computer network security
DESCRIPTION
Computer Network Security. Hyun-Sung Kim Dept. of Computer Engineering Kyungil University [email protected]. Index. Necessity of network security Services for network security Security techniques for Internet service Secure Internet banking example. Internet. Necessity. mail server. - PowerPoint PPT PresentationTRANSCRIPT
Computer Network Computer Network SecuritySecurity
Hyun-Sung KimHyun-Sung KimDept. of Computer EngineeringDept. of Computer Engineering
Kyungil UniversityKyungil [email protected]@kiu.ac.kr
22/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Index
Necessity of network security Services for network security Security techniques for Internet
service Secure Internet banking
example
33/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Web service, Mail service, Telnet service…
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
Basic concernsBasic concerns
55/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Basic Scenario Request services to a remote server
– Attack : Make the server down by requiring multiple service requests
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Heavy traffic control– Security hole : Other kinds of
attacks that could break down the server
66/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(Firewall)
Blocking incoming access by potential attackers– IP check, Port check
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
77/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(IDS)
Detecting unauthorized access to a computer network– Packet analysis, Event analysis
Router
Router
Client B
Mobile Node
Internet
server
server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
IDS
IDS
IDS
88/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Internet
6. Report 5. Database 4. Alert 3. Log 2. Detection
Engine 1. Network
Packet
Defense(N-IDS)
Router
Mobile Node
Client AFirewallIDS
IDS
99/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
6. Report
5. Database
4. Alert
3. Log
2. Detection Engine
1. Network Packet
Defense(N-IDS)
Internet
IDS
Data linkheader
Internetheader
Transportheader
Applicationheader Data
… …
srcport
dstport
FIN
SYN
“SYN FIN SCAN Attack”
SYN FIN SCAN Attack was detected from 155.230.90.99to 203.230.91.25 at 23:00 34 June 2004
Storing data for the data forensic
1010/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(Virus)
Detecting instruction sequence for lots of types of virus– Checks all the files on disk and instructions in memory
Router
Router
Client B
Mobile Node
Internet
server
server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
IDS
IDS
IDS
1111/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Is that all about the security ?
InternetInternetRouter
Client B
server
server
Router
Firewall
Firewall
IDS
IDS
Router
Mobile Node
Client AFirewallIDS
Other concernsOther concerns
1313/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 1 Access to a remote server by
Telnet
– Attack : Illegal user try to login a Telnet server
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Three times of login failure check
– Security hole : Un-continuous login attempts
1414/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 2 Access to files which has no permission
– Attack : Unauthorized user try illegal access to files
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Role control– Security hole : Is there any method
to break the defense mechanism?
1515/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 3 Sending a very important
information over Internet
– Attack : Illegal user try to listen the information
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Encoding & decoding– Security hole : Is there any method to
break the defense mechanism?
1616/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 4 Sending a very important information
over Internet
– Attack : Illegal user try to modify the information
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Encryption
– Security hole : Is there any method to break the defense mechanism?
1717/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 5 Repudiate what he did
– Attack : User denies what he did
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Signature
– Security hole : Is there any method to break the defense mechanism?
1818/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and mechanism
E-money E-contract Intrusion DetectionE-commerce Biometric Mobile SecurityE-auction Secure Multimedia VPNE-vote Firewall
AlgorithmsDES AES SEEDElGamal RSA ECCHash Function PRG
MechanismsEncryption Digital SignatureAccess Control AuthenticationKey-Exchange
ServicesAuthentication Non-repudiationAccess Control ConfidentialityIntegrity
Applications
1919/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Authentication -> Scenario 1 Access control -> Scenario 2 Confidentiality -> Scenario 3 Integrity -> Scenario 4 Non-repudiation -> Scenario 5
2020/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Authentication– An assurance that the identity is not
false– Ensures that the origin is correctly
identified Non-repudiation
– Requires that neither the sender nor the receiver of a message be able to deny the transmission
2121/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Confidentiality– Ensures that the information are
accessible only by authorized parties Integrity
– Ensures that the only authorized parties are able to modify information
