Professional Documents
Culture Documents
Network Security
31.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
31--1 SECURITY SERVICES
31
Network
N k security
i can provideid five
fi services
services.
i . Four
F off these
h
services are related to the message exchanged using the
network.
networkk. The
Th fifth
fif h service
i provides
id entity
i authentication
h i i
or identification
identification..
31.2
Figure 31.1 Security services related to the message or entity
31.3
31--2 MESSAGE CONFIDENTIALITY
31
31.4
Figure 31.2 Message confidentiality using symmetric keys in two directions
31.5
Figure 31.3 Message confidentiality using asymmetric keys
31.6
31--3 MESSAGE INTEGRITY
31
E
Encryption
ti andd decryption
d ti provide
id secrecy, or
confidentiality, but not integrity
integrity.. However, on occasion
we may nott even needd secrecy, but b t instead
i t d mustt have
h
integrity..
integrity
31.7
Note
31.8
Figure 31.4 Message and message digest
31.9
Note
31.10
Figure 31.5 Checking integrity
31.11
Figure 31.6 Criteria of a hash function
31.12
Example 31.1
Solution
We cannot. A lossless compression method creates a
compressed message that is reversible.
reversible You can
uncompress the compressed message to get the original
one.
one
31.13
Example 31.2
Solution
We can. A checksum function is not reversible; it meets
the first criterion
criterion. However
However, it does not meet the other
criteria.
31.14
Figure 31.7 Message digest creation
31.15
Note
SHA 1 has
SHA-1 h a message digest
di t off 160 bits
bit
(5 words of 32 bits).
31.16
Figure 31.8 Processing of one block in SHA-1
31.17
31--4 MESSAGE AUTHENTICATION
31
31.18
Figure 31.9 MAC, created by Alice and checked by Bob
31.19
Figure 31.10 HMAC
31.20
31--5 DIGITAL SIGNATURE
31
Topics
p discussed in this section:
Comparison
Need for Keys
Process
31.21
Note
31.22
Figure 31.11 Signing the message itself in digital signature
31.23
Note
31.24
Figure 31.12 Signing the digest in a digital signature
31.25
Note
31.26
Note
31.27
Figure 31.13 Using a trusted center for nonrepudiation
31.28
Note
31.29
31--6 ENTITY AUTHENTICATION
31
31.30
Note
In challenge-response authentication,
th claimant
the l i t proves that
th t she
h knows
k a
secret without revealing it.
31.31
Note
31.32
Figure 31.14 Challenge/response authentication using a nonce
31.33
Figure 31.15 Challenge-response authentication using a timestamp
31.34
Figure 31.16 Challenge-response authentication using a keyed-hash function
31.35
Figure 31.17 Authentication, asymmetric-key
31.36
Figure 31.18 Authentication, using digital signature
31.37
31--7 KEY MANAGEMENT
31
31.38
Figure 31.19 KDC
31.39
Note
31.40
Figure 31.30 Creating a session key between Alice and Bob using KDC
31.41
Figure 31.21 Kerberos servers
31.42
Figure 31.22 Kerberos example
31.43
Note
31.44
Figure 31.23 Announcing a public key
31.45
Figure 31.24 Trusted center
31.46
Figure 31.25 Controlled trusted center
31.47
Figure 31.26 Certification authority
31.48
Figure 31.27 PKI hierarchy
31.49