Documente Academic
Documente Profesional
Documente Cultură
(CSE VISEM)
Network Management
Network Security
Bob
data
secure sender
data
Trudy
Manav Rachna College of Engg.
eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)
Manav Rachna College of Engg.
Figure 29-1
Aspects of security
Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Nonrepudation(Access and Availability):Receiver must be able to prove that a received message came from specific sender. services must be accessible ad available to users
CRYPTOGRAPHY
It means secret writing(ciphertext=plaintext+key) Symmetric key cryptography Public key cryptography Digital Signature First service(Privacy) required for Network security is handle by either symmetric key cryptography or public key cryptography And remaining three services are handle by Digital signature
PRIVACY
symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private)
Secret(Symmetric)-key encryption
CONTD.
In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Secret-key encryption is often called symmetric encryption because the same key can be used in both directions. Secret-key encryption is often used for long messages.
A-B
A-B
Manav Rachna College of Engg.
plaintext message, m
A-B
(m))
symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?
KEY MANAGEMENT
Symmetric Key Distribution: It is useful if it used only once, it must be created for one session and destroyed when the session is over
Manav Rachna College of Engg.
abcdefghijklmnopqrstuvwxyz
mnbvcxzasdfghjklpoiuytrewq
CIPHERS
Which is responsible for encrypting a message using key and it is just way of substitution in a text Traditional Ciphers: A character was a unit of data to be encrypted - Substitution Ciphers: substitute one symbol with another - Transpositional Ciphers: Character retain their plaintext form but change their positions to create the cipher text
BLOCK CIPHER
P-box: P(permutation)-box performs a transposition at the bit level - both the P(plaintext) and C(ciphertext) have the same number of 1s and 0s. Product Block: The P-box and S-box can be combined to get a more complex cipher block
TRUSTED INTERMEDIARIES
Symmetric key problem: Public key problem: How do two entities establish When Alice obtains Bobs shared secret key over public key (from web site, network? e-mail, diskette), how does she know it is Bobs Solution: public key, not Trudys? trusted key distribution Solution: center (KDC) acting as intermediary between trusted certification entities authority (CA)
Manav Rachna College of Engg.
Certification authority (CA): binds public key to particular entity, E. It can certify the binding between a public key and the owner E (person, router) registers its public key with CA.
CERTIFICATION AUTHORITIES
E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
Bobs public key +
KB
K CA
CERTIFICATION AUTHORITIES
+ KB
K CA
A CERTIFICATE CONTAINS:
Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown)
r
r
r
PUBLIC-KEY CRYPTOGRAPHY
Public key: available to all(publically), used for encryption only Private key: available to individual(private), used for decryption only Public-key algorithms are more efficient for short messages It reduces the no of keys (+ve point) Increased the complexity of algorithm(-ve point)
Public-key encryption
plaintext message, m
To have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key.
Combination
DIGITAL SIGNATURE
DIGITAL SIGNATURE
Three services Authentication, Integrity and Nonrepudiation will be achieved by this Digital signature cannot be achieved using only secret keys Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied
DIGITAL SIGNATURES
Simple digital signature for message m: Bob signs m by encrypting with his private key KB, creating signed message, KB(m)
Bobs message, m
Dear Alice
Oh, how I have missed you. I think of you all the time! (blah blah blah)
Manav Rachna College of Engg.
K B Bobs private
key
(m) KB
Bobs message, m, signed (encrypted) with his private key
Bob
MESSAGE DIGESTS
large message m
H: Hash Function
Computationally expensive to public-key-encrypt H(m) long messages Goal: fixed-length, easyHash function properties: to-compute digital many-to-1 fingerprint apply hash function H to produces fixed-size msg digest (fingerprint) m, get fixed size given message digest x, message digest, H(m). computationally infeasible to find m such that x = H(m)
H(m)
digital signature (encrypt)
KB
large message m
H: Hash function
KB(H(m))
KB
KB(H(m))
H(m)
equal ?
Manav Rachna College of Engg.
H(m)
Sender site
Receiver site