Advanced Computer Networks - CS716 Power Point Slides Lecture 40

7/27/2019 Advanced Computer Networks - CS716 Power Point Slides Lecture 40

1/31

11

CS716

Advanced Computer Networks

By Dr. Amir Qayyum


2/31

2

Lecture No. 40


3/31

3

Security

Outline

Encryption Algorithms

Authentication Protocols

Message Integrity Protocols

Key Distribution

Firewalls


4/31

4

Overview

Cryptography functionsSecret key (e.g. DES)

Public key (e.g. RSA)

Message digest (e.g. MD5) Security services

Privacy: preventing unauthorized release ofinformation

Authentication: verifying identity of the remoteparticipant

Integrity: making sure message has not beenaltered


5/31

5

Taxonomy of Network Security

Security

Cryptographyalgorithms

Public

key(e.g. RSA)

Secret

key(e.g. DES)

Message

digest(e.g. MD5)

Securityservices

AuthenticationPrivacy Message

integrity


6/31

6

Secret Key Encryption


7/31

7

Secret Key Encryption (DES)

Plaintext

Encrypt withsecret key

Ciphertext

Plaintext

Decrypt withsecret key


8/31

8

DES Algorithm

64-bit key (56-bits + 8-bit parity)

16 rounds

Each Round

+

F

Li

1 Ri 1

Ri

Ki

Li

Initial permutation

Round 1

Round 2

Round 16

56-bitkey

Final permutation


9/31

9

Expansion Phase of DES4-bit chunk

Expanded to 6 bits by stealing

a bit from left and right chunks


10/31


11/31

11

Repeat for larger messages

Cipher Block Chaining (CBC)

Block1

IV

DES

Cipher1

Block2

DES

Block3

DES

Block4

DES

+

Cipher2

Cipher3

Cipher4

+++


12/31

12

Public Key Encryption


13/31

13

Public Key Authentication


14/31

14

Public Key Encryption (RSA)

Encryption & Decryptionc = memod n

m = cdmod n

Plaintext

Encrypt with

public key

Ciphertext

Plaintext

Decrypt with

private key


15/31

15

RSA (cont)

Choose two large prime numbersp and

q (each 256 bits)

Multiplyp and q together to get n Choose the encryption key e, such that e

and (p - 1) (q - 1) are relatively prime.

Two numbers are relatively prime if theyhave no common factor greater than one


16/31


17/31

17

Message Digest

Cryptographic checksum

Just as a regular checksum protects the

receiver from accidental changes to the

message, a cryptographic checksum

protects the receiver from malicious

changes to the message.


18/31

18

Message Digest

One-way function

Given a cryptographic checksum for a

message, it is virtually impossible to

figure out what message produced thatchecksum; it is not computationally

feasible to find two messages that hash to

the same cryptographic checksum.


19/31

19

Message Digest

Relevance

If you are given a checksum for a

message and you are able to compute

exactly the same checksum for thatmessage, then it is highly likely this

message produced the checksum you

were given.


20/31

20

Overview of Message Digest Operation

Transform

Initial digest

(constant)

Message (padded)

Transform

Transform

Message digest

512 bits 512 bits 512 bits


21/31

21

Authentication Protocols

Three-way handshakeClient Server


22/31

22

Trusted third party (Kerberos)

Third Party Authentication

AS B

A, B


23/31

23

Public Key Authentication

A B


24/31

24

Message Integrity


25/31

25


Keyed MD5

Sender: m + MD5 (m + k) + E(E(k, rcvpub),

private)

Receiver

Recovers random key using the senders

public key

Applies MD5 to the concatenation of this

random key message


26/31

26


MD5 with RSA signatureSender: m + E(MD5(m), private)Receiver

Decrypts signature with senders public key

Compares result with MD5 checksum sentwith message


27/31

27

Tree-structured CA Hierarchy


28/31

28

Authentication


29/31

29

Session Key Communication


30/31

30

Session Key Communication


31/31

31

Key

DistributionCenter

Advanced Computer Networks - CS716 Power Point Slides Lecture 40

Documents

Transcript of Advanced Computer Networks - CS716 Power Point Slides Lecture 40