Notes for November 2, 2000

1. Greetings and Felicitations!
2. Puzzle of the day
3. Key Exchange
   1. Needham-Schroeder and Kerberos
   2. Public key; man-in-the-middle attacks
4. Cryptographic Key Infrastructure
   1. Certificates (X.509, PGP)
   2. Certificate, key revocation
   3. Key Escrow
5. Digital Signatures
   1. Judge can confirm, to the limits of technology, that claimed signer did sign message
   2. RSA digital signatures: sign, then encipher
6. Types of attacks
   1. Forward searches
   2. Misordered blocks
   3. Statistical regularities (repetitions)
7. Stream ciphers
   1. LFSR: n bit register, tap sequence; shift 1 bit right, insert t₀r₀+...+t_n-1r_n-1; can choose period up to 2n-1
   2. Self-healing mode
8. Block ciphers
   1. Cipher block chaining
9. Networks and ciphers
   1. Where to put the encryption
   2. Link vs. end-to-end
10. Example protocol: PEM
    1. Design goals
    2. How it was done
    3. Differences between it and PGP

Puzzle of the Day

An educational company is developing a class that will use "distance learning." The idea is that students can reside at any node on the Internet. The student will download class materials, work independently, and submit the results by electronic mail (or some other prearranged method). During specific times, TAs and the instructor will be on line and available via an interactive conferencing system called Remote Tutor. But there's one problem: giving tests. The company plans to give interactive tests, with questions being posed and the student answering in real time. The student will be at the remote node, of course.

1. From the company's point of view, what is the security problem in this scheme? Assume both the connection and the server (to which the test answers are sent) are secure enough so the company is not worried about their compromise.
2. How would you ameliorate the problem?

Matt Bishop Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060 Fax: +1 (530) 752-4767 Email: bishop@cs.ucdavis.edu

Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.