Академический Документы
Профессиональный Документы
Культура Документы
Sorina Persa
Group 3250
Overview
Security services
Security threats
Encryption
Conventional encryption
Conventional encryption algorithms
Public key encryption
Public key encryption algorithms
Message authentication
IPv4 and IPv6 security
Security Services
Confidentiality
Integrity
Authentication
Access control
Non-repudiation
Availability
Security threats
Information
source
Information
destination
a) Normal flow
b) Interruption
c) Interception
d) Modification
e) Fabrication
Security threats
Security threats
Masquerade
Replay
Modification of message
Denial of service
Encryption
Encryption = the tool used for network and
communication security
It protects against passive attacks
Types:
Conventional encryption
Public-key encryption
Hybrid of the precedent ones
Conventional Encryption
Encryption
algorithm
(e.g. DES)
Transmitted
ciphertext
Decryption
algorithm
Plaintext input
Plaintext output
Secret key
Secret key
Conventional encryption
Time required at
106 encryptions/sec
Key size
(bits)
Number of
alternative keys
32
56
128
Conventional encryption
algorithms
DEA
C = Ek3[Dk2[Ek1[P]]]
Link encryption
End-to-end encryption
Hybrid
Key distribution
For encryption to work over a network, the two
parties (sender and receiver) must exchange and
share the same keys, while protecting access to the
keys from others.
Transmitted
ciphertext
Decryption
algorithm
Plaintext input
Plaintext output
Destinations
public key
Destinations
private key
Steps:
Generation of a pair of keys to be used for
encryption and decryption of message
Placing one of the keys in a public register and
maintaining a collection of public keys from the
other users
Encrypting the message with the destinations public
key
When the destination receives the message, it
decrypts it with the private key
Digital signature
Encryption
algorithm
(e.g. RSA)
Transmitted
ciphertext
Decryption
algorithm
Plaintext input
Plaintext output
Sources
private key
Sources
public key
MAC algo
K
Compare
MAC algo
MAC
Compare
Compare
Kprivate
Kpublic
Compare
Requirements:
Security association
Transport mode
Provides protection primarily for upper-layer protocols
Provides protection to the payload of an IP packet
Typically used for end-to-end communication between
hosts
Tunnel mode
Provides protection to the entire IP packet
Used when one or both ends of an SA is a security
gateway, such as a firewall or router that implements
IPSec