Cryptography and Network Security

Similar documents
Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Cryptography and Network Security. Sixth Edition by William Stallings

CSCE 715: Network Systems Security

IP Security. Have a range of application specific security mechanisms

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

CS 356 Internet Security Protocols. Fall 2013

Cryptography and Network Security. Sixth Edition by William Stallings

CSC 6575: Internet Security Fall 2017

Pretty Good Privacy (PGP

IPSec. Overview. Overview. Levente Buttyán

Summary of PGP Services

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Lecture 12 Page 1. Lecture 12 Page 3

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Lecture 13 Page 1. Lecture 13 Page 3

Chapter 6/8. IP Security

Lecture 4: Cryptography III; Security. Course Administration

Computer Security: Principles and Practice

The IPsec protocols. Overview

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

IP Security. Cunsheng Ding HKUST, Kong Kong, China

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Introduction and Overview. Why CSCI 454/554?

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

Cryptography and Network Security Chapter 1

COSC4377. Chapter 8 roadmap

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

EEC-682/782 Computer Networks I

Chapter 8 Network Security

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

CSE509: (Intro to) Systems Security

Pretty Good Privacy (PGP)

Security. Communication security. System Security

Introduction to information Security

8. Network Layer Contents

(2½ hours) Total Marks: 75

Virtual Private Network

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

KALASALINGAM UNIVERSITY

Chapter 10: Cipher Techniques

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

10EC832: NETWORK SECURITY

Information Security & Privacy

IP Security IK2218/EP2120

Configuring Security for VPNs with IPsec

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Internet security and privacy

Sample excerpt. Virtual Private Networks. Contents

Virtual Private Networks

EEC-682/782 Computer Networks I

Network Security Chapter 8

Network Security Protocols NET 412D

Chapter 5 Electronic mail security

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Lecture 9: Network Level Security IPSec

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

14. Internet Security (J. Kurose)

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

VPNs and VPN Technologies

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

Key management. Pretty Good Privacy

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Network Encryption 3 4/20/17

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Voice over IPSec. Emilia Rosti Dip. Informatica e Comunicazione Univ. Degli Studi di Milano

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

VPN Overview. VPN Types

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Cryptography and Network Security

Firewalls, Tunnels, and Network Intrusion Detection

Securing Communications

UNIT - IV Cryptographic Hash Function 31.1

Virtual Private Networks (VPN)

IBM i Version 7.2. Security Virtual Private Networking IBM

Chapter 11 The IPSec Security Architecture for the Internet Protocol

Transcription:

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown

Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources of information filled much of this gap. The FBI provided documents taken from the files of the National Security Advisor and relevant NSC staff members, including messages from the PROF system between VADM Poindexter and LtCol North. The PROF messages were conversations by computer, written at the time events occurred and presumed by the writers to be protected from disclosure. In this sense, they provide a first-hand, contemporaneous account of events. The Tower Commission Report to President Reagan on the Iran-Contra Affair, 1987

Email Security Enhancements confidentiality protection from disclosure authentication of sender of message message integrity protection from modification non-repudiation of origin protection from denial by sender

Pretty Good Privacy (PGP) widely used de facto secure email developed by Phil Zimmermann selected best available crypto algs to use integrated into a single program available on Unix, PC, Macintosh and Amiga systems originally free, now have commercial versions available also

PGP Operation Authentication 1. sender creates a message 2. SHA-1 used to generate 160-bit hash code of message 3. hash code is encrypted with RSA using the sender's private key, and result is attached to message 4. receiver uses RSA with sender's public key to decrypt and recover hash code 5. receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic

PGP Operation Confidentiality 1. sender generates message and random 128-bit number to be used as session key for this message only 2. message is encrypted, using CAST-128 / IDEA/3DES with session key 3. session key is encrypted using RSA with recipient's public key, then attached to message 4. receiver uses RSA with its private key to decrypt and recover session key 5. session key is used to decrypt message

PGP Operation Confidentiality & Authentication uses both services on same message create signature & attach to message encrypt both message & signature attach RSA encrypted session key

PGP Operation Compression by default PGP compresses message after signing but before encrypting uses ZIP compression algorithm

PGP Session Keys need a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES uses random inputs taken from previous uses and from keystroke timing of user

PGP Key Rings each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase

PGP Key Management rather than relying on certificate authorities in PGP every user is own CA can sign keys for users they know directly forms a web of trust

S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME email original Internet RFC822 email was text only MIME provided support for varying content types and multi-part messages Image, video, audio, PS, octet-stream S/MIME added security enhancements have S/MIME support in various modern mail agents: MS Outlook, Netscape etc

S/MIME Functions enveloped data encrypted content and associated keys signed data encoded message + signed digest clear-signed data cleartext message + encoded signed digest signed & enveloped data nesting of signed & encrypted entities

S/MIME Cryptographic Algorithms hash functions: SHA-1 & MD5 digital signatures: DSS & RSA session key encryption: D-H & RSA message encryption: Triple-DES, RC2/40 and others have a procedure to decide which algorithms to use According to the capability of the receiving agent

Summary have considered: secure email PGP S/MIME

Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told. The Art of War, Sun Tzu

IP Security have considered some application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that cut across protocol layers would like security implemented by the network for all applications

IPSec Uses

IPSec general IP Security mechanisms provides authentication confidentiality key management applicable to use over LANs, across public & private WANs, & for the Internet

Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users

IP Security Architecture specification is quite complex defined in numerous RFC s incl. RFC 2401/2402/2406/2408 many others, grouped by category mandatory in IPv6, optional in IPv4

IPSec Protocols Authentication Header (AH) Authentication Encapsulating Security Payload (ESP) Confidentiality only OR both

Security Associations a one-way relationship between sender & receiver that affords security for traffic flow defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier (AH or ESP?) has a number of other parameters seq no, AH & EH info, lifetime etc have a database of Security Associations

Authentication Header

Authentication Header (AH) provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents replay attack by tracking sequence numbers based on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret key

Transport & Tunnel Modes

Encapsulating Security Payload (ESP) provides message content confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common

Encapsulating Security Payload

Transport vs Tunnel Mode ESP transport mode is used to encrypt & optionally authenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic tunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security

Combining Security Associations SA s can implement either AH or ESP to implement both need to combine SA s form a security bundle

Combining Security Associations

Summary have considered: IPSec security framework AH ESP

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback