Scribd Logo
Upload

Welcome to Scribd!

  • Securitarea

    Uploaded by

    Xozan
    46 views29 pages
    This document discusses network security and provides an overview of key concepts such as security services, threats, encryption techniques, algorithms, and protocols. It describes conventional encryption using symmetric keys, public key encryption using asymmetric keys, and hybrid approaches. Specific algorithms covered include DES, AES, RSA, DSA, and hash functions like SHA-1. It also discusses how encryption is applied at the IP layer in IPv4 and IPv6 networks using IPSec.

    Original Description:

    securitarea

    Original Title

    securitarea

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses network security and provides an overview of key concepts such as security services, threats, encryption techniques, algorithms, and protocols. It describes conventional encryption using symmetric keys, public key encryption using asymmetric keys, and hybrid approaches. Specific algorithms covered include DES, AES, RSA, DSA, and hash functions like SHA-1. It also discusses how encryption is applied at the IP layer in IPv4 and IPv6 networks using IPSec.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    46 views29 pages

    Securitarea

    Uploaded by

    Xozan
    This document discusses network security and provides an overview of key concepts such as security services, threats, encryption techniques, algorithms, and protocols. It describes conventional encryption using symmetric keys, public key encryption using asymmetric keys, and hybrid approaches. Specific algorithms covered include DES, AES, RSA, DSA, and hash functions like SHA-1. It also discusses how encryption is applied at the IP layer in IPv4 and IPv6 networks using IPSec.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    Network Security

    Sorina Persa
    Group 3250

    Overview

    Security services
    Security threats
    Encryption
    Conventional encryption
    Conventional encryption algorithms
    Public key encryption
    Public key encryption algorithms
    Message authentication
    IPv4 and IPv6 security

    Security Services

    Confidentiality
    Integrity
    Authentication
    Access control
    Non-repudiation
    Availability

    Security threats
    Information
    source

    Information
    destination
    a) Normal flow

    b) Interruption

    c) Interception

    d) Modification

    e) Fabrication

    Security threats

    Interruption attack on availability


    Interception attack on confidentiality
    Modification attack on integrity
    Fabrication attack on authenticity

    Security threats

    Passive attacks eavesdropping on or monitoring of


    transmissions

    Release of message contents


    Traffic analysis

    Active attacks modification of the data stream or


    creation of a false stream

    Masquerade
    Replay
    Modification of message
    Denial of service

    Encryption
    Encryption = the tool used for network and
    communication security
    It protects against passive attacks
    Types:
    Conventional encryption
    Public-key encryption
    Hybrid of the precedent ones

    Conventional Encryption

    Two parties share a single


    encryption/decryption key

    Encryption
    algorithm
    (e.g. DES)

    Transmitted
    ciphertext

    Decryption
    algorithm

    Plaintext input

    Plaintext output

    Secret key

    Secret key

    Conventional encryption

    Approaches to attacking a conventional


    encryption scheme:

    Cryptanalysis relies on the nature of the algorithms and


    some plaintext-ciphertext pairs
    Brute-force attacks try every possible key
    Time for key search
    Time required at
    1 encryption/sec

    Time required at
    106 encryptions/sec

    Key size
    (bits)

    Number of
    alternative keys

    32
    56
    128

    232 = 4.3x109 231 sec = 35.8 mins 2.15 millisecs


    256 = 7.2x1016 1142 years
    10.01 hours
    3.4x1038
    5.4x1024 years
    5.4x1018 years

    Conventional encryption
    algorithms

    Block ciphers process the plaintext input in


    fixed-size blocks and produce a block of
    ciphertext of equal size for each plaintext block
    It is symmetric
    DES (Data encryption standard)
    DEA (Data encryption algorithm)
    TDEA (Triple data encryption algorithm)

    AES (Advanced encryption standard)

    DEA

    DES was developed by NIST


    DEA key size is 56 bits and the blocks are of 64 bits
    Since 1977, every 5 years, NIST approved DES for use
    In 1997, NIST solicited a new secret key algorithm called
    Advanced Encryption Standard (it uses 128-bit block size and a
    key length of minimum 128 bits)
    In 1998 EFF (Electronic Frontier Foundation) announced that it
    had broken DES
    In October 2000, successor to DES was selected and it was
    called Rijndael
    Double and triple DES is also common

    Triple DEA uses 3 keys and 3 executions of DEA:

    C = Ek3[Dk2[Ek1[P]]]

    Its key length is of 168 bits

    Location of encryption devices

    Link encryption

    End-to-end encryption

    Decrypt each packet at


    every switch
    the source encrypts and
    the destination decrypts

    Hybrid

    Both link and end-toend are needed


    High security

    Key distribution
    For encryption to work over a network, the two
    parties (sender and receiver) must exchange and
    share the same keys, while protecting access to the
    keys from others.

