Presentation is loading. Please wait.

Presentation is loading. Please wait.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application.

Published byMeagan Frickey Modified over 9 years ago

Similar presentations

Presentation on theme: "Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application."— Presentation transcript:

1 Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application and Standards 5 th edition William Stallings Prentice Hall 2014 Network Security 1

2 Acknowledgements: William Stallings.William Stallings All rights Reserved Data Encryption Standard (DES) Adopted in 1977, reaffirmed for 5 years in 1994, by NBS(NIST) Plaintext is 64 bits (or blocks of 64 bits), key is 56 bits Plaintext goes through 16 iterations, each producing an intermediate value that is used in the next iteration DES is now too easy to crack to be a useful encryption method 2

3 Acknowledgements: William Stallings.William Stallings All rights Reserved Strength of DES Concerns about the algorithm itself Concerns about 56-bit key – this is the biggest worry 3

4 Acknowledgements: William Stallings.William Stallings All rights Reserved Strength of DES DES is the most studied encryption algorithm in existence No one has succeeded in discovering a fatal weakness 1998, DES Cracker from Electronic Frontier Foundation, built for $250,000 Solution: Use a bigger key 4

5 Acknowledgements: William Stallings.William Stallings All rights Reserved Triple DES C = E K 3 [D K 2 [E K 1 [P ]]] 5

6 Acknowledgements: William Stallings.William Stallings All rights Reserved Triple DES Alternative to DES, uses multiple encryption with DES and multiple keys With three distinct keys, 3DES has an effective key length of 168 bits, so it is essentially immune to brute force attacks Backward compatible with DES Principal drawback of DES is that the algorithm is relatively sluggish in software 6

7 Acknowledgements: William Stallings.William Stallings All rights Reserved Advanced Encryption Standard NIST call for proposals in 1997 Nov, 2001 – Rijndael [rain´ dow] Symmetric block cipher (128 bits) and key lengths 128, 192, 256 Two Flemish cryptographers: Joan Daeman and Vincent Rijmen 7

8 Acknowledgements: William Stallings.William Stallings All rights Reserved Overview of AES 4Transformations:  Substitute Bytes  Shift Rows  Mix Columns  Add Round Key 8

9 Acknowledgements: William Stallings.William Stallings All rights Reserved AES URLS Cryptographic Toolkit How It Works Animation 9

10 Acknowledgements: William Stallings.William Stallings All rights Reserved IDEA International Data Encryption Algorithm 1991 by Swiss Federal Institute of Technology Uses 128-bit key Complex functions replace S-boxes Highly resistant to cryptanalysis Used in PGP 10

11 Acknowledgements: William Stallings.William Stallings All rights Reserved Blowfish 1993 by Bruce Schneier Easy to implement; high execution speed Variable key length up to 448 bits Used in a number of commercial applications 11

12 Acknowledgements: William Stallings.William Stallings All rights Reserved RC5 1994 by Ron Rivest, one of the inventors of RSA algorithm Defined in RFC2040 Suitable for hardware and software Simple, fast, variable length key, low memory requirements High security 12

13 Acknowledgements: William Stallings.William Stallings All rights Reserved CAST-128 1997, Entrust Technologies RFC 2144 Extensively reviewed Variable key length, 40-128 bits Used in PGP 13

14 Acknowledgements: William Stallings.William Stallings All rights Reserved Conventional Encryption Algorithms 14

15 Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Modes of Operation Block ciphers process one n-bit block of data at a time Break long amounts of plaintext into 64-bit blocks Use Electronic Code Book (ECB)  Each block of plaintext is encrypted using the same key  Entry for every possible 64-bit plaintext pattern  Block appears more than once, produce same ciphertext  Repeating patterns become a problem 15

16 Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Chaining Mode Input to algorithm is the XOR of current plaintext block and preceding ciphertext block Repeating patterns are not exposed A digital blender! 16

17 Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Block Chaining Mode 17

18 Acknowledgements: William Stallings.William Stallings All rights Reserved Cipher Feedback Mode Convert DES into a stream cipher Eliminates need to pad a message Operates in real time Each character can be encrypted and transmitted immediately 18

19 Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices Link Encryption  Each vulnerable communications link is equipped on both ends with an encryption device  All traffic over all communications links is secured  Vulnerable at each switch 19

20 Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices End-to-end Encryption  The encryption process is carried out at the two end systems  Encrypted data are transmitted unaltered across the network to the destination, which shares a key with the source to decrypt the data  Packet headers cannot be secured 20

21 Acknowledgements: William Stallings.William Stallings All rights Reserved Location of Encryption Devices 21

22 Acknowledgements: William Stallings.William Stallings All rights Reserved Key Distribution Both parties must have the secret key Key is changed frequently Requires either manual delivery of keys, or a third-party encrypted channel Most effective method is a Key Distribution Center (e.g. Kerberos) 22

