已阅读5页,还剩83页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
8: Network Security,8-1,Chapter 8Network Security,Computer Networking: A Top Down Approach ,4th edition. Jim Kurose, Keith RossAddison-Wesley, July 2007.,8: Network Security,8-2,Chapter 8: Network Security,Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality”authenticationmessage integritysecurity in practice:firewalls and intrusion detection systemssecurity in application, transport, network, link layers,8: Network Security,8-3,Chapter 8,8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS,8: Network Security,8-4,What is network security?,Confidentiality: only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts messageAuthentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and availability: services must be accessible and available to users,8: Network Security,8-5,Friends and enemies:,well-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messages,securesender,securereceiver,channel,data, control messages,data,data,Alice,Bob,Trudy,8: Network Security,8-6,Who might Bob, Alice be?, well, real-life Bobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?,8: Network Security,8-7,There are bad guys (and girls) out there!,Q: What can a “bad guy” do?A: a lot!eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources),more on this later ,8: Network Security,8-8,Chapter 8 roadmap,8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS,8: Network Security,8-9,The language of cryptography,symmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private),plaintext,plaintext,ciphertext,encryptionalgorithm,decryption algorithm,Alices encryptionkey,Bobs decryptionkey,8: Network Security,8-10,Symmetric key cryptography,substitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for another,plaintext: abcdefghijklmnopqrstuvwxyz,ciphertext: mnbvcxzasdfghjklpoiuytrewq,Plaintext: bob. i love you. alice,ciphertext: nkn. s gktc wky. mgsbc,E.g.:,Q: How hard to break this simple cipher?: brute force (how hard?) other?,8: Network Security,8-11,Symmetric key cryptography,symmetric key crypto: Bob and Alice share know same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ: how do Bob and Alice agree on key value?,plaintext,ciphertext,encryptionalgorithm,decryption algorithm,A-B,plaintextmessage, m,K (m),A-B,8: Network Security,8-12,Symmetric key crypto: DES,DES: Data Encryption StandardUS encryption standard NIST 199356-bit symmetric key, 64-bit plaintext inputHow secure is DES?DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approachmaking DES more secure:use three keys sequentially (3-DES) on each datumuse cipher-block chaining,8: Network Security,8-13,Symmetric key crypto: DES,initial permutation 16 identical “rounds” of function application, each using different 48 bits of keyfinal permutation,8: Network Security,8-14,AES: Advanced Encryption Standard,new (Nov. 2001) symmetric-key NIST standard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES,8: Network Security,8-15,Block Cipher,one pass through: one input bit affects eight output bits,64-bit input,8bits,8 bits,8bits,8 bits,8bits,8 bits,8bits,8 bits,8bits,8 bits,8bits,8 bits,8bits,8 bits,8bits,8 bits,64-bit scrambler,64-bit output,loop for n rounds,multiple passes: each input bit afects all output bits block ciphers: DES, 3DES, AES,8: Network Security,8-16,Cipher Block Chaining,cipher block: if input block repeated, will produce same cipher text:,t=1,m(1) = “HTTP/1.1”,blockcipher,c(1) = “k329aM02”,cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1)c(0) transmitted to receiver in clearwhat happens in “HTTP/1.1” scenario from above?,m(i),c(i),t=17,m(17) = “HTTP/1.1”,blockcipher,c(17) = “k329aM02”,blockcipher,c(i-1),8: Network Security,8-17,Public key cryptography,symmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met”)?,public key cryptographyradically different approach Diffie-Hellman76, RSA78sender, receiver do not share secret keypublic encryption key known to allprivate decryption key known only to receiver,8: Network Security,8-18,Public key cryptography,plaintextmessage, m,ciphertext,encryptionalgorithm,decryption algorithm,Bobs public key,plaintextmessage,K,B,+,Bobs privatekey,K,B,-,8: Network Security,8-19,Public key encryption algorithms,need K ( ) and K ( ) such that,B,B,.,.,given public key K , it should be impossible to compute private key K,B,B,Requirements:,RSA: Rivest, Shamir, Adleman algorithm,+,-,+,-,8: Network Security,8-20,RSA: Choosing keys,1. Choose two large prime numbers p, q. (e.g., 1024 bits each),2. Compute n = pq, z = (p-1)(q-1),3. Choose e (with eAlice data encryption keyEA: Alice-Bob data encryption keyMB: Bob-Alice MAC keyMA: Alice-Bob MAC keyencryption and MAC algorithms negotiable between Bob, Alicewhy 4 keys?,8: Network Security,8-61,SSL: three phases,3. Data transfer,MB,b1b2b3 bn,d,EB,TCP byte stream,block n bytes together,compute MAC,encrypt d, MAC, SSL seq. #,SSL seq. #,Type Ver Len,SSL record format,encrypted using EB,unencrypted,8: Network Security,8-62,Chapter 8 roadmap,8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS,8: Network Security,8-63,IPsec: Network Layer Security,network-layer secrecy: sending host encrypts the data in IP datagramTCP and UDP segments; ICMP and SNMP work-layer authenticationdestination host can authenticate source IP addresstwo principal protocols:authentication header (AH) protocolencapsulation security payload (ESP) protocol,for both AH and ESP, source, destination handshake:create network-layer logical channel called
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 【生鲜购物系统的分析与设计9400字(论文)】
- 0512一年级语文(统编版)-四个太阳1-教案
- 急性附睾炎精准诊断与分层治疗核心策略总结2026
- 无菌车间环境监测服务合同
- 2026年人教版(新教材)初中数学八年级下册期末综合测试卷及答案
- 文化旅游项目知识产权合同2026
- 商业伦理培训与实施协议
- 奶茶饮品店环保责任协议
- 2026年国家保密测试题及答案
- 2026年预防侵害测试题及答案
- 2026年安宁市教育体育系统急需紧缺人才引进(68人)考试备考试题及答案详解
- 建筑施工物料提升机安全检查标准与实施指南培训
- 机电一体化系统-001-国开机考复习资料
- 模型34 旋转-费马点模型-原卷版
- JGJ6-2011 高层建筑筏形与箱形基础技术规范
- 2023年中国中医科学院广安门医院专项招聘医学类人员及高层次卫技人才考试历年高频考点试题含答案解析
- 工作场所安全使用化学品规定
- 《大道之行也》比较阅读12篇(历年中考语文文言文阅读试题汇编)(含答案与翻译)(截至2020年)
- GA 1815.8-2023交通运输系统反恐怖防范要求第8部分:公路隧道
- 化工设计概论第八章向非工艺专业提供设计条件
- 心理咨询与心理治疗:第5章 认知疗法的理论与技术
评论
0/150
提交评论