• No results found

Network Security Protocols

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Network Security Protocols"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Network Security Protocols

EE657 Parallel Processing

Fall 2000

Peachawat Peachavanish

Level of Implementation

• Internet Layer Security

– Ex. IP Security Protocol (IPSEC)

– Host-to-Host Basis, No Packets Discrimination

• Transport Layer Security

– Ex. Secure Sockets Layer (SSL)

– Process-to-Process Basis, Need Modified Apps

• Application Layer Security

– Ex. Pretty Good Privacy, Kerberos – Document-Level, Need Modified Apps

(2)

Application Layer Security

• Secure Electronic Transaction (SET)

– Jointly Developed by Visa and MasterCard

– A Method to Secure Business Transaction Over Open Networks

– Encrypt and Transmit a Sensitive Document

• Kerberos

– Originated at MIT

– On Standard Track with the IETF, Default Network Authentication in MS Windows 2000

– Distributed Authentication, Key Distribution System – Auth. of Two Parties and Dist. of Keys

Key Functionality

• Authentication

– Verification of the Identity of a Party

• Integrity

– Assurance that the Data Received is the Same as Generated

• Confidentiality

– Protection of Information from Disclosure

• Authorization

– Determination if a Principal should be Allowed to Perform an Operation

(3)

Secure Electronic Transaction

(SET)

• A Method to Secure Payment Card

Transaction Over Open Networks

• Overview

– Concepts

– Encryption Process – Processing Sample

Concepts

• Secret Key Cryptography

• Public Key Cryptography

• Digital Envelope

• Message Digest

• Digital Signature

• Key Exchange

• Certificate

• Certificate Authority

(4)

Secret Key, Public Key

• Secret Key Cryptography

– Symmetric Cryptography

– The Same Key is Used to Encrypt and Decrypt

• Public Key Cryptography

– Asymmetric Cryptography

– One Key to Encrypt and One Key to Decrypt Public Key and Private Key

– Data Encrypted with Either Key can only be Decrypted Using the Other Key

Digital Envelope

• Encryption

– Encrypt a Message Using a Secret Key – Encrypt the Key Using

the Recipient’s Public Key

• Decryption

– Decrypt the Secret Key Using the Recipient’s Private Key

– Decrypt the Message Using the Decrypted Secret Key

(5)

Message Digest

• A Value Generated for a Message

that is Unique to that Message

• Small, Compared to the Message Itself

• Highly Unlikely for Two Messages to Have

the Same Message Digest

(1 in 10

48

for SET)

Digital Signature

• Encrypt a Message Using the Sender’s

Private Key

• The Recipient Decrypts the Message

Using the Sender’s Public Key

• Ensured that the Message Could only be

Encrypted by the Sender

• In SET, Encrypted Message Digest =

Digital Signature

(6)

Key Exchange

• Each SET Participant Has

Two Public / Private Key Pairs

• “Key Exchange” Pair

for Encryption and Decryption

• “Signature” Pair

for Creation and Verification of Digital

Signatures

Certificate, Certificate Authority

• Certificate

– Digitally Signed by CA, Containing a Participant’s ID and Public Key

– Can Be Decrypt Using CA’s Public Key

• Certificate Authority (CA)

– Trusted Third Party Used to Authenticate a Participant’s Public Key

– A Participant Identifies Himself with CA, CA Returns a Digitally Signed Certificate Containing a Participant’s ID and Public Key

(7)

Simple Transaction Process

• Alice Wants to Send Bob a Message

Securely Over an Open Network

A l i c e ’s certificate B o b ’s certificate c e r t i f i c a t e a u t h o r i t y A l i c e i d e n t i f i e s herself B o b i d e n t i f i e s h i m s e l f A B A l i c e ’s p u b l i c k e y B o b ’s p u b l i c k e y

