Download - Computer Network Security
![Page 1: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/1.jpg)
Computer Network Computer Network SecuritySecurity
Hyun-Sung KimHyun-Sung KimDept. of Computer EngineeringDept. of Computer Engineering
Kyungil UniversityKyungil [email protected]@kiu.ac.kr
![Page 2: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/2.jpg)
22/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Index
Necessity of network security Services for network security Security techniques for Internet
service Secure Internet banking
example
![Page 3: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/3.jpg)
33/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Web service, Mail service, Telnet service…
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
![Page 4: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/4.jpg)
Basic concernsBasic concerns
![Page 5: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/5.jpg)
55/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Basic Scenario Request services to a remote server
– Attack : Make the server down by requiring multiple service requests
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Heavy traffic control– Security hole : Other kinds of
attacks that could break down the server
![Page 6: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/6.jpg)
66/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(Firewall)
Blocking incoming access by potential attackers– IP check, Port check
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
![Page 7: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/7.jpg)
77/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(IDS)
Detecting unauthorized access to a computer network– Packet analysis, Event analysis
Router
Router
Client B
Mobile Node
Internet
server
server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
IDS
IDS
IDS
![Page 8: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/8.jpg)
88/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Internet
6. Report 5. Database 4. Alert 3. Log 2. Detection
Engine 1. Network
Packet
Defense(N-IDS)
Router
Mobile Node
Client AFirewallIDS
IDS
![Page 9: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/9.jpg)
99/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
6. Report
5. Database
4. Alert
3. Log
2. Detection Engine
1. Network Packet
Defense(N-IDS)
Internet
IDS
Data linkheader
Internetheader
Transportheader
Applicationheader Data
… …
srcport
dstport
FIN
SYN
“SYN FIN SCAN Attack”
SYN FIN SCAN Attack was detected from 155.230.90.99to 203.230.91.25 at 23:00 34 June 2004
Storing data for the data forensic
![Page 10: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/10.jpg)
1010/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Defense(Virus)
Detecting instruction sequence for lots of types of virus– Checks all the files on disk and instructions in memory
Router
Router
Client B
Mobile Node
Internet
server
server
Router
.
.
.
Client A
Firewall
Firewall
Firewall
IDS
IDS
IDS
![Page 11: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/11.jpg)
1111/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Is that all about the security ?
InternetInternetRouter
Client B
server
server
Router
Firewall
Firewall
IDS
IDS
Router
Mobile Node
Client AFirewallIDS
![Page 12: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/12.jpg)
Other concernsOther concerns
![Page 13: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/13.jpg)
1313/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 1 Access to a remote server by
Telnet
– Attack : Illegal user try to login a Telnet server
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Three times of login failure check
– Security hole : Un-continuous login attempts
![Page 14: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/14.jpg)
1414/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 2 Access to files which has no permission
– Attack : Unauthorized user try illegal access to files
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
– Defense : Role control– Security hole : Is there any method
to break the defense mechanism?
![Page 15: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/15.jpg)
1515/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 3 Sending a very important
information over Internet
– Attack : Illegal user try to listen the information
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Encoding & decoding– Security hole : Is there any method to
break the defense mechanism?
![Page 16: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/16.jpg)
1616/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 4 Sending a very important information
over Internet
– Attack : Illegal user try to modify the information
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Encryption
– Security hole : Is there any method to break the defense mechanism?
![Page 17: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/17.jpg)
1717/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Necessity
Scenario 5 Repudiate what he did
– Attack : User denies what he did
Router
Router
Client B
Mobile Node
Internet
mail server
web serverTelnet server
Router
.
.
.
.
.
.
Client A
3510 2211…
– Defense : Signature
– Security hole : Is there any method to break the defense mechanism?
