Cryptography Application - PowerPoint PPT Presentation

1 / 55
About This Presentation
Title:

Cryptography Application

Description:

Title: Security in Computing Author: Director Last modified by: UP-Employee Created Date: 3/20/2003 8:02:21 AM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 56
Provided by: Direc207
Category:

less

Transcript and Presenter's Notes

Title: Cryptography Application


1
Cryptography Application
235034 Security in Computer Systems and Networks
  • Lec. Sanchai Yeewiyom
  • School of Information and Communication
    Technology
  • University of Phayao

2
???????????????????????????????
  • Authentication
  • Mail Security
  • Web Security
  • Remote Login Security
  • Network Security

3
Authentication
  • ?????????????????????????? ??????????????????????
    ????
  • ???????
  • Password
  • Kerberos

4
Password
  • ?????????????????????????????????????????????????
    ?????
  • ??????????????????????????????? Plain Text
    ???????????????????????????
  • Exp. Linux, Unix ?????????????????????? Login
    ????????????????????? Password

5
Password
  • ??????????? ?????????? ???????????, ????????,
    ?????????????????????, ????????????, ??????????,
    Home Directory, Program Shell
  • ????????????????????????? DES ??? Key
    ????????????????????????????? 8
    ???????????????????????

6
Kerberos
  • ????????????????? Needham ??? Schroeder ???
    Massachusetts Institute of Technology (MIT)
  • ???? Protocol ????????????????????????????????????
    ????????? Single Sign-On (????????????????????????
    ???????????????????????????? Server???????????????
    ??????)
  • ?????????????????? Client/Server
  • ????????????????? Secret Key Cryptography

7
Kerberos
  • ???????????? Login Session ????????? Username ???
    Password ???
  • ????????????????? Resource ??? Server
    ?????????????? Session ????????? ????????? Login
    Session ???????????????

8
Kerberos
  • ??????????????? Kerberos ?????????? 3 ????????
    ???
  • ?????????????????????????????????????????? ????
    Key Distribution Center (KDC) ????????????????????
    ?? ????????????????????????????? ???????????????
    (Client)
  • ????????????? (Client) ??? ?????? ????? ????
    ?????????????????????????? Ticket ??? KDC ???
  • ??????? Application Server ??? Server
    ?????????????????? ???? telnet ???? ftp
    ???????????????????????????????? ???? Kerberos

9
Kerberos
  • ???????????? Kerberos ????????????????????????????
    ? Ticket ??????????? kinit ??? Principal
    (?????????????????????????????????????????????????
    ??????) ?????????????????????? Kerberos Server
    ??????????????????? Authentication Service (AS)
    ??? Ticket Granting Service (TGS)

10
Kerberos
  • AS ????????????????? Principal ???????????
    Kerberos Database ??????? ????? Kerberos Server
    ???????????? Ticket Granting Ticket (TGT) ??? TGS
    ???????????????? TGT ?????????????????????????????
    ????????????????
  • ??????? ???????????????????????????????
    TGT??????????????????? ????????? TGT ???
    ??????????????????????????????????????????????????
    ???????

11
(No Transcript)
12
?????????? Application server
  • ??????????? ??????????? TGT ????? KDC
  • ??????????? TGT ???? KDC ?????????????? TGT
    ????????????????? Service Ticket
    ??????????????????????????????????????? ????
    Service Ticket ???????????????????????????????????
    ??????? Application Server ???????????????????????
    ?? ???????????????????????????????????????

13
?????????? Application server
  • ????????????????? Service Ticket
    ??????????????????????????????????????????????????
  • ?????????????? Service Ticket ????????????????????
    ? Application Server ?????????????????????????????
    ???????????? Application Server
    ????????????????????????????????????????? Key
    Tables ?? Application Server
  • ??????????????????? ??????????????????????????????

