Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Published byDarcy Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand."— Presentation transcript:

1 TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand four aspects of security Understand the concept of digital signature Understand the role of key management in entity authentication Know how and where IPSec, TLS, and PPG provide security Objectives

2 TCP/IP Protocol Suite 2 28.1 CRYPTOGRAPHY The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them secure and immune to attacks. The topics discussed in this section include: Symmetric-Key Cryptography Asymmetric-Key Cryptography Comparison

3 TCP/IP Protocol Suite 3 Figure 28.1 Cryptography components

4 TCP/IP Protocol Suite 4 In cryptography, the encryption/decryption algorithms are public; the keys are secret. Note:

5 TCP/IP Protocol Suite 5 In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Note:

6 TCP/IP Protocol Suite 6 Figure 28.2 Symmetric-key cryptography

7 TCP/IP Protocol Suite 7 In symmetric-key cryptography, the same key is used in both directions. Note:

8 TCP/IP Protocol Suite 8 Figure 28.3 Caesar cipher

9 TCP/IP Protocol Suite 9 Figure 28.4 Transpositional cipher

10 TCP/IP Protocol Suite 10 Figure 28.5 DES

11 TCP/IP Protocol Suite 11 Figure 28.6 Iteration block

12 TCP/IP Protocol Suite 12 Figure 28.7 Triple DES

13 TCP/IP Protocol Suite 13 The DES cipher uses the same concept as the Caesar cipher, but the encryption/ decryption algorithm is much more complex. Note:

14 TCP/IP Protocol Suite 14 Figure 28.8 Public-key cryptography

15 TCP/IP Protocol Suite 15 Figure 28.9 RSA

16 TCP/IP Protocol Suite 16 Symmetric-key cryptography is often used for long messages. Note:

17 TCP/IP Protocol Suite 17 Asymmetric-key algorithms are more efficient for short messages. Note:

18 TCP/IP Protocol Suite 18 28.2 PRIVACY Privacy means that the sender and the receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be unintelligible. The topics discussed in this section include: Privacy with Symmetric-Key Cryptography Privacy with Asymmetric-Key Cryptography

19 TCP/IP Protocol Suite 19 Figure 28.10 Privacy using symmetric-key encryption

20 TCP/IP Protocol Suite 20 Figure 28.11 Privacy using asymmetric-key encryption

21 TCP/IP Protocol Suite 21 Digital signature can provide authentication, integrity, and nonrepudiation for a message. Note:

22 TCP/IP Protocol Suite 22 28.3 DIGITAL SIGNATURE Digital signature can provide authentication, integrity, and nonrepudiation for a message. The topics discussed in this section include: Signing the Whole Document Signing the Digest

23 TCP/IP Protocol Suite 23 Figure 28.12 Signing the whole document

24 TCP/IP Protocol Suite 24 Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Note:

25 TCP/IP Protocol Suite 25 Figure 28.13 Hash function

26 TCP/IP Protocol Suite 26 Figure 28.14 Sender site

27 TCP/IP Protocol Suite 27 Figure 28.15 Receiver site

28 TCP/IP Protocol Suite 28 28.4 ENTITY AUTHENTICATION Entity authentication is a procedure that verifies the identity of one entity for another. An entity can be a person, a process, a client, or a server. In entity authentication, the identity is verified once for the entire duration of system access. The topics discussed in this section include: Entity Authentication with Symmetric-Key Cryptography Entity Authentication with Asymmetric-Key Cryptography

29 TCP/IP Protocol Suite 29 Figure 28.16 Using a symmetric key only

30 TCP/IP Protocol Suite 30 Figure 28.17 Using a nonce

31 TCP/IP Protocol Suite 31 Figure 28.18 Bidirectional authentication

32 TCP/IP Protocol Suite 32 28.5 KEY MANAGEMENT In this section we explain how symmetric keys are distributed and how public keys are certified. The topics discussed in this section include: Symmetric-Key Distribution Public-Key Certification Kerberos

