Computer Networking Chapter 8 A TOP-DOWN APPROACH SEVENTH EDITION Security KUROSE·ROSS A note on the use of these Powerpoint slides: We're making these slides freely available to all (faculty,students,readers). They're in PowerPoint form so you see the animations;and can add,modify. and delete slides (including this one)and slide content to suit your needs. They obviously represent a lot of work on our part.In retumn for use,we only ask the following: Computer If you use these slides(e.g.,in a class)that you mention their source Networking:A Top (after all,we'd like people to use our book!) If you post any slides on a ww site,that you note that they are adapted from(or perhaps identical to)our slides,and note our copyright of this Down Approach material. 7th edition Thanks and enjoy!JFK/KWR Jim Kurose,Keith Ross ©e n818621知Rgs1 Resenved Pearson/Addison Wesley April 2016 Security 8-1
Computer Networking: A Top Down Approach A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: ▪ If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!) ▪ If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 Chapter 8 Security Security 8-1
Chapter 8:Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond "confidentiality" ·authentication ·message integrity security in practice: firewalls and intrusion detection systems security in application,transport,network,link layers Security 8-2
Chapter 8: Network Security Chapter goals: ▪ understand principles of network security: • cryptography and its many uses beyond “confidentiality” • authentication • message integrity ▪ security in practice: • firewalls and intrusion detection systems • security in application, transport, network, link layers Security 8-2
Chapter 8 roadmap 8.I What is network security? 8.2 Principles of cryptography 8.3 Message integrity,authentication 8.4 Securing e-mail 8.5 Securing TCP connections:SSL 8.6 Network layer security:IPsec 8.7 Securing wireless LANs 8.8 Operational security:firewalls and IDS Security 8-3
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Security 8-3
What is network security? confidentiality:only sender,intended receiver should "understand"message contents sender encrypts message receiver decrypts message authentication:sender,receiver want to confirm identity of each other message integrity:sender,receiver want to ensure message not altered (in transit,or afterwards)without detection access and availability:services must be accessible and available to users Security 8-4
What is network security? confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message authentication: sender, receiver want to confirm identity of each other message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection access and availability: services must be accessible and available to users Security 8-4
Friends and enemies:Alice,Bob,Trudy well-known in network security world Bob,Alice (lovers!)want to communicate "securely" Trudy(intruder)may intercept,delete,add messages Alice Bob channel data,control messages data secure secure data sender receiver Trudy Security 8-5
Friends and enemies: Alice, Bob, Trudy ▪ well-known in network security world ▪ Bob, Alice (lovers!) want to communicate “securely” ▪ Trudy (intruder) may intercept, delete, add messages secure sender s secure receiver channel data, control messages data data Alice Bob Trudy Security 8-5
Who might Bob,Alice be? ..well,real-life Bobs and Alices! Web browser/server for electronic transactions (e.g.,on-line purchases) on-line banking client/server ■DNS servers routers exchanging routing table updates other examples? Security 8-6
Who might Bob, Alice be? ▪ … well, real-life Bobs and Alices! ▪ Web browser/server for electronic transactions (e.g., on-line purchases) ▪ on-line banking client/server ▪ DNS servers ▪ routers exchanging routing table updates ▪ other examples? Security 8-6
There are bad guys (and girls)out there! Q:What can a“bad guy”do? A:A lot!See section 1.6 eavesdrop:intercept messages actively insert messages into connection impersonation:can fake (spoof)source address in packet(or any field in packet) ·hijacking:“take over”ongoing connection by removing sender or receiver,inserting himself in place denial of service:prevent service from being used by others(e.g.,by overloading resources) Security 8-7
There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: A lot! See section 1.6 • eavesdrop: intercept messages • actively insert messages into connection • impersonation: can fake (spoof) source address in packet (or any field in packet) • hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place • denial of service: prevent service from being used by others (e.g., by overloading resources) Security 8-7
Chapter 8 roadmap 8.I What is network security? 8.2 Principles of cryptography 8.3 Message integrity,authentication 8.4 Securing e-mail 8.5 Securing TCP connections:SSL 8.6 Network layer security:IPsec 8.7 Securing wireless LANs 8.8 Operational security:firewalls and IDS Security 8-8
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Security 8-8
The language of cryptography ⑥学Alice's @学Bob's KA encryption K.decryption key IEkey plaintext encryption ciphertext decryption plaintext algorithm algorithm m plaintext message KA(m)ciphertext,encrypted with key KA m=KB(KA(m)) Security 8-9
The language of cryptography m plaintext message KA(m) ciphertext, encrypted with key KA m = KB (KA (m)) plaintext ciphertext plaintext K A encryption algorithm decryption algorithm Alice’ s encryption key Bob’ s decryption key K B Security 8-9
Breaking an encryption scheme ■ cipher-text only attack: known-plaintext attack: Trudy has ciphertext she Trudy has plaintext can analyze corresponding to ciphertext two approaches: e.g.,in monoalphabetic 。brute force:search cipher,Trudy determines through all keys pairings for a,l,i,c,e,b,o, statistical analysis chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext Security 8-10
Breaking an encryption scheme ▪ cipher-text only attack: Trudy has ciphertext she can analyze ▪ two approaches: • brute force: search through all keys • statistical analysis ▪ known-plaintext attack: Trudy has plaintext corresponding to ciphertext • e.g., in monoalphabetic cipher, Trudy determines pairings for a,l,i,c,e,b,o, ▪ chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext Security 8-10