Report on Cryptography and Security: Authentication & Key Exchange

Verified

Added on 2024/06/04

AI Summary

This report provides an overview of cryptography and security concepts, focusing on web authentication methods, key exchange techniques, and the authentication process for Debian DVD ISO images. It begins with an analysis of Debian ISO image authentication using MD5, SHA-1, and hash algorithms, detailing the steps involved in verifying the signature and ISO image content. The report then discusses secret communication using the Diffie-Hellman algorithm and AES methods for key exchange between a student and lecturer, outlining the steps for establishing a shared secret key. Finally, it delves into web authentication, exploring its importance in securing websites and managing unauthorized access, covering various authentication methods, user verification processes, and security measures to prevent breaches. The report emphasizes the differences between authentication and authorization, highlighting the critical role of website security in protecting sensitive online information. Desklib provides access to this and many other solved assignments.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CRYPTOGRAPHY AND SECURITY -
ASSIGNMENT 2
0

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
Task 1:.........................................................................................................................................................2
Task 2..........................................................................................................................................................3
Task 4..........................................................................................................................................................4
Introduction:............................................................................................................................................4
Relevant Section:.....................................................................................................................................4
Conclusion...............................................................................................................................................6
Reference:...................................................................................................................................................6
1

Task 1:
Debian DVD ISO images use the Debian HTTP servers for the encrypted sign file. These file use
MD5, SHA-1, or hash algorithm for the authentication process. Debian HTTP servers are
download from https://goo.gl/8CNeyc. Authenticate process is followed below steps such as
 In the first steps, design a directory that contains all files. It ensures that each file is
placed corrected place in the directory.
 In the second steps, there is use GNU Privacy Guard ( it is freely available to verify the
signature correct or not. It can be done for both algorithms such as SHA-1 and MD5.
When gpg command run the first time then the system cannot access the public key. But
this execution gives an ID such as ‘6294BE9B’ which help user is able to gain the public
key.
 In the third steps, we used gain ID for the public key on the Debian keyring server. It
gives a public key.
 In the fourth steps, checksums files (both file such as MD5 and SH-1) signature is
verified.
 In the fifth steps, ISO image content is verified so ISO image checksum compares with
other expected checksum file.
2

Task 2
For the secret communication, the user has used the Diffie-Hellman algorithm. AES methods are
used during the key exchange. There are establishing secret communication between student and
lecturer. There are following steps are followed for the secret communication such as
 In the first steps, it displays the public global parameters. It is represented in the text and
encoded formats. This process is done on the student side
 In the second steps, public parameters are used to create private or public key. (student
side)
 In the third steps, there is extracted the public key
 In the fourth steps,
 Student communication side creates a secret key that is shared later. For the creation of
key, it uses public key and the private key of the lecturer.
 In the fifth steps, there is created shared key both side. After that, check the lecturer side
same shared secret key are created.
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Task 4
Introduction:
Web authentication is a process that identifies the machine and user on the website. It removed
the text passwords format and use user authentication that gives the security benefits, usability,
and deplorability. So it works on cognitive authentication, graphical password, one-time
passwords, biometrics, and phone-aided schemes. Web authentication focused on the website
data security and manages the unauthorized access to the website.it uses Authorization and
Authentication for the security. It is two different technologies. In this report, I will analysis
current web authentication and work on the web site security.
Relevant Section:
Website authentication
It is a process that is recognized the user, machine, or system. For the user authentication on the
website, the user enters password and username or email. Website authentication uses another
form for the user verification which is designed the backside of the website. During the user
authentication, it checks enter credentials with authentication server credentials files (Bravo, and
Crume, 2014) .
Authentication of Website is playing the major role. There are following reasons for the Website
authentication such as
 Website saves Sensitive Information during the online process. When a user pays for
service online then they used a credit card or debit cards. They also shared their personal
details. So there are need the security. So website restricts unauthorized access due to
sensitive information.
 Website blocks the Unauthorized person with the help of authentication techniques.
Otherwise, they access the website and gain the sensitive information. It is harmful for
website and user (Bajaj, Bradescu, Burstein, M'raihi, and Popp, 2011)
Website authentication Process
4

 Username and password are entered by the user.
 Username and password are directed to the Authentication Server
 Authentication Server matches these Credentials with server Credentials log files.
 After the matching, the user can access the website.
Types of Web Authentication
1. Web Authentication through the Login process
2. Web Authentication through the single sign-on process
3. Web Authentication through IPsec process
Difference between Authorization and Authentication
Authorization Authentication
It is work on “what can user do ?” approach. It
is a collection of the permissions which are a
grant and prevent the user. It also controlled
the user action and permission on the website.
It is work on “who can do?” approach. It uses
two-step verification process to recognized
system and user on the website. it manages
user login account (Edwards, and Rouault,
2008).
User Verification Process
1) Biometric Verification Process
2) Password-based Verification Process
3) Two-factor based Verification Process
4) Email based Verification Process (Ackerman, 2007)
Prevent the Security Breach
Website Prevent the Security Breach so there are created Tougher Passwords, Deleted Inactive or
old Accounts, software update regularly base, and secreted the password.
For the website for security:
5

For the website security, the website can be used HTTPS domain, Screen Passwords, Two-Factor
Verification, prevent the Secret Questions, Rapid-Fire Login Efforts and implemented Password
fewer Alternatives. All these technologies provide the more security website and control the
unauthorized access to the website. It also makes sure sensitive information only access through
authorize person (Zhao, and Zhao, 2010)
Conclusion
In this report, I have worked on Website authentication. It recognizes the system, machine, and
user which access the website. Website authentications are used for online information security
and controlled the access to the website. Authentication and Authorization are two different
things. Further, there are explained the Authentication Process, Types of Web Authentication,
User Verification Process, web security, and Prevent the Security Breach. It is mainly focused
the website security through a different type of technology and methods.
Reference:
 Edwards, N.J. and Rouault, J., 2008. Multi-domain authorization and authentication.
U.S. Patent 7,444,666
 Bajaj, S., Bradescu, R.A., Burstein, J., M'raihi, D. and Popp, N., Symantec Corp,
2011. System and method for website authentication using a shared secret. U.S. Patent
8,060,916.
 Bravo, J. and Crume, J.L., International Business Machines Corp, 2014. Website
authentication. U.S. Patent 8,762,724.
 Zhao, J.J. and Zhao, S.Y., 2010. Opportunities and threats: A security assessment of state
e-government websites. Government Information Quarterly, 27(1), pp.49-56.
 Ackerman, D.M., INTERNET BIOMETRIC SECURITY SYSTEMS LLC,
2007. Method for user verification and authentication and multimedia processing for
interactive database management and method for viewing the multimedia. U.S. Patent
7,162,475.
6