Network Security
Download
Report
Transcript Network Security
Network Security
Slides taken from: Computer Networking by Kurose and
Ross
Cryptography
Greek word meaning “secret writing”
Historically the study has been utilized
by: (1) the military, (2) diplomatic corps,
(3) diarists, and (4) lovers
Ciphers: character-for-character
transformation
Code: replaces one word with another
Vocabulary:
plaintext
key
ciphertext
Network Security
Friends and enemies: Alice, Bob,
Trudy
Internet security threats
Packet sniffing:
can read all unencrypted data (e.g.
passwords)
e.g.: C sniffs B’s packets
Internet security threats
IP Spoofing:
can generate “raw” IP packets directly
from application, putting any value into
IP source address field
receiver can’t tell if source is spoofed
e.g.: C pretends to be B
Encryption Algorithms
symmetric key crypto: sender, receiver
keys identical
public-key crypto: encrypt key public,
decrypt key secret
Symmetric key cryptography
Symmetric key crypto: DES
DES: Data Encryption
Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64 bit
plaintext input
19 distinct stages
How secure is DES?
DES Challenge: 56-bit-keyencrypted phrase (“Strong
cryptography makes the world a
safer place”) decrypted (brute
force) in 4 months
making DES more secure
use three keys sequentially (3-DES)
on each datum
Public Key Cryptography
symmetric key crypto
public key cryptography
requires sender, receiver
know shared secret key
radically different approach
[Diffie-Hellman76, RSA78]
Q: how to agree on key in
first place (particularly if
never “met”)?
sender, receiver do not share
secret key
encryption key public (known
to all)
decryption key private
(known only to receiver)
Public key cryptography
eR Receiver’s public encryption key
dR Receiver’s private encryption key
Public key signature
eS Sender’s private encryption key
dS Sender’s public encryption key
RSA: Choosing keys
Choose two large prime numbers p, q (e.g.,
1024 bits each) which are 2 larger than a
multiple of 3.
2.
Define KR = pq, the public key, and publish it.
3.
Compute s = (1/3)[2(p-1)(q-1)+1]. Keep p, q,
and s secret; s is the secret key.
4. Encrypt using the public key of the receiver:
Break message into blocks; cube each block;
divide the cubes by KR and send the remainders
to the receiver as the ciphertext.
5. Decrypt using secret key: raise each number in
the ciphertext to the s power, divide each result
by KR, and reassemble the blocks.
1.
Applications
Secure Shell (SSH) part of the Linux
distribution
PuTTY for Windows machines
Seems to include secure FTP
Includes secure FTP
PGP for secure email
Internet e-mail encryption scheme, a de-facto
standard.
Uses symmetric key cryptography, and public
key cryptography
Inventor, Phil Zimmerman, was target of 3-year
federal investigation.
In-class assignment
Use telnet to connect to your CSCI
account.
Start putty:
Start -> CSCI Programs-> Putty
In-class assignment
Login to your csci account
User Name: first 6 letters of last name
followed by first initial and middle
initial
Password: CSCI followed by last 4
digits of student id
In-class assignment
Go to your public_html directory
Use the “cd” (i.e., change directory)
command
In-class assignment
Edit your web page per the
recommendations of your peer
review using the pico editor.
In-class assignment
Your mouse will be useless during
your telnet session.
Useful Pico commands appear at the
bottom of the screen
^ represents the control key
^X means: hold the control key down
and depress the x key at the same time