Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application.

Slides:



Advertisements
Similar presentations
Chapter 4: The Internet Business Data Communications, 6e.
Advertisements

“Advanced Encryption Standard” & “Modes of Operation”
Cryptography and Network Security Chapter 3
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.
Multimedia and The World Wide Web
11/27/06 1 Hofstra University - CSC005 Chapter 15 Networks ARPANet in 1969.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption
Chapter 8 Network Security 4/17/2017
Chapter 20: Network Security Business Data Communications, 4e.
02/05/06 Hofstra University – Network Security Course, CSC290A 1 Network Security Conventional Encryption.
Network Security Chapter
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.
1 Web Development & Design Foundations with XHTML Chapter 1 Key Concepts.
IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Cracking DES Cryptosystem A cryptosystem is made of these parts: Two parties who want to communicate over an insecure channel An encryption algorithm that.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
William Stallings Data and Computer Communications
A global, public network of computer networks. Computer Network A collection of computing devices connected to share resources such as: Files Software.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Lecture 23 Symmetric Encryption
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Chapter 5 : The Internet: Addressing & Services Business Data Communications, 4e.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Chapter 2 Symmetric Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
DES: Data Encryption Standard
Network Security Lecture 3 Secret Key Cryptography
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Fall 2011 Nassau Community College ITE153 – Operating Systems 1 Session 8 Networking & Operating Systems.
HOW THE INTERNET WORKS. Introduction : The internet has brought revolutionary changes Has become a medium for interaction and information Can access to.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
Provides Confidentiality
Information Security and Management (Abstract) 5
Triple DES.
Chapter 8 Network Security.
Unit -1.
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Advanced Encryption Standard
Presentation transcript:

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application and Standards 5 th edition William Stallings Prentice Hall 2014 Network Security 1

Acknowledgements: William Stallings.William Stallings All rights Reserved Data Encryption Standard (DES) Adopted in 1977, reaffirmed for 5 years in 1994, by NBS(NIST) Plaintext is 64 bits (or blocks of 64 bits), key is 56 bits Plaintext goes through 16 iterations, each producing an intermediate value that is used in the next iteration DES is now too easy to crack to be a useful encryption method 2

Acknowledgements: William Stallings.William Stallings All rights Reserved Strength of DES Concerns about the algorithm itself Concerns about 56-bit key – this is the biggest worry 3

Acknowledgements: William Stallings.William Stallings All rights Reserved Strength of DES DES is the most studied encryption algorithm in existence No one has succeeded in discovering a fatal weakness 1998, DES Cracker from Electronic Frontier Foundation, built for $250,000 Solution: Use a bigger key 4

Acknowledgements: William Stallings.William Stallings All rights Reserved Triple DES C = E K 3 [D K 2 [E K 1 [P ]]] 5

Acknowledgements: William Stallings.William Stallings All rights Reserved Triple DES Alternative to DES, uses multiple encryption with DES and multiple keys With three distinct keys, 3DES has an effective key length of 168 bits, so it is essentially immune to brute force attacks Backward compatible with DES Principal drawback of DES is that the algorithm is relatively sluggish in software 6

Acknowledgements: William Stallings.William Stallings All rights Reserved Advanced Encryption Standard NIST call for proposals in 1997 Nov, 2001 – Rijndael [rain´ dow] Symmetric block cipher (128 bits) and key lengths 128, 192, 256 Two Flemish cryptographers: Joan Daeman and Vincent Rijmen 7

Acknowledgements: William Stallings.William Stallings All rights Reserved Overview of AES 4Transformations:  Substitute Bytes  Shift Rows  Mix Columns  Add Round Key 8

Acknowledgements: William Stallings.William Stallings All rights Reserved AES URLS Cryptographic Toolkit How It Works Animation 9

Acknowledgements: William Stallings.William Stallings All rights Reserved IDEA International Data Encryption Algorithm 1991 by Swiss Federal Institute of Technology Uses 128-bit key Complex functions replace S-boxes Highly resistant to cryptanalysis Used in PGP 10

Acknowledgements: William Stallings.William Stallings All rights Reserved Blowfish 1993 by Bruce Schneier Easy to implement; high execution speed Variable key length up to 448 bits Used in a number of commercial applications 11

Acknowledgements: William Stallings.William Stallings All rights Reserved RC by Ron Rivest, one of the inventors of RSA algorithm Defined in RFC2040 Suitable for hardware and software Simple, fast, variable length key, low memory requirements High security 12

Acknowledgements: William Stallings.William Stallings All rights Reserved CAST , Entrust Technologies RFC 2144 Extensively reviewed Variable key length, bits Used in PGP 13

