Computer Networking Chapter 8 A Top-Down Approach Security KUROSE ROSS A note on the use of these ppt slides: Computer We're making these slides freely available to all(faculty,students,readers) They're in PowerPoint form so you see the animations;and can add,modify. Networking:A and delete slides (including this one)and slide content to suit your needs. They obviously represent a lot of work on our part.In return for use,we only Top Down ask the following: If you use these slides (e.g.,in a class)that you mention their source Approach (after all,we'd like people to use our book!) 6th edition If you post any slides on a www site,that you note that they are adapted from (or perhaps identical to)our slides,and note our copyright of this Jim Kurose,Keith Ross material. Addison-Wesley Thanks and enjoy!JFK/KWR March 2012 urhts Reserved 8-1
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!) If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved
Chapter 8:Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality" authentication ·message integrity security in practice: firewalls and intrusion detection systems security in application,transport,network,link layers Network Security 8-2
Network Security 8-2 Chapter 8: Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality” authentication message integrity security in practice: firewalls and intrusion detection systems security in application, transport, network, link layers
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity,authentication 8.4 Securing e-mail 8.5 Securing TCP connections:SSL 8.6 Network layer security:IPsec 8.7 Securing wireless LANs 8.8 Operational security:firewalls and IDS Network Security 8-3
Network Security 8-3 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS
What is network security? confidentiality:only sender,intended receiver should “understand”message contents sender encrypts message receiver decrypts message authentication:sender,receiver want to confirm identity of each other message integrity:sender,receiver want to ensure message not altered (in transit,or afterwards)without detection access and availability:services must be accessible and available to users Network Security 8-4
Network Security 8-4 What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message authentication: sender, receiver want to confirm identity of each other message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection access and availability: services must be accessible and available to users
Friends and enemies:Alice,Bob, Trudy well-known in network security world Bob,Alice (lovers!)want to communicate "securely" Trudy (intruder)may intercept,delete,add messages Alice Bob channel data,control messages data secure secure data sender receiver Trudy Network Security 8-5
Network Security 8-5 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages secure sender s secure receiver channel data, control messages data data Alice Bob Trudy
Who might Bob,Alice be? ..well,real-life Bobs and Alices! Web browser/server for electronic transactions (e.g.,on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples? Network Security 8-6
Network Security 8-6 Who might Bob, Alice be? … well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
There are bad guys(and girls)out there! Q:What can a“bad guy”do? A:A lot!See section 1.6 -eavesdrop:intercept messages actively insert messages into connection impersonation:can fake (spoof)source address in packet (or any field in packet) "hijacking:“take over'”ongoing connection by removing sender or receiver,inserting himself in place denial of service:prevent service from being used by others (e.g.,by overloading resources) Network Security 8-7
Network Security 8-7 There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: A lot! See section 1.6 eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity,authentication 8.4 Securing e-mail 8.5 Securing TCP connections:SSL 8.6 Network layer security:IPsec 8.7 Securing wireless LANs 8.8 Operational security:firewalls and IDS Network Security 8-8
Network Security 8-8 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS
The language of cryptography @→Alice's @学Bob's encryption K_decryption key Bkey plaintext encryption ciphertext decryption plaintext algorithm algorithm m plaintext message KA(m)ciphertext,encrypted with key KA m KB(KA(m)) Network Security 8-9
Network Security 8-9 The language of cryptography m plaintext message KA (m) ciphertext, encrypted with key K A m = KB (KA (m)) plaintext ciphertext plaintext KA encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B
Breaking an encryption scheme cipher-text only attack: known-plaintext attack: Trudy has ciphertext Trudy has plaintext she can analyze corresponding to two approaches: ciphertext ■brute force:search e.g.,in monoalphabetic through all keys cipher,Trudy statistical analysis determines pairings for a,l,i,c,e,b,o, chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext Network Security 8-10
Network Security 8-10 Breaking an encryption scheme cipher-text only attack: Trudy has ciphertext she can analyze two approaches: brute force: search through all keys statistical analysis known-plaintext attack: Trudy has plaintext corresponding to ciphertext e.g., in monoalphabetic cipher, Trudy determines pairings for a,l,i,c,e,b,o, chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext