Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Computer Networks

Published byKelley Barber Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Computer Networks"— Presentation transcript:

1 Advanced Computer Networks
CS716 Advanced Computer Networks By Dr. Amir Qayyum 1

2 Lecture No. 40

3 Security Outline Encryption Algorithms Authentication Protocols
Message Integrity Protocols Key Distribution Firewalls

4 Overview Cryptography functions Security services
Secret key (e.g. DES) Public key (e.g. RSA) Message digest (e.g. MD5) Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered

5 Taxonomy of Network Security
Cryptography Security algorithms services Secret Public Message Privacy Authentication Message key key digest integrity (e.g. DES) (e.g. RSA) (e.g. MD5)

6 Secret Key Encryption

7 Secret Key Encryption (DES)
Plaintext Plaintext Encrypt with Decrypt with secret key secret key Ciphertext

8 DES Algorithm Each Round 64-bit key (56-bits + 8-bit parity) 16 rounds
Initial permutation Round 1 Each Round Round 2 56-bit L 1 R 1 key i i F K i + Round 16 L R i i Final permutation

9 Expansion Phase of DES 4-bit chunk Expanded to 6 bits by stealing
a bit from left and right chunks ■ ■ ■

10 Initialization Vector
Secret Key Encryption Plaintext Block 3 Plaintext Block 2 Plaintext Block 1 Plaintext Block 0 Encryption Function Blocks of Ciphertext Initialization Vector (For block 0 only)

11 Cipher Block Chaining (CBC)
Repeat for larger messages Block Block Block Block 1 2 3 4 IV + + + + DES DES DES DES Cipher Cipher Cipher Cipher 1 2 3 4

12 Public Key Encryption

13 Public Key Authentication

14 Public Key Encryption (RSA)
Plaintext Plaintext Encrypt with Decrypt with public key private key Ciphertext Encryption & Decryption c = memod n m = cdmod n

15 RSA (cont) Choose two large prime numbers p and q (each 256 bits)
Multiply p and q together to get n Choose the encryption key e, such that e and (p - 1) × (q - 1) are relatively prime. Two numbers are relatively prime if they have no common factor greater than one

16 RSA (cont) Compute decryption key d such that
d = e-1mod ((p - 1) × (q - 1)) Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q

17 Message Digest Cryptographic checksum
Just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.

18 Message Digest One-way function
Given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.

19 Message Digest Relevance
If you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

20 Overview of Message Digest Operation
Initial “digest” Message (padded) (constant) 512 bits 512 bits 512 bits ■ ■ ■ Transform Transform Transform Message digest

21 Authentication Protocols
Three-way handshake Client Server ClientId, E (x, CHK) E(x + 1, SHK), E(Y, SHK) E(y + 1, CHK) E(SK, SHK)

22 Third Party Authentication
Trusted third party (Kerberos) S A B A, B E((T, L, K, B), KA), E((T, L, K, A), KB) E((A, T), K), E((T, L, K, A), KB) E(T + 1, K)

23 Public Key Authentication
( x , Public )

24 Message Integrity

25 Message Integrity Protocols
Keyed MD5 Sender: m + MD5 (m + k) + E(E(k, rcv – pub), private) Receiver Recovers random key using the sender’s public key Applies MD5 to the concatenation of this random key message

26 Message Integrity Protocols
MD5 with RSA signature Sender: m + E(MD5(m), private) Receiver Decrypts signature with sender’s public key Compares result with MD5 checksum sent with message

27 Tree-structured CA Hierarchy

28 Authentication

29 Session Key Communication

30 Session Key Communication

31 Key Distribution Center

Download ppt "Advanced Computer Networks"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.

Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
CSE 30264 Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 23 – April 6, 2010.

CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 23 – April 6, 2010.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
5-Sep-154/598N: Computer Networks Recap UDP: IP with port abstraction TCP: Reliable, in order, at most once semantics –Sliding Windows –Flow control: ensure.

5-Sep-154/598N: Computer Networks Recap UDP: IP with port abstraction TCP: Reliable, in order, at most once semantics –Sliding Windows –Flow control: ensure.

Similar presentations

Ads by Google