Scribd Logo
Upload

Welcome to Scribd!

  • (Cse - Visem) : Epartment Emester

    Uploaded by

    Akash Gera
    15 views33 pages
    computer network

    Original Title

    week14

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    computer network

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views33 pages

    (Cse - Visem) : Epartment Emester

    Uploaded by

    Akash Gera
    computer network

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 33

    DEPARTMENT/SEMESTER

    Manav Rachna College of Engg.

    (CSE VISEM)
    Network Management
    Network Security

    FRIENDS AND ENEMIES: ALICE, BOB, TRUDY


    well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages

    Alice channel data, control messages secure receiver

    Bob

    data

    secure sender

    data

    Trudy
    Manav Rachna College of Engg.

    eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)
    Manav Rachna College of Engg.

    Figure 29-1

    Aspects of security

    Manav Rachna College of Engg.

    WHAT IS NETWORK SECURITY?


    Four services provided by network security Privacy(Confidentiality): only sender, intended receiver should understand message contents
    sender encrypts message receiver decrypts message

    Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Nonrepudation(Access and Availability):Receiver must be able to prove that a received message came from specific sender. services must be accessible ad available to users

    Manav Rachna College of Engg.

    CRYPTOGRAPHY
    It means secret writing(ciphertext=plaintext+key) Symmetric key cryptography Public key cryptography Digital Signature First service(Privacy) required for Network security is handle by either symmetric key cryptography or public key cryptography And remaining three services are handle by Digital signature

    Manav Rachna College of Engg.

    Manav Rachna College of Engg.

    PRIVACY

    THE LANGUAGE OF CRYPTOGRAPHY


    Alices K encryption A key plaintext encryption algorithm ciphertext Bobs K decryption B key decryption plaintext algorithm
    Manav Rachna College of Engg.

    symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private)

    Secret(Symmetric)-key encryption

    Manav Rachna College of Engg.

    CONTD.
    In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Secret-key encryption is often called symmetric encryption because the same key can be used in both directions. Secret-key encryption is often used for long messages.

    Manav Rachna College of Engg.

    SYMMETRIC KEY CRYPTOGRAPHY


    K

    A-B

    A-B
    Manav Rachna College of Engg.

    plaintext message, m

    encryption ciphertext algorithm K (m)


    A-B

    decryption plaintext algorithm m=K (K


    A-B

    A-B

    (m))

    symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?

    KEY MANAGEMENT

    Symmetric Key Distribution: It is useful if it used only once, it must be created for one session and destroyed when the session is over
    Manav Rachna College of Engg.

    EXAMPLE: SYMMETRIC KEY


    CRYPTOGRAPHY
    substitution cipher: substituting one thing for another Each pair of users must have a unique symmetric key so N user will have N(N-1) keys
    plaintext:
    ciphertext: E.g.:

    abcdefghijklmnopqrstuvwxyz
    mnbvcxzasdfghjklpoiuytrewq

    Manav Rachna College of Engg.

    Plaintext: bob. hi. alice ciphertext: nkn. as. mgsbc

    CIPHERS
    Which is responsible for encrypting a message using key and it is just way of substitution in a text Traditional Ciphers: A character was a unit of data to be encrypted - Substitution Ciphers: substitute one symbol with another - Transpositional Ciphers: Character retain their plaintext form but change their positions to create the cipher text

    Manav Rachna College of Engg.

    TRANSPOSITION AND BLOCK CIPHERS


    Transpositional Cipher: used a character or symbol as the unit of encryption/decryption. - The key defines which columns should be swapped Block Cipher: the plaintext and ciphertext are block of bits - use a block of bits as the unit of encryption / decryption

    Manav Rachna College of Engg.

    BLOCK CIPHER

    P-box: P(permutation)-box performs a transposition at the bit level - both the P(plaintext) and C(ciphertext) have the same number of 1s and 0s. Product Block: The P-box and S-box can be combined to get a more complex cipher block

    Manav Rachna College of Engg.

