About Final - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

About Final

Description:

Authentication: another try. Protocol ap2.0: Alice says 'I am Alice' in an IP packet ... Authentication: yet another try. Goal: avoid playback attack. Failures, ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 20
Provided by: dont241
Category:
Tags: final | try

less

Transcript and Presenter's Notes

Title: About Final


1
About Final
  • Finals on Chapter 4, 5 and 8 (as of today)
  • Contents that were covered in the lectures.
  • Earlier Chapters TCP and the performance
    measures of delay.
  • Connections to the later chapters
  • Review tips
  • Go quickly through the review questions and
    problems for the chapters.
  • review questions have solutions through the
    textbook web page.
  • Particular questions, feel free to office hours
    or make appointment.
  • Office hours for Finals
  • Wednesday (May 6th) 3pm 5pm, HO 116A.

2
Chapter 8 roadmap
  • 8.1 What is network security?
  • 8.2 Principles of cryptography
  • 8.3 Message integrity
  • 8.4 End point authentication
  • 8.5 Securing e-mail
  • 8.6 Securing TCP connections SSL
  • 8.7 Network layer security IPsec
  • 8.8 Securing wireless LANs
  • 8.9 Operational security firewalls and IDS

3
Authentication
  • Goal Bob wants Alice to prove her identity to
    him

Protocol ap1.0 Alice says I am Alice
I am Alice
Failure scenario??
4
Authentication
  • Goal Bob wants Alice to prove her identity to
    him

Protocol ap1.0 Alice says I am Alice
in a network, Bob can not see Alice, so Trudy
simply declares herself to be Alice
I am Alice
5
Authentication another try
Protocol ap2.0 Alice says I am Alice in an IP
packet containing her source IP address
Failure scenario??
6
Authentication another try
Protocol ap2.0 Alice says I am Alice in an IP
packet containing her source IP address
Trudy can create a packet spoofing Alices
address
7
Authentication another try
Protocol ap3.0 Alice says I am Alice and sends
her secret password to prove it.
Failure scenario??
8
Authentication another try
Protocol ap3.0 Alice says I am Alice and sends
her secret password to prove it.
Alices password
Alices IP addr
Im Alice
playback attack Trudy records Alices packet and
later plays it back to Bob
9
Authentication yet another try
Protocol ap3.1 Alice says I am Alice and sends
her encrypted secret password to prove it.
Failure scenario??
10
Authentication another try
Protocol ap3.1 Alice says I am Alice and sends
her encrypted secret password to prove it.
encrypted password
Alices IP addr
record and playback still works!
Im Alice
11
Authentication yet another try
Goal avoid playback attack
Nonce number (R) used only once in-a-lifetime
ap4.0 to prove Alice live, Bob sends Alice
nonce, R. Alice must return R, encrypted with
shared secret key
I am Alice
R
Alice is live, and only Alice knows key to
encrypt nonce, so it must be Alice!
Failures, drawbacks?
12
Authentication ap5.0
  • ap4.0 requires shared symmetric key
  • can we authenticate using public key techniques?
  • ap5.0 use nonce, public key cryptography

I am Alice
Bob computes
R
and knows only Alice could have the private key,
that encrypted R such that
send me your public key
13
ap5.0 security hole
  • Man (woman) in the middle attack Trudy poses as
    Alice (to Bob) and as Bob (to Alice)

I am Alice
I am Alice
R
R
Send me your public key
Send me your public key
Trudy gets
sends m to Alice encrypted with Alices public key
14
ap5.0 security hole
  • Man (woman) in the middle attack Trudy poses as
    Alice (to Bob) and as Bob (to Alice)
  • Difficult to detect
  • Bob receives everything that Alice sends, and
    vice versa. (e.g., so Bob, Alice can meet one
    week later and recall conversation)
  • problem is that Trudy receives all messages as
    well!

15
Chapter 8 roadmap
  • 8.1 What is network security?
  • 8.2 Principles of cryptography
  • 8.3 Message integrity
  • 8.4 End point authentication
  • 8.5 Securing e-mail
  • 8.6 Securing TCP connections SSL
  • 8.7 Network layer security IPsec
  • 8.8 Securing wireless LANs
  • 8.9 Operational security firewalls and IDS

16
Secure sockets layer (SSL)
  • provides transport layer security to any
    TCP-based application using SSL services.
  • e.g., between Web browsers, servers for
    e-commerce (shttp)
  • security services
  • server authentication, data encryption, client
    authentication (optional)

Application
Application
SSL sublayer
SSL socket
TCP
TCP
TCP socket
IP
IP
TCP API
TCP enhanced with SSL
17
SSL three phases
TCP SYN
  • 1. Handshake
  • Bob establishes TCP connection to Alice
  • authenticates Alice via CA signed certificate
  • creates, encrypts (using Alices public key),
    sends master secret key to Alice
  • nonce exchange not shown

TCP SYNACK
TCP ACK
SSL hello
certificate
create Master Secret (MS)
KA(MS)
decrypt using KA- to get MS
18
SSL three phases
  • 2. Key Derivation
  • Alice, Bob use shared secret (MS) to generate 4
    keys
  • EB Bob-gtAlice data encryption key
  • EA Alice-gtBob data encryption key
  • MB Bob-gtAlice MAC key
  • MA Alice-gtBob MAC key
  • encryption and MAC algorithms negotiable between
    Bob, Alice
  • why 4 keys?

19
SSL three phases
  • 3. Data transfer

TCP byte stream
b1b2b3 bn
MB
d
block n bytes together
compute MAC
EB
encrypt d, MAC, SSL seq.
SSL seq.
SSL record format
Type Ver Len
encrypted using EB
unencrypted
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "About Final" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!