-
8/18/2019 ch31.ppt
1/49
31.1
Chapter 31Network Security
Copyright © The McGraw-Hill Companies, Inc. Permission reqire!
"or repro!ction or !isplay.
-
8/18/2019 ch31.ppt
2/49
31.#
31-1 SECURITY SERVICES31-1 SECURITY SERVICES
Network security can provide five services. Four of
these Network security can provide five services. Four of
these
services are related to the message exchanged using theservices
are related to the message exchanged using the
network. The fifth service provides entity
authenticationnetwork. The fifth service provides entity
authentication
or identification.or identification.
Message Confidentiality
Message Integrity
Message Authentication
Message Nonrepudiation
Entity Authentication
Topics discussed in this section:To
pics discussed in this section:
-
8/18/2019 ch31.ppt
3/49
31.3
Figure 31.1 Security services related to the message or
entity
-
8/18/2019 ch31.ppt
4/49
31.$
31-2 MESSAGE CONFIDENTIALITY31-2 MESSAGE CONFIDENTIALITY
The concept of how to achieve message confidentialityThe concept
of how to achieve message confidentiality
or privacy has not changed for thousands of years.or privacy has
not changed for thousands of years.
The message must be encrypted at the sender site andThe message
must be encrypted at the sender site and
decrypted at the receiver site. This can be done usingdecrypted
at the receiver site. This can be done usingeither symmetric-key
cryptography or asymmetric-keyeither symmetric-key cryptography or
asymmetric-key
cryptography.cryptography.
Confidentiality with Symmetric!ey Cryptography
Confidentiality with Asymmetric!ey Cryptography
Topics discussed in this section:To
pics discussed in this section:
-
8/18/2019 ch31.ppt
5/49
31.%
Figure 31." essage confidentiality using symmetric keys in
two directions
-
8/18/2019 ch31.ppt
6/49
31.&
Figure 31.3 essage confidentiality using asymmetric
keys
-
8/18/2019 ch31.ppt
7/4931.'
31-3 MESSAGE INTEGRITY31-3 MESSAGE INTEGRITY
!ncryption and decryption provide secrecy"
or !ncryption and decryption provide secrecy" or
confidentiality" but not integrity. #owever" on
occasionconfidentiality" but not integrity. #owever" on
occasion
we may not even need secrecy" but instead must havewe may not
even need secrecy" but instead must have
integrity.integrity.
#ocument and Fingerprint
Message and Message #igestCreating and Chec$ing the #igest
%ash Function Criteria
%ash Algorithms& S%A1
Topics discussed in this section:To pics discussed in this
section:
-
8/18/2019 ch31.ppt
8/4931.(
To preserve the integrity of a document,both the document and
the fingerprint
are needed.
Note
-
8/18/2019 ch31.ppt
9/4931.)
Figure 31.' essage and message digest
-
8/18/2019 ch31.ppt
10/4931.1*
The message digest needs to be keptsecret.
Note
-
8/18/2019 ch31.ppt
11/4931.11
Figure 31.( $hecking integrity
-
8/18/2019 ch31.ppt
12/4931.1#
Figure 31.) $riteria of a hash function
-
8/18/2019 ch31.ppt
13/4931.13
$an we use a conventional lossless compression method
as a hashing function%
Solution
We cannot. A lossless compression method creates a
compressed message that is reversible. You can
uncompress the compressed message to get the
original one.
!xample &'.'
-
8/18/2019 ch31.ppt
14/4931.1$
$an we use a checksum method as a hashing function%
Solution
We can. A checksum function is not reversible; it meets
the first criterion. However, it does not meet the
other
criteria.
!xample &'.(
-
8/18/2019 ch31.ppt
15/4931.1%
Figure 31.* essage digest creation
-
8/18/2019 ch31.ppt
16/4931.1&
SH!1 hash a"gorithms create an N!bit
message digest out of a message of
#1$!bit b"ocks.
SH!1 has a message digest of 1%& bits
'# words of 3$ bits(.
Note
-
8/18/2019 ch31.ppt
17/4931.1'
Figure 31.+ )rocessing of one block in S#*-'
-
8/18/2019 ch31.ppt
18/4931.1(
31-4 MESSAGE AUTHENTICATION31-4 MESSAGE AUTHENTICATION
* hash function per se cannot provide
authentication. * hash function per se cannot provide
authentication.
The digest created by a hash function can detect anyThe digest
created by a hash function can detect any
modification in the message" but not authentication.modification
in the message" but not authentication.
