Properties of Secure Network Communication



Similar documents
What is network security?

Overview. SSL Cryptography Overview CHAPTER 1

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Chapter 7: Network security

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Web Security: Encryption & Authentication

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

As enterprises conduct more and more

Savitribai Phule Pune University

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security. Omer Rana

Key Management (Distribution and Certification) (1)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

The Secure Sockets Layer (SSL)

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Chapter 8. Network Security

Network Security Technology Network Management

Lecture 9 - Network Security TDTS (ht1)

Three attacks in SSL protocol and their solutions

CS 758: Cryptography / Network Security

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

SECURITY IN NETWORKS

Chapter 17. Transport-Level Security

Cornerstones of Security

Symmetric Key cryptosystem

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Application Layer (1)

Application Layer (1)

Lukasz Pater CMMS Administrator and Developer

CSE/EE 461 Lecture 23

How To Encrypt With A 64 Bit Block Cipher

Network Security. Outline of the Tutorial

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Transport Layer Security Protocols

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Some solutions commonly used in order to guarantee a certain level of safety and security are:

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Apache Security with SSL Using Ubuntu

NETWORK ADMINISTRATION AND SECURITY

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure E-Commerce: Understanding the Public Key Cryptography Jigsaw Puzzle

How To Understand And Understand The History Of Cryptography

Communication Systems SSL

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Lecture G1 Privacy, Security, and Cryptography. Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007

The Misuse of RC4 in Microsoft Word and Excel

Apache, SSL and Digital Signatures Using FreeBSD

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Lecture 9: Application of Cryptography

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

GT 6.0 GSI C Security: Key Concepts

Keywords Web Service, security, DES, cryptography.

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Is your data safe out there? -A white Paper on Online Security

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

7! Cryptographic Techniques! A Brief Introduction

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

IT Networks & Security CERT Luncheon Series: Cryptography

First Semester Examinations 2011/12 INTERNET PRINCIPLES

ELECTRONIC COMMERCE WORKED EXAMPLES

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

2014 IBM Corporation

An Overview of the Secure Sockets Layer (SSL)

Network Security. HIT Shimrit Tzur-David

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

An Introduction to Cryptography as Applied to the Smart Grid

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Global Telehealth Conference 2012

Evaluation of the RC4 Algorithm for Data Encryption

DRAFT Standard Statement Encryption

Security. Learning Objectives. This module will help you...

ERserver. iseries. Secure Sockets Layer (SSL)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Netzwerksicherheit: Anwendungen

SSL/TLS: The Ugly Truth

Network Security Part II: Standards

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Chapter 7 Transport-Level Security

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

Vulnerabilità dei protocolli SSL/TLS

Security in Distributed Systems. Network Security

mod_ssl Cryptographic Techniques

Introduction to Cryptography

Transcription:

Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message, this necessarily requires that the message be somehow encrypted. This aspect of secrecy is probably the most commonly perceived meaning of the term "secure communication. Authentication: Both the sender and receiver need to confirm the identity of the other party involved in the communication - to confirm that the other party is indeed who or what they claim to be. Most common authentication method used : password protection. Other: using Public key encryption, Secure sockets layer (SSL). Message Integrity: Even if the sender and receiver are able to authenticate each other, they also want to insure that the content of their communication is not altered, either maliciously or by accident, in transmission (e.g. using CRCs). #1 lec #16 Spring2000 5-4-2000

Network Security: Traditional Encryption Plaintext P: Key K: E k : Ciphertext C: D k : Messages to be encrypted. Parameter of encryption function. If the key is a binary number then a longer key indicates a stronger cipher. Encryption Algorithm. The encrypted message. Decryption Algorithm. C = E K (P) P = D K (C) = D K (E K (P)) #2 lec #16 Spring2000 5-4-2000

Basic Cipher Types Substitution Ciphers: Replace each letter by a different letter: Example: Caesar cipher, monoalphabetic substitution plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M Transposition Ciphers: Letters reordered. #3 lec #16 Spring2000 5-4-2000

Secret-Key Encryption Algorithms Complex encryption algorithms that rely on series of transpositions and substations. P-box: Performs a specific permutation on input characters/bits. S-box: Performs a specific substitution on input character/bits. Product cipher: Encryption using a series of P and S boxes. #4 lec #16 Spring2000 5-4-2000

