Section 8: Network Security .


34 views
Uploaded on:
Category: Art / Culture
Description
Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality” authentication message integrity key distribution security in practice: firewalls security in application, transport, network, link layers. Chapter 8: Network Security.
Transcripts
Slide 1

Part objectives: comprehend standards of system security: cryptography and its numerous utilizations past "secrecy" confirmation message trustworthiness enter circulation security practically speaking: firewalls security in application, transport, organize, interface layers Chapter 8: Network Security 8: Network Security

Slide 2

Chapter 8 guide 8.1 What is system security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and confirmation 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in numerous layers 8: Network Security

Slide 3

What is system security? Privacy: just sender, proposed beneficiary ought to "comprehend" message substance sender encodes message recipient unscrambles message Authentication: sender, collector need to affirm character of each other Message Integrity: sender, recipient need to guarantee message not adjusted (in travel, or a short time later) without identification Access and Availability: administrations must be open and accessible to clients 8: Network Security

Slide 4

Friends and foes: Alice, Bob, Trudy surely understood in system security world Alice and Bob need to convey "safely" Trudy (gatecrasher) may block, erase, include messages Alice Bob information, control messages channel secure sender secure beneficiary information Trudy 8: Network Security

Slide 5

Who may Bob, Alice be? … well, genuine Bobs and Alices! Web program/server for electronic exchanges (e.g., on-line buys) on-line keeping money customer/server DNS servers switches trading steering table overhauls different cases? 8: Network Security

Slide 6

There are terrible folks (and young ladies) out there! Q: What can an "awful person" do? An: a great deal! listen in: catch messages effectively embed messages into association pantomime: can fake (farce) source address in parcel (or any field in bundle) seizing: "assume control" continuous association by evacuating sender or recipient, embeddings himself set up disavowal of administration : keep benefit from being utilized by others (e.g., by over-burdening assets) 8: Network Security

Slide 7

Chapter 8 guide 8.1 What is system security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and accreditation 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in numerous layers 8: Network Security

Slide 8

K A B The dialect of cryptography Alice\'s encryption key Bob\'s unscrambling key symmetric key crypto: sender, beneficiary keys indistinguishable open key crypto: encryption key open , decoding key mystery ( private) encryption calculation unscrambling calculation ciphertext plaintext 8: Network Security

Slide 9

Symmetric key cryptography substitution figure: substituting one thing for another monoalphabetic figure: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bounce. i adore you. alice ciphertext: nkn. s gktc wky. mgsbc Q: How difficult to break this basic figure?: savage drive (how hard?) other? 8: Network Security

Slide 10

K A-B A-B K (m) m = K ( ) A-B A-B Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K e.g., key is knowing substitution design in mono alphabetic substitution figure Q: how do Bob and Alice concede to key esteem? encryption calculation decoding calculation ciphertext plaintext message, m K (m) A-B A-B 8: Network Security

Slide 11

Symmetric key crypto: DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? DES Challenge: 56-bit-key-scrambled expression ("Strong cryptography makes the world a more secure place") decoded (beast compel) in 4 months no known "secondary passage" unscrambling approach making DES more secure: utilize three keys successively (3-DES) on every datum utilize figure square fastening 8: Network Security

Slide 12

DES operation Symmetric key crypto: DES starting stage 16 indistinguishable "rounds" of capacity application, every utilizing diverse 48 bits of key last change 8: Network Security

Slide 13

AES: Advanced Encryption Standard new (Nov. 2001) symmetric-key NIST standard, supplanting DES forms information in 128 piece squares 128, 192, or 256 piece keys animal constrain unscrambling (attempt every key) taking 1 sec on DES, takes 149 trillion years for AES 8: Network Security

Slide 14

Public Key Cryptography symmetric key crypto requires sender, recipient know shared mystery key Q: how to concur on key in the lead position (especially if never "met")? open key cryptography fundamentally extraordinary approach [Diffie-Hellman76, RSA78] sender, beneficiary don\'t share mystery key open encryption key known to all private decoding key known just to collector 8: Network Security

Slide 15

+ K (m) B - + m = K ( K (m) ) B Public key cryptography + Bob\'s open key K B - Bob\'s private key K B encryption calculation unscrambling calculation plaintext message plaintext message, m ciphertext 8: Network Security

Slide 16

(K (m)) = m B - + 1 2 Public key encryption calculations Requirements: require K ( ) and K ( ) with the end goal that . . + - B + given open key K , it ought to be difficult to register private key B RSA: Rivest, Shamir, Adelson calculation 8: Network Security

