Computer Networks
description
Transcript of Computer Networks
![Page 2: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/2.jpg)
Network Security
Chapter 8
![Page 3: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/3.jpg)
Need for Security
Some people who cause security problems and why.
![Page 4: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/4.jpg)
An Introduction to Cryptography
The encryption model (for a symmetric-key cipher).
![Page 5: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/5.jpg)
Symmetric-Key Algorithms
• DES – The Data Encryption Standard
• AES – The Advanced Encryption Standard
• Cryptanalysis
![Page 6: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/6.jpg)
Product Ciphers
Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.
![Page 7: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/7.jpg)
Data Encryption Standard
The data encryption standard. (a) General outline.(b) Detail of one iteration. The circled + means exclusive OR.
![Page 8: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/8.jpg)
Triple DES
(a) Triple encryption using DES. (b) Decryption.
![Page 9: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/9.jpg)
AES – The Advanced Encryption Standard
Rules for AES proposals
1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
3. Key lengths of 128, 192, and 256 bits supported.
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on nondiscriminatory terms.
![Page 10: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/10.jpg)
Cryptanalysis
Some common symmetric-key cryptographic algorithms.
![Page 11: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/11.jpg)
Public-Key Algorithms
• RSA
• Other Public-Key Algorithms
![Page 12: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/12.jpg)
Digital Signatures
• Symmetric-Key Signatures
• Public-Key Signatures
• Message Digests
![Page 13: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/13.jpg)
Symmetric-Key Signatures
Digital signatures with Big Brother.
![Page 14: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/14.jpg)
Public-Key Signatures
Digital signatures using public-key cryptography.
![Page 15: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/15.jpg)
Message Digests
Digital signatures using message digests.
![Page 16: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/16.jpg)
Management of Public Keys
• Certificates
• X.509
• Public Key Infrastructures
![Page 17: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/17.jpg)
Problems with Public-Key Encryption
A way for Trudy to subvert public-key encryption.
![Page 18: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/18.jpg)
Certificates
A possible certificate and its signed hash.
![Page 19: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/19.jpg)
X.509
The basic fields of an X.509 certificate.
![Page 20: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/20.jpg)
Public-Key Infrastructures
(a) A hierarchical PKI. (b) A chain of certificates.
![Page 21: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/21.jpg)
Communication Security
• IPsec
• Firewalls
• Virtual Private Networks
• Wireless Security
![Page 22: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/22.jpg)
IPsec
The IPsec authentication header in transport mode for IPv4.
![Page 23: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/23.jpg)
IPsec (2)
(a) ESP in transport mode. (b) ESP in tunnel mode.
![Page 24: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/24.jpg)
Firewalls
A firewall consisting of two packet filters and an application gateway.
![Page 25: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/25.jpg)
Virtual Private Networks
(a) A leased-line private network. (b) A virtual private network.
![Page 26: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/26.jpg)
802.11 Security
Packet encryption using WEP.
![Page 27: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/27.jpg)
Authentication Protocols
• Authentication Based on a Shared Secret Key
• Authentication Using a Key Distribution Center
• Authentication Using Kerberos
• Authentication Using Public-Key Cryptography
![Page 28: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/28.jpg)
Authentication Based on a Shared Secret Key
Two-way authentication using a challenge-response protocol.
![Page 29: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/29.jpg)
Authentication Based on a Shared Secret Key (2)
A shortened two-way authentication protocol.
![Page 30: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/30.jpg)
Authentication Based on a Shared Secret Key (3)
The reflection attack.
![Page 31: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/31.jpg)
Authentication Based on a Shared Secret Key (5)
Authentication using HMACs.
![Page 32: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/32.jpg)
Authentication Using a Key Distribution Center
A first attempt at an authentication protocol using a KDC.
![Page 33: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/33.jpg)
Authentication Using a Key Distribution Center (2)
The Needham-Schroeder authentication protocol.
![Page 34: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/34.jpg)
Authentication Using a Key Distribution Center (3)
The Otway-Rees authentication protocol (slightly simplified).
![Page 35: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/35.jpg)
Authentication Using Kerberos
The operation of Kerberos V4.
![Page 36: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/36.jpg)
Authentication Using Public-Key Cryptography
Mutual authentication using public-key cryptography.
![Page 37: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/37.jpg)
E-Mail Security
• PGP – Pretty Good Privacy
• PEM – Privacy Enhanced Mail
• S/MIME
![Page 38: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/38.jpg)
Web Security
• Threats
• Secure Naming
• SSL – The Secure Sockets Layer
• Mobile Code Security
![Page 39: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/39.jpg)
Secure Naming
(a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.
![Page 40: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/40.jpg)
Secure Naming (2)
How Trudy spoofs Alice's ISP.
![Page 41: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/41.jpg)
Secure DNS
An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed has of the A and KEY records to verify their authenticity.
![Page 42: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/42.jpg)
Self-Certifying Names
A self-certifying URL containing a hash of server's name and public key.
![Page 43: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/43.jpg)
SSL—The Secure Sockets Layer
Layers (and protocols) for a home user browsing with SSL.
![Page 44: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/44.jpg)
SSL (2)
A simplified version of the SSL connection establishment subprotocol.
![Page 45: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/45.jpg)
SSL (3)
Data transmission using SSL.
![Page 46: Computer Networks](https://reader036.fdocuments.us/reader036/viewer/2022070416/56815097550346895dbe939e/html5/thumbnails/46.jpg)
Java Applet Security
Applets inserted into a Java Virtual Machine interpreter inside the browser.