1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
-
Upload
allen-cunningham -
Category
Documents
-
view
223 -
download
2
Transcript of 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
![Page 1: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/1.jpg)
1
ECE453 – Introduction to Computer Networks
Lecture 19 – Network Security (II)
![Page 2: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/2.jpg)
2
Network Security
Physical Layer Security
Link Layer Security
Network Layer Security
Transport Layer Security
Application Layer Security
Wire protection
Link encryption
Firewall, IPSec
Process-to-process security
User authentication, nonrepudiation
Cryptography
![Page 3: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/3.jpg)
3
Cryptography
Secrecy Substitution cipher Transposition cipher One-time pad Symmetric-key cryptography Public-key cryptography
Authentication NonrepudiationIntegrity
Kerckhoff’s principle: All algorithms must be public; only the keys are secret
Refreshness and Redundancy in the message
![Page 4: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/4.jpg)
4
IPsec
Where to put security?A framework for multiple services, algorithms, and granularities Services: secrecy, integrity, prevent
replay attack
Connection-oriented SA (Security Association)
![Page 5: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/5.jpg)
5
IPsec
The IPsec authentication header in transport mode for IPv4
(a)ESP in transport mode.
(b)ESP in tunnel mode.
![Page 6: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/6.jpg)
6
Firewalls
A firewall consisting of two packet filters and an application gateway
![Page 7: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/7.jpg)
7
Virtual Private Networks
(a) A leased-line private network. (b) A virtual private network
![Page 8: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/8.jpg)
8
![Page 9: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/9.jpg)
9
![Page 10: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/10.jpg)
10
Authentication Based on a Shared Secret Key
The challenge-response protocol A shortened protocol
The reflection attack Using HMAC to counter reflection attack
![Page 11: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/11.jpg)
11
Establishing a Shared Key:The Diffie-Hellman Key Exchange
The bucket brigade or man-in-the-middle attack
![Page 12: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/12.jpg)
12
Authentication Using a Key Distribution Center
Potential replay attack
![Page 13: 1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)](https://reader035.fdocuments.in/reader035/viewer/2022062321/56649ddd5503460f94ad4d2c/html5/thumbnails/13.jpg)
13
Authentication Using Public-Key Cryptography