Who might Bob,Alice be? ..well,real-life Bobs and Alices! Web browser/server for electronic transactions (e.g.,on-line purchases) on-line banking client/server ■DNS servers routers exchanging routing table updates other examples? Security 8-6
Who might Bob, Alice be? ▪ … well, real-life Bobs and Alices! ▪ Web browser/server for electronic transactions (e.g., on-line purchases) ▪ on-line banking client/server ▪ DNS servers ▪ routers exchanging routing table updates ▪ other examples? Security 8-6
There are bad guys (and girls)out there! Q:What can a“bad guy”do? A:A lot!See section 1.6 eavesdrop:intercept messages actively insert messages into connection impersonation:can fake (spoof)source address in packet(or any field in packet) ·hijacking:“take over”ongoing connection by removing sender or receiver,inserting himself in place denial of service:prevent service from being used by others(e.g.,by overloading resources) Security 8-7
There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: A lot! See section 1.6 • eavesdrop: intercept messages • actively insert messages into connection • impersonation: can fake (spoof) source address in packet (or any field in packet) • hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place • denial of service: prevent service from being used by others (e.g., by overloading resources) Security 8-7
Chapter 8 roadmap 8.I What is network security? 8.2 Principles of cryptography 8.3 Message integrity,authentication 8.4 Securing e-mail 8.5 Securing TCP connections:SSL 8.6 Network layer security:IPsec 8.7 Securing wireless LANs 8.8 Operational security:firewalls and IDS Security 8-8
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Security 8-8
The language of cryptography ⑥学Alice's @学Bob's KA encryption K.decryption key IEkey plaintext encryption ciphertext decryption plaintext algorithm algorithm m plaintext message KA(m)ciphertext,encrypted with key KA m=KB(KA(m)) Security 8-9
The language of cryptography m plaintext message KA(m) ciphertext, encrypted with key KA m = KB (KA (m)) plaintext ciphertext plaintext K A encryption algorithm decryption algorithm Alice’ s encryption key Bob’ s decryption key K B Security 8-9
Breaking an encryption scheme ■ cipher-text only attack: known-plaintext attack: Trudy has ciphertext she Trudy has plaintext can analyze corresponding to ciphertext two approaches: e.g.,in monoalphabetic 。brute force:search cipher,Trudy determines through all keys pairings for a,l,i,c,e,b,o, statistical analysis chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext Security 8-10
Breaking an encryption scheme ▪ cipher-text only attack: Trudy has ciphertext she can analyze ▪ two approaches: • brute force: search through all keys • statistical analysis ▪ known-plaintext attack: Trudy has plaintext corresponding to ciphertext • e.g., in monoalphabetic cipher, Trudy determines pairings for a,l,i,c,e,b,o, ▪ chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext Security 8-10