![Page 18: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/18.jpg)
1818/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and mechanism
E-money E-contract Intrusion DetectionE-commerce Biometric Mobile SecurityE-auction Secure Multimedia VPNE-vote Firewall
AlgorithmsDES AES SEEDElGamal RSA ECCHash Function PRG
MechanismsEncryption Digital SignatureAccess Control AuthenticationKey-Exchange
ServicesAuthentication Non-repudiationAccess Control ConfidentialityIntegrity
Applications
![Page 19: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/19.jpg)
1919/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Authentication -> Scenario 1 Access control -> Scenario 2 Confidentiality -> Scenario 3 Integrity -> Scenario 4 Non-repudiation -> Scenario 5
![Page 20: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/20.jpg)
2020/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Authentication– An assurance that the identity is not
false– Ensures that the origin is correctly
identified Non-repudiation
– Requires that neither the sender nor the receiver of a message be able to deny the transmission
![Page 21: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/21.jpg)
2121/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Security services
Confidentiality– Ensures that the information are
accessible only by authorized parties Integrity
– Ensures that the only authorized parties are able to modify information
![Page 22: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/22.jpg)
2222/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Mechanisms
Encryption Digital signature Authentication Key-exchange
![Page 23: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/23.jpg)
2323/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Mechanisms
EncryptionEncryption– DES, AES, SEED, ElGamal, RSA, ECC
Digital signatureDigital signature– Public-key cryptosystem
AuthenticationAuthentication– Public-key cryptosystem
Key-exchangeKey-exchange– Diffie-Hellman key-exchange protocol
![Page 24: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/24.jpg)
CryptographyCryptography
ConfidentialityConfidentiality
IntegrityIntegrity
![Page 25: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/25.jpg)
2525/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Internet
Router
Client B
server
server
Router
Firewall
Firewall
IDS
IDS
Router
Mobile Node
Client AFirewallIDS
Un-secure channel => Secure Channel(Symmetric-key and Public-key systemSymmetric-key and Public-key system)
![Page 26: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/26.jpg)
2626/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertext
The same key(K)The same key(K)
DecryptionDecryptionAlgorithmAlgorithm
CC=E(=E(PP,K),K) PP=D(=D(CC,K),K)Sender Receiver
KK KK
![Page 27: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/27.jpg)
2727/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– Caesar CipherCaesar Cipher(Basic scheme)(Basic scheme)
KeyKey => 3
Plain text : meet me after the partyCipher text : phhw ph diwhu wkh sduwb
Encryption algorithm : Addition Decryption algorithm : Subtraction
![Page 28: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/28.jpg)
2828/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– ProblemsProblems in Caesar Cipher
• The key size is so small : -25 ~ 25 (about 50 keys)• Weak at the brute force attack
– SolutionsSolutions• Enlarge the key size• Apply more complex operations
![Page 29: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/29.jpg)
2929/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– DES(Data Encryption Standard)DES(Data Encryption Standard)
• Key size : 56 bits• Basic operations
– Transposition– Substitution– XOR– Shift
• USA standardUSA standard – DES : from 1977 to 1998– AES : 2001 draft
![Page 30: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/30.jpg)
3030/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
DES(Data Encryption DES(Data Encryption Standard)Standard)
Initial permutation
Round 1
Round 2
Round 16
32-bit swap
Inverse IP
Permuted choice 2
Permuted choice 2
Permuted choice 2
Left circular shift
Left circular shift
Left circular shift
Permuted choice 1
K1K1
K2K2
K3K3
64-bits 64-bits plaintextplaintext
64-bits 64-bits ciphertextciphertext
56-bits 56-bits keykey
![Page 31: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/31.jpg)
3131/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
DES(Data Encryption DES(Data Encryption Standard)Standard)
Li-1
KKi
32-bits32-bits 28-bits28-bits
Ri-1 Ci-1 Di-1
28-bits28-bits32-bits32-bits
Li Ri Ci Di
substition/choice(S-box)
permutation/contractionpermuted choice 2
expansion/permutation
left shift left shift
permutation
XOR
XOR
48484848
4848
3232
3232
![Page 32: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/32.jpg)
3232/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem– The strength of DES
Key size Number of One Encryption 10Key size Number of One Encryption 1066 Encryption Encryption Alternative Keys per micro sec per micro secAlternative Keys per micro sec per micro sec
32bits 223 = 4.3 * 109 35.8 minutes 2.15ms 56bits 256bits 25656 = 7.2 * 10 = 7.2 * 101616 1142years 10.01h 1142years 10.01h 128bits 2128bits 2128128 = 3.4 * 10 = 3.4 * 103838 10 102424years 5.4 * 10years 5.4 * 101818 years years
![Page 33: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/33.jpg)
3333/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Is DES secure enoughsecure enough?– No!
• There are potential weaknesses• Key size is not secure enough
Is there any alternativeany alternative?– Yes!
