Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Published byVeronica Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some."— Presentation transcript:

1 Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some background. The topics are very extensive and 50 pages of text can’t cover much at all.

2 Encryption Two main divisions: symmetric, same key both encodes and decodes (examples DES, Blowfish, RC2, RC4 etc.), asymmetric, different keys, one for encoding and one for decoding (example RSA, DH) Symmetric, usually much faster to compute, but key distribution is harder Asymmetric, much slower to compute, but key distribution is easier

3 Problems requiring Encryption (in plain English) You don’t want your data intercepted in- transit by an unintended recipient You want to be sure that you are communicating with the person or website that you intend You want to be able to prove that you are who you say you are

4 Secret keys – symmetric encryption Simple enough in concept – encrypt your message with a secret key and send it to a recipient – see next diagram Read over the details of the example method given in the text (DES), but we will focus more on RSA

5 Plaintext Encrypt with secret key Ciphertext Plaintext Decrypt with secret key

6 Public Key or Asymmetric Algorithms Usually based on difficult-to-compute mathematical algorithms like factoring large near-prime numbers or calculating discrete logs Two keys – private key and public key One encrypts The other decrypts Only one copy of private key – owner Can be many copies of public key

7 Public Key Usage Look over the accompanying slides (handout) on the usage of Public Key cryptography Factoid: RSA is 100x to 10,000x times slower to compute than a secret key method like DES or Blowfish Therefore large amounts of encryption are not usually done with a public key method – instead secret (symmetric) keys are passed with public key encryption – see slides

8 Terminology Key – a string of characters used to encrypt or decrypt a message Plain text – the original message Cipher text – the encrypted message Public key – the part of a (public,private) key pair that is distributed to people whom you want to send encrypted messages to Private key – the part that you keep to yourself to encrypt and decrypt with

9 How Public and Private Keys Work Plain text encrypted by a private key gives cipher text that can be decrypted (only) by the public key Conversely, plain text encrypted by the public key gives text that can be decrypted (only) by the private key Note: plain text encrypted by a public key can not be decrypted by a second use of the public key (same for the private key)

10 How it Works (continued) Note: if you want to keep your data secret it does not work to encrypt data with your private key and send it off to be decrypted with your public key because your public key (being public!) may be in other people’s hands other than your intended recipient Therefore both sides need a separate (private, public) key pair (see the diagrams in the handout) Caveat: if you want to prove that you are who you say you are then encrypting with your private key is useful – since only you posses it!

11 Plaintext Encrypt with public key Ciphertext Plaintext Decrypt with private key

12 Security Cryptography algorithms Public key (e.g., RSA) Secret key (e.g., DES) Message digest (e.g., MD5) Security services AuthenticationPrivacyMessage integrity

13 Security Mechanisms Authentication, trusted third party, digital signatures, certificates are all mechanisms based on various uses of encryption to handle those problems stated earlier in plain English The next diagrams show graphically some of the handshaking that needs to go on

14

15 ASB E (( T, L, K, B ), K A E (( A, T ), K E (( T, L, K, A ), K B ) A, B E ( T + 1, K ) E (( T, L, K, A ), K B )

16

17 Certificates Just a special type of digitally signed document In plain English it says: “I certify that the public key in this document belongs to the entity named in the document, signed X.” X would normally be a CA or Certification Authority – an administrative entity that is in the business of issuing certificates

18 “Chains of Trust” Read over carefully the basic ideas behind the tree-structured certification authority given on page 592 and in figure 8.12 This whole issue is fraught with complications and standards – just the basic idea will suffice for us for this course

19 User CA PCA1PCA2 IPRA PCA3 CA IPRA=Internet Policy Registration Authority (root) PCAn=policy certification authority CA=certification authority

20 Example Systems Privacy Enhanced Mail (PEM) Read over the basic idea on page 595 and study the following figures

21 Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Decrypt signed checksum with sender’s public key Calculate MD5 checksum over message contents Sign checksum using RSA with sender’s private key Transmitted message

22 Decrypt message using DES with secret keyk DecryptE(k) using RSA with my private key ->k Convert ASCII message Encryptk using RSA with recipient’s public key Encode message +E(k) in ASCII for transmission Encrypt message using DES with secret keyk Create a random secret keykOriginal message Transmitted message

23 Transport Layer Security (TLS) SSL, HTTPS are two well known examples

24

25 Client Server Hello [Certificate] Keys [Cert. V erify] Finished Data Hello [Certificate, Keys, Cert. Request] HelloDone Finished

26 Firewalls Basic Functions Packet Filtering (see example on handouts) Network Address Translation (NAT) Application Proxy Monitoring and Logging

27 Firewalls – Other functions Firewalls can sometimes do: Data Caching Content Filtering Intrusion Detection Load Balancing

28 Rest of the InternetLocal siteFirewall

29 Proxy-Based Firewalls A big topic that is only briefly touched upon in this text book

30 Company netFirewall Web server Random external user Remote company user Internet

31 External client External HTTP/TCP connection Proxy Firewall Internal HTTP/TCP connection Local server

32 Outside worldR1R2 net 1 net 2

Download ppt "Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google