Sunteți pe pagina 1din 31

1

UNIT IV
SYLLABUS: Data Compression introduction to JPEG, MPEG, and MP3 cryptography
symmetric-key public-key authentication key distribution key agreement PGP SSH
Transport layer security IP Security wireless security - Firewalls
5.1 Data Compression
Data compression is important to storage systems because it allows more bytes to be packed
into a given storage medium than when the data is uncompressed. Compression also reduces
file transfer time, saving time and communications bandwidth.
A good metric for compression is the compression factor (or compression ratio) given by:

Why Compress?

To reduce the volume of data to be transmitted (text, fax, images)

To reduce the bandwidth required for transmission and to reduce storage requirements
(speech, audio, video)

How is compression possible?

Redundancy in digital audio, image, and video data

Properties of human perception

There are two classes of compression algorithms.


1. lossless compression, ensures that the data recovered from the
compression/decompression process is exactly the same as the original data.
It is used to compress file data, such as executable code, text files, and numeric data
2. lossy compression does not promise that the data received is exactly the same as the
data sent. This is because a lossy algorithm removes information that it cannot later
restore.

It is used to compress still images, video, and audio.


5.2 Lossless Compression Algorithms
The lossy algorithms used to compress image and video data that are of the greatest utility in
todays network
environment.

2
CS2363

Computer Networks

UNIT IV

5.2.1 Run Length Encoding


Run length encoding (RLE) is a compression technique with a brute-force simplicity.
The idea is to replace consecutive occurrences of a given symbol with only one copy of the symbol,
plus a count of how many times that symbol occurshence the name run length. For example, the
string AAABBCDDDD would be encoded as 3A2B1C4D.
RLE can be used to compress digital imagery.
RLE can achieve compression ratios on the order of 8-to-1 for scanned text images.
RLE is the key compression algorithm used to transmit faxes.
5.2.2 Differential Pulse Code Modulation
Another simple lossless compression algorithm is Differential Pulse Code Modulation (DPCM).
The idea here is to first output a reference symbol and then, for each symbol in the data, to output the
difference between that symbol and the reference symbol. For example, using symbol A as the
reference symbol, the string AAABBCDDDD would be encoded as A0001123333 since A is the same
as the reference symbol, B has a difference of 1 from the reference symbol, and so on.
DPCM works better than RLE for most digital imagery.
Using DPCM, we have measured compression ratios of 1.5-to-1 on digital images.
A slightly different approach, called delta encoding, simply encodes a symbol as the difference
from the previous one. Thus, for example, AAABBCDDDD would be represented as A001011000.
Note that delta encoding is likely to work well for encoding images where adjacent pixels are similar.
It is also possible to perform RLE after delta encoding.
5.2.3 Dictionary-Based Methods
Lempel-Ziv (LZ) compression algorithm is the best known.
The idea of a dictionary-based compression algorithm is to build a dictionary (table) of variable-length
strings that you expect to find in the data, and then to replace each of these strings when it appears in
the data with the corresponding index to the dictionary.
For example, the word compression has the index 4978 in one particular dictionary.
To compress a body of text, each time the string compression appears, it would be replaced by 4978.
Since this particular dictionary has just over 25,000 words in it, it would take 15 bits to encode the
index, meaning that the string compression could be represented in 15 bits rather than the 77 bits
required by 7-bit ASCII. This is a compression ratio of 5-to-1!

3
CS2363

Computer Networks

UNIT IV

5.3 Image Compression (JPEG):

DCT Phase
DCT is a transformation closely related to the fast Fourier transform (FFT).
It takes an 8 8 matrix of pixel values as input and outputs an 8 8 matrix of frequency coefficients.
The input matrix is a 64-point signal that is defined in two spatial dimensions (x and y).
DCT breaks this signal into 64 spatial frequencies.
DCT, along with its inverse, which is performed during decompression, is defined by the following
formulas:

Quantization Phase
The second phase of JPEG is where the compression becomes lossy.
DCT does not itself lose information; it just transforms the image into a form that makes it easier to
know what information to remove.
Quantization is simply a matter of dropping the insignificant bits of the frequency coefficients
The basic quantization equation is
QuantizedValue(i, j) = IntegerRound(DCT(i, j)/Quantum(i, j))

