Purchase Solution

Network security

Not what you're looking for?

Ask Custom Question

I need detailed answers for these 2 questions.

1.Suppose we wish to use Kerberos for securing electronic mail. The obvious way of accomplishing this is for Alice, when sending a message to Bob, to obtain a ticket for Bob and include that in the email message, and to encrypt and/or integrity-protect the email message using the key in the ticket. The problem with this is that then the KDC would give Alice a quantity encrypted with Bob's password-derived master key, and then Alice could do off-line password guessing. How might Kerberos be extended to secure email without allowing off-line password guessing?
(Hint: Issue human users an extra, unguessable master key for use with mail, and extend the Kerberos protocol to allow Bob to safely obtain his unguessable master key from the KDC.)

2.Assume we are using secret key technology. What is wrong with the following source authentication scheme?
Alice chooses a per-message secret key K, and puts an encrypted version of K in the header for each recipient, (ie Bob and Ted). Next, Alice uses K to compute a MAC on the message, say a DES-CBC residue, or to compute a message digest of K and append it to the message.

(Hint: this works fine for a single recipient, but there is a security problem if Alice sends a multiple-recipient message. Once they receive the message, Bob and Ted know both K and K encrypted with the key they share with Alice. This allows either to forge a message to the other as if it were from Alice.)

Purchase this Solution
Solution Summary

Network security is demonstrated.

Purchase this Solution
Free BrainMass Quizzes
C# variables and classes

This quiz contains questions about C# classes and variables.

Javscript Basics

Quiz on basics of javascript programming language.

Word 2010: Tables

Have you never worked with Tables in Word 2010? Maybe it has been a while since you have used a Table in Word and you need to brush up on your skills. Several keywords and popular options are discussed as you go through this quiz.

C++ Operators

This quiz tests a student's knowledge about C++ operators.

Excel Introductory Quiz

This quiz tests your knowledge of basics of MS-Excel.

View More Free Quizzes
Related BrainMass Solutions

  • Security case study

    Security at network layer At network layer we will use IPSec for security.

  • Information, Computer and Network Security

    404309 Differences between information, computer and network security. What are the differences between information security, computer security, and network security?

  • network security

    214583 What will be your plan to enhance your network security? Assume that you are the network security officer of one company, what will be your plan to enhance your network security (firewall? VPN? Content level protection?

  • Electronic commerce security

    Network security is extremely critical for organizations to ensure communication between remote computers with best possible security. Network security ensures that no unauthorized users gain access into the communication network.

  • Security Mechanisms at Layers Above IP

    Information security infrastructure must include end-to-end security measures and the IPSec manages and controls it from a host to a host, network to network, or host to network client.

  • Providing Anti-virus software to employee home users

    Further this solution provides the student with an understanding of the roles of top manager, non-IT management, and IT professionals in maintaining network security.

  • Risk Mitigation

    Computer and network Management (Network Issues): Network security related threats can be mitigated by deploying advanced network security hardware and security to prevent security breaches and to protect from attacks via hackers and intruders.

  • Physical Security for Computer Networks

    50581 How would you apply to physical security in a computer Network? How would you apply to physical security (e.g. building, network, computer and so on..)? Physical security is an important part of the overall security policy of an organization.

  • Information systems and security

    The organization's network security officer or network administrator should continuously monitor the activity on the network and should take corrective or preventive action in the event of misuse or abnormal activity on the network or systems as soon

  • Firewalls and Border Security

    Permiter or border security is the concept of protecting your network where it abuts against another network, such as the network.

View More Related Solutions