McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
-
Upload
allan-mcdowell -
Category
Documents
-
view
218 -
download
1
Transcript of McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Chapter 29
InternetSecurity
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
CONTENTSCONTENTS• INTRODUCTION• PRIVACY• DIGITAL SIGNATURE• SECURITY IN THE INTERNET• APPLICATION LAYER SECURITY• TRANSPORT LAYER SECURITY: TLS• SECURITY AT THE IP LAYER: IPSEC• FIREWALLS
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
INTRODUCTIONINTRODUCTION
29.129.1
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-1
Aspects of security
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
PRIVACYPRIVACY
29.229.2
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-2
Secret-key encryption
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender
(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because
the same key can the same key can be used in both directions.be used in both directions.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
KDCKDC can solve the problem can solve the problem
of secret-key distribution.of secret-key distribution.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-3
Public-key encryption
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A A CACA
can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-4
Combination
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key
encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
DIGITAL SIGNATUREDIGITAL SIGNATURE
29.329.3
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-5
Signing the whole document
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Digital signature cannot be Digital signature cannot be achieved using only secret keys. achieved using only secret keys.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Digital signature does not Digital signature does not provide privacy. provide privacy.
If there is a need for privacy, If there is a need for privacy, another layer of another layer of
encryption/decryption encryption/decryption must be applied.must be applied.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-6
Signing the digest
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-7
Sender site
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-8
Receiver site
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
SECURITY IN THESECURITY IN THEINTERNETINTERNET
29.429.4
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY
29.529.5
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-9
PGP at the sender site
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-10
PGP at the receiver site
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY
(TLS)(TLS)
29.629.6
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-11
Position of TLS
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-12
Handshake protocol
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
SECURITY AT THESECURITY AT THEIP LAYERIP LAYER
(IPSec)(IPSec)
29.729.7
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-13
Authentication
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-14
Header format
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-15
ESP
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-16
ESP format
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
FIREWALLSFIREWALLS
29.829.8
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-17
Firewall
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-18
Packet-filter firewall
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Figure 29-19
Proxy firewall
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.