23 Acknowledgements: William Stallings.William Stallings All rights Reserved Key Distribution 23

24 Acknowledgements: William Stallings.William Stallings All rights Reserved Network Security DNS & Addressing 24

25 Acknowledgements: William Stallings.William Stallings All rights Reserved Internet History Evolved from ARPANet (Defense Department’s Advanced Research Projects Agency Network) ARPANet was developed in 1969, and was the first packet-switching network Initially, included only four nodes: UCLA, UCSB, Utah, and SRI 25

26 Acknowledgements: William Stallings.William Stallings All rights Reserved NSF and the Internet In the 1980s, NSFNet extended packet-switched networking to non-ARPA organization; eventually replaced ARPANet Instituted Acceptable Use Policies to control use CIX (Commercial Internet eXchange) was developed to provide commercial internetworking 26

27 Acknowledgements: William Stallings.William Stallings All rights Reserved The World Wide Web Concept proposed by Tim Berners-Lee in 1989, prototype WWW developed at CERN in 1991 First graphical browser (Mosaic) developed by Mark Andreessen at NCSA Client-server system with browsers as clients, and a variety of media types stored on servers popped up everywhere Uses HTTP (Hyper Text Transfer Protocol) for retrieving files 27

28 Acknowledgements: William Stallings.William Stallings All rights Reserved Connecting to the Internet End users get connectivity from an ISP (Internet Service Provider)  Home users use dial-up, ADSL, cable modems, satellite, wireless  Businesses use dedicated circuits connected to LANs ISPs use “wholesalers” called network service providers and high speed (T-3 or higher) connections 28

29 Acknowledgements: William Stallings.William Stallings All rights Reserved US Internet Access Points 29

30 Acknowledgements: William Stallings.William Stallings All rights Reserved Internet Addressing 32-bit global Internet address Includes network and host identifiers Dotted decimal notation  11000000 11100100 00010001 00111001 (binary)  192.228.17.57 (decimal) 30

31 Acknowledgements: William Stallings.William Stallings All rights Reserved Internet Addressing 31

32 Acknowledgements: William Stallings.William Stallings All rights Reserved Network Classes Class A: Few networks, each with many hosts All addresses begin with binary 0 Range: 1-126 Class B: Medium networks, medium hosts All addresses begin with binary 10 Range: 128-191 Class C: Many networks, each with few hosts All addresses begin with binary 11 Range: 192-223 32

33 Acknowledgements: William Stallings.William Stallings All rights Reserved Domain Name System 32-bit IP addresses have two drawbacks  Routers can’t keep track of every network path  Users can’t remember dotted decimals easily Domain names address these problems by providing a name for each network domain (hosts under the control of a given entity) 33

34 Acknowledgements: William Stallings.William Stallings All rights Reserved DNS Database Hierarchical database containing name, IP address, and related information for hosts Provides name-to-address directory services 34

35 Acknowledgements: William Stallings.William Stallings All rights Reserved Domain Tree 35

36 Acknowledgements: William Stallings.William Stallings All rights Reserved Useful Websites http://www.networksolutions.com/whois/ind ex.jhtml - the original InterNIC. This site has the “whois” database http://www.networksolutions.com/whois/ind ex.jhtml http://www.arin.net - American Registry for Internet Numbers (ARIN). This site has a “whois” database for IP numbers http://www.arin.net http://network-tools.com/ - very handy networking tools: traceroute, ping, nslookup, whois, dig http://network-tools.com/ 36

37 Acknowledgements: William Stallings.William Stallings All rights Reserved Homework Read Chapter Two Examine some sites using whois and traceroute for the domain name and the IP address. See how much you can find out about a site 37

Download ppt "Acknowledgements: William Stallings.William Stallings All rights Reserved Session 2 Conventional Encryption (Part 2) Network Security Essentials Application."

Similar presentations

Chapter 4: The Internet Business Data Communications, 6e.

Chapter 4: The Internet Business Data Communications, 6e.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Multimedia and The World Wide Web

Multimedia and The World Wide Web
11/27/06 1 Hofstra University - CSC005 Chapter 15 Networks ARPANet in 1969.

11/27/06 1 Hofstra University - CSC005 Chapter 15 Networks ARPANet in 1969.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
02/05/06 Hofstra University – Network Security Course, CSC290A 1 Network Security Conventional Encryption.

02/05/06 Hofstra University – Network Security Course, CSC290A 1 Network Security Conventional Encryption.
Network Security Chapter

Network Security Chapter
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.

Similar presentations

Ads by Google