Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication 8.5 Securing (application) 8.6 Securing TCP connections: SSL (transport) 8.7 Network layer security: IPsec (network) 8.8 Securing wireless LANs (MAC) 8.9 Operational security: firewalls and IDS
Network Security Secure Alice wants to send secure , m, to Bob confidentiality sender authentication message integrity receiver authentication Confidentiality Symmetric key key distribution issue public key encryption but not efficient for long messages (symmetric, private) session key
Network Security Secure (confidentiality) Alice: generates random symmetric private session key, K S encrypts message with K S (for efficiency) also encrypts K S with Bob’s public key sends both K S (m) and K B (K S ) to Bob Alice wants to send confidential , m, to Bob. K S ( ). K B ( ). + + K S (m ) K B (K S ) + m KSKS KBKB + Internet KSKS
Network Security Secure (confidentiality) Bob: uses his private key to decrypt and recover K S uses K S to decrypt K S (m) to recover m Alice wants to send confidential , m, to Bob. K S ( ). K B ( ) K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) +
Network Security Secure (auth. + msg integrity) Alice wants to provide sender authentication & message integrity (but no confidentiality) Alice digitally signs message (digital signature) sends both message (in the clear) and digital signature H( ). K A ( ) H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare
Network Security Secure (all) Alice wants to provide confidentiality, sender authentication, and message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS
Network Security Secure (all) Alice wants to provide confidentiality, sender authentication, and message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS
Network Security Secure (all) Alice and Bob to obtain each other’s public keys! certify public keys using CA (CA-signed certificates) receiver authentication