User Account

All Pages

Public- and private-key pair

Assignment Help Computer Network Security
Reference no: EM131102423

Week 3 Group Project

Public- and private-key pair (Group Project)

This is a 2-Week project that contains two main tasks. You need to manage your time well to be able to finish both tasks on time. The submission of the final document is due by Wednesday of Week 4, but your contribution in the Group Project forum will be marked throughout the 2-Week period, so your regular participation is important. As you progress in your work, use the ‘Sample Template for document submission’ to track your deliverables.

Task 1 (to be completed by the end of Week 3):

Install an OpenPGP-compliant email software package on your computer, like any of the ones found at the OpenPGP Alliance (n.d.) Web site or any product in compliance with RFC 4880 (Network Working Group, 2007). GnuPG (The GnuPG Project, 2014) in particular is freely available and widely used. You are welcome to use PGP itself, but note that as of 2010, PGP is owned by Symantec and is only available as a commercial product (Symantec, 2014). You may wish to try the Enigmail add-ons for Thunderbird (Brunschwig, 2013). For the purposes of this Group Project, any of these OpenPGP-compliant products will be referred to as ‘PGP’.

For the project, generate a public- and private-key pair for yourself. If you have any problem in installing it properly, please discuss this in the Group Project forum with your team members. Publish your public key in your project exchange folder. Optionally, export your public keys to one or more of the PGP key servers. If you publish your keys there, your email address will also be public there. If you feel you do not want to publish your email address there, you can choose not to do so. You can also generate a key for some email address that you do not care about and publish the corresponding key for that email address to the PGP key servers.

Post some encrypted messages for each of your project colleagues in the Group Project forum. You can also publish the ciphertext in your Group Project forum. Be sure to post these encrypted messages in the Group Project forum, not private email boxes, since the Instructor cannot read your private email box and, hence, cannot give you a grade. If you get an encrypted message for yourself, decrypt it and ask the sender to verify that the message is correct.

By the end of Week 3, you should have finished the installation of PGP, published your public key, published the encrypted messages to your colleagues and decrypted the messages for you (posting the messages in the folder for verification). All work should be done in the Group Project forum.

Task 2 (to be completed by the end of Week 4):

In this task, you will concentrate on the digital signatures and certificate chain. Try posting messages signed with your private key and ask your colleagues to verify whether your signature on the message is valid. The message should not be encrypted; that is, the format is a clear message, with a signature on the message.

Your task is detailed in the ‘Sample Template for document submission’ at the end of this Assignment. However, generally speaking your task is to compare what happens in the following situations:

1. Get signature by A and check whether A's signature on one message is valid.

2. Let B sign A's key, and you sign B's key. Then check whether A's signature on one message is valid.

As you know, various PGP tools may implement the same service differently. The technical details in the following example were written for PGP 7.x; however, the basic theory is the same for all versions of PGP. If you are using GnuPG or another OpenPGP installation, the interface may look different, but the basic process should be the same. Stepping through the following example in your own software may give you a deeper understanding of how the digital signature process works.

PGP 7.x Example

 

You have talked about CA (certificate authority) in several places. The PGP trust model is different from the CA trust model. When you open the PGPKeytools, you will find that for several public keys you have imported, the small ball under the ‘validity’ item is not highlighted (green). This means that that these public keys are not ‘valid’ according to current certificate chains. The impact is that when you verify a signature using that public key, you will get a message like ‘valid signature with an invalid key’. If the ball for your own public key is not green, you may right-click your key and choose ‘key properties’. Under the ‘Trust Model’, choose ‘Implicit trust’. Then your key should be green.

Now how can you make other keys valid (green)? An obvious way is to sign that key. When you sign a key, you will see that key is highlighted. Do you have to sign all keys to make all keys valid? The answer is NO. That is, you need to find a way to make one key highlighted (green), but you have never signed that key. If you know that a key is really from Alice, then you can certainly click the small ball corresponding to that key and sign that key, and then you can export that public key, thus making Alice's key green. If you do not know Alice, but you know Bob in person and Bob knows Alice well, then if Bob signs Alice's key and sends Alice’s signed key to you, you should trust Alice's key. This is the PGP trust model. Practice this kind of trust model this Week.

In particular, do the following exercise: You sign A’s key and mark A’s key as trusted (you can do this by right-clicking A's key and choose ‘key properties’ and then move the sliding bar to trust). A signs B’s key and publishes the signed key to the Group Project forum. Check whether B’s key is valid in your screen (small ball is highlighted). Post your screenshot to convince others that you have not signed B’s key but that it is valid. Also check a message signed by B to see whether it is valid. The following is a sample screenshot. Note that Yongge Wang has not signed Ali Ahmed's key but that it is a valid key. Also note that Yongge Wang trusts Craig's key at the 50% level.

