Professional Documents
Culture Documents
Chapter8 Security Updated
Chapter8 Security Updated
Chapter8 Security Updated
Security
8-1
What is network security?
Alice Bob
channel data, control
messages
Trudy
Alice’s Bob’s
K encryption K decryption
A
key Bkey
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
- Bob’s private -
Bob’s message, m KB m,K B(m)
key
Dear Alice
Bob’s message,
Oh, how I have missed Public key m, signed
you. I think of you all the
time! …(blah blah blah) encryption (encrypted) with
algorithm his private key
Bob
H(m)
Application Application
SSL
TCP
TCP
IP IP
data data
MAC MAC
fragment fragment
data
MAC
ServerHello
connection hands ha
Certificate
handshake:
: S erv e rHe lloDone
handshak e
handshake: ClientK
eyExchange
ChangeCipherS
pec
ds ha k e: Finished
han
application_data
ata
application_d
IPsec IPsec
IPsec IPsec
IPsec IPsec
firewall
Network Security 8-27
Firewalls: why
firewall
internal
network
Internet
Web DNS
server FTP server
server
demilitarized
zone
Network Security 8-36