1 / 32

Chapter 8 – Network Security

Chapter 8 – Network Security. Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some background. The topics are very extensive and 50 pages of text can’t cover much at all. Encryption.

lesa
Download Presentation

Chapter 8 – Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 – Network Security • Two main topics • Cryptographic algorithms and mechanisms • Firewalls • Chapter may be hard to understand if you don’t have some background. The topics are very extensive and 50 pages of text can’t cover much at all.

  2. Encryption • Two main divisions: symmetric, same key both encodes and decodes (examples DES, Blowfish, RC2, RC4 etc.), asymmetric, different keys, one for encoding and one for decoding (example RSA, DH) • Symmetric, usually much faster to compute, but key distribution is harder • Asymmetric, much slower to compute, but key distribution is easier

  3. Problems requiring Encryption (in plain English) • You don’t want your data intercepted in-transit by an unintended recipient • You want to be sure that you are communicating with the person or website that you intend • You want to be able to prove that you are who you say you are

  4. Secret keys – symmetric encryption • Simple enough in concept – encrypt your message with a secret key and send it to a recipient – see next diagram • Read over the details of the example method given in the text (DES), but we will focus more on RSA

  5. Plaintext Plaintext Encrypt with Decrypt with secret key secret key Ciphertext

  6. Public Key or Asymmetric Algorithms • Usually based on difficult-to-compute mathematical algorithms like factoring large near-prime numbers or calculating discrete logs • Two keys – private key and public key • One encrypts • The other decrypts • Only one copy of private key – owner • Can be many copies of public key

  7. Public Key Usage • Look over the accompanying slides (handout) on the usage of Public Key cryptography • Factoid: RSA is 100x to 10,000x times slower to compute than a secret key method like DES or Blowfish • Therefore large amounts of encryption are not usually done with a public key method – instead secret (symmetric) keys are passed with public key encryption – see slides

  8. Terminology • Key – a string of characters used to encrypt or decrypt a message • Plain text – the original message • Cipher text – the encrypted message • Public key – the part of a (public,private) key pair that is distributed to people whom you want to send encrypted messages to • Private key – the part that you keep to yourself to encrypt and decrypt with

  9. How Public and Private Keys Work • Plain text encrypted by a private key gives cipher text that can be decrypted (only) by the public key • Conversely, plain text encrypted by the public key gives text that can be decrypted (only) by the private key • Note: plain text encrypted by a public key can not be decrypted by a second use of the public key (same for the private key)

  10. How it Works (continued) • Note: if you want to keep your data secret it does not work to encrypt data with your private key and send it off to be decrypted with your public key because your public key (being public!) may be in other people’s hands other than your intended recipient • Therefore both sides need a separate (private, public) key pair (see the diagrams in the handout) • Caveat: if you want to prove that you are who you say you are then encrypting with your private key is useful – since only you posses it!

  11. Plaintext Plaintext Encrypt with Decrypt with public key private key Ciphertext

  12. Security Cryptography Security algorithms services Secret Public Message Privacy Authentication Message key key digest integrity (e.g., DES) (e.g., RSA) (e.g., MD5)

  13. Security Mechanisms • Authentication, trusted third party, digital signatures, certificates are all mechanisms based on various uses of encryption to handle those problems stated earlier in plain English • The next diagrams show graphically some of the handshaking that needs to go on

  14. S A B B , A E (( T , L , K , B E ), (( T K , L ), , A K , A ), K ) B E (( A , T E ), (( K T , ), L , K , A ), K ) B ) K + 1, T ( E

  15. Certificates • Just a special type of digitally signed document • In plain English it says: “I certify that the public key in this document belongs to the entity named in the document, signed X.” • X would normally be a CA or Certification Authority – an administrative entity that is in the business of issuing certificates

  16. “Chains of Trust” • Read over carefully the basic ideas behind the tree-structured certification authority given on page 592 and in figure 8.12 • This whole issue is fraught with complications and standards – just the basic idea will suffice for us for this course

  17. IPRA = Internet Policy IPRA Registration Authority (root) PCA n = policy certification authority CA = certification authority PCA1 PCA2 PCA3 CA CA CA CA CA CA User User CA User User User CA User User User

  18. Example Systems • Privacy Enhanced Mail (PEM) • Read over the basic idea on page 595 and study the following figures

  19. Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare Calculate MD5 checksum over message contents against received value Sign checksum using RSA Decrypt signed checksum with sender ’ s private key with sender ’ s public key T ransmitted message

  20. Create a random secret key k Original message Encrypt message using Decrypt message using DES with secret key k DES with secret key k Encrypt k using RSA with Decrypt E ( k ) using RSA with recipient ’ s public key my private key -> k Encode message + E ( k ) Convert ASCII message in ASCII for transmission T ransmitted message

  21. Transport Layer Security (TLS) • SSL, HTTPS are two well known examples

  22. Client Server Hello Hello [Certificate, Keys, Cert. Request] HelloDone [Certificate] Keys [Cert. V erify] Finished Finished Data

  23. Firewalls • Basic Functions • Packet Filtering (see example on handouts) • Network Address Translation (NAT) • Application Proxy • Monitoring and Logging

  24. Firewalls – Other functions • Firewalls can sometimes do: • Data Caching • Content Filtering • Intrusion Detection • Load Balancing

  25. Rest of the Internet Firewall Local site

  26. Proxy-Based Firewalls • A big topic that is only briefly touched upon in this text book

  27. Remote company user W eb Internet Firewall Company net server Random external user

  28. Firewall External Local client server Proxy External HTTP/TCP connection Internal HTTP/TCP connection

  29. net 2 net 1 Outside world R1 R2

More Related