14
(No Transcript)
15
Mail Security
  • ????????? e-Mail ??? SMTP, POP3, IMAP
    ??????????
  • ???????? ?????????????????????????????????????????
    ??? ????
  • PGP (Pretty Good Privacy)
  • S/MIME (Secure/Multipurpose Internet Mail
    Extensions)

16
PGP (Pretty Good Privacy)
  • ?????????????????????????????? ???????????????????
    ???????? ?????????????????????????????
  • ??????????????????????? Symmetric Key ???
    Asymmetric Key
  • ???????? Phil Zimmermann ???? 1991
  • ??????????????????? Web of Trust
    ????????????????? Digital Signature
    ??????????????????????????????????
    ??????????????????????????????????????????????????
    ???????? Digital Signature ????????????????

17
PGP (Pretty Good Privacy)
  1. ???????? Digital Signature ?????? Private Key
    ?????????
  2. ??????? ??? Digital Signature ????????????????
    Symmetric Key ?????? Key ????????????????????????
    ????????? (Session Key) ??????????? Key
    ????????????????????? Public Key ?????????
    ??????????????????????????????? e-Mail

18
PGP (Pretty Good Privacy)
  1. ????? e-Mail ????? ??????????? Private Key
    ??????????????????????????? Session Key
    ????????????????????????????? ??????? ??? Digital
    Signature
  2. ??????? Digital Signature ????????????????????????
    ????????

19
(No Transcript)
20
(No Transcript)
21
S/MIME
  • Secure/Multipurpose Internet Mail Extensions
  • Public Key Encryption
  • ???????? RSA Data Security Inc. ??????? 1995
    ????????????????????? IETF (Internet Engineering
    Task Force) ???? 2002
  • ?????????????????????????????????? Client e-Mail
  • Integrate ???????????????? e-Mail ???? Outlook,
    Outlook Express, Lotus Notes, Mozilla Mail,
    iCloud ???????

22
S/MIME
  • ??????????????????????????????????? Key ???
    Certificate ??? CA (Certificate Authority)
  • ??????????? e-Mail ????????????????? Certificate
    ????????????????????????????????????????????

23
Web Security
  • ???????????? WWW ??????????????? HTTP
    ??????????????????????????? ??????????????????????
    ???????????????????
  • S-HTTP
  • HTTPS
  • SSL/TLS

24
S-HTTP
  • Secure Hypertext Transfer Protocol
  • ???????? Enterprise Integration Technology (EIT)
  • ??????????????????????????????????
  • ???????????????????????????????????????? TCP ??
    Transport Layer
  • ????????????????? RSA
  • ?????????????????????

25
HTTPS
  • Hypertext Transfer Protocol Secure
  • ????????????????? Netscape ??????? ?.?. 1994
  • ??????????????????????????????-???
    ??????????????????? ????????????????-?????????????
    ?????????????????????????????
  • ???????????????? 443
  • ?????????????????????????????????
    (Authentication) ????????????????????
    (Encryption) ????? HTTP ??? TCP
  • ???????????????? Web e-Commerce
    ????????????????????? ???? ?????????

26
SSL/TLS
  • Transport Layer Security (TLS) ????????????
    Secure Sockets Layer (SSL)
  • SSL ???????????? Netscape
  • ????????????????????????????????????? Web Server
    ??? Client
  • ??????? ???????????????? ??????? Web Server ???
    Client ?????????? Algorithm ??? Session Key
    ?????? ??????????????????????????????????
  • ???????? Transport Layer

27
SSL/TLS
  • SSL ????????????????? RSA ?????? X.509
    Certificate ??????????????????? Web Server
  • ??????????????? SSL ??????????????? IETF
    ????????????? TLS ?????????
  • TLS ???????????????????? SSL ????????????????????
    ?? Key ??? Digital Signature

28
SSL/TLS
  • ????????? SSL
  • Server Authentication
  • Client Authentication
  • Encrypted Session (Symmetric Encryption)

29
??????????????? SSL
  1. Browser ??? Request ????? Web Server ???????????
    SSL Version ??? Algorithm ??????????????
  2. Web Server ????? SSL Version, Algorithm ??????
    ??? Digital Certificate ????????? CA ??? Client
    ???????? ????????? Public Key ??? Web Server
    ????? Browser
  3. Browser ????????? Digital Certificate ??? CA
    ????????????????????? ?????????????????????
    Public Key ??? CA ??????????????????????????
    Public Key ??? Web Server

