Network Security - Data Communications - Lecture Slides, Slides of Data Communication Systems and Computer Networks

These lecture slides are very easy to understand the data communication system. The major points in these lecture slides are:Network Security, Confidentiality, Integrity, Availability, Passive Attacks, Eavesdropping on Transmissions, Information, Release of Message Contents, Traffic Analysis, Even Encrypted

Typology: Slides

2012/2013

Uploaded on 04/25/2013

baidehi
baidehi 🇮🇳

4.4

(14)

101 documents

1 / 64

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 21
Network Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40

Partial preview of the text

Download Network Security - Data Communications - Lecture Slides and more Slides Data Communication Systems and Computer Networks in PDF only on Docsity!

Chapter 21

Network Security

Security Requirements

  • Confidentiality
  • Integrity
  • Availability

Active Attacks

  • Masquerade —Pretending to be a different entity
  • Replay
  • Modification of messages
  • Denial of service
  • Easy to detect —Detection may lead to deterrent
  • Hard to prevent

Symmetric Encryption

(Simplified)

Requirements for Security

  • Strong encryption algorithm —Even if known, should not be able to decrypt or work out key —Even if a number of cipher texts are available together with plain texts of them
  • Sender and receiver must obtain secret key securely
  • Once key is known, all communication using this key is readable

Attacking Encryption

  • Crypt analysis —Relay on nature of algorithm plus some knowledge of general characteristics of plain text —Attempt to deduce plain text or key
  • Brute force —Try every possible key until plain text is achieved

Data Encryption Standard

  • US standard
  • 64 bit plain text blocks
  • 56 bit key
  • Broken in 1998 by Electronic Frontier Foundation —Special purpose machine —Less than three days —DES now worthless

Triple DEA

• ANSI X9.17 (1985)

  • Incorporated in DEA standard 1999
  • Uses 3 keys and 3 executions of DEA algorithm
  • Effective key length 112 or 168 bit
  • Slow
  • Block size (64 bit) too small

AES Description

  • Assume key length 128 bits
  • Input is single 128-bit block — Depicted as square matrix of bytes — Block copied into State array - Modified at each stage — After final stage, State copied to output matrix
  • 128-bit key depicted as square matrix of bytes — Expanded into array of key schedule words — Each four bytes — Total key schedule 44 words for 128-bit key
  • Byte ordering by column — First four bytes of 128-bit plaintext input occupy first column of in matrix — First four bytes of expanded key occupy first column of w matrix

AES

Encryption

and

Decryption

AES Encryption Round

AES Comments (2)

  • Only Add Round Key stage uses key — Begin and ends with Add Round Key stage — Any other stage at beginning or end, reversible without key - Adds no security
  • Add Round Key stage by itself not formidable — Other three stages scramble bits — By themselves provide no security because no key
  • Each stage easily reversible
  • Decryption uses expanded key in reverse order — Not identical to encryption algorithm
  • Easy to verify that decryption does recover plaintext
  • Final round of encryption and decryption consists of only three stages — To make the cipher reversible

Link Encryption

  • Each communication link equipped at both ends
  • All traffic secure
  • High level of security
  • Requires lots of encryption devices
  • Message must be decrypted at each switch to read address (virtual circuit number)
  • Security vulnerable at switches —Particularly on public switched network

End to End Encryption

  • Encryption done at ends of system
  • Data in encrypted form crosses network unaltered
  • Destination shares key with source to decrypt
  • Host can only encrypt user data —Otherwise switching nodes could not read header or route packet
  • Traffic pattern not secure
  • Use both link and end to end