Download Network Security: Encryption, Authentication, Message Integrity, and Key Distribution and more Slides Computer Networks in PDF only on Docsity! 2 Lecture No. 40 docsity.com 3 Security Outline – Encryption Algorithms – Authentication Protocols – Message Integrity Protocols – Key Distribution – Firewalls docsity.com 6 Secret Key Encryption docsity.com 7 Secret Key Encryption (DES) Plaintext Encrypt with secret key Ciphertext Plaintext Decrypt with secret key docsity.com 8 DES Algorithm • 64-bit key (56-bits + 8-bit parity) • 16 rounds • Each Round + F L i─ 1 Ri─ 1 Ri Ki L i Initial permutation Round 1 Round 2 Round 16 56-bit key Final permutation docsity.com 11 • Repeat for larger messages Cipher Block Chaining (CBC) Block1 IV DES Cipher1 Block2 DES Block3 DES Block4 DES + Cipher2 Cipher3 Cipher4 +++ docsity.com 12 Public Key Encryption docsity.com Public Key Authentication
Encrypted
Message
he
o
13
docsity.com
16 RSA (cont) • Compute decryption key d such that d = e-1mod ((p - 1) × (q - 1)) • Construct public key as (e, n) • Construct private key as (d, n) • Discard (do not disclose) original primes p and q docsity.com 17 Message Digest • Cryptographic checksum – Just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message. docsity.com 18 Message Digest • One-way function – Given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum. docsity.com 21 Authentication Protocols • Three-way handshake Client Server docsity.com 22 • Trusted third party (Kerberos) Third Party Authentication AS B A, B docsity.com Public Key Authentication
A B
a
23
docsity.com
26 Message Integrity Protocols • MD5 with RSA signature – Sender: m + E(MD5(m), private) – Receiver • Decrypts signature with sender’s public key • Compares result with MD5 checksum sent with message docsity.com Tree-structured CA Hierarchy
IPRA IPRA= Internet Policy ;
_ Registration Authority (root)
i oS PCAn-= Policy certification authority
————- eal CA = Certification authority
PCA1 PCA2 PCA3
i Ny fo ie. wa oe
A ~ , 4 a a ~
CA CA CA CA CA CA
PS
| User} User| CA | User] {User] User] CA
x Pe |
User User,
& »
docsity.com
Authentication
Alice Bob
A=Alice
B = Bob
a T, = Timestamp from Alice’s clock
B
Td = Digitally signed using
B Bob's private key
28
docsity.com