Acknowledgements: William Stallings.William Stallings All rights Reserved Conventional Encryption Algorithms 14

Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Modes of Operation Block ciphers process one n-bit block of data at a time Break long amounts of plaintext into 64-bit blocks Use Electronic Code Book (ECB)  Each block of plaintext is encrypted using the same key  Entry for every possible 64-bit plaintext pattern  Block appears more than once, produce same ciphertext  Repeating patterns become a problem 15

Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Chaining Mode Input to algorithm is the XOR of current plaintext block and preceding ciphertext block Repeating patterns are not exposed A digital blender! 16

Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Chaining Mode 17

Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Feedback Mode Convert DES into a stream cipher Eliminates need to pad a message Operates in real time Each character can be encrypted and transmitted immediately 18

Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices Link Encryption  Each vulnerable communications link is equipped on both ends with an encryption device  All traffic over all communications links is secured  Vulnerable at each switch 19

Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices End-to-end Encryption  The encryption process is carried out at the two end systems  Encrypted data are transmitted unaltered across the network to the destination, which shares a key with the source to decrypt the data  Packet headers cannot be secured 20

Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices 21

Acknowledgements: William Stallings.William Stallings All rights Reserved Key Distribution Both parties must have the secret key Key is changed frequently Requires either manual delivery of keys, or a third-party encrypted channel Most effective method is a Key Distribution Center (e.g. Kerberos) 22

Acknowledgements: William Stallings.William Stallings All rights Reserved Key Distribution 23

Acknowledgements: William Stallings.William Stallings All rights Reserved Network Security DNS & Addressing 24

Acknowledgements: William Stallings.William Stallings All rights Reserved Internet History Evolved from ARPANet (Defense Department’s Advanced Research Projects Agency Network) ARPANet was developed in 1969, and was the first packet-switching network Initially, included only four nodes: UCLA, UCSB, Utah, and SRI 25

Acknowledgements: William Stallings.William Stallings All rights Reserved NSF and the Internet In the 1980s, NSFNet extended packet-switched networking to non-ARPA organization; eventually replaced ARPANet Instituted Acceptable Use Policies to control use CIX (Commercial Internet eXchange) was developed to provide commercial internetworking 26

Acknowledgements: William Stallings.William Stallings All rights Reserved The World Wide Web Concept proposed by Tim Berners-Lee in 1989, prototype WWW developed at CERN in 1991 First graphical browser (Mosaic) developed by Mark Andreessen at NCSA Client-server system with browsers as clients, and a variety of media types stored on servers popped up everywhere Uses HTTP (Hyper Text Transfer Protocol) for retrieving files 27

Acknowledgements: William Stallings.William Stallings All rights Reserved Connecting to the Internet End users get connectivity from an ISP (Internet Service Provider)  Home users use dial-up, ADSL, cable modems, satellite, wireless  Businesses use dedicated circuits connected to LANs ISPs use “wholesalers” called network service providers and high speed (T-3 or higher) connections 28

Acknowledgements: William Stallings.William Stallings All rights Reserved US Internet Access Points 29

Acknowledgements: William Stallings.William Stallings All rights Reserved Internet Addressing 32-bit global Internet address Includes network and host identifiers Dotted decimal notation  (binary)  (decimal) 30

Acknowledgements: William Stallings.William Stallings All rights Reserved Internet Addressing 31

Acknowledgements: William Stallings.William Stallings All rights Reserved Network Classes Class A: Few networks, each with many hosts All addresses begin with binary 0 Range: Class B: Medium networks, medium hosts All addresses begin with binary 10 Range: Class C: Many networks, each with few hosts All addresses begin with binary 11 Range:

Acknowledgements: William Stallings.William Stallings All rights Reserved Domain Name System 32-bit IP addresses have two drawbacks  Routers can’t keep track of every network path  Users can’t remember dotted decimals easily Domain names address these problems by providing a name for each network domain (hosts under the control of a given entity) 33

Acknowledgements: William Stallings.William Stallings All rights Reserved DNS Database Hierarchical database containing name, IP address, and related information for hosts Provides name-to-address directory services 34

Acknowledgements: William Stallings.William Stallings All rights Reserved Domain Tree 35

Acknowledgements: William Stallings.William Stallings All rights Reserved Useful Websites ex.jhtml - the original InterNIC. This site has the “whois” database ex.jhtml - American Registry for Internet Numbers (ARIN). This site has a “whois” database for IP numbers very handy networking tools: traceroute, ping, nslookup, whois, dig 36

Acknowledgements: William Stallings.William Stallings All rights Reserved Homework Read Chapter Two Examine some sites using whois and traceroute for the domain name and the IP address. See how much you can find out about a site 37

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.