Академический Документы
Профессиональный Документы
Культура Документы
SECURITY IN MANY LAYERS- deals with use of the above tools in the top 4 layers of IP, namely Application layer Transport Layer Network layer Data link layer
SECURE E-MAIL
Most important security features when designing a secure e-mail system:
-> CONFIDENTIALITY
Confidentiality
a) Encrypt message symmetric key technology by sender & Decryption by receiver
c) Session key
Session Key: Sender i) selects a symmetric session key , ii) Encrypts message m using iii) Encrypts
Ks with public key
Ks
Ks
iv)Concatenates encrypted message and encrypted symmetric key to form package v) Sends package to receivers e-mail id
KS(m )
KS(m ) Internet
KS ( ) KS -
KS
+ KB
+ KB ( )
+
+ KB(KS )
+ KB(KS ) KB
KB( )
Alice:
symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob.
generates random
8: Network Security
8-7
Receiver i) Uses his private key to decrypt symmetric key ii) Uses
Ksto decrypt message m
Ks
Secure e-mail
KS(m )
KS(m ) Internet
KS ( ) KS -
KS
+ KB
+ KB ( )
+
+ KB(KS )
+ KB(KS ) KB
KB( )
Bob:
uses his private key to decrypt and recover K S uses K to decrypt K (m) to recover m S S
8: Network Security 8-9
Digital Signatures
Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
Simple digital signature for message m: Bob signs m by encrypting with his private key KB, creating signed message, KB(m) Bobs message, m Dear Alice ---text--------Bob K
- Bobs private B key
Message Digests
Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- tocompute digital fingerprint apply hash function H to m, get fixed size message digest, H(m).
large message m
H: Hash Function
H(m)
Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m)
8: Network Security 8-13
Sender: i) Applies hash function H to message m to obtain message digest ii) Signs the result of hash function with private key to create digital signature iii) Concatenates original message with signature to form package iv)Sends to receivers e-mail id
H(.)
. K ()
A
KA(H(m))
KA(H(m)) Internet
+ KA KA( ) +
H(m )
+
m
compare H( )
H(m )
Alice digitally signs message. sends both message (in the clear) and digital signature.
8: Network Security 8-15
Receiver: i) Applies senders public key to signed message digest ii) Compares the result with his own hash H If two results are same, receiver can be confident that message came from the correct sender and is unaltered
KA
KA( )
KA(H(m))
+
m KS
KS ( )
KS
+ KB
+ KB( )
+
+ KB(KS )
Internet
Alice uses three keys: her private key, Bobs public key, newly created symmetric key
8: Network Security 8-17
Pretty good privacy (PGP - commercial) or Gnu Privacy Guard (GPG - free)
Internet e-mail encryption scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman,
A PGP signed message:
---BEGIN PGP SIGNED MESSAGE--Hash: SHA1 Bob: Hai how do you do? Am going on vacation ---BEGIN PGP SIGNATURE--Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJh FEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---
8: Network Security
8-18
FEATURES
SSL server authentication : i) allows the user to confirm server identity ii) SSL enabled browser maintains a list of CAs and their public keys Iii) browser - > certificate - > server iv) thus server is authenticated before user submits payment details SSL provides mechanism for detecting tampering with the information by an intruder
SSL client authentication : i) allows server to confirm user identity ii) it is optional iii) makes use of client certificates, issued by CAs
Encrypted SSL session : i) all information sent between browser and server is encrypted by the sending software and decrypted by receiving software ii) important to both customer and merchant
Bob generates a random symmetric key & encrypts it using alice public key