Presentation is loading. Please wait.

Presentation is loading. Please wait.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Published byPreston Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security."— Presentation transcript:

1 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security

2 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl2 2 CONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS

3 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl3 3 29.1 Aspects of security Privacy = Confidentiality of the transmitted message (encryption) Authentication = The sender ( not an imposter) sent the message Integrity = Message arrives without corruption Nonrepudiation = Sender cannot deny the message.

4 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl4 4 29.2 Privacy : Secret-key Encryption the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Often called symmetric encryption because the same key can be used in both directions Efficient algorithms, takes less time to compute. Often used for long messages.  Each pair must have a secret key. N people need ½N(N-1)  Difficult to distribute the secret key  KDC can solve the problem of secret-key distribution.

5 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl5 5 Privacy: Public-key Encryption Each entity has two distinct keys: Private key and a Public key. Sender uses Receiver’s public key to encrypt the plaintext Receiver uses its own private key to decrypt the ciphertext.  No other private key can decrypt the ciphertext.  N people need 2 N keys.  Easy key distribution.  Requires more time to encrypt/decrypt than the Secret Key method. More suitable for short messages  How to authenticate the binding between an entity and its public key?

6 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl6 6 Certification Authorities (CAs) A trusted agency used to verify that a public key belongs to a specific entity. Issues a certificate: Public key + entity’s information (e.g. name, router IP) and encrypt it using the CA private key Each receiver uses the CA’s public key to decrypt the sender’s certificate thus obtains the sender’s public key.

7 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl7 7 Secret Key + Public Key Combination

8 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl8 8 29.3 Digital Signature Encryption achieves privacy only. Digital Signature’s goal is to achieve authentication and nonrepudiation of sender + integrity of the message. Sender signs the message with a unique signature. Receiver verifies the sender’s signature. Two options:  Signing the whole document  Signing a Digest of the document.

9 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl9 9 Signing the Whole Document Sender uses its private key to encrypt (i.e. sign) the messgae Receiver uses the sender’s public key to decrypt (i.e. verify the signature) of the message. Integrity: If message is intercepted and/or corrupted, the decrypted message is unreadable. Authentication: If an imposter sent the message, using the intended sender’s public key to decrypt results in garbage. Nonrepudiation: If sender denies the message, its private key is used by the authorities to decrypt the ciphertext. If results match, then the messages realy belongs to the sender.

10 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl10 10 Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.

11 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl11 11 Signing the digest Two common has functions:  MD5 → 120-bit digest  SHA-1 → 160-bit digest Properties of hash function: 1.One-Way: Massage to digest but not vice versa 2.One-to-One: No two distinct messages generate the same digest

12 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl12 12 Sender site +

13 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl13 13 Receiver site + Integrity, authenticity and nonrepudiation of Digest guarantees the same for the Message. Why so?

14 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl14 14 29.4 Security in the Internet At the Application layer  The PGP scheme At the Transport layer  TLS protocol At the IP layer  IPSec Firewalls

15 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl15 15 29.5 Application-Layer Security: PGP at the sender site ++

16 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl16 16 PGP at the receiver site

17 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl17 17 29.6 Transport Layer Security (TLS)

18 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl18 18 Encrypted by Server’s public key Encrypted by client’s secret key Includes Server’s public key Encrypted by client’s secret key TLS: 1) The Handshake Protocol Data transfer is encrypted using the client-generated secret key

19 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl19 19 29.7 Security at the IP-Layer: 1) Authentication Header Protocol

20 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl20 20 2) Encapsulating Security Payload (ESP)

21 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl21 21 Figure 29-16 ESP format

22 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl22 22 FIREWALLS 29.8

23 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl23 23 Figure 29-17 Firewall

24 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl24 24 Packet-filter firewall A packet-filter firewall filters at the network or transport layer.

25 ©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl25 25 Proxy firewall A proxy firewall filters at the application layer.

Download ppt "©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security

Chapter 29 Internet Security
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Chapter 31 Network Security

Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Similar presentations

Ads by Google