您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 项目/工程管理 > 哈工大计算机网络课件chapter8
ComputerNetworks8:NetworkSecurity1Chapter8:NetworkSecurityChaptergoals:understandprinciplesofnetworksecurity:cryptographyanditsmanyusesbeyond“confidentiality”authenticationmessageintegritykeydistributionsecurityinpractice:firewallssecurityinapplication,transport,network,linklayersComputerNetworks8:NetworkSecurity2Chapter8roadmap8.1Whatisnetworksecurity?8.2Principlesofcryptography8.3Authentication8.4Integrity8.5KeyDistributionandcertification8.6Accesscontrol:firewalls8.7Attacksandcountermeasures8.8SecurityinmanylayersComputerNetworks8:NetworkSecurity3Whatisnetworksecurity?Confidentiality:onlysender,intendedreceivershould“understand”messagecontentssenderencryptsmessagereceiverdecryptsmessageAuthentication:sender,receiverwanttoconfirmidentityofeachotherMessageIntegrity:sender,receiverwanttoensuremessagenotaltered(intransit,orafterwards)withoutdetectionAccessandAvailability:servicesmustbeaccessibleandavailabletousersComputerNetworks8:NetworkSecurity4Friendsandenemies:Alice,Bob,Trudywell-knowninnetworksecurityworldBob,Alice(lovers!)wanttocommunicate“securely”Trudy(intruder)mayintercept,delete,addmessagessecuresendersecurereceiverchanneldata,controlmessagesdataAliceBobdataTrudyComputerNetworks8:NetworkSecurity5WhomightBob,Alicebe?…well,real-lifeBobsandAlices!Webbrowser/serverforelectronictransactions(e.g.,on-linepurchases)on-linebankingclient/serverDNSserversroutersexchangingroutingtableupdatesotherexamples?ComputerNetworks8:NetworkSecurity6Therearebadguys(andgirls)outthere!Q:Whatcana“badguy”do?A:alot!eavesdrop:interceptmessagesactivelyinsertmessagesintoconnectionimpersonation:canfake(spoof)sourceaddressinpacket(oranyfieldinpacket)hijacking:“takeover”ongoingconnectionbyremovingsenderorreceiver,insertinghimselfinplacedenialofservice:preventservicefrombeingusedbyothers(e.g.,byoverloadingresources)moreonthislater……ComputerNetworks8:NetworkSecurity7Chapter8roadmap8.1Whatisnetworksecurity?8.2Principlesofcryptography8.3Authentication8.4Integrity8.5KeyDistributionandcertification8.6Accesscontrol:firewalls8.7Attacksandcountermeasures8.8SecurityinmanylayersComputerNetworks8:NetworkSecurity8plaintextplaintextciphertextKAencryptionalgorithmdecryptionalgorithmAlice’sencryptionkeyBob’sdecryptionkeyKBThelanguageofcryptographysymmetrickeycrypto:sender,receiverkeysidenticalpublic-keycrypto:encryptionkeypublic,decryptionkeysecret(private)ComputerNetworks8:NetworkSecurity9Symmetrickeycryptographysubstitutioncipher:substitutingonethingforanothermonoalphabeticcipher:substituteoneletterforanotherplaintext:abcdefghijklmnopqrstuvwxyzciphertext:mnbvcxzasdfghjklpoiuytrewqE.g.:Plaintext:bob.iloveyou.aliceciphertext:nkn.sgktcwky.mgsbcQ:Howhardtobreakthissimplecipher?:bruteforce(howhard?)other?ComputerNetworks8:NetworkSecurity10plaintextciphertextKA-BencryptionalgorithmdecryptionalgorithmKA-Bplaintextmessage,mK(m)A-BK(m)A-Bm=K()A-BSymmetrickeycryptographysymmetrickeycrypto:BobandAliceshareknowsame(symmetric)key:Ke.g.,keyisknowingsubstitutionpatterninmonoalphabeticsubstitutioncipherQ:howdoBobandAliceagreeonkeyvalue?A-BComputerNetworks8:NetworkSecurity11Symmetrickeycrypto:DESDES:DataEncryptionStandardUSencryptionstandard[NIST1993]56-bitsymmetrickey,64-bitplaintextinputHowsecureisDES?DESChallenge:56-bit-key-encryptedphrase(“Strongcryptographymakestheworldasaferplace”)decrypted(bruteforce)in4monthsnoknown“backdoor”decryptionapproachmakingDESmoresecure:usethreekeyssequentially(3-DES)oneachdatumusecipher-blockchainingComputerNetworks8:NetworkSecurity12Symmetrickeycrypto:DESinitialpermutation16identical“rounds”offunctionapplication,eachusingdifferent48bitsofkeyfinalpermutationDESoperationComputerNetworks8:NetworkSecurity13AES:AdvancedEncryptionStandardnew(Nov.2001)symmetric-keyNISTstandard,replacingDESprocessesdatain128bitblocks128,192,or256bitkeysbruteforcedecryption(tryeachkey)taking1seconDES,takes149trillionyearsforAESComputerNetworks8:NetworkSecurity14PublicKeyCryptographysymmetrickeycryptorequiressender,receiverknowsharedsecretkeyQ:howtoagreeonkeyinfirstplace(particularlyifnever“met”)?publickeycryptographyradicallydifferentapproach[Diffie-Hellman76,RSA78]sender,receiverdonotsharesecretkeypublicencryptionkeyknowntoallprivatedecryptionkeyknownonlytoreceiverComputerNetworks8:NetworkSecurity15Publickeycryptographyplaintextmessage,mciphertextencryptionalgorithmdecryptionalgorithmBob’spublickeyplaintextmessageK(m)B+KB+Bob’sprivatekeyKB-m=K(K(m))B+B-ComputerNetworks8:NetworkSecurity16PublickeyencryptionalgorithmsneedK()andK()suchthatBB..givenpublickeyK,itshouldbeimpossibletocomputeprivatekeyKBBRequirements:12+-K(K(m))=mBB-++-RSA:Rivest,Shamir,AdelsonalgorithmComputerNetworks8:NetworkSecurity17RSA:Choosingkeys1.Choosetwolargeprimenumbersp,q.(e.g.,1024bitseach)2.Computen=pq,z=(p-1)(q-1)3.Choosee(withen)thathasnocommonfactorswithz.(e,zare“relativelyprime”).4.Choosedsuchthated-1isexactlydivisiblebyz.(inotherwords:edmodz=1).5.Publickeyis(n,e).Privatekeyis(n,d).KB-KB+ComputerNetworks8:NetworkSecurity18RSA:En
本文标题:哈工大计算机网络课件chapter8
链接地址:https://www.777doc.com/doc-5162190 .html