Data Encryption Standard (DES) Data Encryption Standard (DES), is a symmetric key encryption standard published in 1977 by the US National Bureau of Standards for commercial and non-classified US government use. DES encodes plaintext in 64 bit chunks using a 64-bit key. Actually, 8 of these 64 bits are odd parity bits (one bit for each of the 8 bytes), so the DES key is effectively 56 bits long. DES consists of two permutation P-box steps (the first and last steps of the algorithm) in which all 64 bits are permuted, and 16 identical "rounds" of operation in between. During each round, the rightmost 32 bits of the input are moved to the left 32 bits of the output. The entire 64-bit input to the ith round and the 48 bit key for the ith round (derived from the larger DES 56-bit ) are taken as input to a function that involves expansion of four-bit input chunks into six-bit chunks, exclusive OR-ing with the expanded six bit chunks of the 48-bit key Ki, a substitution operation and further exclusive OR-ing with the leftmost 32 bits of the input; The resulting 32-bit output of the function is then used as the rightmost 32 bits of the rounds 64-bit output. Decryption works by reversing the algorithm's operations. #5 lec #16 Spring2000 5-4-2000

DES Steps 64-bit blocks of plain text encrypted in 19 stages into 64-bit blocks of ciphertext DES General Outline Detail of One Iteration Stage #6 lec #16 Spring2000 5-4-2000

Cipher-Block Chaining When longer messages than 64 bits are encrypted in DES, which is typically the case, a technique known as cipher-block chaining is used, in which the encrypted version of the jth 64-bit quantity of data is XOR'ed with the (j+1)st unit of data before the (j+1)st unit of data is encrypted. #7 lec #16 Spring2000 5-4-2000

Public Key Encryption Encryption and decryption keys are different: Public key is known and made public. Private key secret and is held by owner. To encrypt a message: The recipient's public key along with the sender s private key are used. To decrypt a message the receiver s private key along with the sender s public key are used. Digital Signature: Encrypt using private key of user. Decrypt using public key. Only owner of private key could have generated original message. Example Algorithm: The RSA (Rivest, Shamir, Adleman) Algorithm. Example: #8 lec #16 Spring2000 5-4-2000

Mutual Authentication Using Public Key Encryption #9 lec #16 Spring2000 5-4-2000

Internet Security: Secure sockets layer (SSL) Originally developed by Netscape, SSL is a protocol designed to provide data encryption and authentication between a Web client and a Web server. The protocol begins with a handshake phase that negotiates an encryption algorithm (e.g., DES) and encryption keys, authenticating the server to the client. Optionally, the client can also be authenticated to the server. Once the handshake is complete and the transmission of application data begins, all data is encrypted using session keys negotiated during the handshake phase. SSL is widely used in Internet commerce, being implemented in almost all popular browsers and Web servers. It is also the basis of the Transport Layer Security (TLS) protocol [RFC 2246]. #10 lec #16 Spring2000 5-4-2000

SSL Features SSL server authentication, allowing a user to confirm a server's identity. An SSL enabled browser maintains a list of trusted certifying authorities (CAs) along with the public keys of the CAs. When the browser wants to do business with an SSL-enabled Web server, the browser obtains from the server a certificate containing the server's public key. The certificate is issued (i.e., digitally signed) by a certificate authority (CA) listed in the client's list of trusted CAs. This feature allows the browser to authenticate the server before the user submits a payment card number. An encrypted SSL session, in which all information sent between browser and server is encrypted by sending software (browser or Web server) and decrypted by the receiving software (browser or Web server). SSL client authentication, allowing a server to confirm a user's identity. Analogous to server authentication, client authentication makes use of client certificates, which have also been issued by CAs. #11 lec #16 Spring2000 5-4-2000

SSL Handshake Steps 1. The browser sends the server the browser's SSL version number and cryptography preferences. 2. The server sends the browser the server's SSL version number, cryptography preferences and its certificate. The certificate includes the server's RSA public key and is certified by some CA, that is, the certificate has been encrypted by a CA's private key. 3. When the browser receives the certificate from the server, it checks to see if the CA is on the entrusted list of CAs. If not, the user is warned of the problem and idicates that an encrypted and authenticated connection cannot be established. If yes, the browser uses the CA's public key to decrypt the certificate and obtain the server's public key. 4. The browser generates a symmetric session key, encrypts it with the server's public key, and sends the encrypted session key to the server. 5. The browser sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the browser portion of the handshake is finished. 6. The server sends a message to the browser informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 7. The SSL handshake is now complete, and the SSL session has begun. The browser and the server use the session key to encrypt and decrypt the data they send to each other and to validate its integrity. #12 lec #16 Spring2000 5-4-2000

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information