ECE6612

1
ECE-6612 http//www.csc.gatech.edu/copeland/jac/66
12/ Prof. John A. Copeland john.copeland_at_ece.gat
ech.edu 404 894-5177 fax 404 894-0035 Office
Klaus 3361 email or call for office visit, or
call Kathy Cheek, 404 894-5696 Chapter 4b -
X.509 Authentication
2
X.509 Authentication Service
An International Telecommunications Union
(ITU) recommendation (versus standard) for
allowing computer host or users to securely
identify themselves over a network. An X.509
certificate purchased from a Certificate
Authority (trusted third party) allows a
merchant to give you his public key in a way that
your Browser can generate a session key for a
transaction, and securely send that to the
merchant for use during the transaction (padlock
icon on screen closes to indicate transmissions
are encrypted). Once a session key is
established, no one can high jack the session
(for example, after your enter your credit card
information, an intruder can not change the order
and delivery address). User only needs a
Browser that can encrypt/decrypt with the
appropriate algorithm, and generate session keys
from truly random numbers. Merchants
Certificate is available to the public, only the
secret key must be protected. Certificates can
be cancelled if secret key is compromised.
3
Raw Certificate has user name, public key,
expiration date, ...
CAs Secure Area
Generate hash code of Raw Certificate
Raw Cert.
MIC
Hash
Encrypt hash code with CAs private key to form
CAs signature
Signed Cert.
Certificate Authority generates the signature
that is added to raw Certificate
Signed Certificate Recipient can verify signature
using CAs public key.
3
4
4
5
Information Provided by Browser about a
Certificate
This Certificate belongs to investing.schwab.co
m trading subnet a 1199 Charles Schwab Co.,
Inc. Phoenix, Arizona, US This
Certificate was issued by Secure Server
Certification Authority RSA Data Security,
Inc. US Serial Number 6B682F3BFD8A46
730433108A321E475B This Certificate is
valid from Wed Nov 03, 1999 to Thu Nov 02,
2000 Certificate Fingerprint
4B80C6C52D6314E76F50BD16393C96FD
5
6
Certificates Can Be Deleted (and Added)
Are you sure that you want to delete this Site
Certificate? This Certificate belongs to
endor.mcom.com Netscape Communications Corp.
US This Certificate was issued by
rootca.netscape.com Information
Systems Netscape Communications
Corporation US Serial Number 0177 This
Certificate is valid from Thu May 15, 1997 to Tue
Nov 11, 1997 Certificate Fingerprint
06BF6088D9E759BF3A357433288E26F6
6
7
X.509 Chain of Authentication
CAltltAgtgt CA As id and information XltltAgtgt
certificate of A signed by X To authenticate
XltltAgtgt, you must get the public key of X from a
trusted source, such as Z - your own CA. (
ZltltXgtgt) Z in turn may have to get Xs
certificate from a higher level CA. Ultimately
there must be an Authentication Tree of CAs so
that a user can work up the tree (from Z) and
back down to the issuer of the certificate in
question, X.
7
8
In practice, there is no single top-level
Certificate Authority (CA), only a group of CAs
that each Browser vendor deems fit to include in
the installation program.
X.509 Chain of Authentication
8
9
Certificate Authorities in Mozilla (2006)
9
10
Making a DES Key from a Password or Phrase
password, n 7-bit ASCII characters (little endian
- least significant bit first)
flattened bit stream (7 x n bits)
fanfold into 56 bits
bitwise XOR
64-bit key
Every eighth bit is a parity bit
10
11
Programs Available from www.csc.gatech.edu/copelan
d/jac/6612/tools/
hextext.c - allows you to view files in both hex
and ascii formats. char_count.c - shows the
number of different characters in a file,
computes the character entropy. To use, you must
first compile them. On a UNIX or LINUX gcc
hextext.c -o hextext (the executable file is
hextext) ./hextext for help ./hextext
filename 3000 file and max. bytes ./hextext
filename 3000 less see one screen at
a time gcc char_count.c -lm -o char_count
(note the -lm for math library) ./char_count
filename If gcc is not available, try cc.
less is better than more (use u to back
up, space for next page).
