This is a Clilstore unit. You can .
UNIT 1 – SECURITY AND INTEGRITY
In this part of the unit we are talking about how to make sure, the communications through a shared channel, like internet, where there are many bad guys, who might intercept the messages, read and modify them, and even usurp the identity of other people with evil intent.
In the activity 1, we will learn how to ensure that nobody except the legitimate receiver will read your communications using encryption
In the activity 2, we will learn how to ensure that the message has not been intercepted and modified by a third person, using digital signature
In the activiy 3, we will learn how to ensure that the sender is identified in a reliable way using certificates from an Certifying Authority
All these elements are meant to make sure the communications from a legal standpoint. This concept is also known as to provide LEGAL SECURITY in the Internet
AUTHENTICATION THROUGH A CERTIFYING ENTITY
The digital signature has an important flaw when it comes to verify the origin of a message. If the sender's public key has been sent through a shared channel like Internet, the receiver can't ascertain that the public key he has received was really coming from the true sender. Maybe it was actually sent for somebody in the middle who pretends to be the sender, or maybe the message from the sender was intercepted for someone in the middle who replaced the authentic sender's public key by its own.
All this can sound to you as very unlikely, but from a legal point of view it it is enough that this event is feasible, to have very serious legal consequences, to the point of making impossible, in many situations to prosecute a cyber criminal blatantly caught in the act committing a crime.
This problem has two solutions:
The senders hand in the public key to the receiver, face to face, identifying himself . This is seldom possible in the context of network communications, especially when the sender and the receiver live in different cities, countries or continents.
The sender identifies himself to a certifying authority (CA) recognized by both sender and receiver. In this way the process can be broken down in the following steps:
Both Sender and Receiver get the CA's public key.
The sender goes to the CA's offices and identifies himself with his/her DNI, then fills a form asking the CA for a certification to prove his/her identity to others. The sender also delivers his public key to the CA.
The CA encrypts the sender's public key using its private key and sends it to the sender. This encrypted document is called a DIGITAL CERTIFICATE. Take into account that this means that everybody can decrypt it (as long as he has the CA's public key). But on the other hand, the certificate CAN'T BE FAKED because it is encrypted with the CA's private key, which is supposed to be secret. From now onwards, whenever the sender wants to prove his identity he will send the certificate to the receiver
A certifying authority is an organization, usually (but not always) public, who provides digital certificates to users, identifying them against third parts. There are many CA's in the world but in our geographic space, the most important are the ACCV (Autoritat Certificadora de la Comunitat Valenciana) belonging to the Generalitat Valenciana, and the FNMT( Fabrica Nacional de Moneday Timbre) belonging to the Government of Spain. On an International level, the most important certifying entity are the private companies Symantec and Comodo. In order to get a certificate from the FNMT the user must go tot a post office and fill a form. When the user's info is registered in the system he will receive a link to download the files needed to install the certificate into the web browser.
This activity will be made by a group of three students.
One of them will be the sender.,
Another will be the receiver
The third one will be the Certifying Authority.
STEP 1. ONLY FOR THE STUDENT ACTING AS THE CA
The student acting as the CA must create a Kleopatra certificate (that is a couple of public and private keys) entering the data showed in the following pictures.
Note: use AUTORIDAD CERTIFICADORA + your name instead of PEPE
Click on advanced settings and enable the option authentication.
Enter a password phrase. Don't forget to write it down, You'll need it later, when you will have to use the certificate.
And now export your certificate and send it to both the your sender and receiver classmate.
IDENTIFICATION AND CERTIFICATE ISSUANCE
The student acting as CA must perform this tasks.
Check sender student identity using his/her DNI or any other Id documentation available…. OBVIOUSLY, YOU CAN SKIP THIS STEP, because your classmate identity is known for you and for everybody else. But if you were a real CA, this would be the most important step of the process, since it's the step where the sender is identified for good, and this is the fact what makes the certificate reliable.
Use Gedit (accesorios→editor de textos Gedit) to write a short text presentation card for the sender. Use the following picture as an example of the data you have to write, but use the text in English you'll find below the picture, obviouly changing the personal data of sender and CA.
The identity of this email sender has been reliably verified by CERTIFIED AUTORITY PEPEANTOLIN PEREZ
SENDER:FULANO DE TAL
This document has been encrypted with the private key of CERTIFIED AUTORITY PEPEANTOLIN PEREZ wich entails that to make sure the authenticiy of the sender's identity you just have to decrypt his/her certificate using CERTIFIED AUTORITY PEPEANTOLIN PEREZ public key
Download CERTIFIED AUTORITY PEPEANTOLIN PEREZ in this link
Now encrypt the presentation card using the certificate CERTIFIED AUTHORITYyour name you have just carried out in the previous step and send it to the sender. Now he has his certificate issued by you, the CA, which can be used as a proof of identity while sending messages to other people through the net,
The sender have to send a document to the receiver , making sure it won't be altered through the net and giving a proof of his identity
Compress in a file the document to send and the certificate delivered by the CA
Encrypt the encrypted document and send to the receiver.
The receiver, onces received the message from the sender, must check out the sender identity.
Decrypt the compressed document using the sender Public key. If the message is decrypted successfully, it's sure that the received document wasn't altered.
Decompress the document
Decrypt the certificate using the CA public key. If the message is decrypted successfully it's sure that the message comes from the true sender.
Carry out the activity other two times, changing the roles so that each team member acts as a CA, sender and receiver.
When finished, call the teacher to assess the activity.
Felipe Martínez. Dept. Informàtica 6/7
IES EL CABANYAL- VALENCIA
Short url: http://multidict.net/cs/4498