References:

Brunschwig, P. (2013) Enigmail [Online]. Available from:https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/, (Accessed: 20 October 2014).

The GnuPG Project (2014) The GNU privacy guard [Online]. Available from: https://www.gnupg.org (Accessed: 20 October 2014).

Network Working Group (2007) Proposed Standard RFC 4880: OpenPGP Message Format [Online]. Available from:https://www.ietf.org/rfc/rfc4880.txt (Accessed 10 December 2014).

OpenPGP Alliance (n.d.) OpenPGP alliance members [Online]. Available from: https://openpgp.org/members/ (Accessed 10 December 2014).

Symantec (2014) Symantec Encryption Family [Online]. Available from: https://www.symantec.com/encryption/(Accessed 10 December 2014).

Reference no: EM131102423

Questions Cloud

Budget deficit, maintain the current budget deficit : Suppose that nominal GDP equals $15 trillion, the current budget deficit is $600 billion, and the net public debt/GDP ratio is 80 percent. Given that the government wishes to maintain the net public debt/GDP ratio at 80 percent, explain whether the g..
In what ways was it felt that the statements issued : In what ways was it felt that the statements issued by the Financial Accounting Standards Board would carry greater weight than the opinions issued by the Accounting Principles Board?
What essential characteristics : If you had to explain or define "generally accepted accounting principles or standards," what essential characteristics would you include in your explanation?
What is pickett''s tie ratio : If the company does not maintain a TIE ratio of at least 5 times, its bank will refuse to renew the loan, and bankruptcy will result. What is Pickett's TIE ratio?
Public- and private-key pair : Public- and private-key pair (Group Project) This is a 2-Week project that contains two main tasks. You need to manage your time well to be able to finish both tasks on time. The submission of the final document is due by Wednesday of Week 4,
Distinguish among accounting research bulletins : Distinguish among Accounting Research Bulletins, Opinions of the Accounting Principles Board, and Statements of the Financial Accounting Standards Board.
For what purposes did the aicpa : For what purposes did the AICPA in 1959 create the Accounting Principles Board?
The legality and exploitation of international mitm attacks : The legality and exploitation of international MiTM attacks (Individual Paper), Recently, there is strong evidence that the US National Security Agency (NSA) has launched many MiTM attacks either by exploiting some known flaws in the techniques used ..
What is wealth distribution : What is wealth distribution? Why it became a major concern for developed economies especially since 1990s? What is wrong with a society with moderate income inequality but severe wealth inequality? What kind of measures can be taken for reducing weal..

Reviews

Write a Review

Computer Network Security Questions & Answers

  Integrative network design project

Review the assignment instructions in the University of Phoenix Material: Integrative Network Design Project.

  Provide secure remote access solution that utilizes network

Provide secure remote access solution that utilizes Network Access Policy controls. Provide easy and manageable workstation image and software deployments. All workstations should be Window 8.

  Describe secure electronic transactions

Secure Electronic Transactions, Confidentiality and Integrity, Change Cipher Spec protocol, Web Security Approaches: application level.

  Paper on certification & accreditation for it systems

Write a 5 page paper on Certification & Accreditation for IT Systems (Network Plus, Security Plus, SSAA's, DAA's, ATO's, etc.)

  Total cost of ownership return on investment

Total Cost of Ownership Return on Investment. Explain each of these approaches, state your preference, and analyze the advantages and disadvantages of each with a focus on IT investments.

  Describe key issues challenges risks from this case study

Describe the key issues/challenges/risks from this case study. Based on the information provided in the case study, describe and document the recommended security strategy to mitigate the issues/challenges identified

  Why cooperation on a global basis is required cyber security

An introduction which addresses the reasons why cooperation on a global basis is required to address cyber security challenges. This introduction should focus on political, economic, and social factors.

  How to manage the file system encryption keys

Setup a 64MB encrypted file system in a file on a Flash drive so that it can be used with the cryptmount command.

  Discuss symmetric and asymmetric key encryption

A short introduction to SSH, explaining why it is the preferredway of logging into a remotemachine-this explanation will need to discuss symmetric and asymmetric key encryption.

  Formulate plans for how to approach the immediate issue

formulate plans for how to approach the immediate issue with Stella, and to continue business in the future, assuming that they want to continue using only RSA. Assume that the directors do not know what RSA is and/or how it works.

  Describe the technical characteristics of the dark web

Describe the technical characteristics of the Dark Web ensuring you explain how it works and its underlying technologies - Discuss the impact of the Dark Web on society. In addressing this point, ensure you discuss its purpose and the forces behind i..

  Identify at least three different social media networks and

identify at least three different social media networks and describe how they are used.explain the advantages and

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd