码迷,mamicode.com
首页 > Web开发 > 详细

[Network]Network Security

时间:2014-06-11 06:35:42      阅读:288      评论:0      收藏:0      [点我收藏+]

标签:network

1 What is network security

access && understand && modification


2 Principles of Cryptography

symmetric key
encryption key public decryption key secret

2.1 Symmetric Key

substitution cipher: encryption on a side, decryption on another side.

DES: Data Encryption Standard

56-bit symmetric key 64-bit plaintext input

AES: Advanced Encryption Standard


3 Message Integrity

3.1 Message Authentication Code

Hash code used below
make secret encrypted
bubuko.com,布布扣

3.2 Digital Signatures

A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). 
-- From Wiki

Hash H(m) first, then sign it Ks(H(m))

Send both clear message m and Ks(H(m)) to receiver. Receiver Hash m and decrypt H(m), to compare them whether they are same.

bubuko.com,布布扣

Certification Authorities

The third company to verify the public key of Bob‘s.


4 End Point Authentication

4.1 Authentication

Other method can be attacked by other host playback process.


bubuko.com,布布扣


5 Securing e-mail

5.1 Secrecy

bubuko.com,布布扣
sender: 
1. random symmetric private key, Ksy
2. message m, Ks(m)
3. use receiver‘s public key to encrypt the Ks, Kry(Ks)
4. send both Ksy(m) and Kr(Ks) to receiver

receiver:
1. Use own public key to decrypt the Ksy
2. Use Ksy to decrypt message m

5.2 Sender Authentication

bubuko.com,布布扣
sender:
1. sign the message m
2. send both clear message m and signed message Ksen(H(m))
receiver:
decrypt the signed message.

5.3 Combination

Three Keys: sender sign key, receiver public key, symmetric key
bubuko.com,布布扣


6 Securing TCP: SSL

6.1 Service

Two parts: Client/Server authentication, data encryption

6.2 Process
1. Handshake
Establish TCP connection
Authentication
2. Key Derivation
4 keys
MAC key and encrption key
3. Data Transfer
compute MAC
encrypt data and MAC
form SSL format record
bubuko.com,布布扣

6.3 Mechanism

Apply for key for encryption and keep secret between server and client.

7 Network Layer: IPsec

AH or ESP


8 Wireless LANs

WEP


9 Firewall and IDS

IDS: Inspection and correclation

[Network]Network Security,布布扣,bubuko.com

[Network]Network Security

标签:network

原文地址:http://blog.csdn.net/toomatoo/article/details/29249371

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!