Đang tải... (xem toàn văn)
Advanced Computer Networks: Lecture 40. This lecture will cover the following: security; encryption algorithms; cryptography functions; taxonomy of network security; secret key encryption; public key authentication; authentication protocols; message integrity protocols; key distribution; firewalls;...
CS716 Advanced Computer Networks By Dr. Amir Qayyum 1 Lecture No. 40 Security Outline – – – – – Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview • Cryptography functions – Secret key (e.g. DES) – Public key (e.g. RSA) – Message digest (e.g. MD5) • Security services – Privacy: preventing unauthorized release of information – Authentication: verifying identity of the remote participant – Integrity: making sure message has not been altered Taxonomy of Network Security Security Cryptography algorithms Security services Secret Public Message key key digest (e.g DES) (e.g RSA) (e.g MD5) Privacy Authentication Message integrity Secret Key Encryption Secret Key Encryption (DES) Plaintext Plaintext Encrypt with secret key Decrypt with secret key Ciphertext DES Algorithm Initial permutation • 64bit key (56bits + 8bit parity) • 16 rounds Round • Each Round Round 56bit key L ─1 i R ─1 i F + Round 16 Ri Li Final permutation Ki Expansion Phase of DES 4-bit chunk ■■■ ■■■ ■■■ ■■■ Expanded to bits by stealing a bit from left and right chunks Secret Key Encryption Plaintext Block Plaintext Block Plaintext Block Plaintext Block Encryption Function Blocks of Ciphertext Initialization Vector (For block only) 10 Message Digest • Cryptographic checksum – Just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message 17 Message Digest • Oneway function – Given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum 18 Message Digest • Relevance – If you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given 19 Overview of Message Digest Operation Initial “digest” (constant) Message (padded) 512 bits 512 bits 512 bits ■■■ Transform Transform Transform Message digest 20 Authentication Protocols • Threeway handshake Client Server ClientI d, E , E(x + S (x , C H K) HK) S , Y ( HK), E E(y + , CHK) HK) S , K E(S 21 Third Party Authentication • Trusted third party (Kerberos) S A B A, B E((T, L, K, K B) , E(A()T, , L, K, A ), K B ) E( ( A , T), E((TK), , L, K, A ), KB ) , K) + E(T 22 Public Key Authentication A B E(x, Pu blic B ) x 23 Message Integrity 24 Message Integrity Protocols • Keyed MD5 – Sender: m + MD5 (m + k) + E(E(k, rcv – pub), private) – Receiver • Recovers random key using the sender’s public key • Applies MD5 to the concatenation of this random key message 25 Message Integrity Protocols • MD5 with RSA signature – Sender: m + E(MD5(m), private) – Receiver • Decrypts signature with sender’s public key • Compares result with MD5 checksum sent with message 26 Treestructured CA Hierarchy 27 Authentication 28 Session Key Communication 29 Session Key Communication 30 Key Distribution Center 31 .. .Lecture? ?No.? ?40? ? Security Outline – – – – – Encryption Algorithms Authentication Protocols Message Integrity Protocols ... Round 56bit key L ─1 i R ─1 i F + Round 16 Ri Li Final permutation Ki Expansion Phase of DES 4-bit chunk ■■■ ■■■ ■■■ ■■■ Expanded to bits by stealing a bit from left and right chunks Secret Key Encryption