4
CS2363

Computer Networks

UNIT IV

Encoding Phase
The final phase of JPEG encodes the quantized frequency coefficients in a compact form. This
results in additional compression, but this compression is lossless.
Starting with the DC coefficient in position (0,0), the coefficients are processed in the zigzag
sequence.
Along this zigzag, a form of run length encoding is usedRLE is applied to only the 0 coefficients,
which is significant because many of the later coefficients are 0.
The individual coefficient values are then encoded using a Huffman code.
5.4 Video Compression
The Moving Picture Experts Group method is used to compress video.
In principle, a motion picture is a rapid flow of a set of frames. Each frame is an image.
In other words, a frame is a spatial combination of pixels, and a video is a temporal combination of
frames. Compressing video means spatially compressing each frame and temporally compressing a set
of frames.
Spatial Compression
The spatial compression of each frame is done with JPEG (or a modification of it).
Temporal Compression
In temporal compression, redundant frames are removed.

5
CS2363

Computer Networks

UNIT IV

To temporally compress data, the MPEG method first divides frames into three categories:
I-frames, P-frames, and B-frames.
I-frames:
An intracoded frame (I-frame) is an independent frame that is not related to any other frame
They are present at regular intervals (e.g., every ninth frame is an I-frame).
An I-frame must appear periodically to handle some sudden change in the frame that the previous and
following frames cannot show.
P-frames:
A predicted frame (P-frame) is related to the preceding I-frame or P-frame.
In other words, each P-frame contains only the changes from the preceding frame.
P-frames can be constructed only from previous 1- or P-frames.
P-frames carry much less information than other frame types and carry even fewer bits
after compression.
B-frames:
A bidirectional frame (B.frame) is related to the preceding and following I-frame or P-frame.
Note that a B-frame is never related to another B-frame.

CS2363

Computer Networks

UNIT IV

5.5 Audio Compression


Audio compression can be used for speech or music.
For speech, we need to compress a 64-kHz digitized signal.
For music, we need to compress a 1.41 I-MHz signal.
Two categories of techniques are used for audio compression:
1. predictive encoding and
2. perceptual encoding.
Predictive Encoding
In predictive encoding, the differences between the samples are encoded. This type of compression is
normally used for speech.
Several standards have been defined such as GSM (13 kbps), G.729 (8 kbps), and G.723.3 (6.4 or 5.3 kbps).
Perceptual Encoding: MP3
It is used to create CD-quality audio.
This type of audio needs at least 1.411 Mbps; this cannot be sent over the Internet without
compression.
MP3 (MPEG audio layer 3), uses Perceptual Encoding technique.
Perceptual encoding is based on the science of psychoacoustics.

In frequency masking, a loud sound in a frequency range can partially or totally mask a softer sound
in another frequency range. For example, we cannot hear what our dance partner says in a room where
a loud heavy metal band is performing.
In temporal masking, a loud sound can numb our ears for a short time even after the sound has
stopped.
MP3 uses these two phenomena, frequency and temporal masking, to compress audio signals.
The technique analyzes and divides the spectrum into several groups.
Zero bits are allocated to the frequency ranges that are totally masked.
A small number of bits are allocated to the frequency ranges that are partially masked.
A larger number of bits are allocated to the frequency ranges that are not masked.
MP3 produces three data rates: 96 kbps, 128 kbps, and 160 kbps.
The rate is based on the range of the frequencies in the original analog audio.

7
CS2363

Computer Networks

UNIT IV

5.6 Computer security is a branch of technology known as information security as applied to computers. The
objective of computer security varies and can include protection of information from theft or corruption, or
the preservation of availability, as defined in the security policy.
Security measures that are applied to each single message are
1. Privacy: It means that the sender and the receiver expect confidentiality. The transmitted message
must make sense to only the intended receiver. A good privacy technique quarantees to some extent
that a potential intruder cannot understand the contents of the messsage. Privacy can be achieved by
using either symmetric-key cryptography or public-key crytography, which are discussed under the
section cryptography.
2. Message authentication: It means that the receiver needs to be sure of the senders identity and that
an imposter has not sent the message. Digital signature can provide message authentication.
3. Message integrity: It means that the data must arrive at the receiver exactly as they were sent. There
must be no change during the transmission either accidental or malicious. Digital signature can
provide message integrity.
4. Nonrepudiation: It means that a receiver must be able to prove that a received message came from a
specific sender. The sender must not be able to deny sending a message that he or she, in fact, did
send. The burden of proof falls on the receiver. Digital signature can provide nonrepudiation.
Cryptography is the practice and study of hiding information.

