PowerPoint PresentationChapter 8: Network SecurityChapter 8 roadmapWhat is network security?Friends and enemies: Alice, Bob, TrudyWho might Bob, Alice be?There are bad guys (and girls) out there!Slide 8The language of cryptographyBreaking an encryption schemeSymmetric key cryptographySimple encryption schemeA more sophisticated encryption approachSymmetric key crypto: DESSymmetric key crypto: DESAES: Advanced Encryption StandardPublic Key CryptographyPublic key cryptographyPublic key encryption algorithmsPrerequisite: modular arithmeticRSA: getting readyRSA: Creating public/private key pairRSA: encryption, decryptionRSA example:Why does RSA work?RSA: another important propertySlide 27Why is RSA secure?RSA in practice: session keysSlide 30AuthenticationSlide 32Authentication: another trySlide 34Slide 35Slide 36Authentication: yet another trySlide 38Slide 39Authentication: ap5.0ap5.0: security holeSlide 42Slide 43Digital signaturesSlide 45Slide 46Message digestsInternet checksum: poor crypto hash functionSlide 49Hash function algorithmsRecall: ap5.0 security holePublic-key certificationCertification authoritiesSlide 548-1Chapter 8SecurityComputer Networking: A Top Down Approach 6th edition Jim Kurose, Keith RossAddison-WesleyMarch 2012A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!)If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWR All material copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved8-2Network SecurityChapter 8: Network SecurityChapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality”authenticationmessage integritysecurity in practice:firewalls and intrusion detection systemssecurity in application, transport, network, link layers8-3Network SecurityChapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity, authentication8.4 Securing e-mail8.5 Securing TCP connections: SSL8.6 Network layer security: IPsec8.7 Securing wireless LANs8.8 Operational security: firewalls and IDS8-4Network SecurityWhat is network security?confidentiality: only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts messageauthentication: sender, receiver want to confirm identity of each other message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionaccess and availability: services must be accessible and available to users8-5Network SecurityFriends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messagessecuresenderssecurereceiverchanneldata, control messagesdatadataAliceBobTrudy8-6Network SecurityWho might Bob, Alice be?… well, real-life Bobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?8-7Network SecurityThere are bad guys (and girls) out there!Q: What can a “bad guy” do?A: A lot! See section 1.6eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources)8-8Network SecurityChapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity, authentication8.4 Securing e-mail8.5 Securing TCP connections: SSL8.6 Network layer security: IPsec8.7 Securing wireless LANs8.8 Operational security: firewalls and IDS8-9Network SecurityThe language of cryptographym plaintext messageKA(m) ciphertext, encrypted with key KAm = KB(KA(m))plaintextplaintextciphertextKAencryptionalgorithmdecryption algorithmAlice’s encryptionkeyBob’s decryptionkeyKB8-10Network SecurityBreaking an encryption schemecipher-text only attack: Trudy has ciphertext she can analyzetwo approaches:brute force: search through all keys statistical analysisknown-plaintext attack: Trudy has plaintext corresponding to ciphertexte.g., in monoalphabetic cipher, Trudy determines pairings for a,l,i,c,e,b,o,chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext8-11Network SecuritySymmetric key cryptographysymmetric key crypto: Bob and Alice share same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ: how do Bob and Alice agree on key value?plaintextciphertextKSencryptionalgorithmdecryption algorithmSKSplaintextmessage, mK (m)Sm = KS(KS(m))8-12Network SecuritySimple encryption schemesubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbce.g.:Encryption key: mapping from set of 26 letters to set of 26 letters8-13Network SecurityA more sophisticated encryption approachn substitution ciphers, M1,M2,…,Mncycling pattern:e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..for each new plaintext symbol, use subsequent subsitution pattern in cyclic patterndog: d from M1, o from M3, g from M4 Encryption key: n substitution ciphers, and cyclic patternkey need not be just n-bit pattern8-14Network SecuritySymmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputblock cipher with cipher block chaininghow secure is DES?DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a dayno known
View Full Document