Encryption Process (Alice)

m d i g e s t d s i g n a t u r e m e s s a g e A A l i c e ’s p r i v a t e s i g n a t u r e k e y m e s s a g e d s i g n a t u r e A l i c e ’s certificate + + s y m m e t r i c k e y s y m m e t r i c k e y B e n c r y p t e d m e s s a g e d e n v e l o p e t r a n s m i t t e d m e s s a g e B o b ’s certificate B o b ’s p u b l i c k e y - e x c h a n g e k e y B

(8)

Decryption Process (Bob)

m d i g e s t A A l i c e ’s p u b l i c s i g n a t u r e k e y s y m m e t r i c k e y s y m m e t r i c k e y e n c r y p t e d m e s s a g e d e n v e l o p e t r a n s m i t t e d m e s s a g e m e s s a g e d s i g n a t u r e A l i c e ’s certificate + + B B o b ’s private k e y - e x c h a n g e k e y m d i g e s t c o m p a r e

SET Processing

• Cardholder Registration

• Merchant Registration

• Purchase Request

• Payment Authorization

• Payment Capture

• Etc.

(9)

Kerberos

• A Distributed Authentication and Key

Distribution System

– A Client Wants Secure Transaction with a Server

– KDC Distributes a Session Key for the Client and Server to Use

• Overview

– Concepts – Key Distribution

Concepts

• Shared Secrets • Authenticators • Key Distribution Center • Session Keys • Session Tickets • Symmetric Cryptography • Digital Signatures • Certificate Authority • Secret Key • Digital Envelope

(10)

Key Distribution Center (KDC)

• Physically Secure Server

• Maintains Participant Account Information

– Long-Term Key

• Cryptographic Key Known Only to the Participant and KDC

• Usually Derived from the Log-in Password

K D C client s e r v e r

Key Distribution

s e s s i o n k e y c l i e n t i n f o + C S s e s . t i c k e t e n c r y p t e d s e s s i o n k e y c req. s e n c r y p t e d s e s s i o n k e y C s e s s i o n k e y c l i e n t , t s s e s . t i c k e t c l i e n t , t s s e s . t i c k e t S c l i e n t i n f o + c l i e n t , t s c l i e n t , t s t s t s t s t s c l i e n t , t s a u t h e n t i c a t o r t s a u t h e n t i c a t o r

(11)

SET vs Kerberos

• Needs Trusted Intermediary (CA) • CA Issues Certificate to Identify Principal • To Exchange Message Securely • Needs Trusted Intermediary (KDC) • KDC Maintains

Principal’s A/C Info • To Distribute Key to

Establish Secure Channel

References

Download now ( PDF - 11 Page - 33.04 KB )

Related documents

Social Network with Dynamic Identity-based Broadcast Encryption using Security Tree

Using this scheme, the user who wants to transmit the message securely by every user in receiver group has a list of linked nodes in security tree from a message that can

Wireless Network Security Protocols A Comparative Study

Michael algorithm is used by TKIP to generate Message Integrity Code (MIC) which provides enhanced data integrity as compared to CRC-32 used in WEP. Also, TKIP

Cryptography and Network Security IPSEC

Client Certificate and info to verify it: (if asked) Message for key exchange (Client_key_exchange).. Handshake Protocol

SSL Proxy Deployment Guide

If an OCS presents a certificate to the ProxySG appliance that is not signed by a trusted Certificate Authority (CA), the ProxySG appliance either sends an error message to the

Security Protocols against the Network Attacks On Wireless Sensor Network

Steganography: Its aim to hidden the existence of the message. Steganography is the art to covert communication by embedding message into multimedia data. Full fill the

security. Mag. iur. Dr. techn. Michael Sonntag

– Import “ca.crt” – Trust for identifying E-Mail users  Step 5b - Outlook: Import CA certificate as trusted?.  Open management console and add the certificates

Network Security Cryptographic Protocols and Lattice Problems 2015

A secure digital signature scheme withstands attacks of this type, since the signature is tied to the message and becomes invalid if the message is modified... Dr

Networks & Security Course. Web of Trust and Network Forensics

• You’ve used the trusted keys to securely share files. • where secure = confidentiality/integrity/authenticity of file • can also use to send