Figure 5.34 Cryptography components


The original message, before being transformed, is called plaintext.
After the message is transformed, it is called ciphertext.
An encryption algorithm transforms the plaintext to ciphertext.
A decryption algorithm transforms the ciphertext back to plaintext.
The sender uses an encryption algorithm and the receiver uses a decryption algorithm.
The term cipher is also used to refer to different categories of algorithms in cryptography.
A key is a number that the cipher, as an algorithm, operates on.
cryptanalysis (codebreaking) - the study of methods of deciphering ciphertext without knowing key.
cryptology - the field of both cryptography and cryptanalysis

8
CS2363

Computer Networks

UNIT IV

Cryptography can be characterized by:

type of encryption operations used

number of keys used

substitution / transposition / product

single-key or private / two-key or public

way in which plaintext is processed

block / stream

Block Vs Stream Ciphers

block ciphers process messages in into blocks, each of which is then en/decrypted

stream ciphers process messages a bit or byte at a time when en/decrypting

The encryption and decryption algorithms are public; anyone can access them. The keys are secret
they need to be protected. The modern field of cryptography can be broadly divided as: Symmetric-key
cryptography and Public-key cryptography.

5.6.1 Symmetric-key cryptography/ Symmetric Encryption

Also called as conventional / private-key / single-key


sender and recipient share a common key
Substitution cipher
Monoalphabetic substitution cipher
This type of encryption is one of the simplest and most widely known encryption techniques.
Each letter of the plaintext is replaced by a letter some fixed number of positions further down the
alphabet.

9
CS2363

Computer Networks

UNIT IV

Example: Caesar cipher


C = E(p) = (p + k) mod (26)
p = D(C) = (C k) mod (26)
Example: k = 2
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Polyalphabetic substitution cipher
Keyword: M E C M E C M E C M E C M E C M E C M E C M
Plaintext: w e n e e d m o r e s u p p l i e s f a s t
Ciphertext: I I P Q I F Y S T Q W W B T N U I U R E U F
1. Pick a keyword (for our example, the keyword will be "MEC").
2. Write your keyword across the top of the text you want to encipher, repeating it as many times as
necessary.
Transposition Ciphers
Also called as permutation ciphers
These hide the message by rearranging the letter order without altering the actual letters used
write letters of message out in rows over a specified number of columns then reorder the columns
according to some key before reading off the rows
5.6.2 Asymmetric key Encryption/ Public Key Encryption
RSA ALGORITHM
The most common public-key algorithm is called the RSA method after its inventors (Rivest, Shamir and
Adleman). The private key here is a pair of numbers (N, d); the public key is also a pair of numbers (N, e).
The sender uses the following algorithm to encrypt the message:
e

C = p mod N
In this algorithm P is the plaintext, which is represented as a number; C is the number that represent the
ciphertext. The two numbers e and N are components of the public key. Plaintext is raised to the power e and
divided by N. the mod term indicates that the remainder is sent as ciphertext. The receiver uses the following
algorithm to decrypt the message:
d

P = C mod N

10
CS2363

Computer Networks

UNIT IV

In this algorithm, P and C are the same as before. The numbers d and N are the components of private key.

The RSA algorithm is summarized below.


Key Generation
Select p, q

:p ,q both prime pq

Calculate n = p x q
Calculate (n) = (p -l)(q - 1)
Select integer e

:gcd((n), e) = 1; 1< e< (n)

Calculate

:d= e

-1

mod (n)

Public key

:KU = { e,n}

Private key

:KR = {d,n}

Encryption
Plaintext

M<n

Ciphertext

C = M (mod n)

Decryption
Ciphertext

Plaintext

M = C (mod n)

The steps involved in RSA algorithm for generating the key are

Select two prime numbers, p = 17 and q = 11.

Calculate n = p*q = 17*11 = 187

Calculate (n) = (p-1)(q-1) = 16*10 = 160

Select e such that e is relatively prime to (n) = 160 and less than (n); we choose e = 7.