    TRUSTED INTERMEDIARIES
    Symmetric key problem: Public key problem: How do two entities establish When Alice obtains Bobs shared secret key over public key (from web site, network? e-mail, diskette), how does she know it is Bobs Solution: public key, not Trudys? trusted key distribution Solution: center (KDC) acting as intermediary between trusted certification entities authority (CA)
    Manav Rachna College of Engg.

    Certification authority (CA): binds public key to particular entity, E. It can certify the binding between a public key and the owner E (person, router) registers its public key with CA.

    CERTIFICATION AUTHORITIES

    E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
    Bobs public key +

    KB

    digital signature (encrypt)


    CA private key

    KB certificate for Bobs public key, signed by CA

    Bobs identifying information

    K CA

    Manav Rachna College of Engg.

    CERTIFICATION AUTHORITIES

    When Alice wants Bobs public key:


    gets Bobs certificate (Bob or elsewhere). apply CAs public key to Bobs certificate, get Bobs public key

    + KB

    digital signature (decrypt)


    CA public key

    Bobs public + key KB

    K CA

    Manav Rachna College of Engg.

    A CERTIFICATE CONTAINS:

    Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown)
    r

    r
    r

    info about certificate issuer valid dates

    digital signature by issuer

    Manav Rachna College of Engg.

    PUBLIC-KEY CRYPTOGRAPHY
    Public key: available to all(publically), used for encryption only Private key: available to individual(private), used for decryption only Public-key algorithms are more efficient for short messages It reduces the no of keys (+ve point) Increased the complexity of algorithm(-ve point)

    Manav Rachna College of Engg.

    Manav Rachna College of Engg.

    Public-key encryption

    PUBLIC KEY CRYPTOGRAPHY


    K
    + Bobs public B key

    - Bobs private B key

    Manav Rachna College of Engg.

    plaintext message, m

    encryption ciphertext algorithm + K (m)


    B

    decryption plaintext algorithm message m = K - (K +(m))


    B B

    To have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key.

    Manav Rachna College of Engg.

    Manav Rachna College of Engg.

    Combination

    Manav Rachna College of Engg.

    DIGITAL SIGNATURE

    DIGITAL SIGNATURE
    Three services Authentication, Integrity and Nonrepudiation will be achieved by this Digital signature cannot be achieved using only secret keys Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied

    Manav Rachna College of Engg.

    Manav Rachna College of Engg.

    Signing the whole document

    DIGITAL SIGNATURES
    Simple digital signature for message m: Bob signs m by encrypting with his private key KB, creating signed message, KB(m)
    Bobs message, m
    Dear Alice
    Oh, how I have missed you. I think of you all the time! (blah blah blah)
    Manav Rachna College of Engg.

    K B Bobs private

    key

    (m) KB
    Bobs message, m, signed (encrypted) with his private key

    Bob

    Public key encryption algorithm

    MESSAGE DIGESTS

    large message m

    H: Hash Function

    Computationally expensive to public-key-encrypt H(m) long messages Goal: fixed-length, easyHash function properties: to-compute digital many-to-1 fingerprint apply hash function H to produces fixed-size msg digest (fingerprint) m, get fixed size given message digest x, message digest, H(m). computationally infeasible to find m such that x = H(m)

    Manav Rachna College of Engg.

    Digital signature = signed message digest


    Bob sends digitally signed message: large message m
    H: Hash function
    Bobs private key

    Alice verifies signature and integrity of digitally signed message:

    H(m)
    digital signature (encrypt)

    encrypted msg digest

    KB

    large message m
    H: Hash function

    KB(H(m))

    encrypted msg digest

    Bobs public key

    KB

    digital signature (decrypt)

    KB(H(m))

    H(m)
    equal ?
    Manav Rachna College of Engg.

    H(m)

    Manav Rachna College of Engg.

    Sender site

    Manav Rachna College of Engg.

    Receiver site

    You might also like