540 likes | 705 Views
Computer Networks. Ivan Marsic Rutgers University. Chapter 7 – Network Security Chapter 8 – Network Monitoring Chapter 9 – Internet Protocols APPENDIX: Probability Refresher. Network Security. Chapter 7. Topic : Secure Communication. Network Security Problem
E N D
Computer Networks Ivan Marsic Rutgers University Chapter 7 – Network Security Chapter 8 – Network Monitoring Chapter 9 – Internet Protocols APPENDIX: Probability Refresher
Network Security Chapter 7
Topic:Secure Communication Network Security Problem Symmetric and Public-Key Cryptosystems Cryptographic Algorithms Authentication
Network Security Problem Secure/Confidential Communication ? 4
Objectives of Information Security Confidentiality: information not disclosed or revealed to unauthorized persons Integrity: consistency of data—preventing unauthorized creation, modification, or destruction Availability: legitimate users are not unduly denied access to resources, including information resources, computing resources, and communication resources Authorized use: resources are not used by unauthorized persons or in unauthorized ways
Message Encoding and Decoding Encoding takes a message M and produces a coded form f(M) Decoding the message requires an inverse function , such that = M.
Two Basic Types of Cryptosystems Symmetric systems: both parties use the same (secret) key in encryption and decryption transformations Public-key systems (aka asymmetric systems): the parties use two related keys, one of which is secret and the other can be publicly disclosed
Public-Key Cryptography In RSA, receiver does the following: Randomly select two large prime numbers p and q, which always must be kept secret. Select an integer number E, known as the public exponent, such that (p 1) and E have no common divisors, and (q 1) and E have no common divisors. Determine the product n = pq, known as public modulus. Determine the private exponent, D, such that (ED 1) is exactly divisible by both (p 1) and (q 1). In other words, given E, we choose D such that the integer remainder when ED is divided by (p 1)(q 1) is 1. Release publicly the public key, which is the pair of numbers n and E, K = (n, E). Keep secret the private key, K = (n, D).
Example: send the plaintext “hello world” receiver chooses p = 5 and q = 7 receiver chooses E = 5, because 5 and (5 1)(7 1) have no common factors. Also, n = pq = 35 receiver chooses D = 29, becausei.e., they are exactly divisible. receiver’s public key is K = (n, E) = (35, 5), which is made public. The private key K = (n, D) = (35, 29) is kept secret.
Example, cont’d Encryption Decryption
Example, cont’d While the adversary knows n and E, he or she does not know p and q, so they cannot work out (p 1)(q 1) and thereby find D.
Topic:Authentication Network Security Problem Symmetric and Public-Key Cryptosystems Cryptographic Algorithms Authentication
Authentication Protocol (1) Assumption: Only Sender needs to be authenticated to Receiver, not mutually. Secure communication is not enough … playback attack:
Authentication Protocol (2) Solution to playback attack:
Impersonation Attack PROBLEM: Public key distribution … Adversary impersonates Bank PROBLEM: Customer unaware that Adversary obtained his account info!
Network Monitoring Chapter 8
Internet Protocols Chapter 9
Visit http://en.wikipedia.org/wiki/Internet_reference_model for more details on the Internet reference model The Internet Reference Model http://en.wikipedia.org/wiki/OSI_model
OSPF Directed Graph of an AS (a) (b)
Address Resolution Protocol (ARP) Need for multiple addresses, hierarchical vs. non-hierarchical
Probability Refresher Appendix
Random Events Possible outcomes of two coin tosses: “Tree diagram” of possible outcomes of two coin tosses:
Poisson Process average arrival rate = 5