Presentation is loading. Please wait.

Presentation is loading. Please wait.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Published byRalph Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display."— Presentation transcript:

1 31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2 31.2 31-1 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service provides entity authentication or identification. Message Confidentiality Message Integrity Message Authentication Message Nonrepudiation Entity Authentication Topics discussed in this section:

3 31.3 Figure 31.1 Security services related to the message or entity

4 31.4 31-3 MESSAGE INTEGRITY Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity. Document and Fingerprint Message and Message Digest Creating and Checking the Digest Hash Function Criteria Hash Algorithms: SHA-1 Topics discussed in this section:

5 31.5 To preserve the integrity of a document, both the document and the fingerprint are needed. Note

6 31.6 Figure 31.4 Message and message digest Notations: m: message H(m): message digest of m by using hash function H()

7 31.7 The message digest needs to be kept secret, or unalterable by others. Note

8 31.8 Figure 31.5 Checking integrity Notes: We need to make sure the digest cannot be altered by attacker

9 31.9 Figure 31.6 Criteria of a hash function One-wayness: Cannot recover message m given its digest H(m) Weak collision resistance: Given message m, cannot generate another message m’ such that H(m’)=H(m)  ensure integrity Strong collision resistance: (a stronger requirement than above one) Sender cannot generate two messages m and m’ such that H(m)=H(m’)  ensure nonrepudation

10 31.10 Can we use a conventional lossless compression method as a hashing function? Solution We cannot. A lossless compression method creates a compressed message that is reversible. You can uncompress the compressed message to get the original one. Example 31.1

11 31.11 Can we use a checksum method as a hashing function? Solution We cannot. A checksum function is not reversible; it meets the first criterion. However, it does not meet the other criteria. That is to say, an attacker can easily modify a message without being detected. Example 31.2

12 31.12 Figure 31.7 Message digest creation

13 31.13 SHA-1 hash algorithms create an N-bit message digest out of a message of 512-bit blocks. SHA-1 has a message digest of 160 bits. Another popular hash algorithm is MD5 (message digest algorithm 5). It is an older generation than SHA-1. Note

14 31.14 31-4 MESSAGE AUTHENTICATION A hash function per se cannot provide authentication. The digest created by a hash function can detect any modification in the message, but not authentication. MAC (message authentication code): can be used to ensure both integrity and authentication Topics discussed in this section:

15 31.15 Figure 31.9 MAC, created by Alice and checked by Bob Message itself is unencrypted

16 31.16 Figure 31.10 HMAC (Hashed MAC): uses keyless hash function Reason: we can directly use mature keyless hash function such as SHA-1 or MD5 Why not stop here?

17 31.17 31-5 DIGITAL SIGNATURE When Alice sends a message to Bob, Bob needs to check the authenticity of the sender; he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. In other words, an electronic signature can prove the authenticity of Alice as the sender of the message. We refer to this type of signature as a digital signature. Comparison Need for Keys Process Topics discussed in this section:

18 31.18 A digital signature needs a public-key system. Note Notations: m: message H(m): message digest of m by using hash function H() K A - :Private key of user A K A + :Public key of user A K AB : Symmetric key between A and B K(m): ciphertext of message m by using encryption key K

19 31.19 Figure 31.11 Signing the message itself in digital signature Private K A - Public K A + Provide no confidentiality (message is not secret) Problem: Too expensive to sign message itself using public key system

20 For message confidentiality, we use the private and public keys of the receiver; In digital signature (integrity, authentication, nonrepudation), we use the private and public keys of the sender. 31.20 Note

21 31.21 Figure 31.12 Signing the digest in a digital signature

22 31.22 Digital signature provides three out of the five services we mentioned for security systems Integrity Authentication Nonrepudiation

23 31.23 31-6 ENTITY AUTHENTICATION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier. Passwords Challenge-Response Topics discussed in this section:

24 Entity Authentication: Kinds of Witnesses 31.24 Something knownPassword PIN number Secret key Private key Something possessedPassport Driver’s license ID card Credit card Something inherentConventional signature Fingerprints Facial characteristics handwriting

25 In challenge-response authentication, the claimant proves that she knows a secret (such as a password) without revealing it in communication (prevent secret from leaking to eavesdropper). 31.25 Note

26 31.26 Figure 31.14 Challenge/response authentication using a nonce The challenge is a time-varying value sent by the verifier; the response is the result of a function applied on the challenge.

27 31.27 Figure 31.15 Challenge-response authentication using a timestamp

28 31.28 Figure 31.16 Challenge-response authentication using a keyed-hash function

29 31.29 Figure 31.17 Authentication, asymmetric-key KA+KA+

30 31.30 Figure 31.18 Authentication, using digital signature KA-KA-

31 31.31 31-7 KEY MANAGEMENT We never discussed how secret keys in symmetric-key cryptography and how public keys in asymmetric-key cryptography are distributed and maintained. In this section, we touch on these two issues. We first discuss the distribution of symmetric keys; we then discuss the distribution of asymmetric keys. Symmetric-Key Distribution Public-Key Distribution Topics discussed in this section:

32 31.32 Figure 31.19 KDC (key distribution center)

33 31.33 A session symmetric key between two parties is used only once. Note

34 31.34 Figure 31.30 Creating a session key between Alice and Bob using KDC

35 31.35 In public-key cryptography, everyone has access to everyone’s public key; public keys are available to the public. Note

36 31.36 Figure 31.23 Announcing a public key Problem: How can you know what you get is really Bob’s public key?

37 Certification Authorities Certification authority (CA): binds public key to particular entity, E. E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA - K CA (K ) B + 31.37

38 Certification Authorities When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B + - K (K ) B + 31.38

39 A certificate contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) r info about certificate issuer r valid dates r digital signature by issuer 31.39

40 Internet Web Security Architecture Client A CA Web Server B K - CA (K + B ) K + B (K AB, R) K AB (R) K AB (m) K - CA (K + B ) Cert Request K+BK+B 31.40 R (nonce) is used to prevent replay attack

41 Internet Web Security Conditions Clients’ web browsers have built-in CAs. CAs are trustable Web servers have certificates in CAs. Q: What if a server has no certificate? Example: SSH servers 31.41

Download ppt "31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display."

Similar presentations

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature

Chapter 13 Digital Signature
Chapter 31 Network Security

Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Behzad Akbari Spring 2012 1 In the Name of the Most High.

Behzad Akbari Spring In the Name of the Most High.

Similar presentations

Ads by Google