Determine d such that ed = 1 mod (n) and d<160. the correct value is d = 23, because 23*7 = 161 = 1
mod 160.
Key :
Public key :KU = { e,n} = {7,187}

11
CS2363

Computer Networks

UNIT IV

Private key :KR = {d,n} = {23,187}


Encryption
Plaintext M= 88
e

Ciphertext

C = M (mod n)

C= 88 mod 187 = 11
Decryption
d

Plaintext
M= 11

23

M = C (mod n)
mod 187 = 88

5.6.3 Authenticators
Randomly tampering with encrypted text could result in valid-appearing plaintext
Encryption alone does not provide authentication
Need both authentication and integrity
Authenticator is a value included in message that allows verification of authenticity and integrity
of message
Authenticator contains redundant information similar to checksum and CRC
Authenticator proves that message has come from sender who know a certain secret
There are several common cryptographic hash algorithms, including MD5 (for Message Digest 5) and
Secure Hash Algorithm 1 (SHA-1). MD5 outputs a 128-bit digest, and SHA-1 outputs a 160-bit digest
A digest encrypted with a public key algorithm but using the private key is called a digital signature
because it provides nonrepudiation like a written signature.
Another kind of authenticator is similar, but instead of encrypting a hash, it uses a hash-like function
that takes a secret value (known to only the sender and the receiver) as a parameter.
Such a function outputs an authenticator called a message authentication code (MAC).
The sender appends the MAC to her plaintext message.
The receiver recomputes the MAC using the plaintext and the secret value, and compares that
recomputed MAC to the received MAC.
A common variation on MACs is to apply a cryptographic hash (such as MD5 or SHA-1) to the
concatenation of the plaintext message and the secret value.

12
CS2363

Computer Networks

UNIT IV

The resulting digest is called a hashed message authentication code (HMAC) since it is essentially a
MAC.
The HMAC, but not the secret value, is appended to the plaintext message.
Only a receiver who knows the secret value can compute the correct HMAC to compare with the
received HMAC

5.6.4 Cryptographic hash function (cryptographic checksum)

Designed to expose deliberate corruption of messages

CRC and checksums are designed to detect bit errors

Message digest: output of cryptographic hash function

Message digest is appended to cryptotext

For authentication, message digest is encrypted

Receiver decrypts message and computes digest

Computed digest must match decrypted digest from sender

Adversary does not have key to encrypt bogus message digest

Examples are Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1)

13
CS2363

Computer Networks

UNIT IV

5.6.5 Key Predistribution


To use ciphers and authenticators, the communicating participants need to know what keys to
use.
In the case of a symmetric-key cipher, how does a pair of participants obtain the key they
share?
In the case of a public-key cipher, how do participants know what public key belongs to a
certain participant?
The answer differs depending on whether the keys are short-lived session keys or longerlived pre-distributed keys
Key Pre Distribution.
A session key is a key used to secure a single, relatively short episode of communication: a session.
Each distinct session between a pair of participants uses a new session key, which is
always a symmetric-key key for speed.
The participants determine what session key to use by means of a protocola session key
establishment protocol.
A session key establishment protocol needs its own security (so that, for example, an
adversary cannot learn the new session key); that security is based on the longer-lived predistributed keys.
There are several motivations for this division of labor between session keys and pre-distributed keys:

14
CS2363

Computer Networks

UNIT IV

Limiting the amount of time a key is used results in less time for computationally
intensive attacks, less ciphertext for cryptanalysis, and less information exposed should the
key be broken.
Pre-distribution of symmetric keys is problematic.
Public key ciphers are generally superior for authentication and session key
establishment but too slow to use encrypting entire messages for confidentiality.

5.6.5.1 Pre-Distribution of Public Keys


The algorithms to generate a matched pair of public and private keys are publicly
known, and software that does it is widely available.
How can the public key can be publicized ?
A complete scheme for certifying bindings between public keys and identities what key
belongs to whois called a Public Key Infrastructure (PKI).
A PKI starts with the ability to verify identities and bind them to keys out of band. By out
of band, we mean something outside the network and the computers that comprise it.
A digitally signed statement of a public key binding is called a public key certificate,
or simply a certificate
One of the major standards for certificates is known as X.509. This standard leaves a lot of
details open, but specifies a basic structure. A certificate clearly must include
the identity of the entity being certified
the public key of the entity being certified
the identity of the signer
the digital signature
a digital signature algorithm identifier (which cryptographic hash and which cipher)
Certification Authorities
A certification authority or certificate authority (CA) is an entity claimed (by someone) to
be trustworthy for verifying identities and issuing public key certificates.

15
CS2363

Computer Networks

UNIT IV

There are commercial CAs, governmental CAs, and even free CAs.

