Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Computer Networks

Published byIsaac Blanchette Modified over 5 years ago

Similar presentations

Presentation on theme: "Advanced Computer Networks"— Presentation transcript:

1 Advanced Computer Networks
CS716 Advanced Computer Networks By Dr. Amir Qayyum 1

2 Lecture No. 41

3 Message Integrity Protocols
Digital signature using RSA Special case of a message integrity where the code can only have been generated by one participant Compute signature with private key and verify with public key

4 Message Integrity Protocols
Keyed MD5 Sender: m + MD5 (m + k) + E(E(k, rcv-pub), private) Receiver recovers random key using the sender’s public key applies MD5 to the concatenation of this random key message

5 Message Integrity Protocols
MD5 with RSA signature Sender: m + E(MD5(m), private) Receiver Decrypts signature with sender’s public key Compares result with MD5 checksum sent with message

6 Authentication

7 Session Key Communication

8 Session Key Communication

9 Key Distribution Center

10 Kerberos

11 Man-in-the-Middle Attack in Diffie-Hellman

12 Key Distribution Certificate
Special type of digitally signed document: “I certify that the public key in this document belongs to the entity named in this document, signed X.” The name of the entity being certified The public key of the entity The name of the certification authority A digital signature

13 Certification Authority (CA)
Key Distribution Certification Authority (CA) Administrative entity that issues certificates Useful only to someone that already holds the CA’s public key.

14 Tree-structured CA Hierarchy

15 Key Distribution (cont)
Chain of Trust If X certifies that a certain public key belongs to Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z Someone that wants to verify Z’s public key has to know X’s public key and follow the chain Certificate Revocation List

16 PGP Message Integrity and Authentication
Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Calculate MD5 checksum over message contents Sign checksum using RSA with sender‘s private key Decrypt signed checksum with sender‘s private key Transmitted message

17 PGP Message Encryption
Original message Create a random secret key k Encrypt message using DES with secret key k Decrypt message using DES with secret key k Encrypt k using RSA with recipient s public key Decrypt E(k) using RSA with my private key k Encode message + E(k) in ASCII for transmission Convert ASCII message Transmitted message

18 Example (PGP)

19 SSH Port Forwarding

20 Secure Transport Layer
Application (e.g. HTTP) Secure transport layer TCP IP Subnet

21 TLS Handshake Protocol
Client Server Hello [Certificate] Keys [Cert. Verify] Finished Finished Data

22 TLS Handshake Protocol

23 IPSEC Authentication Header

24 IPSEC ESP Header

25 ESP Packet

26 Firewalls

27 Firewalls Filter-Based Solution Example
Rest of the Internet Local site Filter-Based Solution Example ( , 1234, , 80 ) (*,*, , 80 ) Default: forward or not forward? How dynamic?

28 Proxy-Based Firewalls
Problem: complex policy Example: web server Remote Company User Firewall Web Server Internet Company net Random External User

29 Proxy-Based Firewalls
Solution: proxy Design: transparent vs classical Limitations: Internal attacks Firewall External Client Local Server Proxy External HTTP/TCP connection Internal HTTP/TCP connection

30 Simple Proxy Scenario S R P

31 Denial of Service Attacks on end hosts Attacks on routers
SYN attack Attacks on routers Christmas tree packets Pollute route cache Authentication attacks Distributed DoS attacks

Download ppt "Advanced Computer Networks"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.

INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
5-Sep-154/598N: Computer Networks Recap UDP: IP with port abstraction TCP: Reliable, in order, at most once semantics –Sliding Windows –Flow control: ensure.

5-Sep-154/598N: Computer Networks Recap UDP: IP with port abstraction TCP: Reliable, in order, at most once semantics –Sliding Windows –Flow control: ensure.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
CSS432 Network Security Textbook Ch8

CSS432 Network Security Textbook Ch8
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Similar presentations

Ads by Google