network security
DESCRIPTION
Network Security. An Introduction to Cryptography. The encryption model (for a symmetric-key cipher). Symmetric-Key Algorithms. DES – The Data Encryption Standard AES – The Advanced Encryption Standard Cipher Modes. Data Encryption Standard. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/1.jpg)
Network Security
![Page 2: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/2.jpg)
An Introduction to Cryptography
The encryption model (for a symmetric-key cipher).
![Page 3: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/3.jpg)
Symmetric-Key Algorithms
• DES – The Data Encryption Standard
• AES – The Advanced Encryption Standard
• Cipher Modes
![Page 4: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/4.jpg)
Data Encryption Standard
The data encryption standard. (a) General outline.(b) Detail of one iteration. The circled + means exclusive OR.
![Page 5: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/5.jpg)
Triple DES
(a) Triple encryption using DES. (b) Decryption.
![Page 6: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/6.jpg)
AES – The Advanced Encryption Standard
Rules for AES proposals
1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
3. Key lengths of 128, 192, and 256 bits supported.
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on nondiscriminatory terms.
![Page 7: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/7.jpg)
AES
An outline of Rijndael.
![Page 8: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/8.jpg)
AES
Creating of the state and rk arrays.
![Page 9: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/9.jpg)
Electronic Code Book Mode
The plaintext of a file encrypted as 16 DES blocks.
![Page 10: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/10.jpg)
Cipher Block Chaining Mode
Cipher block chaining. (a) Encryption. (b) Decryption.
![Page 11: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/11.jpg)
Cipher Feedback Mode
(a) Encryption. (c) Decryption.
![Page 12: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/12.jpg)
Stream Cipher Mode
A stream cipher. (a) Encryption. (b) Decryption.
![Page 13: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/13.jpg)
Counter Mode
Encryption using counter mode.
![Page 14: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/14.jpg)
Public-Key Algorithms
• RSA (Rivest,Shamir, Adleman)
1. Choose two large prime numbers p and q (typically 1024 bits)
2. Compute n=pxq and z=(p-1)x(q-1)
3. Choose a number relatively prime to z and call it d.
4. Find e such that exd=1mod z
5. Public key is (n,e), private key is (n,d)
6. Encryption is C=Pemod n
7. Decryption is P=Cd mod n
![Page 15: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/15.jpg)
RSA
An example of the RSA algorithmn=33,z=20,e=3,d=7
![Page 16: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/16.jpg)
Digital Signatures
• Symmetric-Key Signatures
• Public-Key Signatures
• Message Digests
![Page 17: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/17.jpg)
Symmetric-Key Signatures
Digital signatures with Big Brother.
![Page 18: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/18.jpg)
Public-Key Signatures
Digital signatures using public-key cryptography.
![Page 19: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/19.jpg)
Message Digests (MD5, SHA-1)
Digital signatures using message digests.
![Page 20: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/20.jpg)
Management of Public Keys
• Certificates
• X.509
• Public Key Infrastructures
![Page 21: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/21.jpg)
Problems with Public-Key Encryption
A way for Trudy to subvert public-key encryption.
![Page 22: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/22.jpg)
Certificates
A possible certificate and its signed hash.
![Page 23: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/23.jpg)
X.509
The basic fields of an X.509 certificate.
![Page 24: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/24.jpg)
Public-Key Infrastructures
(a) A hierarchical PKI. (b) A chain of certificates.
![Page 25: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/25.jpg)
Communication Security
• IPsec
• Firewalls
• Virtual Private Networks
• Wireless Security
![Page 26: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/26.jpg)
IPsec
The IPsec authentication header in transport mode for IPv4.
![Page 27: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/27.jpg)
IPsec
(a) ESP in transport mode. (b) ESP in tunnel mode.
![Page 28: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/28.jpg)
Firewalls
A firewall consisting of two packet filters and an application gateway.
![Page 29: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/29.jpg)
Virtual Private Networks
(a) A leased-line private network. (b) A virtual private network.
![Page 30: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/30.jpg)
Authentication Protocols
• Authentication Based on a Shared Secret Key
• Establishing a Shared Key: Diffie-Hellman
• Authentication Using a Key Distribution Center
• Authentication Using Kerberos
• Authentication Using Public-Key Cryptography
![Page 31: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/31.jpg)
Authentication Based on a Shared Secret Key
Authentication using HMACs.
![Page 32: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/32.jpg)
Authentication Using a Key Distribution Center
A first attempt at an authentication protocol using a KDC.
![Page 33: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/33.jpg)
Authentication Using a Key Distribution Center
The Needham-Schroeder authentication protocol.
![Page 34: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/34.jpg)
Authentication Using Kerberos
The operation of Kerberos V4.
![Page 35: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/35.jpg)
Authentication Using Public-Key Cryptography
Mutual authentication using public-key cryptography.
![Page 36: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/36.jpg)
E-mail SecurityPGP – Pretty Good Privacy
PGP in operation for sending a message.
![Page 37: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/37.jpg)
PGP – Pretty Good Privacy
A PGP message.
![Page 38: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/38.jpg)
Web Security
• Secure Naming
• SSL – The Secure Sockets Layer
![Page 39: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/39.jpg)
DNS Spoofing
(a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.
![Page 40: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/40.jpg)
DNS Spoofing
How Trudy spoofs Alice's ISP.
![Page 41: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/41.jpg)
Secure DNS
An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed A and KEY records to verify their authenticity.
![Page 42: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/42.jpg)
SSL—The Secure Sockets Layer
Layers (and protocols) for a home user browsing with SSL.
![Page 43: Network Security](https://reader036.vdocuments.net/reader036/viewer/2022070404/56813b00550346895da39b86/html5/thumbnails/43.jpg)
SSL
A simplified version of the SSL connection establishment subprotocol.