11
12
Output from hextext
Maximum Lines (p_limit) value 30 Input File is
120317-s100.raw Byte No. HEX
VALUES TEXT 0 2
4 6 8 10 12 14 16 18 0 2 4
6 8 0 2 4 6 8 0 d4c3 b2a1 0200 0400 0000 0000
0000 0000 6400 0000 ................d... 20
0100 0000 e544 4838 1ead 0200 4e00 0000 4e00 0000
.....DH8....N...N... 40 0000 0000 0800 0300
0000 0000 0001 0080 1935 8da3
.................5.. 60 0800 4500 0040 0291
0000 3f11 16fc 1858 302f 1858
..E.._at_....?....X0/.X 80 0142 0400 0035 002c
90c7 061a 0100 0001 0000 0000
.B...5.,............ 100 0000 0377 7777 0363
7363 0667 6174 6563 6803 6564
...www.csc.gatech.ed 120 7500 0001 0001 e544
4838 21fd 0200 7200 0000 a400
u......DH8!...r..... 140 0000 0000 0000 0800
0300 0000 0000 0001 0050 0f00
.................P.. 160 308c 0800 4500 0096
4acf 4000 fc11 d166 1858 0142
0...E...J._at_....f.X.B 180 1858 302f 0035 0400
0082 7a8a 061a 8180 0001 0002
.X0/.5....z......... 200 0001 0001 0377 7777
0363 7363 0667 6174 6563 6803
.....www.csc.gatech. 220 6564 7500 0001 0001
c00c 0005 0001 0000 a1ce 0010
edu................. Lines 30, hextext.c by
John Copeland 12/5/99
12
13
Output from char_count
./char_count char_count.c char_count vers
000601 File is char_count.c No. Char.s to
EOF 7396, No. Lines 183
Occurrence of Single Characters _at_- 0 P-
0 - 3488 0- 104 _at_- 1 P- 12 -
0 p- 154 A- 0 Q- 0 !- 1 1-
77 A- 16 Q- 0 a- 202 q- 0 B-
0 R- 0 "- 75 2- 71 B- 5 R-
14 b- 48 r- 316 C- 0 S- 0 -
9 3- 25 C- 16 S- 14 c- 262 s-
243 D- 0 T- 0 - 0 4- 10 D-
8 T- 25 d- 95 t- 263 E- 0 U- 0
- 32 5- 29 E- 27 U- 8 e- 296
u- 108 F- 0 V- 0 - 1 6- 43
F- 13 V- 0 f- 154 v- 45 G- 0
W- 0 '- 18 7- 17 G- 0 W- 0
g- 78 w- 8 H- 0 X- 0 (- 116
8- 16 H- 0 X- 0 h- 100 x-
31 I- 18 Y- 0 )- 116 9- 4 I-
27 Y- 2 i- 338 y- 64 J- 247 Z-
0 - 232 - 5 J- 0 Z- 0 j-
13 z- 4 K- 0 - 0 - 78 -
193 K- 1 - 104 k- 6 - 24 L-
0 \- 0 ,- 109 lt- 35 L- 22 \-
29 l- 152 - 4 M- 0 - 0 --
100 - 121 M- 5 - 102 m- 123 -
24 N- 0 - 0 .- 51 gt- 31 N-
29 - 4 n- 342 - 0 O- 0 _-
0 /- 255 ?- 0 O- 17 _- 27 o-
213 - 0 Occurrence of
Single Characters - Sorted -3488 "- 75
F- 13 - 0 80- 0 A0- 0 C0- 0
E0- 0
13
14
Occurrence of Single Characters - Sorted -3488
"- 75 F- 13 - 0 80- 0 A0- 0
C0- 0 E0- 0 n- 342 2- 71 P- 12
Q- 0 81- 0 A1- 0 C1- 0 E1- 0
i- 338 y- 64 4- 10 B- 0 82- 0
A2- 0 C2- 0 E2- 0 r- 316 .- 51
- 9 C- 0 83- 0 A3- 0 C3- 0
E3- 0 e- 296 b- 48 D- 8 - 0
84- 0 A4- 0 C4- 0 E4- 0 t- 263
v- 45 w- 8 E- 0 85- 0 A5- 0
C5- 0 E5- 0 c- 262 6- 43 U- 8
F- 0 86- 0 A6- 0 C6- 0 E6- 0
/- 255 lt- 35 k- 6 G- 0 87- 0
A7- 0 C7- 0 E7- 0 J- 247 - 32
- 5 H- 0 88- 0 A8- 0 C8- 0
E8- 0 s- 243 x- 31 B- 5 A- 0
89- 0 A9- 0 C9- 0 E9- 0 - 232
gt- 31 M- 5 J- 0 8A- 0 AA- 0
CA- 0 EA- 0 o- 213 5- 29 - 4
K- 0 8B- 0 AB- 0 CB- 0 EB- 0
a- 202 \- 29 - 4 L- 0 8C- 0
AC- 0 CC- 0 EC- 0 - 193 N- 29
z- 4 M- 0 8D- 0 AD- 0 CD- 0
ED- 0 p- 154 _- 27 9- 4 N- 0
8E- 0 AE- 0 CE- 0 EE- 0 f- 154
I- 27 Y- 2 O- 0 8F- 0 AF- 0
CF- 0 EF- 0 l- 152 E- 27 _at_- 1
P- 0 90- 0 B0- 0 D0- 0 F0- 0
m- 123 3- 25 - 1 q- 0 91- 0
B1- 0 D1- 0 F1- 0 - 121 T- 25
K- 1 R- 0 92- 0 B2- 0 D2- 0
F2- 0 (- 116 - 24 !- 1 S- 0
93- 0 B3- 0 D3- 0 F3- 0 )- 116
- 24 H- 0 T- 0 94- 0 B4- 0
D4- 0 F4- 0 ,- 109 L- 22 _at_- 0
U- 0 95- 0 B5- 0 D5- 0 F5- 0
u- 108 '- 18 V- 0 V- 0 96- 0
B6- 0 D6- 0 F6- 0 0- 104 I- 18
G- 0 W- 0 97- 0 B7- 0 D7- 0
F7- 0 - 104 7- 17 X- 0 X- 0
98- 0 B8- 0 D8- 0 F8- 0 - 102
O- 17 ?- 0 Y- 0 99- 0 B9- 0
D9- 0 F9- 0 h- 100 8- 16 Z- 0
Z- 0 9A- 0 BA- 0 DA- 0 FA- 0
-- 100 C- 16 W- 0 - 0 9B- 0
BB- 0 DB- 0 FB- 0 d- 95 A- 16
D- 0 \- 0 9C- 0 BC- 0 DC- 0
FC- 0 g- 78 R- 14 Q- 0 - 0
9D- 0 BD- 0 DD- 0 FD- 0 - 78
S- 14 - 0 - 0 9E- 0 BE- 0
DE- 0 FE- 0 1- 77 j- 13 _- 0
bs- 0 9F- 0 BF- 0 DF- 0 FF- 0
Entropy is 4.5 bits/byte. Maximum
character-wise compression 56.5 No. Char.s gt
127 (not ASCII text) 0, 0
14