DOC PREVIEW
Rose-Hulman CSSE 432 - Network Security

This preview shows page 1-2-3-26-27-28 out of 28 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

21 - SecuritySlide 2What is network security?Friends and enemies: Alice, Bob, TrudySlide 5Who might Bob, Alice be?There are bad guys (and girls) out there!The language of cryptographySymmetric key cryptographySlide 10Symmetric key crypto: DESSymmetric key crypto: DESAES: Advanced Encryption StandardPublic Key CryptographyPublic key cryptographyPublic key encryption algorithmsRSA: Choosing keysRSA: Encryption, decryptionRSA example:RSA: another important propertyAuthenticationAuthentication: another trySlide 23Authentication: yet another trySlide 25Authentication: ap5.0ap5.0: security holeSlide 288: Network Security8-121 - Security8: Network Security8-2Chapter 8Network SecurityA note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWRAll material copyright 1996-2004J.F Kurose and K.W. Ross, All Rights ReservedComputer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004.8: Network Security8-3What is network security?Confidentiality: - only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts message Message Integrity:-sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAuthentication:- sender, receiver want to confirm identity of each otherAccess and Availability:- services must be accessible and available to usersAchieved through a continuous cycle of protection, detection, and response.8: Network Security8-4Friends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudy8: Network Security8-5http://xkcd.com8: Network Security8-6Who might Bob, Alice be?… well, real-life Bobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updates8: Network Security8-7There are bad guys (and girls) out there!Q: What can a “bad guy” do?A: a lot!eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources)more on this later ……8: Network Security8-8The language of cryptographysymmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextKAencryptionalgorithmdecryption algorithmAlice’s encryptionkeyBob’s decryptionkeyKB8: Network Security8-9Symmetric key cryptographysubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q: How hard to break this simple cipher?: brute force (how hard?) other?8: Network Security8-10Symmetric key cryptographysymmetric key crypto: Bob and Alice share same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherplaintextciphertextKA-Bencryptionalgorithmdecryption algorithmA-BKA-Bplaintextmessage, mK (m)A-BK (m)A-Bm = K ( ) A-B8: Network Security8-11Symmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputHow secure is DES?DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 monthsmaking DES more secure:use two keys sequentially (3-DES) on each datumuse cipher-block chaining8: Network Security8-12Symmetric key crypto: DESinitial permutation 16 identical “rounds” of function application, each using different 48 bits of keyfinal permutationDES operation8: Network Security8-13AES: Advanced Encryption Standardnew (Nov. 2001) symmetric-key NIST standard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES8: Network Security8-14Public Key Cryptographysymmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met”)?public key cryptographyradically different approach [Diffie-Hellman76, RSA78]sender, receiver do not share secret keypublic encryption key known to allprivate decryption key known only to receiver or sender8: Network Security8-15Public key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBob’s public key plaintextmessageK (m)B+K B+Bob’s privatekey K B-m = K (K (m))B+B-8: Network Security8-16Public key encryption algorithmsneed K ( ) and K ( ) such thatBB..given public key K , it should be impossible to compute private key K BBRequirements:12RSA: Rivest, Shamir, Adleman algorithm+-K (K (m)) = m BB-++-8: Network Security8-17RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)2. Compute n = pq, z = (p-1)(q-1)3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).5. Public key is (n,e). Private key is (n,d).K B+K B-8: Network Security8-18RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above1. To encrypt bit pattern, m, computec = m mod ne(i.e., remainder when m


View Full Document

Rose-Hulman CSSE 432 - Network Security

Download Network Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Network Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Network Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?