Professional Documents
Culture Documents
Network Security
z Basic requirements.
z Meeting these requirements:
Privacy.
Digital Signature.
z Specific security standards in practice:
Privacy standards: DES, RSA.
Standard at application layer: PGP.
Standard at transport layer: SSL.
Alice Bob
data, control
channel
messages
Trudy
Impersonation = IP spoofing:
z An intruder can generate “raw” IP packets directly
from application and put any value into IP source
address field.
z Receiver can not tell if source is spoofed.
e.g. C pretends to be B.
A C
B
SYN
SYN
CSC4430 – Data Communication and Computer Networks 6
23.2. Network Security Requirements
z Privacy or Secrecy:
Sender and receiver expect confidentiality.
Only sender, intended receiver should “understand”
message contents.
CSC4430 – Data Communication and Computer Networks 7
23.2. Network Security Requirements
z Authentication:
Sender and receiver want to confirm identity of each
other.
z Message Integrity:
Sender and receiver want to ensure message not altered
(in transit, or afterwards) without detection.
e.g. it would be disastrous if a request for transferring
$100 changes to a request for 10,000 or $100,000.
z Non-Repudiation:
Receiver must be able to prove that a received message
came from a specific sender.
The sender must not be able to deny sending a message.
e.g. bank must have proof that the customer actually
requested this transaction.
CSC4430 – Data Communication and Computer Networks 8
23.3. Privacy
Code:
X Z A V O I D B Y G E R S P C F H J K L M N Q T U W
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext:
PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ
LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV
OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV
ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK
Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV
LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO
X IXNCMJ CI UCMJ SXGOKLU?”
OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
Plaintext:
Now during this time Shahrazad had borne King Shahriyar three sons. On the
thousand and first night, when she had ended the tale of Ma'aruf, she rose and
kissed the ground before him, saying: “Great King, for a thousand and one
nights I have been recounting to you the fables of past ages and the legends of
ancient kings. May I make so bold as to crave a favour of your majesty?”
Epilogue, Tales from the Thousand and One Nights
z Public-key crypto:
Sender and receiver uses different keys.
Each user has two keys:
A private key is kept by the user.
A public key is announced to the public.
All customers use the public key of the bank to encrypt the
message.
The bank uses its private key to decrypt the message.
Sender site:
Receiver site:
Bob’s digital
+
public +
signature KB
key KB (encrypt)
CA
certificate for
K-
Bob’s private
identifying key CA Bob’s public key,
information signed by CA
digital
signature by
issuer
+ digital Bob’s
KB signature public
+
(decrypt) KB key
CA
public +
K CA
key
Exclusive OR:
Rotation:
z In this method:
Sender uses a public key of receiver Kp.
Receiver uses its secret (private) key Ks.
Both use a number N.
z It is reciprocal, i.e.
Kp(Ks(P)) = P or Ks(Kp(P)) = P.
CSC4430 – Data Communication and Computer Networks 38
23.6. RSA
Encryption algorithm:
z Encode the data as a number to create the
plaintext P.
z Calculate the ciphertext C as C = PKp modulo N.
z Send C as the ciphertext.
Decryption algorithm:
z Receive C, the ciphertext.
z Calculate the plaintext P = CKc modulo N.
z Decode P to the original data.
1. p = 7, q = 17
2. N = 7 ×17 = 119
3. m = (7-1) × (17-1) = 96
4. Kp = 5
5. Kc = 77
Security of RSA:
z The complexity lies in the process of picking the
prime numbers (p and q) for a given N.
z It would take more than 70 years to find the
numbers with 100 bits (N).
z RSA Laboratories recommends N = 1024 bits.
Client Server
HTTP, telnet HTTP, telnet
SSL SSL
TCP/IP TCP/IP
Network Security:
z Four aspects of network security.
Privacy – achieved using cryptography : Section
27.2.
Integrity, authentication and non-repudiation –
achieved using digital signature : Section 27.3.
z Specific security standards in practice:
Privacy standards: DES, RSA : Section 23.2.
Application layer: PGP : Section 27.4.
Transport layer: SSL.