption, but in today's internet active
attacks of many kinds are widespread and if you don't use
authentication you probably aren't secure. You could view this as
'pure' DHE even though it isn't called that.
4. Ephemeral Elliptic Curve Diffie-Hellman
(ECDHE)
There are elliptic-curve variants ECDHE (ephemeral, RSA or ECDSA
signing} and ECDH-anon. The handshake sequence, and security
properties, are the same, only the actual crypto computations are
different. These are technically optional but in fact nowadays
widely implemented and becoming more popular to use.
Methods which does not need to send Server Key Exchange
Message:
If RSA is used for key exchange, then the client can retrieve the
public key from the server certificate and encrypt the premaster
secret with this key. Similarly, if a fixed Diffie-Hellman key
exchange is used, then the client can retrieve the server's
Diffie-Hellman parameters from the server certificate, employ these
parameters to perform a Diffie-Hellman key exchange, and use the
result as the premaster secret. In all of these cases, the server's
certificate message is sufficient and no additional information is
required for the client to securely communicate a premaster secret
to the server. In particular, no Server Key Exchange message is
needed.
4. (10’) Describe four key exchange methods used in TLS. Which methods do not need to...
The Diffie-Hellman public-key encryption algorithm is an alternative key exchange algorithm that is used by protocols such as IPSec for communicating parties to agree on a shared key. The DH algorithm makes use of a large prime number p and another large number, g that is less than p. Both p and g are made public (so that an attacker would know them). In DH, Alice and Bob each independently choose secret keys, ?? and ??, respectively. Alice then computes...
Answer all of it asap
Discrete mathematics
Problem 10 (10 pts) Alice and Bob would like to exchange a key using the Diffie-Hellman protocol that uses the following public information: the cyclic group Zio, and 5 as its base element. Alice: If she chooses 3 as her private key, which element does she send to Bob. Bob: If he chooses 4 as his private key, which element does he send to Alice Key-Exchanged: What is their Private Key exchanged.
Problem...
Describe the Basic Communication Model in detail. Explain the four (4) Message Appeals which are used on consumers. Complete in essay form.
1. In a scenario where Nancy and Matthew are using public key encryption, which keys will Matthew have the ability to see in his public keyring (--list-keys)? 2. If Nancy wishes to send a message to Matthew, which key does she use to encrypt the message? 3. If Matthew receives an encrypted message from Nancy, which key does he use to read it? 4. If Matthew wishes to send a message to Nancy, which key does he use to encrypt...
secuirty 1. When digitally signing a document, which key do you use? A: Symmetric key B: Public key C: Private Key D: Your house key 2. Which of the following protocols uses encryption? A: FTP B: Telnet C: SSH D: SMTP 3. What happens when rm is used to delete a file? A: Creates a new hardlink to the file B: Only removes the file pointer C: Removes file pointer and only writes over data D: Removes file pointer and...
just need help with part c
key and public key cryptography methods 2. (a) Explain the difference between the symmetric (b) In the famou s RSA algorithm for public key cryptography, very large prime numbers are used so as to make ult for the attackers to find from their product the prime factors. However, for an illustration of the ideas behind the RSA algorithm, you could chooses two small prime numbers 7 and 11, and a public key e 13...
Question (6) (15 Marks) A. List and describe FOUR (4) key pieces of information a designer needs to B. Describe the challenges a design engineer would experience working with a C. Outline and describe THREE (3) tools that could be used to facilitate the communicate to the manufacturing team to realize a product manufacturing team that speaks a different language communication process between the design and manufacturing team if they spoke different languages?
Question (6) (15 Marks) A. List and...
Question 3 (20 Marks) 3.1. Describe four (4) types of appraisal methods to justify IT investment evaluation and its specified evaluation methods. (10 marks) 3.2. Discuss the Information Systems department and how it is utilized to manage End-User relationships. Include in your discussion an outline of the FOUR (4) ISD approaches that could be applied by an organisation. (10 marks)
Question 2: You are Alice. Bob publishes his ElGamal public key (q, a, ya) = (101, 2, 14). You desire to send the secret message “CALL ME” to Bob. Using the equivalence A = 01, B = 02, and so on up to Z = 26, you encode the message into the number 03 01 12 12 13 05. Regarding each of these two-digit numbers as a plaintext block, compute the message that you will send to Bob using his...
Information Security I got 8/10 so please figure out which 2 answer is wrong. Question 1 (1 point) Dropbox is a typical example of SaaS in cloud computing. Question 1 options: True False T Question 2 (1 point) SSL cannot be combined with VPN. Question 2 options: True False F Question 3 (1 point) A remote access server can provide authentication services. Question 3 options: True False T Question 4 (1 point) In general, private key encryption is safer than...