Professional Documents
Culture Documents
Security Requirements and Attacks
Security Requirements and Attacks
Contents
Security Requirements and Attacks
Confidentiality with Conventional
Encryption
Message Authentication and Hash
Functions
Public-Key Encryption and Digital
Signatures
IPv4 and IPv6 Security
Security Requirements
Confidentiality
Integrity
Availability
Passive Attacks
Release of message content
(eavesdropping)
Prevented by encryption
Traffic Analysis
Fixed by traffic padding
Active Attacks
Involve the modification of the data stream
or creation of a false data stream
Active Attacks are easier to detect than to
prevent
Masquerade
Replay
Modification of messages
Denial of service
Conventional Encryption
Decryption
algorithm
Encryption
algorithm
Transmitted
ciphertext
Plain text
Plain text
Shared
secret key
Conventional Encryption
Requirements
Knowing the algorithm, the plain text and
the ciphered text, it shouldnt be feasible
to determine the key.
The key sharing must be done in a secure
fashion.
Encryption Algorithms
Data Encryption Standard (DES)
Plaintext: 64-bit blocks
Key: 56 bits
Has been broken in 1998 (brute force)
Triple DES
Advanced Encryption Standard (AES)
Plaintext: 128-bit blocks
Key: 128, 256 or 512 bits
PSN
PSN
PSN
PSN
Key Distribution
Manual
Selected by A, physically delivered to B
Selected by C, physically delivered to A and B
Automatic
The new key is sent encrypted with an old key
Sent through a 3-rd party with which A and B
have encrypted links
Message Authentication
Authentic message means that:
it comes from the alleged source
it has not been modified
Message Authentication
Approaches
Authentication with conventional
encryption
Authentication without message
encryption:
when confidentiality is not necessary
when encryption is unpractical
Public-Key Encryption
Each user has a pair of keys:
public key
private key
Encryption
Bobs
public key
Bobs
private key
Transmitted
ciphertext
Plain text
Plain text
Alice
Bob
Authentication
Alices
private key
Alices
public key
Transmitted
ciphertext
Plain text
Plain text
Alice
Bob
Digital Signature
Like authentication, only performed on a
message authenticator (SHA-1)
Key Management
Public-Key encryption can be used to
distribute secret keys for conventional
encryption
Public-Key authentication:
signing authority
web of trust
Advantages of IPSec
How an AH is Generated in
IPSec
AH Fields
AH Header Placement in
Transport Mode
Security Association
One-way relationship between two hosts,
providing security services for the payload
Uniquely identified by:
Security Parameter Index (SPI)
IP destination address
Security Protocol Identifier (AH/ESP)
SA Security Parameters
Key Management
Manual
used for small networks
easier to configure
Automated
more scalable
more difficult to setup
ISAKMP/Oakley