To use a CA, you must know its own key. You can learn that CAs key, however, if you
can obtain a chain of CA-signed certificates that starts with a CA whose key you already
know.

Then you can believe any certificate signed by that new CA

Certificate Revocation

If someone discovers your private key, they can impersonate you

Revocation of certificates is necessary

CAs maintain (digitally signed) certificate revocation list (CRL)

Before using a certificate, check the CRL

5.6.5.2 Pre-Distribution of Symmetric Keys


Authentication Protocols
Public Key Authentication Protocols

16
CS2363

Computer Networks

UNIT IV

A challenge-response protocol
Public Key Authentication Protocols
i)

A public-key authentication protocol that depends on synchronization


Assumes clocks are synchronized
Alice sends signed timestamp and ID to Bob
Bob looks at signature to authenticate message
Bob looks at timestamp to verify freshness
Bob sends back encrypted session key, timestamp, and his ID
Alice uses her private key to recover session key
Alice checks timeliness and Bobs ID
Could add nonces to deal with imperfectly synchronized clocks

ii)

A public-key authentication protocol that does not depend on synchronization.


No synchronized clocks necessary
Similar to first protocol

17
CS2363

Computer Networks
Bob cannot be sure first message is fresh
Bob replies with his and Alices timestamp
Alice compares her time stamp with her clock
Alice sends session key and Bobs timestamp back to Bob
Bob compares his timestamp against his clock
Could use nonces instead of timestamps

Symmetric Key Authentication Protocols


The Needham-Schroeder authentication protocol
Kerberos Authentication

UNIT IV

18
CS2363

Computer Networks

The Needham-Schroeder authentication protocol

Kerberos Authentication

UNIT IV

19

CS2363

Computer Networks

UNIT IV

Diffie Hellman key exchange


1. Alice and Bob agree to use a prime number p = 23 and base g = 5.
a

2. Alice chooses a secret integer a = 6, then sends Bob A = g mod p


6

A = 5 mod 23

A = 15,625 mod 23

A=8
b

3. Bob chooses a secret integer b = 15, then sends Alice B = g mod p


15

B = 5 mod 23

B = 30,517,578,125 mod 23

B = 19
a

4. Alice computes s = B mod p


6

s = 19 mod 23

s = 47,045,881 mod 23

s=2
b

5. Bob computes s = A mod p


15

s = 8 mod 23

s = 35,184,372,088,832 mod 23

s=2

6. Alice and Bob now share a secret (the number 2) because 6 15 is the same as 15 6.

5.7 Pretty Good Privacy (PGP)


Pretty Good Privacy (PGP) provides encryption and authentication capabilities for electronic mail.
It provides authentication, confidentiality, data integrity, and nonrepudiation.
PGPs confidentiality and receiver authentication depend on the receiver having a known public key.
PGPs sender authentication and nonrepudiation depend on the sender having a known public key.
These public keys are predistributed using certificates and a web-of-trust PKI.
PGP supports RSA and DSS for public key certificates.

20
CS2363

Computer Networks

UNIT IV

When Alice has a message to email to BOB, her PGP application goes through the steps involved in the above
figure.
1. The message is digitally signed by Alice; MD5 and SHA-1 are among the hashes that may be used in the
digital signature. Then her PGP application generates a new session key for just this one message.
2. The digitally signed message is encrypted using session key. Then the session key itself, encrypted using
Bobs public key, is appended to the message.
3. Alices PGP application remains her of the level of trust she had previously assigned to Bobs public key,
based on the number of certificates she has for Bob and the trustworthiness of the individual who signed the
certificates.
4. Finally, to conform emails SMTP protocol base64 encoding is applied to the message to convert it to an
ASCII compatible representation.
Upon receiving the PGP message in an email, Bobs PGP application reverse this process step by step to
obtain the original plaintext message and confirm Alices digital signature
5.8 SSH (Secure Shell)
The Secure Shell (SSH) provides a remote login service and is intended to replace the rsh, rlogin,
telnet, rcp, ftp.

