McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
-
Upload
allan-mcdowell -
Category
Documents
-
view
217 -
download
1
Transcript of McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
![Page 1: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/1.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Chapter 29
InternetSecurity
![Page 2: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/2.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
CONTENTSCONTENTS• INTRODUCTION• PRIVACY• DIGITAL SIGNATURE• SECURITY IN THE INTERNET• APPLICATION LAYER SECURITY• TRANSPORT LAYER SECURITY: TLS• SECURITY AT THE IP LAYER: IPSEC• FIREWALLS
![Page 3: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/3.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
INTRODUCTIONINTRODUCTION
29.129.1
![Page 4: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/4.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-1
Aspects of security
![Page 5: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/5.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
PRIVACYPRIVACY
29.229.2
![Page 6: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/6.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-2
Secret-key encryption
![Page 7: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/7.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender
(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.
![Page 8: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/8.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because
the same key can the same key can be used in both directions.be used in both directions.
![Page 9: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/9.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.
![Page 10: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/10.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.
![Page 11: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/11.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
KDCKDC can solve the problem can solve the problem
of secret-key distribution.of secret-key distribution.
![Page 12: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/12.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-3
Public-key encryption
![Page 13: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/13.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.
![Page 14: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/14.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A A CACA
can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.
![Page 15: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/15.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-4
Combination
![Page 16: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/16.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key
encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.
![Page 17: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/17.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
DIGITAL SIGNATUREDIGITAL SIGNATURE
29.329.3
![Page 18: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/18.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-5
Signing the whole document
![Page 19: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/19.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Digital signature cannot be Digital signature cannot be achieved using only secret keys. achieved using only secret keys.
![Page 20: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/20.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Digital signature does not Digital signature does not provide privacy. provide privacy.
If there is a need for privacy, If there is a need for privacy, another layer of another layer of
encryption/decryption encryption/decryption must be applied.must be applied.
![Page 21: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/21.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-6
Signing the digest
![Page 22: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/22.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-7
Sender site
![Page 23: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/23.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-8
Receiver site
![Page 24: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/24.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
SECURITY IN THESECURITY IN THEINTERNETINTERNET
29.429.4
![Page 25: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/25.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY
29.529.5
![Page 26: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/26.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-9
PGP at the sender site
![Page 27: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/27.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-10
PGP at the receiver site
![Page 28: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/28.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY
(TLS)(TLS)
29.629.6
![Page 29: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/29.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-11
Position of TLS
![Page 30: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/30.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-12
Handshake protocol
![Page 31: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/31.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
SECURITY AT THESECURITY AT THEIP LAYERIP LAYER
(IPSec)(IPSec)
29.729.7
![Page 32: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/32.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-13
Authentication
![Page 33: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/33.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-14
Header format
![Page 34: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/34.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-15
ESP
![Page 35: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/35.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-16
ESP format
![Page 36: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/36.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
FIREWALLSFIREWALLS
29.829.8
![Page 37: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/37.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-17
Firewall
![Page 38: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/38.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-18
Packet-filter firewall
![Page 39: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/39.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.
![Page 40: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/40.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-19
Proxy firewall
![Page 41: McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.](https://reader035.fdocuments.us/reader035/viewer/2022062423/56649f3b5503460f94c5a49f/html5/thumbnails/41.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.