1 / 6

TCP Session 運作圖

TCP: 192.168.0.66:8574 -> 140.126.100.161:80. [5]ARP 解譯 192.168.0.1 to 4:3:2:5:2:6 (MAC). IP: 192.168.0.66 -> 192.168.0.1. IP: 140.126.107.234 -> 140.126.100.161. Ethernet: 8:2:3:4:1:2 -> 4:3:2:5:2:6. Ethernet: 5:3:5:2:5:2 -> 9:3:f:6:2:5. TCP Session 運作圖. [1] 使用者輸入 :

gates
Download Presentation

TCP Session 運作圖

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TCP: 192.168.0.66:8574 -> 140.126.100.161:80 [5]ARP 解譯192.168.0.1 to 4:3:2:5:2:6 (MAC) IP: 192.168.0.66 -> 192.168.0.1 IP: 140.126.107.234 -> 140.126.100.161 Ethernet: 8:2:3:4:1:2 -> 4:3:2:5:2:6 Ethernet: 5:3:5:2:5:2 -> 9:3:f:6:2:5 TCP Session 運作圖 [1] 使用者輸入: “http://www.thit.edu.tw” [2] 瀏覽器解譯 (DNS) “www.thit.edu.tw” to 140.126.100.161 [8] IP 決定本機之服務 [6] IP決定下一個路由點 140.126.100.161 [10] HTTP server 執行要求之服務 Application Application [4] IP 決定下一個路由點 192.168.0.1 [7] ARP 解譯 140.126.100.161 to 9:3:f:6:2:5 [3] “執行 HTTP/1.1協定” [9] “執行 HTTP/1.1協定” Transport Transport Internet Internet Internet Network Interface Network Interface Network Interface Hardware Hardware Hardware 192.168.0.66 192.168.0.1 140.126.107.234 140.126.100.161 使用者 路由器 網站

  2. Here is the deal that you and I h to…..xxxx………………….. Signature Business Work Flow Access Control 權限控管 交易安全需求—傳統與網路 Authentication 認證性 Confidentiality 機密性 Integrity 完整性 Non-repudiation 不可否認性

  3. Network Model Network Protocol Security Protocol Security Application SET、SMIME. IDV. – IDV. IDV. – BUS. SSL/TLS PC – Server (CLIENT - SERVER) BUS. – BUS. (NET – NET) Internet Firewall、 VPN… BUS. – BUS. (NET – NET) Private NET Point to Point Encryption… Point to Point Encryption… BUS. – BUS. (NET – NET) Private NET 企業資訊安全架構 Enterprise Information Systems Business Risk Asses. & Security Policy(ISO17799) Application HTTP、ODBC.. IT Systems Transport TCP/UDP TCP/UDP Network IP IP Data link Ethernet、 Frame relay、 ATM、PPP… Physical UTP FDDI…

  4. PKIX 運用架構 企業端憑證運用 憑證中心作業 LDAP CRL Keys 管理 確認使用者權限 ACL/DB CA簽署使用者憑證 Resources APs Mail 憑證中心(CA) 憑證廢止清單發布 RA 向 CA 申請作業 網路 註冊中心(RA) RA發放使用者憑證 PKI加解密 憑證存入使用者憑證容器 申請介面 A B Cert_A 合法CA發放 Cert_A 沒被撤銷 Cert_A 在有效期內 使用者提出憑證申請 WEB On-site Cert_B 合法CA發放 Cert_B 沒被撤銷 Cert_B 在有效期內 臨櫃申請

  5. Digital Signature Digital Signature Digital Signature Digital Signature Digital Signature Ciphertext Ciphertext Ciphertext Cleartext Ciphertext DES DES DES DES RSA RSA RSA RSA PKI-API Cleartext Receiver Sender Cleartext YES NO System Error or the text has been changed. Active the Security Mechanism Step5: Use Hash function to converge the Cleartext and get a Hash.Result, compare two Results to check integrity of the Cleartext. Y/N Step1: Use Hash function to converge the Cleartext and get a Hash .Result Hash Result Cleartext Hash Result Hash Result Step2: Use Sender’sPrivate Key to encrypt the Hash Result with RSA algorithm as the sender’s Digital Signature. Step4: Use Sender’s Public Key to verify the Digital Signature and get the Hash Result with RSA algorithm and check authentication of the Sender . RSA RSA Digital Signature Cleartext Setp3: Create a Random Key through a white-noise generator to encrypt the whole result of last step with DES algorithm. Setp3: Use the Random Key to decrypt the Ciphertext with DES algorithm and get the Cleartext. Step4: Use Receiver’s Public Key to encrypt the same Random Key and create an Encrypted Key with RSA algorithm. Step2: Use Receiver’s Private Key to decrypt the Encrypted Key and get the Random Key with RSA algorithm. RSA Encrypted Key Encrypted Key RSA Step5: Send the encrypted message through a Secure Channel. Step1: Receive the encrypted message through a secure channel. Secure Channel

  6. 密文 密文 密文 DES DES DES RSA RSA RSA 公開金鑰基礎建設:密碼運作流程 明文 收方 明文 送方 比對不同則系統顯示錯誤訊息 YES NO 啟動安全機制 Step5: (完整性) 使用雜湊函數將明文加密成一個雜湊函數值並比對兩個值的結果以確定資料完整性 Y/N Step1: 使用雜湊函數將明文加密成一個雜湊函數值 雜湊函數值 明文 雜湊函數值 雜湊函數值 Step2: (認證性) 使用送方私鑰(RSA演算法)將雜湊函數值加密成為送方之電子簽章 Step4: (認證與不可否認性) 使用送方之公鑰將雜湊函數值解密確認送方電子簽章之正確性 RSA RSA 明文 明文 電子簽章 電子簽章 Setp3(加密性) 運用亂數產生器產生一把對稱式金鑰(DES)將全部訊息加密 Setp3: 使用對稱式金鑰(DES)將全部訊息解密 DES RSA 密文 電子簽章 電子簽章 Step4: 使用收方之公鑰(RSA)將步驟三之對稱式金鑰(DES)加密 Step2: 使用收方之私鑰(RSA)將被加密之對稱式金鑰(DES)解開 RSA Encrypted Key Encrypted Key RSA 電子簽章 電子簽章 Step5: 將訊息經由安全通道送出. Step1: 經由安全通道收到訊息 安全通道

More Related