1. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 1 Chapter 29 Internet Security

2. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 2 CONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS

3. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 3 INTRODUCTION 29.1

4. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 4 29.1 개요  보안에서 필요한 기능

5. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 5 PRIVACY 29.2

6. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 6 29.2 기밀성  비밀키 암호화

7. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 7 29.2 기밀성 In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.

8. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 8 29.2 기밀성 Secret-key encryption is often called symmetric encryption because the same key can be used in both directions.

9. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 9 29.2 기밀성 Secret-key encryption is often used for long messages.

10. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 10 29.2 기밀성 We discuss one secret-key algorithm in Appendix E.

11. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 11 29.2 기밀성 KDC can solve the problem of secret-key distribution.

12. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 12 29.2 기밀성  공개키 암호화

13. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 13 29.2 기밀성 Public-key algorithms are more efficient for short messages.

14. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 14 29.2 기밀성 A CA can certify the binding between a public key and the owner.

15. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 15 29.2 기밀성  비밀키와 공개키의 결합

16. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 16 29.2 기밀성 To have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key.

17. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 17 DIGITAL SIGNATURE 29.3

18. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 18 29.3 디지털 서명  전체 문서에 서명

19. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 19 29.3 디지털 서명 Digital signature cannot be achieved using only secret keys.

20. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 20 29.3 디지털 서명 Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.

21. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 21 29.3 디지털 서명  다이제스트에 서명

22. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 22 29.3 디지털 서명  송신자 측

23. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 23 29.3 디지털 서명  수신자 측

24. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 24 SECURITY IN THE INTERNET 29.4

25. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 25 29.4 인터넷 보안  인터넷 보안 기능 제공  응용 계층  Client 와 server 고려  전송 계층  새로운 계층 추가  IP 계층  OSPF, ICMP, IGMP 층과 같은 프로토콜을 위한 서비스

26. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 26 APPLICTION LAYER SECURITY 29.5

27. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 27 29.5 응용계층 보안  PGP(Pretty Good Privacy)  Phill Zimmermann 에 의해 개발  기밀성, 무결성, 인증, 부인방지 서비스 제공  무결성, 인증, 부인 방지를 위해 디지털 서명 사용  기밀성을 위해 비밀키와 공개키 암호화 조합 이용

28. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 28 29.5 응용계층 보안  송신측의 PGP

29. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 29 29.5 응용계층 보안  수신측의 PGP

30. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 30 29.5 응용계층 보안  SSH(Secure Shell)  보안을 제공하는 클라이언트 - 서버 프로그램  인증, 권한부여, 기밀성, 무결성, 터널링 기능 제공

31. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 31 TRANSPORT LAYER SECURITY (TLS) 29.6

32. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 32 29.6 전송계층 보안  TLS 의 위치

33. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 33 29.6 전송계층 보안  TLS(Transport Layer Security)  전송계층 보안 제공  넷스케이프사 개발 SSL(Secure Socket Layer)  IETF 에 의해 설계된 SSL 의 공개 버전  Handshake Protocol : 보안 협상, 브라우저 / 서버간 인 증  Data Exchange Protocol : 무결성, 기밀성 제공

34. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 34 29.6 전송계층 보안  핸드쉐이크 프로토콜

35. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 35 SECURITY AT THE IP LAYER (IPSec) 29.7

36. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 36 29.7 IP 계층 보안 : IPSEC  인증

37. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 37 29.7 IP 계층 보안 : IPSEC  헤더 형식

38. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 38 29.7 IP 계층 보안 : IPSEC  ESP

39. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 39 29.7 IP 계층 보안 : IPSEC  ESP 형식

40. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 40 FIREWALLS 29.8

41. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 41 29.8 방화벽

42. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 42 29.8 방화벽  패킷 - 필터 방화벽

43. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 43 29.8 방화벽 A packet-filter firewall filters at the network or transport layer.

44. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 44 29.8 방화벽  프록시 방화벽

45. HANNAM UNIVERSITY Http://netwk.hannam.ac.kr 45 29.8 방화벽 A proxy firewall filters at the application layer.