2222/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Mechanisms
Encryption Digital signature Authentication Key-exchange
2323/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Mechanisms
EncryptionEncryption– DES, AES, SEED, ElGamal, RSA, ECC
Digital signatureDigital signature– Public-key cryptosystem
AuthenticationAuthentication– Public-key cryptosystem
Key-exchangeKey-exchange– Diffie-Hellman key-exchange protocol
CryptographyCryptography
ConfidentialityConfidentiality
IntegrityIntegrity
2525/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Internet
Router
Client B
server
server
Router
Firewall
Firewall
IDS
IDS
Router
Mobile Node
Client AFirewallIDS
Un-secure channel => Secure Channel(Symmetric-key and Public-key systemSymmetric-key and Public-key system)
2626/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertext
The same key(K)The same key(K)
DecryptionDecryptionAlgorithmAlgorithm
CC=E(=E(PP,K),K) PP=D(=D(CC,K),K)Sender Receiver
KK KK
2727/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– Caesar CipherCaesar Cipher(Basic scheme)(Basic scheme)
KeyKey => 3
Plain text : meet me after the partyCipher text : phhw ph diwhu wkh sduwb
Encryption algorithm : Addition Decryption algorithm : Subtraction
2828/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– ProblemsProblems in Caesar Cipher
• The key size is so small : -25 ~ 25 (about 50 keys)• Weak at the brute force attack
– SolutionsSolutions• Enlarge the key size• Apply more complex operations
2929/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– DES(Data Encryption Standard)DES(Data Encryption Standard)
• Key size : 56 bits• Basic operations
– Transposition– Substitution– XOR– Shift
• USA standardUSA standard – DES : from 1977 to 1998– AES : 2001 draft
3030/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
DES(Data Encryption DES(Data Encryption Standard)Standard)
Initial permutation
Round 1
Round 2
Round 16
32-bit swap
Inverse IP
Permuted choice 2
Permuted choice 2
Permuted choice 2
Left circular shift
Left circular shift
Left circular shift
Permuted choice 1
K1K1
K2K2
K3K3
64-bits 64-bits plaintextplaintext
64-bits 64-bits ciphertextciphertext
56-bits 56-bits keykey
3131/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
DES(Data Encryption DES(Data Encryption Standard)Standard)
Li-1
KKi
32-bits32-bits 28-bits28-bits
Ri-1 Ci-1 Di-1
28-bits28-bits32-bits32-bits
Li Ri Ci Di
substition/choice(S-box)
permutation/contractionpermuted choice 2
expansion/permutation
left shift left shift
permutation
XOR
XOR
48484848
4848
3232
3232
3232/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– The strength of DES
Key size Number of One Encryption 10Key size Number of One Encryption 1066 Encryption Encryption Alternative Keys per micro sec per micro secAlternative Keys per micro sec per micro sec
32bits 223 = 4.3 * 109 35.8 minutes 2.15ms 56bits 256bits 25656 = 7.2 * 10 = 7.2 * 101616 1142years 10.01h 1142years 10.01h 128bits 2128bits 2128128 = 3.4 * 10 = 3.4 * 103838 10 102424years 5.4 * 10years 5.4 * 101818 years years
3333/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Is DES secure enoughsecure enough?– No!
• There are potential weaknesses• Key size is not secure enough
Is there any alternativeany alternative?– Yes!
• Enlarge key size from 56 to 128 => Triple DES
• AES
3434/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertextDecryptionDecryptionAlgorithmAlgorithm
C=E(P,K)C=E(P,K) P=D(C,K)P=D(C,K)Sender Receiver
The same keyThe same key
KK KK
3535/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertext
Public-key(PUPublic-key(PURR))
DecryptionDecryptionAlgorithmAlgorithm
CC=E(=E(PP,,PUPURR)) PP=D(=D(CC,,PRPRRR))Sender Receiver
Private-key (PRPrivate-key (PRRR))PUPURR PUPUSS
PRPRRRPRPRSS
3636/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
Input size : less than or equal to nEncryption : C = Me mod nDecryption : M = Cd mod n = (Me)d mod n
Public-key = {e,n}, Private-key = {d,n}
3737/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
* Key Generation• Select p,q, both prime• Calculate n=p*q• Calculate (n)=(p-1)(q-1)• Select integer e, which gcd((n),e)=1; 1<e<(n)• Calculate d, d=e-1 mod (n)• Public key = {e,n}, Private key = {d,n}
3838/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Key GenerationKey Generation– Select p,q, both prime– Calculate n=p*q– Calculate (n)=(p-1)(q-1)– Select integer e, which gc
d((n),e)=1; 1<e<(n)– Calculate d, d=e-1 mod
(n)– Public key = {e,n}{e,n}, Private
key = {d,n}{d,n}
ExampleExample– p=7, q=17– n=pq=7*17=119 (n)=6*16=96– e=5– Determine dde = 1 mod 96d = 77, 77*5=385 mod 96– Public key = {5,119}{5,119}, Priv
ate key = {77,119}{77,119}
3939/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
M=19M=19 6666
Sender Receiver
{5,119}{5,119}EncryptioEncryptionn
191955 mod mod 119119
191955=2476099/119=2476099/119
20807 with a remainder20807 with a remainder
of 66of 66
{77,119}{77,119}
66667777 mod 119 mod 119
DecryptioDecryptionn M=19M=19
RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
4040/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– The security of RSAThe security of RSA
• Brute force• Mathematical attacks
– The factoring problem, finding large two primes from p and q
• Timing attacks
4141/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Is RSA secure enoughsecure enough?– Yes!
• But, requires the large key size, 1024
Is there any alternativeany alternative?– Yes!