30
??????????????? SSL
  1. Browser ????? Symmetric Key ??????? Public Key
    ??? Web Server ???????? ???????????????? Server
  2. Browser ?????????????? Server ????????????????????
    ????????? Key ??????????????????????????????????
    ?????????????????????? (Handshaking)
  3. ??????? Server ????????????????????????? Client
    ??????????? Session Key ??? ??????????????????????
  4. ??????????????????????? Session Key ????????

31
??????????????? SSL
32
Remote Login Security
  • Secure Shell (SSH)
  • ??????????????????????????????????????
    Client-Server
  • ????????????? Linux, Unix ????????? Remote Login
  • ??????????? Version 2 ?????????????? IETF
  • ??????? TCP Port 22

33
Remote Login Security
  • ???????????? ???????? Client ??????????????
    Server ?????????????????? Secret Key ????????
    ???????? Algorithm ??? Diffie-Hellman Key
    Exchange
  • ????????? Session Key ??????????????????????
    Algorithm ??? Blowfish
  • ???????????????? telnet
  • ??????? SSH ?????????? ???? Putty, OpenSSH,
    OpenTerm

34
Network Security
  • ???????????????????????? Lower Layer ??? OSI
    ?????????????? Virtual Private Network (VPN)
    ?????????????
  • Exp. VPN
  • PPTP (Point-to-Point Tunneling Protocol)
  • L2F (Layer 2 Forwarding)
  • L2TP (Layer 2 Tunneling Protocol)
  • IPSec (IP Security)

35
Virtual Private Network (VPN)
  • ?????????????????????????????????????????????????
    ?????????????????????????? (????????????
    ????????????) ?????????????????
  • ??????????????????????????????????? (Private
    Network) ???????????????????????????????
    ?????????????????????????????????

36
Virtual Private Network (VPN)
  • ?????????????????????????????????????????????????(
    Tunneling) ???????????????????????????? (Public
    Network) ?????????????????????????????????????????
    ???????????????????? VPN ???????????????

37
VPN
38
??????????? VPN
  • Authentication VPN
  • Encryption
  • Tunneling
  • Firewall

39
??????????? VPN
  • Authentication VPN ?????????????????????????????
    ??????????????? ????????????????
    ???????????????????????? ?????????????????????????
    ???????????????? ???????????????????????????
    Tunnel ???
  • Encryption ?????????????????????
    ??????????????????????????????? Packet
    ??????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ?????????????

40
??????????? VPN
  • Tunneling ??????????????????????????????????????
    ??????????????????????????????????????????????????
    ?????????????????????????????????????
    ??????????????????????????????
  • Firewall ???????????????????????????????????????
    ????????????????????????????????????

41
???????????? VPN
  • ?????? VPN ??????????? 3 ?????? 1. Intranet VPN
  • 2. Extranet VPN
  • 3. Access VPN

42
???????????? VPN
  • 1. Intranet VPN ?????????????????????????????
    ?? VPN ?????????????????????????????? ????
    ????????????????????? ????????????????????????????
    ? ??????????? ????????????? ????????? ????????
    ??????????? (Leased Line)
  • 2. Extranet VPN ???????????????????????????????
    ??????????? Intranet VPN ???????????????????
    ?????????????? Supplier ??? Partner

43
???????????? VPN
  • 3. Access VPN ???????????????????????????????
    VPN ????????????????????????? ????????????????????
    ??????????????????? ???? ?????????????????????????
    ?

44
?????????????????????? Tunnel
  • PPTP (Point - to - Point Tunneling Protocol)
  • L2F (Layer 2 Forwarding protocol)
  • L2TP (Layer 2 Tunneling Protocol)
  • IPSec (IP Security)

45
PPTP (Point - to - Point Tunneling Protocol)
  • ???? Protocol ?????????????? VPN
  • ?????????????? Dial-Up
  • ???????? Microsoft ???????????? Windows
    ????????????????????? Protocol PPP
  • ????????????? ??????? Data Link Layer
    ???????????? Protocol ?????????? IP ???? IPX,
    NetBEUI ???????

