Presentation is loading. Please wait.

Presentation is loading. Please wait.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Published byCaroline Pauline Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display."— Presentation transcript:

1 31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2 31.2 31-1 SECURITY SERVICES Cryptography has several applications in network security. Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service provides entity authentication or identification. Message Confidentiality Message Integrity Message Authentication Message Nonrepudiation Entity Authentication Topics discussed in this section:

3 31.3 Figure 31.1 Security services related to the message or entity

4 Message Confidentiality It means that the sender and receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be garbage. When a customer communicates with her bank, she expects that the communication is totally confidential. 31.4

5 31.5 31-2 MESSAGE CONFIDENTIALITY The concept of how to achieve message confidentiality or privacy has not changed for thousands of years. The message must be encrypted at the sender site and decrypted at the receiver site. This can be done using either symmetric-key cryptography or asymmetric-key cryptography. Confidentiality with Symmetric-Key Cryptography Confidentiality with Asymmetric-Key Cryptography Topics discussed in this section:

6 31.6 Figure 31.2 Message confidentiality using symmetric keys in two directions

7 31.7 Figure 31.3 Message confidentiality using asymmetric keys

8 Message Integrity It means that the data must arrive at the receiver as it was sent. There must be no changes during the transmission neither accidently nor maliciously. Example: A transfer of $100 is changed to $10000. 31.8

9 31.9 31-3 MESSAGE INTEGRITY Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity. Document and Fingerprint Message and Message Digest Creating and Checking the Digest Hash Algorithms: SHA-1 Topics discussed in this section:

10 31.10 To preserve the integrity of a document, both the document and the fingerprint are needed. Note

11 31.11 Figure 31.4 Message and message digest

12 31.12 The message digest needs to be kept secret. Note

13 31.13 Figure 31.5 Checking integrity

14 Message Authentication It ensures the receiver that the sender is not an imposter 31.14

15 31.15 31-4 MESSAGE AUTHENTICATION A hash function per se cannot provide authentication. The digest created by a hash function can detect any modification in the message, but not authentication. MAC Topics discussed in this section:

16 31.16 Figure 31.9 MAC, created by Alice and checked by Bob

17 31.17 31-5 DIGITAL SIGNATURE When Alice sends a message to Bob, Bob needs to check the authenticity of the sender; he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. In other words, an electronic signature can prove the authenticity of Alice as the sender of the message. We refer to this type of signature as a digital signature. Comparison Need for Keys Process Topics discussed in this section:

18 31.18 A digital signature needs a public-key system. Note

19 31.19 Figure 31.11 Signing the message itself in digital signature

20 31.20 In a cryptosystem, we use the private and public keys of the receiver; in digital signature, we use the private and public keys of the sender. Note

21 31.21 Figure 31.12 Signing the digest in a digital signature

22 31.22 A digital signature today provides message integrity. Note

23 31.23 Digital signature provides message authentication. Note

24 Message non-repudiation It means that a sender must not be able to deny sending a message that he or she, in fact, did sent. The burden of proof falls on the receiver. Example: When a customer sends a message to transfer money from one account to another, the bank must have proof that the customer actually requested this transaction. 31.24

25 31.25 Figure 31.13 Using a trusted center for nonrepudiation

26 31.26 Nonrepudiation can be provided using a trusted party. Note

27 31.27 31-6 ENTITY AUTHENTICATION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier. Passwords Challenge-Response Topics discussed in this section:

Download ppt "31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display."

Similar presentations

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Chapter 13 Digital Signature

Chapter 13 Digital Signature
Chapter 31 Network Security

Chapter 31 Network Security

Similar presentations

Ads by Google