• Enlarge key size from 56 to 128 => Triple DES
• AES
![Page 34: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/34.jpg)
3434/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key cryptosystemSymmetric-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertextDecryptionDecryptionAlgorithmAlgorithm
C=E(P,K)C=E(P,K) P=D(C,K)P=D(C,K)Sender Receiver
The same keyThe same key
KK KK
![Page 35: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/35.jpg)
3535/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextciphertext
Public-key(PUPublic-key(PURR))
DecryptionDecryptionAlgorithmAlgorithm
CC=E(=E(PP,,PUPURR)) PP=D(=D(CC,,PRPRRR))Sender Receiver
Private-key (PRPrivate-key (PRRR))PUPURR PUPUSS
PRPRRRPRPRSS
![Page 36: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/36.jpg)
3636/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
Input size : less than or equal to nEncryption : C = Me mod nDecryption : M = Cd mod n = (Me)d mod n
Public-key = {e,n}, Private-key = {d,n}
![Page 37: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/37.jpg)
3737/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
* Key Generation• Select p,q, both prime• Calculate n=p*q• Calculate (n)=(p-1)(q-1)• Select integer e, which gcd((n),e)=1; 1<e<(n)• Calculate d, d=e-1 mod (n)• Public key = {e,n}, Private key = {d,n}
![Page 38: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/38.jpg)
3838/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Key GenerationKey Generation– Select p,q, both prime– Calculate n=p*q– Calculate (n)=(p-1)(q-1)– Select integer e, which gc
d((n),e)=1; 1<e<(n)– Calculate d, d=e-1 mod
(n)– Public key = {e,n}{e,n}, Private
key = {d,n}{d,n}
ExampleExample– p=7, q=17– n=pq=7*17=119 (n)=6*16=96– e=5– Determine dde = 1 mod 96d = 77, 77*5=385 mod 96– Public key = {5,119}{5,119}, Priv
ate key = {77,119}{77,119}
![Page 39: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/39.jpg)
3939/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
M=19M=19 6666
Sender Receiver
{5,119}{5,119}EncryptioEncryptionn
191955 mod mod 119119
191955=2476099/119=2476099/119
20807 with a remainder20807 with a remainder
of 66of 66
{77,119}{77,119}
66667777 mod 119 mod 119
DecryptioDecryptionn M=19M=19
RSA(Rivest, Shamir, Adleman)RSA(Rivest, Shamir, Adleman)
![Page 40: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/40.jpg)
4040/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– The security of RSAThe security of RSA
• Brute force• Mathematical attacks
– The factoring problem, finding large two primes from p and q
• Timing attacks
![Page 41: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/41.jpg)
4141/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Is RSA secure enoughsecure enough?– Yes!
• But, requires the large key size, 1024
Is there any alternativeany alternative?– Yes!
• ECC with much less key size, 160 bits
![Page 42: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/42.jpg)
4242/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Symmetric-key Symmetric-key systemsystem– One key is used
– Disadvantage• Difficult to share the
key
– Advantage• High speed,
substitution and transposition
Public-key systemPublic-key system– Two keys are used
– Advantage• Easy to share the
public key
– Disadvantage• Low speed,
exponentiation
![Page 43: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/43.jpg)
CryptographyCryptography
Digital signatureDigital signature
AuthenticationAuthentication
![Page 44: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/44.jpg)
4444/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key cryptosystemPublic-key cryptosystem– Digital signature and Digital signature and
authenticationauthentication
EncryptionEncryptionAlgorithmAlgorithm
plaintext plaintextSignedtextDecryptionDecryptionAlgorithmAlgorithm
Public-key(PUPublic-key(PUSS))
PP=D(=D(CC,,PUPUSS))Sender ReceiverCC=E(=E(PP,,PRPRSS))
Private-key (PRPrivate-key (PRSS))PUPURR PUPUSS
PRPRRRPRPRSS
![Page 45: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/45.jpg)
4545/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Encryption vs. Digital Encryption vs. Digital signaturesignature EncryptionEncryption
EncryptionEncryptionAlgorithmAlgorithm
DecryptionDecryptionAlgorithmAlgorithm
Sender Receiver
PUPURR PRPRRR
Digital signatureDigital signature
EncryptionEncryptionAlgorithmAlgorithm
DecryptionDecryptionAlgorithmAlgorithm
Sender Receiver
PRPRSS PUPUSS
![Page 46: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/46.jpg)
CryptographyCryptography
Confidentiality withConfidentiality with
Digital signatureDigital signature
![Page 47: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/47.jpg)
4747/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
