Upload
tavia
View
46
Download
0
Tags:
Embed Size (px)
DESCRIPTION
CHAPTER 8: SECURITY IN COMPUTER NETWORKS. Encryption Authentication E-Mail Security Secure Sockets Layer IP Security Wireless Security. ENCRYPTION. - PowerPoint PPT Presentation
Citation preview
CHAPTER 8:SECURITY IN COMPUTER NETWORKS
• Encryption• Authentication• E-Mail Security• Secure Sockets Layer• IP Security• Wireless Security
ENCRYPTION
Page 2Chapter 8CS 447
The ease of access provided by most Medium Access Control protocols makes it essential that security measures be taken to
protect messages from unauthorized access.The most common security technique in modern network protocols is
public key encryption.Each user is provided with two “keys”,
complex mathematical algorithms that, when applied individually to a message, will encrypt the message and that, when applied together (in either order) to a message, will restore the
original message.
Each user makes one of the keys publicly available for anyone to use, and the other is
kept private by the user.To ensure that only the receiver can read a
message, the sender encrypts that message with the receiver’s public key, which only the
receiver’s private key can decrypt.
AUTHENTICATION
Page 3Chapter 8CS 447
Another aspect of security that concerns network users is authentication, ensuring that the sender of a received message is
actually correctly identified.Public and private keys may be used to implement this, too.
The sender applies his own private key to the outgoing message and the receiver applies the sender’s public key to the
message to restore it.Since only a message that was encoded with the sender’s private key (which only the sender possesses) could be decoded with the sender’s public key, the receiver
is assured that the appropriate sender transmitted the message.
DOUBLE PROTECTION
Page 4Chapter 8CS 447
To implement both security and authentication, the sender may apply his own private key and then the receiver’s public key.
The receiver will take the received
message and apply his private key to
it, knowing that his unique ability to do
so is what guarantees
security.
The receiver will apply the sender’s
public key to what’s left,
knowing that the resulting mesage
will only make sense if it actually
came from the designated sender.
PRIVACY
Page 5Chapter 8CS 447
Applying cryptographic algorithms to electronic mail, systems like PGP
(Pretty Good Privacy) have been developed to improve e-mail
security.
SECURE SOCKETS LAYER (SSL)
Page 6Chapter 8CS 447
SSL (like its successor, TLS - Transport Layer
Security) combines encryption and
authentication to provide secure
communication for IP data transfers
(e.g., Web browsing, e-mail,
instant messaging, IP fax)
IP
TCP (or other reliable Transport Layer)
SSL Record Protocol
SSL HandshakeProtocol
SSL Change CipherSpec Protocol
SSL AlertProtocol
HTTP
TELNET
Applications
...Establishes secure connection by
exchanging authentication & encryption keys
Signals the end of the key exchange and the
start of the actual use of the authentication and
encryption
Indicates errors in
SSL handshake
process
Once the SSL connection is established, the application data is reformatted into SSL records (packets)
• Each packet has a header indicating its data type (application, alert, etc.)• Application data is fragmented and compressed as needed• Using key known only to sender & receiver, authentication tag is added• Entire packet is encrypted and an SSL Record header is added
IP SECURITY (IPSEC)
Page 7Chapter 8CS 447
IPv4 uses the Encapsulating
Security Payload (ESP) technique to add encryption and authentication to its
datagrams via its optional header approach (IPv6
requires its use).
WI-FI PROTECTED ACCESS (WPA)
Page 8Chapter 8CS 447
The IEEE 802.11i standard was developed to address the various threats against wireless LAN security.
ESTABLISHING SECURE WPA CONNECTIONS
Page 9Chapter 8CS 447
1.The access point periodically transmits a beacon through which it is located and identified by the wireless station.
2.Using an authentication key stored in the station and the authentication server, the station proves its identity.
3. Once authenticated, the station and the authentication server derive cryptographic keys to enable secure communication.
4. Using negotiated encryption/ authentication techniques, data is transferred to the access point, decrypted, and then forwarded to the destination station.
5. Deauthentication and key destruction occur when the wireless connection ends.