Download presentation
Presentation is loading. Please wait.
Published byDebra Harvey Modified over 9 years ago
1
csci5233 Computer Security1 Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3)
2
csci5233 Computer Security2 Topics
3
csci5233 Computer Security3 Networks & Cryptography The ISO/OSI 7-layer network model: Fig. 11-2. Given C 0, …, C n be a sequence of hosts, and C i and C i+1 are neighboring hosts. –End-to-end protocol: A protocol that has C 0 and C n as its end points. Examples: telnet, TCP –Link-layer protocol: A protocol that has C i and C i+1 as its end points. Examples: IP ?
4
csci5233 Computer Security4 Networks & Cryptography Cryptographical protocols in a network –End-to-end encryption: The cryptographical processing is only done at the end points (i.e., the source and the destination) Examples: VPN, SSL –Link-layer encryption: The cryptographical processing occurs at each host along the communication path. Examples: The PPP Encryption Control Protocol [RFC 1968]
5
csci5233 Computer Security5 Networks & Cryptography Shared keys –End-to-end encryption Symmetric: A key is shared between the two end-points Asymmetric: Each end knows the public key of the other end. –Link-layer encryption Symmetric: Per-host key sharing: Each host has its own key, which is shared with each of its neighboring hosts, that is, one key per host. Per-host-pair key sharing: Each pair of hosts share a key, that is, one key per link. Asymmetric: Each node knows the public key of its immediate neighbor.
6
csci5233 Computer Security6 Networks & Cryptography In end-to-end encryption, only the source and the destination hosts can read the content of the message. The message is encrypted during transmission. + An attacker cannot read the message by intercepting the message during transmission or by attacking the intermediate hosts along the path. Traffic Analysis A cryptanalysis method in which the attacker deduces information by analyzing the traffic patterns. Can also be used to locate system vulnerability. See the example on pp. 285-286.
7
csci5233 Computer Security7 Networks & Cryptography More on Network Security Chapter 26 (Bishop) Infrastructure Firewalls DMZ Network availability Chapter 25 Intrusion detection system (IDS) Chapter 27 System security
8
csci5233 Computer Security8 Next Chapter 12: Authentication
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.