tailieunhanh - Lecture Data communications and networking: Chapter 31 - Behrouz A. Forouzan

Chapter 31 - Network security. In this chapter, we first introduce the security services we typically expect in a network. We then show how these services can be provided using cryptography. At the end of the chapter, we also touch on the issue of distributing symmetric and asymmetric keys. | Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 31. 31-1 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service provides entity authentication or identification. Message Confidentiality Message Integrity Message Authentication Message Nonrepudiation Entity Authentication Topics discussed in this section: 31. Figure Security services related to the message or entity 31. 31-2 MESSAGE CONFIDENTIALITY The concept of how to achieve message confidentiality or privacy has not changed for thousands of years. The message must be encrypted at the sender site and decrypted at the receiver site. This can be done using either symmetric-key cryptography or asymmetric-key cryptography. Confidentiality with Symmetric-Key Cryptography Confidentiality with Asymmetric-Key Cryptography Topics discussed in this section: 31. Figure Message confidentiality using symmetric keys in two directions 31. Figure Message confidentiality using asymmetric keys 31. 31-3 MESSAGE INTEGRITY Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity. Document and Fingerprint Message and Message Digest Creating and Checking the Digest Hash Function Criteria Hash Algorithms: SHA-1 Topics discussed in this section: 31. To preserve the integrity of a document, both the document and the fingerprint are needed. Note 31. Figure Message and message digest 31. The message digest needs to be kept secret. Note 31. Figure Checking integrity 31. Figure Criteria of a hash function 31. Can we use a conventional lossless compression method as a hashing function? Solution We cannot. A lossless compression method creates a compressed message that is reversible. You | Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 31. 31-1 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service provides entity authentication or identification. Message Confidentiality Message Integrity Message Authentication Message Nonrepudiation Entity Authentication Topics discussed in this section: 31. Figure Security services related to the message or entity 31. 31-2 MESSAGE CONFIDENTIALITY The concept of how to achieve message confidentiality or privacy has not changed for thousands of years. The message must be encrypted at the sender site and decrypted at the receiver site. This can be done using either symmetric-key cryptography or asymmetric-key cryptography. Confidentiality with Symmetric-Key Cryptography Confidentiality with Asymmetric-Key Cryptography Topics discussed in this .