Bài giảng Mạng máy tính - Chapter 8: Security - Nguyễn Lê Duy Lai

Download
Computer Networks  
Lectured by:  
Nguyen Le Duy Lai  
(lai@hcmut.edu.vn)  
Computer  
Networking: A Top  
Down Approach  
7th Edition, Global Edition  
Jim Kurose, Keith Ross  
Pearson  
April 2016  
Security 6-1  
Chapter 8  
Security  
Computer  
Networking: A Top  
Down Approach  
7th Edition, Global Edition  
Jim Kurose, Keith Ross  
Pearson  
April 2016  
Security  
8-2  
Chapter 8: Network Security  
Chapter goals:  
§ understand principles of network security:  
cryptography and its many uses beyond confidentiality”  
authentication  
message integrity  
§ security in practice:  
firewalls and intrusion detection systems (IDS)  
security in application, transport, network, link layers  
Security  
8-3  
Chapter 8: roadmap  
8.1 What is network security?  
8.2 Principles of cryptography  
8.3 Message integrity and digital signatures  
8.4 End-point authentication  
8.5 Securing e-mail  
8.6 Securing TCP connections: SSL  
8.7 Network layer security: IPsec and VPNs  
8.8 Securing wireless LANs  
8.9 Operational security: firewalls and IDS  
Security  
8-4  
What is network security?  
confidentiality: only sender, intended receiver should  
understandmessage contents  
sender encrypts message  
receiver decrypts message  
authentication: sender, receiver want to confirm identity of  
each other  
message integrity: sender, receiver want to ensure message  
not altered (in transit, or afterwards) without detection  
access and availability: services must be accessible and  
available to users  
Security  
8-5  
Friends and enemies: Alice, Bob, Trudy  
§ well-known in network security world  
§ Bob, Alice (lovers!) want to communicate securely”  
§ Trudy (intruder) may intercept, delete, add messages  
Alice  
Bob  
data, control  
messages  
channel  
secure  
receiver  
secure  
sender  
data  
data  
Trudy  
Security  
8-6  
Who might Bob, Alice be?  
§ … well, real-life Bobs and Alices!  
§ Web browser/server for electronic transactions  
(e.g., on-line purchases)  
§ on-line banking client/server  
§ DNS servers  
§ routers exchanging routing table updates  
§ other examples?  
Security  
8-7  
There are bad guys (and girls) out there!  
Q: What can a bad guydo?  
A: A lot! See section 1.6  
eavesdrop: intercept messages  
actively insert messages into connection  
impersonation: can fake (spoof) source address in  
packet (or any field in packet)  
hijacking: take overongoing connection by  
removing sender or receiver, inserting himself in  
place  
denial of service: prevent service from being used  
by others (e.g., by overloading resources)  
Security  
8-8  
Chapter 8 roadmap  
8.1 What is network security?  
8.2 Principles of cryptography  
8.3 Message integrity and digital signatures  
8.4 End-point authentication  
8.5 Securing e-mail  
8.6 Securing TCP connections: SSL  
8.7 Network layer security: IPsec and VPNs  
8.8 Securing wireless LANs  
8.9 Operational security: firewalls and IDS  
Security  
8-9  
The language of cryptography  
Alices  
encryption  
key  
Bobs  
decryption  
key  
K
K
A
B
encryption  
algorithm  
decryption  
algorithm  
ciphertext  
plaintext  
plaintext  
m plaintext message  
KA(m) ciphertext, encrypted with key KA  
m = KB(KA(m))  
Security  
8-10  
Breaking an encryption scheme  
§ known-plaintext attack:  
Trudy has plaintext  
§ cipher-text only attack:  
Trudy has ciphertext she  
can analyze  
corresponding to ciphertext  
e.g., in monoalphabetic  
cipher, Trudy determines  
