Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security

Description:

Title: Network Security Author: Aleksandra Smiljanic Last modified by: Aleksandra Smiljanic Created Date: 8/9/2002 3:14:43 PM Document presentation format – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 24
Provided by: Aleksa84
Category:

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
2
Network Security
  • Information secrecy-only specified parties know
    the information exchanged. Provided by
    criptography.
  • Information integrity-the information is
    unaltered received by the specified party.
    Provided by digital signatures.
  • Authenticaton-user is communicating with the user
    with whom he/she thinks is communicating.

3
Cryptography
  • The encryption model (for a symmetric-key cipher).

4
Symmetric-Key Algorithms
  • Transmitting and receiving users have the same
    key that they agreed on somehow.
  • Plain text, P, is encrypted by the transmitting
    user based on key, K, and becomes EK(P). Receiver
    is decrypting EK(P) using the same key, and
    obtains plaintext PDK(EK(P)). Function P is
    impossible (or very hard) to guess from EK(P).
  • DES Data Encryption Standard
  • Key has 64 bits
  • AES Advanced Encryption Standard
  • Key has 128 bits

5
Public-Key Algorithms
  • Each user has a public and a private key.
  • Plain text, P, is encrypted by the transmitting
    user based on the public key of the receiving
    user, Bpub, and becomes EBpub(P).
  • Receiving user is decrypting the message using
    its private key Bpri and obtains plaintext
    PDBpri(EBpub(P)).

6
Public-Key Algorithms
  • RSA (Rivest,Shamir, Adleman)
  • Choose two large prime numbers p and q (typically
    1024 bits)
  • Compute npxq and z(p-1)x(q-1)
  • Choose a number relatively prime to z and call it
    d.
  • Find e such that exd1mod z
  • Public key is (n,e), private key is (n,d)
  • Encryption is CPemod n
  • Decryption is PCd mod n

7
Learning Shared Keys
  • Encryption using a symmetric shared key is much
    faster. Users can exchange the shared key, either
    by using public keys or key distribution centers
    (KDC).
  • Transmitting user encrypts the shared-key using
    public key of the receiving user. Receiving user
    decrypts the message and learns the shared key.
  • KDC has a key for each user. User A sends
    encrypted request that it wants to communicate
    with user B. KDC sends the shared key, S, and
    encrypted pair EB(A,S).

8
Digital Signatures
  • Ensure to the receiving party that it is receive
    the exact information that was sent my the
    transmitting party.
  • For example, transmitting user adds to the
    plaintext the signature which is the encrypted
    plaintext using its private key. Receiving user
    decrypts the signature using the public key of
    the transmitting user, and compares with the
    plaintext.

9
Public-Key Signatures
P
,P
,P
,P)
  • Digital signatures using public-key cryptography.

10
Digital Signatures Using Message Digests
(MD5,SHA-1)
  • Forming the signature by encrypting the entire
    plaintext is time consuming, and incurs an
    inefficient communication.
  • For this reason, a message digest is derived from
    the plaintext (message). Message digest is a
    function of the plaintext such that it is
    computationaly infeasible to find two messages
    with the same message digest (hash). Singature is
    encrypted hash.
  • Since the message digest is much shorter than the
    message itself, the signature takes less time to
    compute and less bandwidth to transfer.

11
Authentication Protocol(Shared Key)
  • User A sends to user B I am A, and nonce RA.
  • B sends a nonce RB and HASH(RA,RB,A,B,S) to A.
  • A sends HASH(RA,RB,S) and sends it to B

12
Authentication Protocol(Public Key)
  • User A sends to user B I am A, and RA.
  • B sends a nonce RB and EBpriv(RA,RB,A,B) to A.
  • A decrypts encrypted part of the message to check
    if it is B and sends encrypted nonces using its
    private key EApriv(RA,RB) and sends it to B.
  • B decrypts encrypted message and checks if this
    is really A.

13
Management of Public Keys
  • How users learn real public keys of other users.
  • Certificate comprises the public key and basic
    data about some user, and is signed by the
    certificate authority (CA).
  • X.509 defines certificates format.
  • Public key infrastructures comprises CAs that are
    organized hierarchicaly.

14
Certificates
Alg for hashing, Certificate Authority, Time
validity
  • A possible certificate and its signed hash.

15
Public-Key Infrastructures
  • (a) A hierarchical PKI. (b) A chain of
    certificates.

16
Network Security in Practice
  • IPsec
  • Firewalls
  • Virtual Private Networks (VPNs)
  • E-mail security (Pretty Good Privacy-PGP)
  • DNS security
  • WWW security (Secure Sockets Layer-SSL)

17
IPsec based onAuthentication Header Protocol
Determines security association with IP source
address and security protocol
Using encrypted message disgest based on a
shared key
  • The IPsec authentication header in transport mode
    for IPv4.

18
IPsec based onEncapsulation Security Payload
Protocol
  • (a) ESP in transport mode. (b) ESP in tunnel
    mode.

19
Firewalls
  • Two types packet filtering, and application
    gateways.
  • Packet filtering is done based on IP addresses,
    TCP or UDP ports, ICMP message type, TCP SYN or
    ACK bits (first segment has ACK0 so this
    prevents outside users to open TCP connections
    with inside servers).
  • Application gateways may restrict certain
    applications to certain users.

20
Virtual Private Networks
  • (a) A leased-line private network. (b) A virtual
    private network.

21
E-mail SecurityPGP Pretty Good Privacy
International Data Encryption Alg
  • PGP in operation for sending a message.

22
Secure DNS
An example RRSet for bob.com. The KEY record is
Bob's public key. The SIG record is the
top-level com server's signed hash of A and KEY
records to verify their authenticity.
23
SSL
  • A simplified version of the SSL connection
    establishment subprotocol.
Write a Comment
User Comments (0)
About PowerShow.com