Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
32 views63 pages

Chap2 Network Security

The document is a comprehensive overview of network security, focusing on cryptography, including symmetric-key and public-key algorithms, digital signatures, and various authentication protocols. It discusses the need for security, key management, and communication security methods such as IPsec and firewalls. Additionally, it covers email and web security, highlighting threats and secure protocols like SSL.

Uploaded by

Ali Loubany
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views63 pages

Chap2 Network Security

The document is a comprehensive overview of network security, focusing on cryptography, including symmetric-key and public-key algorithms, digital signatures, and various authentication protocols. It discusses the need for security, key management, and communication security methods such as IPsec and firewalls. Additionally, it covers email and web security, highlighting threats and secure protocols like SSL.

Uploaded by

Ali Loubany
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 63

Networks II

Chapter 2: Network Security


A. SAMHAT

Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Outline

 Introduction to Cryptography
Substitution Ciphers
Transposition Ciphers
One-Time Pads
 Two Fundamental Cryptographic Principles
 Symmetric-Key Algorithms
 Public-Key Algorithms
 Digital Signatures

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Need for Security

 Some people who cause security problems and why.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


An Introduction to Cryptography

 The encryption model (for a symmetric-key cipher).

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Transposition Ciphers

 A transposition cipher.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


One-Time Pads

The use of a one-time pad for encryption and the


possibility of getting any possible plaintext from the
ciphertext by the use of some other pad.
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Two Fundamental Cryptographic
Principles
 Redundancy
Messages must contain some redundancyso that not all messages
are valid. This avoids active intruders sending garbage and having
it accepted by an application
 Freshness
some measures must be taken to ensure that each message
received can be verified as being fresh, that is, sent very recently
This measure is needed to prevent active intruders from playing
back old messages
Some method is needed to foil replay attacks by active intruders.
Example solution: Timestampthe messages

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Symmetric-Key Algorithms
• They used the same key for encryption and
decryption

•DES – The Data Encryption Standard


•AES – The Advanced Encryption Standard
•Cipher Modes
•Other Ciphers
•Cryptanalysis
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Product Ciphers

 Basic elements of product ciphers. (a) P-box. (b)


S-box. (c) Product.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Data Encryption Standard
 The data encryption standard. (a) General outline.
(b) Detail of one iteration. The circled + means
exclusive OR.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Triple DES

 (a) Triple encryption using DES. (b) Decryption.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


AES – The Advanced Encryption
Standard
 Rules for AES proposals
1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
3. Key lengths of 128, 192, and 256 bits supported.
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on nondiscriminatory terms.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


AES (2)

 An outline of
Rijndael.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


AES (3)

 Creating of the state and rk arrays.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Electronic Code Book Mode

 The plaintext of a file encrypted as 16 DES blocks.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Cipher Block Chaining Mode

 Cipher block chaining. (a) Encryption. (b)


Decryption.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Cipher Feedback Mode

 (a) Encryption. (c) Decryption.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Stream Cipher Mode

 A stream cipher. (a) Encryption. (b) Decryption.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Counter Mode

 Encryption using counter mode.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Cryptanalysis

 Some common symmetric-key cryptographic


algorithms.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Public-Key Algorithms
• RSA
Choose two large primes, p and q (typically 1024 bits).
Compute n = p x q and z = (p - 1) x (q - 1).
Choose a number relatively prime to z and call it d.
Find e such that e x d = 1 mod z.
Divide the plaintext (regarded as a bit string) into blocks, so that each
plaintext message, P, falls in the interval 0 < P < n.
To encrypt a message, P, compute C = Pe (mod n).
 To decrypt C, compute P = Cd (mod n).

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


RSA

 An example of the RSA algorithm.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Digital Signatures

• Symmetric-Key Signatures
• Public-Key Signatures
• Message Digests
• The Birthday Attack

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Symmetric-Key Signatures

 Digital signatures with Big Brother.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Public-Key Signatures

 Digital signatures using public-key cryptography.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Message Digests

 Digital signatures using message digests.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


SHA-1

 Use of SHA-1 and RSA for signing nonsecret


messages.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


SHA-1 (2)

 (a) A message padded out to a multiple of 512


bits.
 (b) The output variables. (c) The word array.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Management of Public Keys

• Certificates
• X.509
• Public Key Infrastructures

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Problems with Public-Key
Encryption
 A way for Trudy to subvert public-key encryption.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Certificates

 A possible certificate and its signed hash.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


X.509

 The basic fields of an X.509 certificate.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Public-Key Infrastructures

 (a) A hierarchical PKI. (b) A chain of certificates.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Communication Security

• IPsec
• Firewalls
• Virtual Private Networks
• Wireless Security

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


IPsec

 The IPsec authentication header in transport mode


for IPv4.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


IPsec (2)

 (a) ESP in transport mode. (b) ESP in tunnel


mode.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Firewalls

 A firewall consisting of two packet filters and an


application gateway.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Virtual Private Networks

 (a) A leased-line private network. (b) A virtual


private network.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


802.11 Security

 Packet encryption using WEP.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Protocols

• Authentication Based on a Shared Secret Key


• Establishing a Shared Key: Diffie-Hellman
• Authentication Using a Key Distribution Center
• Authentication Using Kerberos
• Authentication Using Public-Key Cryptography

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Based on a Shared
Secret Key

 Two-way authentication using a challenge-response protocol.


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Authentication Based on a Shared Secret
Key (2)
 A shortened two-way authentication protocol.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Based on a Shared Secret
Key (3)
 The reflection attack.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Based on a Shared Secret
Key (4)

 A reflection attack on the protocol of Fig. 8-32.


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Authentication Based on a Shared Secret
Key (5)
 Authentication using HMACs.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Establishing a Shared Key:
The Diffie-Hellman Key Exchange
 The Diffie-Hellman key exchange.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Establishing a Shared Key:
The Diffie-Hellman Key Exchange
 The bucket brigade or man-in-the-middle attack.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Using a Key
Distribution Center
 A first attempt at an authentication protocol using
a KDC.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Using a Key Distribution
Center (2)
 The Needham-Schroeder authentication protocol.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Using a Key Distribution
Center (3)
 The Otway-Rees authentication protocol (slightly
simplified).

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Using Kerberos

 The operation of Kerberos V4.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Authentication Using Public-Key
Cryptography
 Mutual authentication using public-key
cryptography.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


E-Mail Security

• PGP – Pretty Good Privacy


• PEM – Privacy Enhanced Mail
• S/MIME

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


PGP – Pretty Good Privacy

 PGP in operation for sending a message.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


PGP – Pretty Good Privacy (2)

 A PGP message.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Web Security

• Threats
• Secure Naming
• SSL – The Secure Sockets Layer
• Mobile Code Security

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Secure Naming

 (a) Normal situation. (b) An attack based on


A. Samhat
breaking into DNS and modifying Bob's record.
Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Secure Naming (2)

 How Trudy spoofs Alice's ISP.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


Secure DNS

An example RRSet for bob.com. The KEY record is Bob's public


key. The SIG record is the top-level com server's signed has of the A
and KEY records to verify their authenticity.
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013
Self-Certifying Names

 A self-certifying URL containing a hash of


server's name and public key.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


SSL—The Secure Sockets Layer

 Layers (and protocols) for a home user browsing


with SSL.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


SSL (2)

 A simplified version of the SSL connection


establishment subprotocol.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013


SSL (3)

 Data transmission using SSL.


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX, 2012-2013

You might also like