21
CS2363

Computer Networks

UNIT IV

SSH is most often used to provide strong client/server authenticationwhere the SSH client runs on
the users desktop machine and the SSH server runs on some remote machine that the user wants to
log intobut it also supports message integrity and confidentiality.
This means that when they login, both their passwords and all the data they send or receive potentially
passes through countless untrusted networks.
SSH provides a way to encrypt the data sent over these connections and to improve the strength of the
authentication mechanism they use to login.
The latest version of SSH, version 2, consists of three protocols:
SSH-TRANS: a transport layer protocol
SSH-AUTH: an authentication protocol
SSH-CONN: a connection protocol
SSH - TRANS
Provides encrypted channel on top of TCP
Uses RSA to authenticate server and negotiates encryption algorithm to use.
Server tells client its public key
SSH-AUTH
Uses secure channel established in first step
User authenticates himself to server (logs in)
User can authenticate itself to sender by

Sending password over secure channel

Using public-key encryption

Host-based authentication

SSH-CONN
It supports other insecure TCP apps; e.g. X Windows, IMAP
Run these apps over secure SSH tunnel: port Forwarding.

22
CS2363

Computer Networks

UNIT IV

The idea is illustrated in Figure 8.14, where we see a client on host A indirectly communicating with a server
on host B by forwarding its traffic through an SSH connection. The mechanism is called port forwarding
because when messages arrive at the well-known SSH port on the server, SSH first decrypts the contents, and
then forwards the data to the actual port at which the server is listening.
5.9 IP Security (IPsec)
IPsec provides three degreesof freedom.
1) allows users to select from a variety of cryptographic algorithms and specialized security protocols.
2) IPsec allows users to select from a large menu of security properties,including access control, integrity,
authentication, originality, and condentiality.
3) IPsec can be used to protect narrow streams (e.g., packets belonging to a particular TCPconnection being
sent between a pair of hosts) or wide streams (e.g., all packets owingbetween a pair of gateways).
IPsec consists of two parts.
The first part is a pair of protocols that implement the available security services.
AuthenticationHeader (AH), Provides access control, connectionless message integrity,
authentication, and antireplay protection
Encapsulating Security Payload (ESP), which supports these same services, plus condentiality.
The second part is support for key management, which ts under an umbrella protocol known as
Internet Security Association and Key Management Protocol(ISAKMP).
The abstraction that binds these two pieces together is the security association (SA).
An SA is a simplex (one-way) connection with one or more of the available security properties.
When created, an SA is assigned an ID number called a security parameters index (SPI) by the
receiving machine.
A combination of this SPI and the destination IP addresses uniquely identies an SA.
SAs are established, negotiated, modied, and deleted using ISAKMP.

23
CS2363

Computer Networks

UNIT IV

ESP is the protocol used to securely transport data over an established SA.
ESP Format

The SPI eld lets the receiving host identify the security association to which the packet belongs.

The SeqNum eld protects against replay attacks.

The packets PayloadData contains the data described by the NextHdr eld.

The PadLength eld records how much padding was added to the data; padding is sometimes
necessary because, for example, the cipher requires the plaintext to be a multiple of a certain
number of bytes, or to ensure that the resulting ciphertext terminates on a 4-byte boundary.

AuthenticationData carries the authenticator.

IPsec supports a tunnel mode as well as the more straightforward transport mode.

Each SA operates in one or the other mode.

In a transport mode SA, ESPs payload data is simply a message for a higher layer such
as UDP or TCP.

In this mode, IPsec acts as an intermediate protocol layer, much like SSL/TLS does
between TCP and a higher layer.

When an ESP message is received, its payload is passed to the higher level protocol.

In a tunnel mode SA, however, ESPs payload data is itself an IP packet

24
CS2363

Computer Networks

UNIT IV

5.10Transport Layer Security (TLS, SSL, HTTPS)


It is a general-purpose protocol that sits between an application protocol such as HTTP and a transport
protocol suchas TCP.
The sender can open connections and deliver bytes for transmission, and the secure transport layer
will get them to the receiver with necessary condentiality, integrity, and authentication.
By running the secure transport layer on top of TCP, all of the normal features of TCP (reliability, ow
control, con-gestion control, etc.) are also provided to the application.
This arrangement of protocol layers is depicted in Figure 8.15.
When HTTP is used in this way, it is known as HTTPS (Secure HTTP).
A pair of TLS participants negotiate at runtime which cryptography to use.
The participants negotiate a choice of:
1) Data integrity hash, MD5 or SHA, used to implement HMACs.
2) Symmetric-key cipher for condentiality. Among the possibilities are DES, 3DES
3) Session-key establishment approach. Among the possibilities are Dife-Hellman, xed
Dife- Hellman, and public-key authentication protocols using RSA orDSS.
4) a compression algorithm,
A TLS session requires six keys.
TLS derives all of them from a single shared master secret.
The mastersecret is a 384-bit (48-byte) value that is in turn derived in part from the session key
that results from TLSs session-key establishment protocol.
The part of TLS that negotiates the choices and establishes the shared master secret is called the
handshake protocol.
Handshake protocol.
The handshake protocol is at heart a session-key establishment protocol, with a master secret instead of a
session key.
TLS supports a choice of approach to session-key establishment, ranging from public-key certicates to
Dife-Hellman.
The handshake protocol supports a choice between mutual authentication of both participants, authentication
of just one participant (this is the most common case; e.g., authenticate a website but not a user).