• ECC with much less key size, 160 bits
4242/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key Symmetric-key systemsystem– One key is used
– Disadvantage• Difficult to share the
key
– Advantage• High speed,
substitution and transposition
Public-key systemPublic-key system– Two keys are used
– Advantage• Easy to share the
public key
– Disadvantage• Low speed,
exponentiation
CryptographyCryptography
Digital signatureDigital signature
AuthenticationAuthentication
4444/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– Digital signature and Digital signature and
authenticationauthentication
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextSignedtextDecryptionDecryptionAlgorithmAlgorithm
Public-key(PUPublic-key(PUSS))
PP=D(=D(CC,,PUPUSS))Sender ReceiverCC=E(=E(PP,,PRPRSS))
Private-key (PRPrivate-key (PRSS))PUPURR PUPUSS
PRPRRRPRPRSS
4545/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Encryption vs. Digital Encryption vs. Digital signaturesignature EncryptionEncryption
EncryptionEncryptionAlgorithmAlgorithm
DecryptionDecryptionAlgorithmAlgorithm
Sender Receiver
PUPURR PRPRRR
Digital signatureDigital signature
EncryptionEncryptionAlgorithmAlgorithm
DecryptionDecryptionAlgorithmAlgorithm
Sender Receiver
PRPRSS PUPUSS
CryptographyCryptography
Confidentiality withConfidentiality with
Digital signatureDigital signature
4747/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
First step for Digital signatureFirst step for Digital signature
EncryptionEncryptionAlgorithmAlgorithm
Sender
PRPRSS
Receiver
DecryptionDecryptionAlgorithmAlgorithm
Second step for EncryptionSecond step for Encryption
Sender
EncryptionEncryptionAlgorithmAlgorithm
PUPURR
PUPUSS
PRPRRR
CryptographyCryptography
Non-repudiationNon-repudiation
4949/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key distribution with a Public-key distribution with a trusted third party(Certificate trusted third party(Certificate authority)authority)
User A User B
PUPUAA
CCAA==EEPRPRCACA[Time[Time11,ID,IDAA,PU,PUAA]]
PUPUBB
CCBB==EEPRPRCACA[Time[Time22,ID,IDBB,PU,PUBB]]
CCAA
CCBB
CACA
PUPUCACA PUPUCACA
CryptographyCryptography
Key exchangeKey exchange
5151/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
With a certificateWith a certificate
EncryptionEncryptionAlgorithmAlgorithm
Sender
PUPURR
KeKeyy
DecryptionDecryptionAlgorithmAlgorithm
Receiver
KeKeyy
Ciphered Ciphered KeyKey
PRPRRR
5252/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Diffie-Hellman key exchange protocolDiffie-Hellman key exchange protocol
Select Select private private XAXACalculate Calculate public YApublic YAYA=YA=XAXA mod qmod q
Select Select private XBprivate XBCalculate Calculate public YBpublic YBYB=YB=XBXB mod qmod q
YAYA
YBYB
User AUser A User BUser B
Generate secret keyGenerate secret keyKK=(YB)=(YB)XAXA mod qmod q
Generate secret keyGenerate secret keyKK=(YA)=(YA)XBXB mod qmod q
Secure Internet Secure Internet BankingBanking
5454/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
User authentication Issue a certificate Key-exchange Transaction Additional security with a secret
card
5555/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
User authenticationUser authentication
Banking serverBanking serverAccept or rejectAccept or reject
Login requestLogin request(ID, Password)(ID, Password)
SSLSSL
CACACertificate RequestCertificate Request
Issues a certificateIssues a certificate
5656/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
Key exchangeKey exchange
Banking serverBanking server
Exchange a keyExchange a keyfor the sessionfor the session
E(PUE(PUC C ,Key),Key)CertificateCertificate
5757/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
TransactionTransaction
Banking serverBanking server
CC=E(M,=E(M,KeyKey))
CC=E(M,=E(M,KeyKey,,Alt.KeyAlt.Key))
Secret CardSecret Card
1:8975 2:1348 3:1796 4:2465 5:2696 6:3147
…28:1323 29:1369 30:1416
5858/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and Relation of service and mechanismmechanism
Algorithms
Mechanisms
Services
Applications
E-money E-contract Intrusion DetectionE-commerce Biometric Mobile SecurityE-auction Secure Multimedia VPNE-vote Firewall
Authentication ConfidentialityIntegrity Non-repudiationAccess Control
Encryption Digital SignatureAccess Control AuthenticationKey-Exchange
DES AES SEEDElGamal RSA ECCHash Function PRG
5959/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and Relation of service and mechanismmechanism
AlgorithmsAlgorithms
MechanismsMechanisms
ServicesServices
Symmetric-keySymmetric-key&&
Public-keyPublic-keyCryptosystemCryptosystem
DES, AESDES, AESRSA, ECCRSA, ECC
EncryptionEncryptionKey exchangeKey exchange
ConfidentialityConfidentiality
Symmetric-keySymmetric-key&&
Public-keyPublic-keyCryptosystemCryptosystem
DES, AESDES, AESRSA, ECCRSA, ECC
EncryptionEncryptionKey exchangeKey exchange
IntegrityIntegrity
Public-keyPublic-keyCryptosystemCryptosystem
RSA, ECC,RSA, ECC,DSSDSS
DigitalDigitalSignatureSignature
AuthenticationAuthentication
Public-keyPublic-keyCryptosystemCryptosystem
RSA, ECC,RSA, ECC,DSSDSS
DigitalDigitalSignatureSignature
Non-repudiationNon-repudiation