    A key could be selected by A and physically distributed to B


    A third party could select the key and physically deliver it to
    A and B.
    If A and B have previously and recently used a key, one
    party could transmit the new key to the other, encrypted
    using the old key
    If A and B could have an encrypted connection to a third
    party C, C could deliver a key on the encrypted link to A
    and B

    Public key encryption

    Public key algorithms are based on mathematical


    function rather than on simple operations on bit
    patterns
    Public key cryptography is asymmetric, involving the
    use of two separate keys
    The key ingredients are similar to that of conventional
    secret key algorithms, except that there are two keys a
    public key and a private key used as input to the
    encryption and the decryption algorithm

    Public key encryption


    Encryption
    algorithm
    (e.g. RSA)

    Transmitted
    ciphertext

    Decryption
    algorithm

    Plaintext input

    Plaintext output

    Destinations
    public key

    Destinations
    private key

    Public key encryption

    Steps:
    Generation of a pair of keys to be used for
    encryption and decryption of message
    Placing one of the keys in a public register and
    maintaining a collection of public keys from the
    other users
    Encrypting the message with the destinations public
    key
    When the destination receives the message, it
    decrypts it with the private key

    Digital signature
    Encryption
    algorithm
    (e.g. RSA)

    Transmitted
    ciphertext

    Decryption
    algorithm

    Plaintext input

    Plaintext output

    Sources
    private key

    Sources
    public key

    Safe from alteration but not safe from eavesdropping

    Public key encryption algorithms

    RSA invented in 1973 by three MIT professors


    In contrast to DES, RSA uses sophisticated
    mathematics instead of simple manipulation and
    substitution
    Mostly 1024 bit keys are used
    Public key encryption and decryption using RSA is
    1000 times slower than secret key methods using DES
    DSA (Digital signature algorithm) used for digital
    signatures
    DSA was proposed by NIST

    Hybrid of Conventional and Public


    key encryption

    A encrypts the message using conventional


    encryption with a one-time conventional session
    key
    A encrypts the session key using public key
    encryption with Bs public key
    Attach the encrypted session key to the message
    and send it to B

    Message Authentication and


    Hash function

    It protects against active attacks


    It proves that the message has not been altered
    and that the source is authentic
    MAC (Message Authentication Code)
    K

    MAC algo

    K
    Compare
    MAC algo

    MAC

    One-way Hash Function

    It accepts a variable-size message M as input and


    produces a fixed-size message digest H(M) as
    output
    H(M) is sent with the message
    It does not take a secret key as input
    The message digest can be encrypted using
    Conventional encryption
    Public-key encryption
    Secret value

    Message digest encrypted using


    conventional encryption

    Compare

    Message digest encrypted using


    public-key encryption

    Compare

    Kprivate

    Kpublic

    Message digest encrypted using


    secret value

    Compare

    Secure Hash Function

    Requirements:

    H can be applied to a block of data of any size


    H produces a fixed-length output
    H(x) is easy to compute for every x
    For any given code h, it is computationally infeasible to find x
    such that H(x)=h
    For any given block x, it is computationally infeasible to find
    y!=x with H(y)=H(x)
    It is computationally infeasible to find any pair (x,y) s.t.
    H(x)=H(y)

    One of the most important hash function is SHA-1


    (every bit of the hash code is a function of every bit in
    the input)

    IPv4 and IPv6 security

    Need to secure the network infrastructure against


    unauthorized monitoring and control of network traffic
    and the need to secure end-user-to-end-user traffic
    using authentication and encryption mechanisms
    In response, IAB included authentication and
    encryption as necessary security features in IPv6
    IPSec provides the capability to secure communication
    across a LAN, across private and public WANs and
    across the Internet
    The principal feature of IPSec: it can encrypt and/or
    authenticate all traffic at the IP level

    IPv4 and IPv6 security

    IPSecs main facilities:

    AH (Authentication Header) an authentication-only


    function

    ESP (Encapsulating Security Payload) a combined


    authentication/encryption function

    Provides support for data integrity and authentication of IP packets

    Provides confidentiality services, including confidentiality of message


    contents and limited traffic flow confidentiality

    A key exchange function

    Manual key management


    Automated key management

    Security association

    It is a one-way relationship between a sender


    and a receiver that affords security services to
    the traffic carried on it
    It can be identified by:
    SPI (Security parameters index)
    IP destination address: only unicast addresses are
    allowed
    Security protocol identifier: AH or ESP SA

    IPv4 and IPv6 security

    AH and ESP support two modes of use:

    Transport mode
    Provides protection primarily for upper-layer protocols
    Provides protection to the payload of an IP packet
    Typically used for end-to-end communication between
    hosts

    Tunnel mode
    Provides protection to the entire IP packet
    Used when one or both ends of an SA is a security
    gateway, such as a firewall or router that implements
    IPSec

    You might also like