33 TCP/IP Protocol Suite 33 A symmetric key between two parties is useful if it is used only once; it must be created for one session and destroyed when the session is over. Note:

34 TCP/IP Protocol Suite 34 Figure 28.19 Diffie-Hellman method

35 TCP/IP Protocol Suite 35 The symmetric (shared) key in the Diffie-Hellman protocol is K = G xy mod N. Note:

36 TCP/IP Protocol Suite 36 Let us give an example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume G = 7 and N = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 7 3 mod 23 = 21. 2. Alice sends the number 21 to Bob. 3. Bob chooses y = 6 and calculates R2 = 7 6 mod 23 = 4. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 4 3 mod 23 = 18. 6. Bob calculates the symmetric key K = 21 6 mod 23 = 18. The value of K is the same for both Alice and Bob; G xy mod N = 7 18 mod 23 = 18. Example 1

37 TCP/IP Protocol Suite 37 Figure 28.20 Man-in-the-middle attack

38 TCP/IP Protocol Suite 38 Figure 28.21 First approach using KDC

39 TCP/IP Protocol Suite 39 Figure 28.22 Needham-Schroeder protocol

40 TCP/IP Protocol Suite 40 Figure 28.23 Otway-Rees protocol

41 TCP/IP Protocol Suite 41 In public-key cryptography, everyone has access to everyone’s public key. Note:

42 TCP/IP Protocol Suite 42 Table 28.1 X.509 fields

43 TCP/IP Protocol Suite 43 Figure 28.24 PKI hierarchy

44 TCP/IP Protocol Suite 44 Figure 28.25 Kerberos servers

45 TCP/IP Protocol Suite 45 Figure 28.26 Kerberos example

46 TCP/IP Protocol Suite 46 28.6 SECURITY IN THE INTERNET In this section we discuss a security method for each of the top 3 layers of the Internet model. At the IP level we discuss a protocol called IPSec; at the transport layer we discuss a protocol that “glues” a new layer to the transport layer; at the application layer we discuss a security method called PGP. The topics discussed in this section include: IP Level Security: IPSec Transport Layer Security Application Layer Security: PGP

47 TCP/IP Protocol Suite 47 Figure 28.27 Transport mode

48 TCP/IP Protocol Suite 48 Figure 28.28 Tunnel mode

49 TCP/IP Protocol Suite 49 Figure 28.29 AH

50 TCP/IP Protocol Suite 50 The AH protocol provides message authentication and integrity, but not privacy. Note:

51 TCP/IP Protocol Suite 51 Figure 28.30 ESP

52 TCP/IP Protocol Suite 52 ESP provides message authentication, integrity, and privacy. Note:

53 TCP/IP Protocol Suite 53 Figure 28.31 Position of TLS

54 TCP/IP Protocol Suite 54 Figure 28.32 TLS layers

55 TCP/IP Protocol Suite 55 Figure 28.33 Handshake protocol

56 TCP/IP Protocol Suite 56 Figure 28.34 Record Protocol

57 TCP/IP Protocol Suite 57 Figure 28.35 PGP at the sender site

58 TCP/IP Protocol Suite 58 Figure 28.36 PGP at the receiver site

59 TCP/IP Protocol Suite 59 28.7 FIREWALLS A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. The topics discussed in this section include: Packet-Filter Firewall Proxy Firewall

60 TCP/IP Protocol Suite 60 Figure 28.37 Firewall

61 TCP/IP Protocol Suite 61 Figure 28.38 Packet-filter firewall

62 TCP/IP Protocol Suite 62 A packet-filter firewall filters at the network or transport layer. Note:

63 TCP/IP Protocol Suite 63 Figure 28.39 Proxy firewall

64 TCP/IP Protocol Suite 64 A proxy firewall filters at the application layer. Note:

Download ppt "TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
TCP/IP Protocol Suite 1 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

TCP/IP Protocol Suite 1 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security

Chapter 29 Internet Security
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017

Similar presentations

Ads by Google