McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

Chapter 29

InternetSecurity


CONTENTSCONTENTS• INTRODUCTION• PRIVACY• DIGITAL SIGNATURE• SECURITY IN THE INTERNET• APPLICATION LAYER SECURITY• TRANSPORT LAYER SECURITY: TLS• SECURITY AT THE IP LAYER: IPSEC• FIREWALLS


INTRODUCTIONINTRODUCTION

29.129.1


Figure 29-1

Aspects of security


PRIVACYPRIVACY

29.229.2


Figure 29-2

Secret-key encryption


In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender

(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.


Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because

the same key can the same key can be used in both directions.be used in both directions.


Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.


We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.


KDCKDC can solve the problem can solve the problem

of secret-key distribution.of secret-key distribution.


Figure 29-3

Public-key encryption


Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.


A A CACA

can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.


Figure 29-4

Combination


To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key

encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.


DIGITAL SIGNATUREDIGITAL SIGNATURE

29.329.3


Figure 29-5

Signing the whole document


Digital signature cannot be Digital signature cannot be achieved using only secret keys. achieved using only secret keys.


Digital signature does not Digital signature does not provide privacy. provide privacy.

If there is a need for privacy, If there is a need for privacy, another layer of another layer of

encryption/decryption encryption/decryption must be applied.must be applied.


Figure 29-6

Signing the digest


Figure 29-7

Sender site


Figure 29-8

Receiver site


SECURITY IN THESECURITY IN THEINTERNETINTERNET

29.429.4


APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY

29.529.5


Figure 29-9

PGP at the sender site


Figure 29-10

PGP at the receiver site


TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY

(TLS)(TLS)

29.629.6


Figure 29-11

Position of TLS


Figure 29-12

Handshake protocol


SECURITY AT THESECURITY AT THEIP LAYERIP LAYER

(IPSec)(IPSec)

29.729.7


Figure 29-13

Authentication


Figure 29-14

Header format


Figure 29-15

ESP


Figure 29-16

ESP format


FIREWALLSFIREWALLS

29.829.8


Figure 29-17

Firewall


Figure 29-18

Packet-filter firewall


A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.


Figure 29-19

Proxy firewall


A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.

Documents

Transcript of McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.