25
CS2363

Computer Networks

UNIT IV

Record protocol
TLSs record protocol adds condentiality and integrity to the underlying transport service.
Messages handed down from the application layer are:
1. Fragmented or coalesced into blocks of a convenient size for the following steps;
2 . Optionally compressed;
3. Integrity-protected using an HMAC;
4. Encrypted using a symmetric-key cipher;
5. Passed to the transport layer (normally TCP) for transmission.
The record protocol uses an HMAC as an authenticator.
The client and server have different keys to use when computing HMACs, making them even harder to
break.
Furthermore, each record protocol message is assigned a sequence number, which is included when
the HMAC is computed
. This implicit sequence number prevents replays or reordering of messages.
Another interesting feature of the TLS protocol, which is quite a useful feature for Web transactions,
is the ability to resume a session.
Session resumption is an optimization of the handshake that can be used in those cases where the
client and the server have already established some shared state in the past. The client simply includes
the session ID from a previously established session initial handshake message. If the server nds that
it still has state for that session, and the resumption option was negotiated when that session was
originally created, then the server can reply to the client with an indication of success.

5.11 Wireless Security (IEEE 802.11i)


o The IEEE 802.11i standard provides authentication, message integrity, and confidentiality to
802.11 (Wi-Fi) at the link layer.
o WPA2 (Wi-Fi Protected Access 2) is often used as a synonym for 802.11i, although it is
technically a trademark of The Wi-Fi Alliance that certifies product compliance with
802.11i.
o 802.11i authentication supports two modes. In either mode, the end result of successful
authentication is a shared Pairwise Master Key.
Personal mode, also known as Pre-Shared Key (PSK) mode, provides weaker
security but is more convenient and economical for situations like a home 802.11
network.

The wireless device and the Access Point (AP) are preconfigured with a
shared

CS2363

26
Computer Networks
UNIT IV
passphraseessentially a very long passwordfrom with the Pairwise Master Key is
cryptographically derived.

5.12 Firewalls
A firewall is a device (usually a router or a computer) installed between the internal network of an
organization and the
rest of the Internet. It is designed to forward some packets and filter (not forward) others.

A firewall is usually classified as a


packet-filter firewall
proxy-based firewall.
Packet-Filter Firewall
A firewall can be used as a packet filter.

27
CS2363

Computer Networks

UNIT IV

It can forward or block packets based on the information in the network layer and transport layer headers:
source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or
UDP).
A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not
forwarded). Figure 32.23 shows an example of a filtering table.

According to Figure 32.23, the following packets are filtered:


1). Incoming packets from network 131.34.0.0 are blocked (security precaution). Note that the * (asterisk)
means "any."
2. Incoming packets destined for any internal TELNET server (port 23) are blocked.
3. Incoming packets destined for internal host 194.78.20.8 are blocked. The organization wants this host for
internal use only.
4. Outgoing packets destined for an HTfP server (port 80) are blocked. The organization does not want
employees to browse the Internet.

Proxy Firewall
Sometimes we need to filter a message based on the information available in the message itself (at the
application layer).
As an example, assume that an organization wants to implement the following policies regarding its Web
pages: Only those Internet users who have previously established business relations with the company can
have access; access to other users must be blocked.
In this case, testing must be done at the application level (using URLs).
One solution is to install a proxy computer (sometimes called an application gateway), which stands between
the customer (user client) computer and the corporation computer shown in Figure 32.24.

28
CS2363

Computer Networks

UNIT IV

When the user client process sends a message, the proxy firewall runs a server process to receive the request.
The server opens the packet at the application level and finds out if the request is legitimate.
If it is, the server acts as a client process and sends the message to the real server in the corporation. If it is
not, the message is dropped and an error message is sent to the external user.

S-ar putea să vă placă și