Professional Documents
Culture Documents
Materi 12 Network Security PDF
Materi 12 Network Security PDF
Materi 12 Network Security PDF
18 Network Security 1
– passive attack
• release-of-message contents/traffic analysis
• detect vs. prevent
– active attack
• masquerade/replay/modification of
messages/denial of service
• prevent vs. detect
Chap.18 Network Security 3
• Conventional encryption
– plaintext/ciphertext/encryption algorithm/key
– security factor
• encryption algorithm
• key
– representation
• encryption: Y = E K ( X )
• decryption: X = DK (Y )
Chap.18 Network Security 4
• Encryption algorithms
– the Data Encryption Standard(DES)
• block cipher
• NBS(National Bureau of Standards) adopted
DES as Federal Information Processing
Standard 46(FIPS PUB 46) in 1977
• NIST(National Institute of Standards and
Technology) “reaffirmed” DES for federal use
for another five years in 1994
• block size = 64bits, key size = 56 bits
• overall encryption process
– 1. 64-bit plaintext passes through an
initial permutation(IP)
– 2. 16 iterations of the same function
– 3. The preoutput is passed through an
inverse of the initial permutation
• decryption process
– use the ciphertext as input to the DES
algorithm, but use the keys in reverse
order
Chap.18 Network Security 5
Chap.18 Network Security 6
Chap.18 Network Security 7
• 1977
– Diffie and Hellman postulated
– one million keys per second/ $20 million
in 1977 dollars
• 1993
– Wiener used pipeline technique
– 50 million keys per second * 5760
/$100,000 -> 35 hours
• the time has come to investigate alternatives
for conventional encryption -> triple DES
Chap.18 Network Security 8
– triple DES
• Tuchman proposed in 1979
• two keys and three executions
– C=Ek1[Dk2[Ek1[p]]]
• allows users of triple DES to decrypt
data encrypted by users of the older,
single DES
• it turns out that there is a simple technique,
known as a meet-in-the-middle attack, that
would reduce a double DES system with two
keys to the relative strength of ordinary single
DES
• effective key length is 112 bits
Chap.18 Network Security 9
• Key distribution
– the strength of any cryptographic system rests
with the key distribution technique( Fig18.8 )
• 1. A selects a key and delivers to B
– physically/using old key
• 2. a third party selects a key and delivers to A
and B
– physically/using old key
Chap.18 Network Security 11
• Traffic padding
– assess the amount of traffic on a network
– observe the amount of traffic entering and leaving
each end system
Chap.18 Network Security 12
3. Message Authentication
and Hash Functions
• Public-key encryption
• The RSA public-key encryption algorithm
• Key management
Chap.18 Network Security 18
Chap.18 Network Security 19
Chap.18 Network Security 20
Chap.18 Network Security 21
– Security associations
• IP address, SPI(security parameter index)
• parameters
– authentication algorithm/mode/key
– encryption algorithm/mode/key
– presence/absence/size of al
cryptographic synchronization or
initialization vector field for the encryption
algorithm
– etc.
• Authentication
• provides
– data integrity
– IP packet authentication
– authentication header(fig18.20)
Chap.18 Network Security 23