Chapter 7: Network security Foundations o what is security? o cryptography d authentication D message integrity o key distribution and certification Security in practice: O application layer: secure e-mail o transport layer: Internet commerce, SSL, SET D network layer: IP security 7: Network Security 1
7: Network Security 1 Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport layer: Internet commerce, SSL, SET network layer: IP security
Friends and enemies: Alice Bob. Trudy Dato Data control, data messages Secure Secure sencer eceiver channe 网 Alice Trudy o well-known in network security world o Bob, Alice (lovers! )want to communicate"securely o Trudy, the intruder"may intercept, delete, add messages 7: Network Security 2
7: Network Security 2 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy, the “intruder” may intercept, delete, add messages Figure 7.1 goes here
What is network security? Secrecy: only sender, intended receiver should understand"msa contents o sender encrypts msg o receiver decrypts msg Authentication: sender receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards)without detection 7: Network Security 3
7: Network Security 3 What is network security? Secrecy: only sender, intended receiver should “understand” msg contents sender encrypts msg receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Internet security threats Packet sniffing broadcast media o promiscuous NIC reads all packets passing by o can read all unencrypted data(e.g. passwords) oe.g. C sniffs B's packets A srC:Bdest: Payload B 7: Network Security 4
7: Network Security 4 Internet security threats Packet sniffing: broadcast media promiscuous NIC reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: C sniffs B’s packets A B C src:B dest:A payload
Internet security threats IP Spoofing: o can generate raw"IP packets directly from application, putting any value into IP source address field o receiver can 't tell if source is spoofed oe.g. C pretends to be B src: B dest: a payload B 7: Network Security 5
7: Network Security 5 Internet security threats IP Spoofing: can generate “raw” IP packets directly from application, putting any value into IP source address field receiver can’t tell if source is spoofed e.g.: C pretends to be B A B C src:B dest:A payload