Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security

Description:

Network Security Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 41
Provided by: nini5
Category:
Tags: network | security

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
2
Contents
  • Security Requirements and Attacks
  • Confidentiality with Conventional Encryption
  • Message Authentication and Hash Functions
  • Public-Key Encryption and Digital Signatures
  • IPv4 and IPv6 Security

3
Security Requirements
  • Confidentiality
  • Integrity
  • Availability

4
Passive Attacks
  • Release of message content (eavesdropping)
  • Prevented by encryption
  • Traffic Analysis
  • Fixed by traffic padding
  • Passive attacks are easier to prevent than to
    detect

5
Active Attacks
  • Involve the modification of the data stream or
    creation of a false data stream
  • Active Attacks are easier to detect than to
    prevent

6
Active Attacks (cont.)
  • Masquerade
  • Replay
  • Modification of messages
  • Denial of service

7
Conventional Encryption
Decryption algorithm
Encryption algorithm
Transmitted ciphertext
Plain text
Plain text
Shared secret key
8
Conventional Encryption Requirements
  • Knowing the algorithm, the plain text and the
    ciphered text, it shouldnt be feasible to
    determine the key.
  • The key sharing must be done in a secure fashion.

9
Encryption Algorithms
  • Data Encryption Standard (DES)
  • Plaintext 64-bit blocks
  • Key 56 bits
  • Has been broken in 1998 (brute force)
  • Triple DES
  • Advanced Encryption Standard (AES)
  • Plaintext 128-bit blocks
  • Key 128, 256 or 512 bits

10
Location of Encryption Devices
PSN
PSN
PSN
PSN
End-to-end encryption device
PSN
Packet Switching Node
Link encryption device
11
Key Distribution
  • Manual
  • Selected by A, physically delivered to B
  • Selected by C, physically delivered to A and B
  • Automatic
  • The new key is sent encrypted with an old key
  • Sent through a 3-rd party with which A and B have
    encrypted links

12
Message Authentication
  • Authentic message means that
  • it comes from the alleged source
  • it has not been modified

13
Message Authentication Approaches
  • Authentication with conventional encryption
  • Authentication without message encryption
  • when confidentiality is not necessary
  • when encryption is unpractical

14
Message Authentication Code
  • Uses a secret key to generate a small block of
    data

MACM F (KAB, M)
15
One-way Hash Function
  • Message digest a fingerprint of the message
  • Like MAC, but without the use of a secret key
  • The message digest must be authenticated

16
Secure Hash Requirements
  • H can be applied to a block of any size
  • H produces a fixed-length output
  • H(x) is easy to compute
  • Given h, it is infeasible to compute x s.t. H(x)
    h
  • Given x, it is infeasible to find y s.t. H(x)
    H(y)
  • It is infeasible to find (x,y) such that H(x)
    H(y)

17
Secure Hash Functions
  • Message Digest v5 (MD5)
  • 128-bit message digest
  • has been found to have collision weakness
  • Secure Hash Algorithm (SHA-1)
  • 160-bit message digest

18
Public-Key Encryption
  • Each user has a pair of keys
  • public key
  • private key
  • What is encrypted with one, can only be decrypted
    with the other

19
Encryption
Bobs private key
Bobs public key
Transmitted ciphertext
Plain text
Plain text
Alice
Bob
20
Authentication
Alices private key
Alices public key
Transmitted ciphertext
Plain text
Plain text
Alice
Bob
21
Digital Signature
  • Like authentication, only performed on a message
    authenticator (SHA-1)

22
Public-Key Encryption Algorithms
  • RSA (used by PGP)
  • El Gamal (used by GnuPG)

23
Key Management
  • Public-Key encryption can be used to distribute
    secret keys for conventional encryption
  • Public-Key authentication
  • signing authority
  • web of trust

24
IPv4 and IPv6 Security
  • Provides encryption/authentication at the network
    (IP) layer
  • IPSec applications
  • Virtual Private Networking
  • E-commerce
  • Optional for IPv4, mandatory for IPv6

25
IP Header with IPSec Information
26
Two Types of IPSec Security Protocols
27
Advantages of IPSec
28
How an AH is Generated in IPSec
29
AH Fields
30
The ESP Header FormatEncapsulated Security
Payload
31
Tunnel Versus Transport Mode
32
AH Header Placement in Transport Mode
33
AH Header Placement in Tunnel Mode
34
ESP Header Placement in Transport Mode
35
ESP Header Placement in Tunnel Mode
36
Security Association
  • One-way relationship between two hosts, providing
    security services for the payload
  • Uniquely identified by
  • Security Parameter Index (SPI)
  • IP destination address
  • Security Protocol Identifier (AH/ESP)

37
SA Security Parameters
38
IPSec Process Negotiation
39
Key Management
  • Manual
  • used for small networks
  • easier to configure
  • Automated
  • more scalable
  • more difficult to setup
  • ISAKMP/Oakley

40
IKE Use in an IPSec Environment
Write a Comment
User Comments (0)
About PowerShow.com