Slide 17

+ - K B RSA: Choosing keys 1. Pick two substantial prime numbers p, q. (e.g., 1024 bits every) 2. Register n = pq, z = (p-1)(q-1 ) 3. Pick e ( with e<n) that has no regular variables with z. ( e, z are "generally prime"). 4. Pick d with the end goal that ed-1 is precisely distinguishable by z . (as it were: ed mod z = 1 ). 5. Open key is ( n,e ). Private key is ( n,d ). 8: Network Security

Slide 18

1. To encode bit design, m , process d e m = c mod n c = m mod n e (i.e., leftover portion when m is partitioned by n ) d e m = (m mod n) mod n RSA: Encryption, unscrambling 0. Given ( n,e ) and ( n,d ) as processed above 2. To unscramble got bit design, c , figure d (i.e., leftover portion when c is partitioned by n ) Magic happens! c 8: Network Security

Slide 19

d e m = c mod n c = m mod n d c RSA case: Bob picks p=5, q=7 . At that point n=35, z=24 . e=5 (so e, z moderately prime). d=29 (so ed-1 precisely distinguishable by z). e m letter scramble: l 17 1524832 12 c letter unscramble: 17 12 l 481968572106750915091411825223071697 8: Network Security

Slide 20

e d ed (m mod n) mod n = m mod n ed mod (p-1)(q-1) 1 = m = m mod n = m mod n y mod (p-1)(q-1) d e x mod n = x mod n m = (m mod n) mod n RSA: Why is that Useful number hypothesis result: If p,q prime and n = pq, then: (utilizing number hypothesis result above) (since we picked ed to be detachable by (p-1)(q-1) with leftover portion 1 ) 8: Network Security

Slide 21

K ( K (m) ) = m - B + K ( K (m) ) - + = B RSA: another vital property The accompanying property will be extremely helpful later: utilize private key initially, trailed by open key utilize open key initially, trailed by private key Result is the same! 8: Network Security

Slide 22

Chapter 8 guide 8.1 What is system security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and accreditation 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in numerous layers 8: Network Security

Slide 23

Authentication Goal: Bob needs Alice to "demonstrate" her personality to him Protocol ap1.0: Alice says "I am Alice" "I am Alice" Failure situation?? 8: Network Security

Slide 24

Authentication Goal: Bob needs Alice to "demonstrate" her personality to him Protocol ap1.0: Alice says "I am Alice" in a system, Bob can not "see" Alice, so Trudy just pronounces herself to be Alice "I am Alice" 8: Network Security

Slide 25

Alice\'s IP address "I am Alice" Authentication: another attempt Protocol ap2.0: Alice says "I am Alice" in an IP parcel containing her source IP address Failure situation?? 8: Network Security

Slide 26

Alice\'s IP address "I am Alice" Authentication: another attempt Protocol ap2.0: Alice says "I am Alice" in an IP bundle containing her source IP address Trudy can make a parcel "satirizing" Alice\'s address 8: Network Security

Slide 27

Alice\'s watchword Alice\'s IP addr "I\'m Alice" Alice\'s IP addr OK Authentication: another attempt Protocol ap3.0: Alice says "I am Alice" and sends her mystery secret word to "demonstrate" it. Disappointment situation?? 8: Network Security

Slide 28

Alice\'s watchword Alice\'s IP addr "I\'m Alice" Alice\'s IP addr OK Authentication: another attempt Protocol ap3.0: Alice says "I am Alice" and sends her mystery secret key to "demonstrate" it. Alice\'s watchword Alice\'s IP addr "I\'m Alice" playback assault: Trudy records Alice\'s bundle and later plays it back to Bob 8: Network Security

Slide 29

scrambled secret key Alice\'s IP addr "I\'m Alice" Alice\'s IP addr OK Authentication: yet another attempt Protocol ap3.1: Alice says "I am Alice" and sends her encoded mystery watchword to "demonstrate" it. Disappointment situation?? 8: Network Security

Slide 30

encoded watchword Alice\'s IP addr "I\'m Alice" Alice\'s IP addr OK Authentication: another attempt Protocol ap3.1: Alice says "I am Alice" and sends her scrambled mystery secret key to "demonstrate" it. scrambled secret key Alice\'s IP addr "I\'m Alice" record playback still works! 8: Network Security

Slide 31

K (R) A-B Authentication: yet another attempt Goal: keep away from playback assault Nonce: number (R) utilized just once –in-a-lifetime ap4.0: to demonstrate Alice "live", Bob sends Alice nonce , R. Alice must return R, encoded with shared mystery key "I a

Recommended
View more...