Download presentation
Presentation is loading. Please wait.
1
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and Internet Addresses Finish up FirewallsFinish up Firewalls Routing ExerciseRouting Exercise Secret Key ManagementSecret Key Management WiresharkWireshark
2
March 2005 2R. Smith - University of St Thomas - Minnesota LAN and Internet Addresses Let’s try to ‘map’ everyones’ addressesLet’s try to ‘map’ everyones’ addresses
3
March 2005 3R. Smith - University of St Thomas - Minnesota Network Address Translation Original purpose: more hosts & addressesOriginal purpose: more hosts & addresses –Let “insiders” use restricted addresses –Translate them on the way out A ‘multiplexing’ mechanismA ‘multiplexing’ mechanism –Users share a “real” Internet address
4
March 2005 4R. Smith - University of St Thomas - Minnesota Firewalls and LAN support Provide a few standard LAN servicesProvide a few standard LAN services –Router connection –DHCP
5
March 2005 5R. Smith - University of St Thomas - Minnesota Routing Exercise Identify some ‘routers’Identify some ‘routers’ The rest are ‘hosts’The rest are ‘hosts’
6
March 2005 6R. Smith - University of St Thomas - Minnesota Secret Key Management Two elementsTwo elements –How do you assign individual keys –How do you update keys Assignment – how many keys do we need?Assignment – how many keys do we need? –“One Big Cryptonet” –Pairwise user-user –Pairwise user-server (“key distribution center) Updating – given the assignment strategiesUpdating – given the assignment strategies –Manual –Automatic
7
March 2005 7R. Smith - University of St Thomas - Minnesota Automatic key updating How do we get the new key?How do we get the new key? –Internal update use a ‘pseudo random number generator’use a ‘pseudo random number generator’ “Forward secrecy” problem“Forward secrecy” problem –Random update Use a new, randomly generated keyUse a new, randomly generated key Share with the cryptonetShare with the cryptonet How do we transmit random keys?How do we transmit random keys? –Chained update Send it using the existing crypto keySend it using the existing crypto key “Forward secrecy” problem“Forward secrecy” problem –KEK-based update Use a separate “key encrypting key”Use a separate “key encrypting key” Data is only sent with “data keys” or “session keys”Data is only sent with “data keys” or “session keys” Only use KEK to send newly generated sessionOnly use KEK to send newly generated session
8
March 2005 8R. Smith - University of St Thomas - Minnesota Key Distribution Center (KDC) Each user has a unique personal keyEach user has a unique personal key –Contacts KDC to get a session key –KDC sends keys encrypted with users’ personal keys ExampleExample –Bob wants to talk to Alice –Bob contacts KDC, says “I want to talk to Alice” –KDC sends two copies of the session key One encrypted with Bob’s personal keyOne encrypted with Bob’s personal key One encrypted with Alice’s personal keyOne encrypted with Alice’s personal key This is the basis of KerberosThis is the basis of Kerberos –Encrypted keys are called “tickets”
9
March 2005 9R. Smith - University of St Thomas - Minnesota Wireshark – to the lab!
10
March 2005 10R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.