1 / 40

Network Security

Network Security. Contents. Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key Encryption and Digital Signatures IPv4 and IPv6 Security. Security Requirements. Confidentiality Integrity Availability.

duc
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security

  2. Contents • Security Requirements and Attacks • Confidentiality with Conventional Encryption • Message Authentication and Hash Functions • Public-Key Encryption and Digital Signatures • IPv4 and IPv6 Security

  3. Security Requirements • Confidentiality • Integrity • Availability

  4. Passive Attacks • Release of message content (eavesdropping) • Prevented by encryption • Traffic Analysis • Fixed by traffic padding • Passive attacks are easier to prevent than to detect

  5. Active Attacks • Involve the modification of the data stream or creation of a false data stream • Active Attacks are easier to detect than to prevent

  6. Active Attacks (cont.) • Masquerade • Replay • Modification of messages • Denial of service

  7. Conventional Encryption Decryption algorithm Encryption algorithm Transmitted ciphertext Plain text Plain text Shared secret key

  8. Conventional Encryption Requirements • Knowing the algorithm, the plain text and the ciphered text, it shouldn’t be feasible to determine the key. • The key sharing must be done in a secure fashion.

  9. Encryption Algorithms • Data Encryption Standard (DES) • Plaintext: 64-bit blocks • Key: 56 bits • Has been broken in 1998 (brute force) • Triple DES • Advanced Encryption Standard (AES) • Plaintext: 128-bit blocks • Key: 128, 256 or 512 bits

  10. Location of Encryption Devices PSN PSN PSN PSN End-to-end encryption device PSN Packet Switching Node Link encryption device

  11. Key Distribution • Manual • Selected by A, physically delivered to B • Selected by C, physically delivered to A and B • Automatic • The new key is sent encrypted with an old key • Sent through a 3-rd party with which A and B have encrypted links

  12. Message Authentication • Authentic message means that: • it comes from the alleged source • it has not been modified

  13. Message Authentication Approaches • Authentication with conventional encryption • Authentication without message encryption: • when confidentiality is not necessary • when encryption is unpractical

  14. Message Authentication Code • Uses a secret key to generate a small block of data MACM = F (KAB, M)

  15. One-way Hash Function • Message digest – a “fingerprint” of the message • Like MAC, but without the use of a secret key • The message digest must be authenticated

  16. Secure Hash Requirements • H can be applied to a block of any size • H produces a fixed-length output • H(x) is easy to compute • Given h, it is infeasible to compute x s.t. H(x) = h • Given x, it is infeasible to find y s.t. H(x) = H(y) • It is infeasible to find (x,y) such that H(x) = H(y)

  17. Secure Hash Functions • Message Digest v5 (MD5) • 128-bit message digest • has been found to have collision weakness • Secure Hash Algorithm (SHA-1) • 160-bit message digest

  18. Public-Key Encryption • Each user has a pair of keys: • public key • private key • What is encrypted with one, can only be decrypted with the other

  19. Encryption Bob’s private key Bob’s public key Transmitted ciphertext Plain text Plain text Alice Bob

  20. Authentication Alice’s private key Alice’s public key Transmitted ciphertext Plain text Plain text Alice Bob

  21. Digital Signature • Like authentication, only performed on a message authenticator (SHA-1)

  22. Public-Key Encryption Algorithms • RSA (used by PGP) • El Gamal (used by GnuPG)

  23. Key Management • Public-Key encryption can be used to distribute secret keys for conventional encryption • Public-Key authentication: • signing authority • web of trust

  24. IPv4 and IPv6 Security • Provides encryption/authentication at the network (IP) layer • IPSec applications: • Virtual Private Networking • E-commerce • Optional for IPv4, mandatory for IPv6

  25. IP Header with IPSec Information

  26. Two Types of IPSec Security Protocols

  27. Advantages of IPSec

  28. How an AH is Generated in IPSec

  29. AH Fields

  30. The ESP Header FormatEncapsulated Security Payload

  31. Tunnel Versus Transport Mode

  32. AH Header Placement in Transport Mode

  33. AH Header Placement in Tunnel Mode

  34. ESP Header Placement in Transport Mode

  35. ESP Header Placement in Tunnel Mode

  36. Security Association • One-way relationship between two hosts, providing security services for the payload • Uniquely identified by: • Security Parameter Index (SPI) • IP destination address • Security Protocol Identifier (AH/ESP)

  37. SA Security Parameters

  38. IPSec Process Negotiation

  39. Key Management • Manual • used for small networks • easier to configure • Automated • more scalable • more difficult to setup • ISAKMP/Oakley

  40. IKE Use in an IPSec Environment

More Related