First step for Digital signatureFirst step for Digital signature
EncryptionEncryptionAlgorithmAlgorithm
Sender
PRPRSS
Receiver
DecryptionDecryptionAlgorithmAlgorithm
Second step for EncryptionSecond step for Encryption
Sender
EncryptionEncryptionAlgorithmAlgorithm
PUPURR
PUPUSS
PRPRRR
![Page 48: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/48.jpg)
CryptographyCryptography
Non-repudiationNon-repudiation
![Page 49: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/49.jpg)
4949/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Public-key distribution with a Public-key distribution with a trusted third party(Certificate trusted third party(Certificate authority)authority)
User A User B
PUPUAA
CCAA==EEPRPRCACA[Time[Time11,ID,IDAA,PU,PUAA]]
PUPUBB
CCBB==EEPRPRCACA[Time[Time22,ID,IDBB,PU,PUBB]]
CCAA
CCBB
CACA
PUPUCACA PUPUCACA
![Page 50: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/50.jpg)
CryptographyCryptography
Key exchangeKey exchange
![Page 51: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/51.jpg)
5151/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
With a certificateWith a certificate
EncryptionEncryptionAlgorithmAlgorithm
Sender
PUPURR
KeKeyy
DecryptionDecryptionAlgorithmAlgorithm
Receiver
KeKeyy
Ciphered Ciphered KeyKey
PRPRRR
![Page 52: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/52.jpg)
5252/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Cryptography
Diffie-Hellman key exchange protocolDiffie-Hellman key exchange protocol
Select Select private private XAXACalculate Calculate public YApublic YAYA=YA=XAXA mod qmod q
Select Select private XBprivate XBCalculate Calculate public YBpublic YBYB=YB=XBXB mod qmod q
YAYA
YBYB
User AUser A User BUser B
Generate secret keyGenerate secret keyKK=(YB)=(YB)XAXA mod qmod q
Generate secret keyGenerate secret keyKK=(YA)=(YA)XBXB mod qmod q
![Page 53: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/53.jpg)
Secure Internet Secure Internet BankingBanking
![Page 54: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/54.jpg)
5454/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
User authentication Issue a certificate Key-exchange Transaction Additional security with a secret
card
![Page 55: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/55.jpg)
5555/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
User authenticationUser authentication
Banking serverBanking serverAccept or rejectAccept or reject
Login requestLogin request(ID, Password)(ID, Password)
SSLSSL
CACACertificate RequestCertificate Request
Issues a certificateIssues a certificate
![Page 56: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/56.jpg)
5656/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
Key exchangeKey exchange
Banking serverBanking server
Exchange a keyExchange a keyfor the sessionfor the session
E(PUE(PUC C ,Key),Key)CertificateCertificate
![Page 57: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/57.jpg)
5757/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Secure Internet Banking
TransactionTransaction
Banking serverBanking server
CC=E(M,=E(M,KeyKey))
CC=E(M,=E(M,KeyKey,,Alt.KeyAlt.Key))
Secret CardSecret Card
1:8975 2:1348 3:1796 4:2465 5:2696 6:3147
…28:1323 29:1369 30:1416
![Page 58: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/58.jpg)
5858/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and Relation of service and mechanismmechanism
Algorithms
Mechanisms
Services
Applications
E-money E-contract Intrusion DetectionE-commerce Biometric Mobile SecurityE-auction Secure Multimedia VPNE-vote Firewall
Authentication ConfidentialityIntegrity Non-repudiationAccess Control
Encryption Digital SignatureAccess Control AuthenticationKey-Exchange
DES AES SEEDElGamal RSA ECCHash Function PRG
![Page 59: Computer Network Security](https://reader037.vdocuments.net/reader037/viewer/2022103100/56813767550346895d9ef9b4/html5/thumbnails/59.jpg)
5959/60/60
Computer Network SecurityComputer Network Security
Hyun-Sung Kim, Kyungil UniversityHyun-Sung Kim, Kyungil University
Relation of service and Relation of service and mechanismmechanism
AlgorithmsAlgorithms
MechanismsMechanisms
ServicesServices
Symmetric-keySymmetric-key&&
Public-keyPublic-keyCryptosystemCryptosystem
DES, AESDES, AESRSA, ECCRSA, ECC
EncryptionEncryptionKey exchangeKey exchange
ConfidentialityConfidentiality
Symmetric-keySymmetric-key&&
Public-keyPublic-keyCryptosystemCryptosystem
DES, AESDES, AESRSA, ECCRSA, ECC
EncryptionEncryptionKey exchangeKey exchange
IntegrityIntegrity
Public-keyPublic-keyCryptosystemCryptosystem
RSA, ECC,RSA, ECC,DSSDSS
DigitalDigitalSignatureSignature
AuthenticationAuthentication
Public-keyPublic-keyCryptosystemCryptosystem
RSA, ECC,RSA, ECC,DSSDSS
DigitalDigitalSignatureSignature
Non-repudiationNon-repudiation