Documente Academic
Documente Profesional
Documente Cultură
Lecture No. 41
Authentication
Kerberos
10
11
Key Distribution
Certificate
Special type of digitally signed document:
I certify that the public key in this document belongs to the entity named in this document, signed X.
The name of the entity being certified The public key of the entity The name of the certification authority A digital signature
12
13
Tree-structured CA Hierarchy
14
Calculate MD5 checksum on received message and compare against received value
Transmitted message
16
Original message
Transmitted message
17
Example (PGP)
18
19
20
21
22
NextHdr
Reserved
23
24
ESP Packet
25
Firewalls
26
Firewalls
Firewall Rest of the Internet Local site
Filter-Based Solution
Example
( 192.12.13.14, 1234, 128.7.6.5, 80 ) (*,*, 128.7.6.5, 80 )
Proxy-Based Firewalls
Problem: complex policy Example: web server
Remote Company User Internet Random External User
Firewall
Company net
Web Server
28
Proxy-Based Firewalls
Solution: proxy
Firewall
External Client Local Server
Proxy
P S R
30
Denial of Service
Attacks on end hosts
SYN attack
Attacks on routers
Christmas tree packets Pollute route cache
31