Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Computer Security Key Management
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Chapter 9: Key Management
Key Distribution CS 470 Introduction to Applied Cryptography
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
CSCI 6962: Server-side Design and Programming
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Network Security – Special Topic on Skype Security.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Digital Signatures, Message Digest and Authentication Week-9.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Cryptography: Digital Signatures Message Digests Authentication
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Public Key Infrastructure (PKI) Chien-Chung Shen
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Cryptography Reference: Network Security
Cryptography Reference: Network Security
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
Campbell R. Harvey Duke University and NBER
Advanced Computer Networks
Electronic Payment Security Technologies
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Network Security Continued

Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender. – 2. The sender cannot later repudiate the content of the message. – 3. The receiver cannot make the message up.

Using Public key / Private Key To send P, Alice send E_B(D_A(P)). Bob receives, decode it with his private key to get D_A(P), encode it with Alice’s public key to get P.

Digital Signature Can Bob verify this is the message from Alice? – Yes, because (1) the message usually have some format and if it is not decoded correctly it will make no sense (2) Alice can send a hash of the message to Bob and Bob can verify whether the hash matches the decoded message

Digital Signature If Alice later denies she sent the message P, Bob can show P and D_A(P). A third party can check if he can get P with D_A(P) and Alice’s private key. If yes, Alice is lying because Bob does not know Alice’s private key and have no way to make up D_A(P).

Is problem solved? How can Alice and Bob know each other’s public key? Can Alice send a message to Bob to ask him to send her pkB? No. Tom may intercept this message and return Alice a message with his key or some junk.

Solution? Ask someone with authority, say, C. – Alice asks C “can you tell me the public key of Bob?” – C replies “Here you are, pkB.” Will this work? No. Because how can Alice be sure that this message is from C and not from Tom?

Solution Because C is well-known, Alice remembers his public key. So when C sends Alice the reply, he “signs” it with his private key: D_skC(pkB, I am sending you the public key of Bob as you requested). When Alice gets this message, she knows that this must be from C and can be trusted.

Problems? If everyone must contact C before the session begins, can C still handle it? Note that the RSA algorithm involves multiplications of large numbers and is slow.

Solution In fact, C does not have to answer the reply in real time. He can send Bob a “certificate” like: D_skC[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is Later, when Bob wants to prove he is indeed Bob, he can just present this to Alice. Actually, it is D_skC{SHA_1[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is and C is called Certificate Authority (CA).

Optimizations Still, signing all these certificates is too much for a single machine. There is PKI (Public Key Infrastructure) as a tree. You have a root, Regional Authorities, and CAs. A node certifies the nodes under it by signing. Chain of trust.

Authentication If someone claims he is A, how do you verify? He should present something to you which you can check and which he can have if and only if he is A. We can all think of certain things for our real friends, but does such thing exist in the electronic world?

Simple Protocol Will this work, suppose A and B knows each other’s public key – If A wants to communicate with B, A sends E_pkB[D_skA(P)], where P is the plain text message. Because of the digital signature scheme, B knows that this message is originally from A. But a message that is originally from A does not mean that it is from A– the replay attack.

The solution Recall that everyone has a public key and a private key. Suppose Alice and Bob knows each other’s public key. – If Alice wants to setup a session with Bob, she sends Bob a message E_pkB[Alice, R_a], meaning that I am Alice and I want to talk to you, where R_a is a number picked at random. – Bob replies E_pkA[R_a, R_b, K_s], where R_b is a number picked at random and K_s is the session key. – Alice replies AES_K_s[R_b]. (not exactly the same as Skype’s protocol, but the idea is the same)

Explanations Message 2. When Alice gets E_pkA[R_a, R_b, K_s], she can decrypt it and can get R_a, R_b, K_s. When she sees R_a, she knows that this is the response she is waiting for and the sender must be Bob. Why? Because no one except Bob knows how to decode E_pkB[Alice, R_a] to get R_a and R_a is totally random and it is impossible for one to guess it right.

Explainations Message 3. When Bob gets AES_K_s[R_b], he can use K_s to decode it to get R_b. Then he knows that this must be the message he is waiting for and the one who sent the first message must be Alice. Why? Because no one except Alice knows how to decode E_pkA[R_a, R_b, K_s] to get R_b and K_s to get AES_K_s[R_b].

Explanations The key is, we can make sure that every message must be the response of the previous message.

SSL -- Secure Sockets Layer and HTTPS Build a secure connection between two sockets. It is a layer between the application layer and the transportation layer. When HTTP is run over SSL, it is HTTPS.

SSL Twp protocols, one for establishing a secure connection, the other for using it. Fig Establishing connection. 1.A->B. SSL version, Preferences, R_A. 2.B->A. SSL version, Choices, R_B. Certificate. Done. 3.A->B. E_pkB[premaster key]. Change cipher. Finished. 4.B->A. Change cipher. Finished. R_A, R_B, premaster key used to get the session key. A is sure that she is talking to B. B use passwords to make sure that he is talking to A.

PGP – Pretty Good Privacy Used in s. MD5RSAIDEA RSA P K_M DA zip EB

Attacks SYN Flood. Reflection.

Attacks logy/internet/10attacks.html logy/internet/10attacks.html e/419816/a-next-generation-dos-attack- distributed-reflection/ e/419816/a-next-generation-dos-attack- distributed-reflection/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.