[Network]Network Security

標籤：network

1 What is network securityaccess && understand && modification

2 Principles of Cryptographysymmetric key
encryption key public decryption key secret

2.1 Symmetric Key

substitution cipher: encryption on a side, decryption on another side.

DES: Data Encryption Standard

56-bit symmetric key 64-bit plaintext input

AES: Advanced Encryption Standard

3 Message Integrity

3.1 Message Authentication CodeHash code used belowmake secret encrypted
3.2 Digital Signatures

A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). 

-- From Wiki

Hash H(m) first, then sign it Ks(H(m))

Send both clear message m and Ks(H(m)) to receiver. Receiver Hash m and decrypt H(m), to compare them whether they are same.

Certification Authorities

The third company to verify the public key of Bob‘s.

4 End Point Authentication

4.1 Authentication

Other method can be attacked by other host playback process.

5 Securing e-mail

5.1 Secrecy
sender: 1. random symmetric private key, Ksy2. message m, Ks(m)3. use receiver‘s public key to encrypt the Ks, Kry(Ks)4. send both Ksy(m) and Kr(Ks) to receiver
receiver:1. Use own public key to decrypt the Ksy2. Use Ksy to decrypt message m

5.2 Sender Authentication
sender:1. sign the message m2. send both clear message m and signed message Ksen(H(m))receiver:decrypt the signed message.
5.3 CombinationThree Keys: sender sign key, receiver public key, symmetric key

6 Securing TCP: SSL

6.1 Service

Two parts: Client/Server authentication, data encryption

6.2 Process

1. HandshakeEstablish TCP connectionAuthentication2. Key Derivation4 keysMAC key and encrption key3. Data Transfercompute MACencrypt data and MACform SSL format record

6.3 Mechanism

Apply for key for encryption and keep secret between server and client.

7 Network Layer: IPsecAH or ESP

8 Wireless LANs

WEP

9 Firewall and IDSIDS: Inspection and correclation