1 / 46

Computer Networks

Computer Networks. NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant stolic@unys.edu.mk. Network Security. Chapter 8. Need for Security. Some people who cause security problems and why. An Introduction to Cryptography. The encryption model (for a symmetric-key cipher).

hasana
Download Presentation

Computer Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant stolic@unys.edu.mk

  2. Network Security Chapter 8

  3. Need for Security • Some people who cause security problems and why.

  4. An Introduction to Cryptography • The encryption model (for a symmetric-key cipher).

  5. Symmetric-Key Algorithms • DES – The Data Encryption Standard • AES – The Advanced Encryption Standard • Cryptanalysis

  6. Product Ciphers • Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.

  7. Data Encryption Standard • The data encryption standard. (a) General outline.(b) Detail of one iteration. The circled + means exclusive OR.

  8. Triple DES • (a) Triple encryption using DES. (b) Decryption.

  9. AES – The Advanced Encryption Standard • Rules for AES proposals • The algorithm must be a symmetric block cipher. • The full design must be public. • Key lengths of 128, 192, and 256 bits supported. • Both software and hardware implementations required • The algorithm must be public or licensed on nondiscriminatory terms.

  10. Cryptanalysis • Some common symmetric-key cryptographic algorithms.

  11. Public-Key Algorithms • RSA • Other Public-Key Algorithms

  12. Digital Signatures • Symmetric-Key Signatures • Public-Key Signatures • Message Digests

  13. Symmetric-Key Signatures • Digital signatures with Big Brother.

  14. Public-Key Signatures • Digital signatures using public-key cryptography.

  15. Message Digests • Digital signatures using message digests.

  16. Management of Public Keys • Certificates • X.509 • Public Key Infrastructures

  17. Problems with Public-Key Encryption • A way for Trudy to subvert public-key encryption.

  18. Certificates • A possible certificate and its signed hash.

  19. X.509 • The basic fields of an X.509 certificate.

  20. Public-Key Infrastructures • (a) A hierarchical PKI. (b) A chain of certificates.

  21. Communication Security • IPsec • Firewalls • Virtual Private Networks • Wireless Security

  22. IPsec • The IPsec authentication header in transport mode for IPv4.

  23. IPsec (2)‏ • (a) ESP in transport mode. (b) ESP in tunnel mode.

  24. Firewalls • A firewall consisting of two packet filters and an application gateway.

  25. Virtual Private Networks • (a) A leased-line private network. (b) A virtual private network.

  26. 802.11 Security • Packet encryption using WEP.

  27. Authentication Protocols • Authentication Based on a Shared Secret Key • Authentication Using a Key Distribution Center • Authentication Using Kerberos • Authentication Using Public-Key Cryptography

  28. Authentication Based on a Shared Secret Key • Two-way authentication using a challenge-response protocol.

  29. Authentication Based on a Shared Secret Key (2)‏ • A shortened two-way authentication protocol.

  30. Authentication Based on a Shared Secret Key (3)‏ • The reflection attack.

  31. Authentication Based on a Shared Secret Key (5)‏ • Authentication using HMACs.

  32. Authentication Using a Key Distribution Center • A first attempt at an authentication protocol using a KDC.

  33. Authentication Using a Key Distribution Center (2)‏ • The Needham-Schroeder authentication protocol.

  34. Authentication Using a Key Distribution Center (3)‏ • The Otway-Rees authentication protocol (slightly simplified).

  35. Authentication Using Kerberos • The operation of Kerberos V4.

  36. Authentication Using Public-Key Cryptography • Mutual authentication using public-key cryptography.

  37. E-Mail Security • PGP – Pretty Good Privacy • PEM – Privacy Enhanced Mail • S/MIME

  38. Web Security • Threats • Secure Naming • SSL – The Secure Sockets Layer • Mobile Code Security

  39. Secure Naming • (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.

  40. Secure Naming (2)‏ • How Trudy spoofs Alice's ISP.

  41. Secure DNS An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed has of the A and KEY records to verify their authenticity.

  42. Self-Certifying Names • A self-certifying URL containing a hash of server's name and public key.

  43. SSL—The Secure Sockets Layer • Layers (and protocols) for a home user browsing with SSL.

  44. SSL (2)‏ • A simplified version of the SSL connection establishment subprotocol.

  45. SSL (3)‏ • Data transmission using SSL.

  46. Java Applet Security • Applets inserted into a Java Virtual Machine interpreter inside the browser.

More Related