Internet Security Protocols - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Internet Security Protocols, Multipurpose Internet Mail Extensions, Specification, Simple Heading, Text Format, Header Fields, Secure, Security Enhancement, Data Security, Functions

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 22
Internet Security Protocols and Standards
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download Internet Security Protocols - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 22

Internet Security Protocols and Standards

MIME and S/MIME

  • Multipurpose Internet Mail Extensions
    • extension to the old RFC 822 specification of an Internet mail format - RFC 822 defines a simple heading with To, From, Subject - assumes ASCII text format
    • provides a number of new header fields that define information about the body of the message
  • Secure/Multipurpose Internet Mail Extension
    • security enhancement to the MIME Internet e-mail format
      • based on technology from RSA Data Security
      • provides the ability to sign and/or encrypt e-mail messages

S/MIME Cryptographic Algorithms

  • default algorithms used for signing messages are Digital Signature Standard ( DSS ) and SHA-
  • RSA public-key encryption algorithm can be used with SHA-1 or the MD5 message digest algorithm for forming signatures
  • radix-64 or base64 mapping is used to map the signature and message into printable ASCII characters

S/MIME Public Key Certificates

  • default algorithms used for encrypting S/MIME message are 3DES and EI-Gamal - EI-Gamal is based on the Diffie-Hellman public-key exchange algorithm
  • if encryption is used alone radix-64 is used to convert the ciphertext to ASCII format
  • basic tool that permits widespread use of S/MIME is the public-key certificate - S/MIME uses certificates that conform to the international standard X.509v

DomainKeys Identified Mail (DKIM)

  • specification of cryptographically signing e- mail messages - permitting a signing domain to claim responsibility for a message in the mail stream
  • proposed Internet Standard
    • RFC 4871: DomainKeys Identified Mail (DKIM) Signatures
  • has been widely adopted by a range of e-mail providers

Internet Mail Architecture

Secure Sockets Layer (SSL)

  • one of the most widely used security services
  • general-purpose service implemented as a set of protocols that rely on TCP
  • subsequently became Internet standard
    • RFC2246: Transport Layer Security (TLS)
  • two implementation choices:
    • provided as part of the underlying protocol suite
    • embedded in specific packages

SSL Protocol Stack

SSL Record Protocol Operation

SSL Change Cipher Spec Protocol

  • one of three SSL specific protocols that use the SSL Record Protocol - is the simplest - consists of a single message which consists of a single byte with the value 1
  • sole purpose of this message is to cause pending state to be copied into the current state - hence updating the cipher suite in use

SSL Handshake Protocol

  • most complex part of SSL
  • used before any application data are transmitted
  • allows server and client to:
  • comprises a series of messages exchanged by client and server
  • exchange has four phases

authenticate each other

negotiate encryption and MAC algorithms

negotiate cryptographic keys to be used

SSL

Handshake

Protocol

IP Security (IPsec)

  • various application security mechanisms
    • S/MIME, PGP, Kerberos, SSL/HTTPS
  • security concerns cross protocol layers
  • hence would like security implemented by the network for all applications
  • authentication and encryption security features included in next-generation IPv
  • also usable in existing IPv

IPsec

  • general IP security mechanisms
    • provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet
  • provides
    • Authentication : assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header and that the packet has not been altered in transit
    • Confidentiality : enables communicating nodes to encrypt messages to prevent eavesdropping by third parties
    • key management : concerned with the secure exchange of keys
      • provided by the Internet Exchange standard IKEv