chapter 8 Nonot Harsono,MT

(1)

Network Security

(2)

Cryptography

• _{Introduction to Cryptography}

• _{Substitution Ciphers}

• _{Transposition Ciphers}

• _{One-Time Pads}

(3)

Need for Security

(4)

An Introduction to Cryptography

(5)

Transposition Ciphers

(6)

One-Time Pads

The use of a one-time pad for encryption and the possibility of getting any possible plaintext from

(7)

(8)

Symmetric-Key Algorithms

• _{DES – The Data Encryption Standard}

• _{AES – The Advanced Encryption Standard}

• _{Cipher Modes}

(9)

Product Ciphers

(10)

Data Encryption Standard

(11)

Triple DES

(12)

AES – The Advanced Encryption Standard

Rules for AES proposals

1. The algorithm must be a symmetric block cipher.

2. The full design must be public.

3. Key lengths of 128, 192, and 256 bits supported.

4. Both software and hardware implementations required

(13)

AES (2)

(14)

AES (3)

(15)

Electronic Code Book Mode

(16)

Cipher Block Chaining Mode

(17)

Cipher Feedback Mode

(18)

Stream Cipher Mode

(19)

Counter Mode

(20)

Cryptanalysis

(21)

Public-Key Algorithms

• _RSA

(22)

RSA

(23)

Digital Signatures

• _{Symmetric-Key Signatures}

• _{Public-Key Signatures}

• _{Message Digests}

(24)

Symmetric-Key Signatures

(25)

Public-Key Signatures

(26)

Message Digests

(27)

SHA-1

(28)

SHA-1 (2)

(29)

Management of Public Keys

• _Certificates

• _X.509

(30)

Problems with Public-Key Encryption

(31)

Certificates

(32)

X.509

(33)

Public-Key Infrastructures

(34)

Communication Security

• _IPsec

• _Firewalls

(35)

IPsec

(36)

IPsec (2)

(37)

Firewalls

(38)

Virtual Private Networks

(39)

802.11 Security

(40)

Authentication Protocols

• _{Authentication Based on a Shared Secret Key}

• _{Establishing a Shared Key: Diffie-Hellman}

• _{Authentication Using a Key Distribution Center}

• _{Authentication Using Kerberos}

(41)

(42)

Authentication Based on a Shared Secret Key (2)

(43)

Authentication Based on a Shared Secret Key (3)

(44)

Authentication Based on a Shared Secret Key (4)

(45)

Authentication Based on a Shared Secret Key (5)

(46)

Establishing a Shared Key:

The Diffie-Hellman Key Exchange

(47)

Establishing a Shared Key:

The Diffie-Hellman Key Exchange

(48)

Authentication Using a Key Distribution Center

(49)

Authentication Using a Key Distribution Center (2)

(50)

Authentication Using a Key Distribution Center (3)

(51)

Authentication Using Kerberos

(52)

Authentication Using Public-Key Cryptography

(53)

E-Mail Security

• _{PGP – Pretty Good Privacy}

(54)

PGP – Pretty Good Privacy

(55)

PGP – Pretty Good Privacy (2)

(56)

Web Security

• _Threats

• _{Secure Naming}

(57)

Secure Naming

(58)

Secure Naming (2)

(59)

Secure DNS

An example RRSet for bob.com. The KEY record is Bob's

(60)

Self-Certifying Names

(61)

SSL—The Secure Sockets Layer

(62)

SSL (2)

(63)

(64)

Java Applet Security

(65)

Social Issues

• _Privacy

(66)

Anonymous Remailers

(67)

Freedom of Speech

Possibly banned material:

1. Material inappropriate for children or teenagers.

2. Hate aimed at various ethnic, religious, sexual, or other

groups.

3. Information about democracy and democratic values.

4. Accounts of historical events contradicting the

government's version.

(68)