1 / 10

QMCS 490 - Class Today

QMCS 490 - Class Today. Homework due Today LAN and Internet Addresses Finish up Firewalls Routing Exercise Secret Key Management Wireshark. LAN and Internet Addresses. Let’s try to ‘map’ everyones’ addresses. Network Address Translation. Original purpose: more hosts & addresses

hilda-zamora
Download Presentation

QMCS 490 - Class Today

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. QMCS 490 - Class Today • Homework due Today • LAN and Internet Addresses • Finish up Firewalls • Routing Exercise • Secret Key Management • Wireshark R. Smith - University of St Thomas - Minnesota

  2. LAN and Internet Addresses • Let’s try to ‘map’ everyones’ addresses R. Smith - University of St Thomas - Minnesota

  3. Network Address Translation • Original purpose: more hosts & addresses • Let “insiders” use restricted addresses • Translate them on the way out • A ‘multiplexing’ mechanism • Users share a “real” Internet address R. Smith - University of St Thomas - Minnesota

  4. Firewalls and LAN support • Provide a few standard LAN services • Router connection • DHCP R. Smith - University of St Thomas - Minnesota

  5. Routing Exercise • Identify some ‘routers’ • The rest are ‘hosts’ R. Smith - University of St Thomas - Minnesota

  6. Secret Key Management • Two elements • How do you assign individual keys • How do you update keys • Assignment – how many keys do we need? • “One Big Cryptonet” • Pairwise user-user • Pairwise user-server (“key distribution center) • Updating – given the assignment strategies • Manual • Automatic R. Smith - University of St Thomas - Minnesota

  7. Automatic key updating • How do we get the new key? • Internal update • use a ‘pseudo random number generator’ • “Forward secrecy” problem • Random update • Use a new, randomly generated key • Share with the cryptonet • How do we transmit random keys? • Chained update • Send it using the existing crypto key • “Forward secrecy” problem • KEK-based update • Use a separate “key encrypting key” • Data is only sent with “data keys” or “session keys” • Only use KEK to send newly generated session R. Smith - University of St Thomas - Minnesota

  8. Key Distribution Center (KDC) • Each user has a unique personal key • Contacts KDC to get a session key • KDC sends keys encrypted with users’ personal keys • Example • Bob wants to talk to Alice • Bob contacts KDC, says “I want to talk to Alice” • KDC sends two copies of the session key • One encrypted with Bob’s personal key • One encrypted with Alice’s personal key • This is the basis of Kerberos • Encrypted keys are called “tickets” R. Smith - University of St Thomas - Minnesota

  9. Wireshark – to the lab! R. Smith - University of St Thomas - Minnesota

  10. That’s it • Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. R. Smith - University of St Thomas - Minnesota

More Related