Chapter8-Network Security of computer network
priyankamajumder5080
0 views
18 slides
Sep 25, 2025
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Network Security of computer network
Slide Content
Network Security
Chapter 8
Chapter 8
Chapter goals
•understand principles of network security:
–cryptography and its manyuses beyond
“confidentiality”
–authentication
–message integrity
•security in practice:
–firewalls and intrusion detection systems
–security in application, transport, network, link
layers
•understand principles of network security:
–cryptography and its manyuses beyond
“confidentiality”
–authentication
–message integrity
•security in practice:
–firewalls and intrusion detection systems
–security in application, transport, network, link
layers
What is network security?
Confidentiality:only sender, intended receiver should
“understand” message contents
–sender encrypts message
–receiver decrypts message
Authentication:sender, receiver want to confirm identity of
each other
Message integrity:sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
Access and availability:services must be accessible and
available to users
Confidentiality:only sender, intended receiver should
“understand” message contents
–sender encrypts message
–receiver decrypts message
Authentication:sender, receiver want to confirm identity of
each other
Message integrity:sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
Access and availability:services must be accessible and
available to users
Friends and enemies: Alice, Bob, Trudy
•well-known in network security world
•Bob, Alice (lovers!) want to communicate “securely”
•Trudy (intruder) may intercept, delete, add messages
•well-known in network security world
•Bob, Alice (lovers!) want to communicate “securely”
•Trudy (intruder) may intercept, delete, add messages
There are bad guys (and girls) out there!
Q:What can a “bad guy” do?
A:a lot!
–eavesdrop:intercept messages
–actively insertmessages into connection
–impersonation:can fake (spoof) source address in packet
(or any field in packet)
–hijacking:“take over” ongoing connection by removing
sender or receiver, inserting himself in place
–denial of service: prevent service from being used by
others (e.g., by overloading resources)
Q:What can a “bad guy” do?
A:a lot!
–eavesdrop:intercept messages
–actively insertmessages into connection
–impersonation:can fake (spoof) source address in packet
(or any field in packet)
–hijacking:“take over” ongoing connection by removing
sender or receiver, inserting himself in place
–denial of service: prevent service from being used by
others (e.g., by overloading resources)
The language of cryptography
•symmetric keycrypto: sender, receiver keys identical
•public-keycrypto: encryption key public, decryption key secret (private)
•symmetric keycrypto: sender, receiver keys identical
•public-keycrypto: encryption key public, decryption key secret (private)
Symmetric key cryptography
Symmetric key crypto: DES
DES: Data Encryption Standard
•US encryption standard [NIST 1993]
•56-bit symmetric key, 64-bit plaintext input
•How secure is DES?
–DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted
(brute force) in 4 months
–no known “backdoor” decryption approach
•making DES more secure:
–use three keys sequentially (3-DES) on each datum
–use cipher-block chaining
DES: Data Encryption Standard
•US encryption standard [NIST 1993]
•56-bit symmetric key, 64-bit plaintext input
•How secure is DES?
–DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted
(brute force) in 4 months
–no known “backdoor” decryption approach
•making DES more secure:
–use three keys sequentially (3-DES) on each datum
–use cipher-block chaining
AES: Advanced Encryption Standard
•new (Nov. 2001) symmetric-key NIST standard,
replacing DES
•processes data in 128 bit blocks
•128, 192, or 256 bit keys
•brute force decryption (try each key) taking 1 sec on
DES, takes 149 trillion years for AES
•new (Nov. 2001) symmetric-key NIST standard,
replacing DES
•processes data in 128 bit blocks
•128, 192, or 256 bit keys
•brute force decryption (try each key) taking 1 sec on
DES, takes 149 trillion years for AES
Public key cryptography
symmetrickey crypto
•requires sender, receiver know shared secret key
•Q: how to agree on key in first place (particularly if never “met”)?
publickey cryptography
•radically different approach [Diffie-Hellman76, RSA78]
•sender, receiver do notshare secret key
•public encryption key known toall
•privatedecryption key known only to receiver
symmetrickey crypto
•requires sender, receiver know shared secret key
•Q: how to agree on key in first place (particularly if never “met”)?
publickey cryptography
•radically different approach [Diffie-Hellman76, RSA78]
•sender, receiver do notshare secret key
•public encryption key known toall
•privatedecryption key known only to receiver
Message Integrity
Bob receives msg from Alice, wants to ensure:
•message originally came from Alice
•message not changed since sent by Alice
Cryptographic Hash:
•takes input m, produces fixed length value, H(m)
–e.g., as in Internet checksum
•computationally infeasible to find two different
messages, x, y such that H(x) = H(y)
–equivalently: given m = H(x), (x unknown), can not determine x.
–note: Internet checksum failsthis requirement!
Bob receives msg from Alice, wants to ensure:
•message originally came from Alice
•message not changed since sent by Alice
Cryptographic Hash:
•takes input m, produces fixed length value, H(m)
–e.g., as in Internet checksum
•computationally infeasible to find two different
messages, x, y such that H(x) = H(y)
–equivalently: given m = H(x), (x unknown), can not determine x.
–note: Internet checksum failsthis requirement!
Digital Signatures
cryptographic technique analogous to hand-written signatures.
•sender (Bob) digitally signs document, establishing he is document
owner/creator.
•verifiable, nonforgeable:recipient (Alice) can prove to someone that Bob,
and no one else (including Alice), must have signed document
cryptographic technique analogous to hand-written signatures.
•sender (Bob) digitally signs document, establishing he is document
owner/creator.
•verifiable, nonforgeable:recipient (Alice) can prove to someone that Bob,
and no one else (including Alice), must have signed document
Certification Authorities
•when Alice wants Bob’s public key:
–gets Bob’s certificate (Bob or elsewhere).
–apply CA’s public key to Bob’s certificate, get Bob’s
public key
•when Alice wants Bob’s public key:
–gets Bob’s certificate (Bob or elsewhere).
–apply CA’s public key to Bob’s certificate, get Bob’s
public key
Certification Authorities (Cont…)
Secure sockets layer (SSL)
•provides transport layer security to any TCP-based
application using SSL services.
–e.g., between Web browsers, servers for e-commerce (shttp)
•security services:
–server authentication, data encryption, client authentication (optional)
•provides transport layer security to any TCP-based
application using SSL services.
–e.g., between Web browsers, servers for e-commerce (shttp)
•security services:
–server authentication, data encryption, client authentication (optional)
SSL: three phases
1.Handshake:
2.Key Derivation:
3.Data transfer
1.Handshake:
2.Key Derivation:
3.Data transfer
Firewalls
•isolates organization’s internal net from larger Internet, allowing some
packets to pass, blocking others.
•isolates organization’s internal net from larger Internet, allowing some
packets to pass, blocking others.
End
Chapter 8
Chapter 8
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 18
- Age 68 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views