Bishop Chapter 11 An Overview of Cipher Techniques
Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11. 1 -11. 3) csci 5233 Computer Security 1
Topics • Problems with Design of Ciphers • Stream and Block Ciphers • A Brief Overview of Network Security more in Chapter 26 • Advanced Topics: SSL, IPsec next course (Web Security) csci 5233 Computer Security 2
Networks & Cryptography • The ISO/OSI 7 -layer network model: Fig. 11 -2. • Given C 0, …, Cn be a sequence of hosts, and Ci+1 are neighboring hosts. – End-to-end protocol: A protocol that has C 0 and Cn as its end points. Examples: telnet, TCP – Link-layer protocol: A protocol that has Ci and Ci+1 as its end points. Examples: IP ? csci 5233 Computer Security 3
Networks & Cryptography • Cryptographical protocols in a network – End-to-end encryption: The cryptographical processing is only done at the end points (i. e. , the source and the destination) Examples: VPN, SSL – Link-layer encryption: The cryptographical processing occurs at each host along the communication path. Examples: The PPP Encryption Control Protocol [RFC 1968] csci 5233 Computer Security 4
Networks & Cryptography • Shared keys – End-to-end encryption Symmetric: A key is shared between the two end-points Asymmetric: Each end knows the public key of the other end. – Link-layer encryption Symmetric: Per-host key sharing: Each host has its own key, which is shared with each of its neighboring hosts, that is, one key per host. Per-host-pair key sharing: Each pair of hosts share a key, that is, one key per link. Asymmetric: Each node knows the public key of its immediate neighbor. csci 5233 Computer Security 5
Networks & Cryptography • • In end-to-end encryption, only the source and the destination hosts can read the content of the message. The message is encrypted during transmission. + An attacker cannot read the message by intercepting the message during transmission or by attacking the intermediate hosts along the path. Traffic Analysis A cryptanalysis method in which the attacker deduces information by analyzing the traffic patterns. Can also be used to locate system vulnerability. See the example on pp. 285 -286. csci 5233 Computer Security 6
Networks & Cryptography • More on Network Security Chapter 26 (Bishop) Infrastructure Firewalls DMZ Network availability Chapter 25 Intrusion detection system (IDS) Chapter 27 System security csci 5233 Computer Security 7
Next • Chapter 12: Authentication csci 5233 Computer Security 8
- Slides: 8