pairings for a,l,i,c,e,b,o,  
§ two approaches:  
brute force: search  
through all keys  
§ chosen-plaintext attack:  
Trudy can get ciphertext for  
chosen plaintext  
statistical analysis  
Security  
8-11  
Symmetric key cryptography  
K
K
S
S
encryption  
algorithm  
decryption  
algorithm  
ciphertext  
plaintext  
plaintext  
message, m  
m = KS(KS(m))  
K (m)  
S
symmetric key crypto: Bob and Alice share same (symmetric)  
key: KS  
§ e.g., key is knowing substitution pattern in mono alphabetic  
substitution cipher  
Q: how do Bob and Alice agree on key value?  
Security  
8-12  
Simple encryption scheme  
substitution cipher: substituting one thing for another  
§ monoalphabetic cipher: substitute one letter for another  
plaintext: abcdefghijklmnopqrstuvwxyz  
ciphertext: mnbvcxzasdfghjklpoiuytrewq  
e.g.:  
Plaintext: bob. i love you. alice  
ciphertext: nkn. s gktc wky. mgsbc  
Encryption key: mapping from set of 26 letters  
to set of 26 letters  
Security  
8-13  
A more sophisticated encryption approach  
§ n substitution ciphers, M1,M2,…,Mn  
§ cycling pattern:  
e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..  
§ for each new plaintext symbol, use subsequent  
substitution pattern in cyclic pattern  
dog: d from M1, o from M3, g from M4  
Encryption key: n substitution ciphers, and cyclic pattern  
key need not be just n-bit pattern  
Security  
8-14  
Symmetric key crypto: DES  
DES: Data Encryption Standard  
§ US encryption standard [NIST 1993]  
§ 56-bit symmetric key, 64-bit plaintext input  
§ block cipher with cipher block chaining  
§ how secure is DES?  
DES Challenge: 56-bit-key-encrypted phrase decrypted  
(brute force) in less than a day  
no known good analytic attack  
§ making DES more secure:  
3DES: encrypt 3 times with 3 different keys  
Security  
8-15  
Symmetric key  
crypto: DES  
DES operation  
§ initial permutation  
§ 16 identical roundsof  
function application,  
each using different 48  
bits of key  
§ final permutation  
Security  
8-16  
AES: Advanced Encryption Standard  
§ symmetric-key NIST standard, replaced DES  
(Nov 2001)  
§ processes data in 128 bit blocks  
§ 128, 192, or 256 bit keys  
§ brute force decryption (try each key) taking 1 sec  
on DES, takes 149 trillion years for AES  
Security  
8-17  
Public Key Cryptography  
symmetric key crypto  
public key crypto  
§ radically different  
approach [Diffie-  
§ requires sender, receiver  
know shared secret key  
§ Q: how to agree on key in  
first place (particularly if  
never met)?  
Hellman76, RSA78]  
§ sender, receiver do not  
share secret key  
§ public encryption key  
known to all  
§ private decryption key  
known only to receiver  
Security  
8-18  
Public key cryptography  
+
Bobs public  
key  
K
B
-
Bobs private  
key  
K
B
encryption  
algorithm  
decryption  
algorithm  
plaintext  
plaintext  
message, m  
ciphertext  
+
message  
K (m)  
B
-
+
m = K (K (m))  
B
B
Security  
8-19  
Public key encryption algorithms  
requirements:  
+
B
-
B
.
need K ( ) and K ( ) such that  
.
1
2
-
+
K (K (m)) = m  
B
B
+
B
given public key K , it should be  
impossible to compute private  
-
key K  
B
RSA: Rivest, Shamir,Adelson algorithm  
Security  
8-20  
Tải về để xem bản đầy đủ
pdf 130 trang myanh 14220
Download
Bạn đang xem 20 trang mẫu của tài liệu "Bài giảng Mạng máy tính - Chapter 8: Security - Nguyễn Lê Duy Lai", để tải tài liệu gốc về máy hãy click vào nút Download ở trên

File đính kèm:

  • pdfbai_giang_mang_may_tinh_chapter_8_security_nguyen_le_duy_lai.pdf