Advanced Computer Networks - CS716 Power Point Slides Lecture 40
-
Upload
taran-aulakh -
Category
Documents
-
view
215 -
download
0
Transcript of Advanced Computer Networks - CS716 Power Point Slides Lecture 40
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
1/31
11
CS716
Advanced Computer Networks
By Dr. Amir Qayyum
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
2/31
2
Lecture No. 40
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
3/31
3
Security
Outline
Encryption Algorithms
Authentication Protocols
Message Integrity Protocols
Key Distribution
Firewalls
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
4/31
4
Overview
Cryptography functionsSecret key (e.g. DES)
Public key (e.g. RSA)
Message digest (e.g. MD5) Security services
Privacy: preventing unauthorized release ofinformation
Authentication: verifying identity of the remoteparticipant
Integrity: making sure message has not beenaltered
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
5/31
5
Taxonomy of Network Security
Security
Cryptographyalgorithms
Public
key(e.g. RSA)
Secret
key(e.g. DES)
Message
digest(e.g. MD5)
Securityservices
AuthenticationPrivacy Message
integrity
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
6/31
6
Secret Key Encryption
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
7/31
7
Secret Key Encryption (DES)
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
8/31
8
DES Algorithm
64-bit key (56-bits + 8-bit parity)
16 rounds
Each Round
+
F
Li
1 Ri 1
Ri
Ki
Li
Initial permutation
Round 1
Round 2
Round 16
56-bitkey
Final permutation
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
9/31
9
Expansion Phase of DES4-bit chunk
Expanded to 6 bits by stealing
a bit from left and right chunks
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
10/31
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
11/31
11
Repeat for larger messages
Cipher Block Chaining (CBC)
Block1
IV
DES
Cipher1
Block2
DES
Block3
DES
Block4
DES
+
Cipher2
Cipher3
Cipher4
+++
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
12/31
12
Public Key Encryption
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
13/31
13
Public Key Authentication
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
14/31
14
Public Key Encryption (RSA)
Encryption & Decryptionc = memod n
m = cdmod n
Plaintext
Encrypt with
public key
Ciphertext
Plaintext
Decrypt with
private key
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
15/31
15
RSA (cont)
Choose two large prime numbersp and
q (each 256 bits)
Multiplyp and q together to get n Choose the encryption key e, such that e
and (p - 1) (q - 1) are relatively prime.
Two numbers are relatively prime if theyhave no common factor greater than one
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
16/31
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
17/31
17
Message Digest
Cryptographic checksum
Just as a regular checksum protects the
receiver from accidental changes to the
message, a cryptographic checksum
protects the receiver from malicious
changes to the message.
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
18/31
18
Message Digest
One-way function
Given a cryptographic checksum for a
message, it is virtually impossible to
figure out what message produced thatchecksum; it is not computationally
feasible to find two messages that hash to
the same cryptographic checksum.
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
19/31
19
Message Digest
Relevance
If you are given a checksum for a
message and you are able to compute
exactly the same checksum for thatmessage, then it is highly likely this
message produced the checksum you
were given.
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
20/31
20
Overview of Message Digest Operation
Transform
Initial digest
(constant)
Message (padded)
Transform
Transform
Message digest
512 bits 512 bits 512 bits
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
21/31
21
Authentication Protocols
Three-way handshakeClient Server
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
22/31
22
Trusted third party (Kerberos)
Third Party Authentication
AS B
A, B
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
23/31
23
Public Key Authentication
A B
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
24/31
24
Message Integrity
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
25/31
25
Message Integrity Protocols
Keyed MD5
Sender: m + MD5 (m + k) + E(E(k, rcvpub),
private)
Receiver
Recovers random key using the senders
public key
Applies MD5 to the concatenation of this
random key message
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
26/31
26
Message Integrity Protocols
MD5 with RSA signatureSender: m + E(MD5(m), private)Receiver
Decrypts signature with senders public key
Compares result with MD5 checksum sentwith message
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
27/31
27
Tree-structured CA Hierarchy
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
28/31
28
Authentication
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
29/31
29
Session Key Communication
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
30/31
30
Session Key Communication
-
7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40
31/31
31
Key
DistributionCenter