MAC
Topics discussed in this section:To pics discussed in this
section:
-
8/18/2019 ch31.ppt
19/4931.1)
Figure 31., *$" created by *lice and checked by +ob
-
8/18/2019 ch31.ppt
20/49
31.#*
Figure 31.1- #*$
-
8/18/2019 ch31.ppt
21/49
31.#1
31-5 DIGITAL SIGNATURE31-5 DIGITAL SIGNATURE
,hen *lice sends a message to +ob" +ob needs to,hen *lice sends
a message to +ob" +ob needs tocheck the authenticity of the sender
he needs to becheck the authenticity of the sender he needs to
be
sure that the message comes from *lice and not !ve.sure that the
message comes from *lice and not !ve.
+ob can ask *lice to sign the message
electronically. +ob can ask *lice to sign the message
electronically.
n other words" an electronic signature can prove
the n other words" an electronic signature can prove the
authenticity of *lice as the sender of the message.
,eauthenticity of *lice as the sender of the message. ,e
refer to this type of signature as a digital signature.refer to
this type of signature as a digital signature.
Comparison
Need for !eys
rocess
Topics discussed in this section:To pics discussed in this
section:
-
8/18/2019 ch31.ppt
22/49
31.##
digita" signature needs a pub"ic!keysystem.
Note
-
8/18/2019 ch31.ppt
23/49
31.#3
Figure 31.11 Signing the message itself in digital
signature
-
8/18/2019 ch31.ppt
24/49
-
8/18/2019 ch31.ppt
25/49
31.#%
Figure 31.1" Signing the digest in a digital signature
-
8/18/2019 ch31.ppt
26/49
31.#&
digita" signature today providesmessage integrity.
Note
-
8/18/2019 ch31.ppt
27/49
31.#'
+igita" signature provides messageauthentication.
Note
-
8/18/2019 ch31.ppt
28/49
31.#(
Figure 31.13 /sing a trusted center for nonrepudiation
-
8/18/2019 ch31.ppt
29/49
31.#)
Nonrepudiation can be provided using atrusted party.
Note
-
8/18/2019 ch31.ppt
30/49
-
8/18/2019 ch31.ppt
31/49
31.31
)n cha""enge!response authentication,the c"aimant proves that
she knows a
secret without revea"ing it.
Note
-
8/18/2019 ch31.ppt
32/49
31.3#
The cha""enge is a time!varying va"uesent by the verifier*
the response is the resu"t of a function
app"ied on the cha""enge.
Note
-
8/18/2019 ch31.ppt
33/49
31.33
Figure 31.1' $hallenge1response authentication using a nonce
-
8/18/2019 ch31.ppt
34/49
31.3$
Figure 31.1( $hallenge-response authentication using a
timestamp
-
8/18/2019 ch31.ppt
35/49
31.3%
Figure 31.1) $hallenge-response authentication using a
keyed-hash function
-
8/18/2019 ch31.ppt
36/49
31.3&
Figure 31.1* *uthentication" asymmetric-key
-
8/18/2019 ch31.ppt
37/49
31.3'
Figure 31.1+ *uthentication" using digital signature
-
8/18/2019 ch31.ppt
38/49
31.3(
31-7 KEY MANAGEMENT31-7 KEY MANAGEMENT
,e never discussed how secret keys in symmetric-key,e never
discussed how secret keys in symmetric-key
cryptography and how public keys in asymmetric-keycryptography
and how public keys in asymmetric-key
cryptography are distributed and maintained. n thiscryptography
are distributed and maintained. n this
section" we touch on these two issues. ,e first discusssection"
we touch on these two issues. ,e first discussthe distribution of
symmetric keys we then discuss thethe distribution of symmetric
keys we then discuss the
distribution of asymmetric keys.distribution of asymmetric
keys.
Symmetric!ey #istri0ution
u0lic!ey #istri0ution
Topics discussed in this section:To pics discussed in this
section:
-
8/18/2019 ch31.ppt
39/49
31.3)
Figure 31.1, 23$
-
8/18/2019 ch31.ppt
40/49
31.$*
session symmetric key between twoparties is used on"y once.
Note
-
8/18/2019 ch31.ppt
41/49
31.$1
Figure 31.3- $reating a session key between *lice and +ob using
23$
-
8/18/2019 ch31.ppt
42/49
31.$#
Figure 31."1 2erberos servers
-
8/18/2019 ch31.ppt
43/49
31.$3
Figure 31."" 2erberos example
-
8/18/2019 ch31.ppt
44/49
31.$$
)n pub"ic!key cryptography, everyonehas access to everyones
pub"ic key*
pub"ic keys are avai"ab"e to the pub"ic.
Note
-
8/18/2019 ch31.ppt
45/49
31.$%
Figure 31."3 *nnouncing a public key
-
8/18/2019 ch31.ppt
46/49
31.$&
Figure 31."' Trusted center
-
8/18/2019 ch31.ppt
47/49
31.$'
Figure 31."( $ontrolled trusted center
-
8/18/2019 ch31.ppt
48/49
31.$(
Figure 31.") $ertification authority
-
8/18/2019 ch31.ppt
49/49
Figure 31."* )2 hierarchy
