星期五, 12月 16, 2005

SSL

SSL (Secure Socket Layer)
* Using Digital Certificate, Digital Signature, Public Key Encryption, Hash (Message Digest)
* Instead of encrypting the sender's original text, only the session key generated by the sender is encrypted by the receiver's public key.
* The session key is valid throughout a session and not any longer.
* SSL is proposed by Netscape, Inc.
* https is actually http enhanced by SSL. https uses port 443 while http uses port 80.

Lab SSL

1. Try Yam membership enrollment
for using SSL encrypted Internet communications.
2. Note the lock at the lower right corner is secured when SSL is enabled.
3. Click the lock icon and a message window should pop up.
4. What kind of encryption is used in this SSL? How many bits are there in the encryption key?
5. Who issued the certificate you are seeing? (Who is the certificate authority, CA, for this website?)
6. Until when is the certificate valid?
7. What kind(s) of hash is/are used in the CA's digital signature?
8. How many bits are there in the hash(es)?

Lab PGP II

1. Sign a file. Send this file to Friend A & Friend B. Verify that both of them can read your signature.

2. Sign a file and encrypt this file and signature using A's public key. Email it to A and B. What will happen?

Lab PGP

1. Download PGP Desktop 9.0
2. Install PGP using

In the process of installation assistant, generate your key pairs and allow your public key to go public at keyserver.pgp.com so that your friends can use it.

3 Check your email. Record your public key and the finger print at the Comment below this blog posting. What's the key length PGP generates?

4. Use your Friend A's public key to encrypt a file, using PGP zip. Email this encrypted file to your Friend A and Friend B. Verify that A can decrypt the file while B cannot.

You are invited to do Part II of Lab PGP.

FAQ: What's PGP?

12-30-2005 Internet Security

Internet Security

Lab SSL

12-16-2005 Class

Web Services Applications

Network Security:
Hash functions
Lab Hash

Lecture on network secutiry and the theory of public key

Lecture on network secutiry and the theory of public key
(Chapter 3 of Textbook)

Secrect Key

*a key for encryption is also for decryption
*fast encryption and decryption
*problem with key distribution
*problem with keeping many keys

Public Key

*private key and public key
*public usually posted on an open directory
*private key must be kept in absolute private to oneself
*good for encryption and signature

Hash function
*fixed length of 128 or 256 bits
*fingerprint


Digital Signature
* privated key encrypted fingerprint of a plain text
*transmitted along with the plain text for verification

Man-in-the-middle attack

Digital Certificate
* Public Key signed with Certificate Authority

12/16/2005 Lab Hash

1. Install SlavaSoft HashCalc
2. Open the file readme.txt of this software
3. Calculate the cash.
4. Open another copy of HashCalc
5. Open the file readme.txt and delete the first space fo the file.
6. Calculate the hash of the modified file.
7. Compare the hashes of two files.

星期三, 12月 14, 2005

期末報告題目

參閱以下部落格

星際小孩 http://astrokid.blogspot.com/
芳鄰成長園 http://chang212.blogspot.com/
Reflection http://www.chieftain.idv.tw/archives/category/education/

(1)
思考如何以部落格小眾媒體的特性, 提出一個具有小眾或大眾社會影響力的部落格經營提案,
這當中包含閱讀對象選定, 主題設定, 內容與架構規劃, 常態性經營, 預計達成指標值與影響力預估,
所需資源,預期的挑戰.

題目可以環繞你所參加的社團, 你的家鄉或社區, 你的分享與關心, 你的朋友, 高中同學, 電影, 音樂, 學業, 生涯,
試著以部落格創造凝聚力, 進而引起注意或發揮影響力.

(2)
實際建構此部落格, 並且提出或實際展現你的經營之道.


注意
1. 實作不限於 www.blogger.com 你可以自由挑選部落格, 但是請勿
使用廣告太多的部落格網站.
2. 請於此公佈你的成果網址.
3. 成果繳交日期: 1/17/2006

星期五, 12月 09, 2005

Lab Web Service II

"we make a living by what we get, we make a life by what we give"

Test Drive a web service
1. Click Stock Quote and play with this operation
2. Enter IBM as symbol and see what you get in the result.

3. Copy the response XML from this web service, which is a SOAP message, into a text file called quote.xml and prepare for transformation as described in the next step.

4. Based on
the method of Lab XSLT,
write an XSLT and transform the result XML into an HTML.