46
PPTP (Point - to - Point Tunneling Protocol)
  • ??????? ??? ????????????????????????
    ????????????? Token Based Authentication
    (??????????? Authentication User ???????? Token
    ???????????????????? Resource ????? ??????????
    Authentication ??? ??????????? Session Token
    Based Authentication)

47
L2F (Layer 2 Forwarding protocol)
  • Protocol ?????????????? CISCO System
  • ?????????? Dial-Up
  • ??????? Layer 2 ??????????????? Frame Relay ????
    ATM ?????? X.25 ??????? Tunnel
  • ????????????????? L2F ?????????????????????????
    PPTP ????? ???? ??? Authentication ??????????? 2
    ??????? Tunnel
  • ??????????????????????????????????????????????????
    ???

48
L2TP (Layer 2 Tunneling Protocol)
  • ????????? IETF
  • ?????????? Dial-Up
  • ????????????????? PPTP ?????????? L2TP ????? User
    Datagram Protocol (UDP) ??????????????????????????
    ?????????????????? Tunnel
  • ??????????????????????????? Protocol
    ????????????? ????? Protocol ??????? Layer 2 ????
    PPP ?????? Packet ?? Layer 3 ????????????????? IP
    Packet ??????? ??????????????????????????? PPP
    ?????????? L2TP ???????????????? Tunnel ?????
    ????????????? Client ?????????????

49
IPSec (IP Security)
  • ??????? Network Layer
  • ?????????????????????????????????? Internet
    Protocol
  • ??????????????? ????????????????????? ????
    DiffieHellman Key Exchange, Public Key
    Cryptography, DES, Hash Algorithm, Digital
    Certificate
  • ??????????????????? Key ?? 2 ????
  • ????????? Admin ????????????????
  • IKE (Internet Key Exchange) ??????????????

50
IPSec (IP Security)
  • ?????????????????? VPN ???????????????????????????
    ????????????????????
  • ??????? ??? ????????? Internet Protocol (IP)
    ??????????????????

51
IPSec (IP Security)
  • ?????? Packet ??? IPSec ?????????? 2 ????
  • AH (Authentication Header) ??????????????
    ?????????? (Integrity) ?????????
    ??????????????????????????? (Authentication )
  • ESP (Encapsulating Security Payload)
    ?????????????? ?????????? (Integrity) ?????????
    ??????????????????????????? (Authentication ) ???
    ???????????????? (Confidentiality)

52
Authentication Header AH
  • Header ??? AH ?????? 24 ???? ???????????????
  • Next Header ??????????????????????????????????????
    ?????????? IPSec ??????? Tunnel mode ????????? 4
    ???? Transport mode ????????? 6

53
Authentication Header AH
  • Payload length ?????????????????????????????
    Header ??????? Reserved ????? 2 ????
  • Security Parameter Index (SPI) ????? Security
    Association ????????????????????? Packet
    ???????????????
  • Sequence Number ???? 32 ????????????????? Packet
  • Hash Message Authentication Code (HMAC)
    ????????????????? Hash Function ???? MD5 ????
    SHA-1 ???????

54
Encapsulated Security Payload ESP
  • Security Parameter Index (SPI) ????? Security
    Association (SA) ???? ESP ??????????????

55
Encapsulated Security Payload ESP
  • Sequence Number ???????????? Packet
  • Initialization Vector (IV) ???????????????????????
    ????? ???????????????? Packet ????????????????????
    ??????????
  • Data ????????????????????
  • Padding ??????????? Data ?????????????????????????
    ?????????
  • Padding Length ????????????? Padding ????????
  • Next Header ????? Header ?????
  • HMAC ???????????????????????????? 96 ???
Write a Comment
User Comments (0)
About PowerShow.com