Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | kelly-bennett |
View: | 226 times |
Download: | 6 times |
©Brooks/Cole, 2003
Chapter 16
Security
©Brooks/Cole, 2003
Define four aspects of security in a network: privacy, Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.authentication, integrity, and nonrepudiation.
Understand how these aspects can be achieved using Understand how these aspects can be achieved using encryption and decryption.encryption and decryption.
Understand the difference between secret-key and Understand the difference between secret-key and public-key encryption.public-key encryption.
After reading this chapter, the reader should After reading this chapter, the reader should be able to:be able to:
OOBJECTIVESBJECTIVES
Realize how a digital signature can provide privacy, Realize how a digital signature can provide privacy, integrity, and nonrepudiation.integrity, and nonrepudiation.
©Brooks/Cole, 2003
Figure 16-1
Aspects of security
Privacy (隱私 ): only the sender and the receiver of the message are able to understand the contents of the messages.
Authentication (証明 ): the receiver needs to be sure of the sender’s identity.
Integrity (完整 ): the contents of the message should not be changed during transmission.
Non-repudiation (不摒棄 ): a secure system needs to prove that the sender actually sent the message.
©Brooks/Cole, 2003
PRIVACYPRIVACYPRIVACYPRIVACY
16.116.1
©Brooks/Cole, 2003
PrivacyPrivacy
The privacy can be achieved using encryption (加密 ) / decryption (解密 ) methods.
Two categories of encryption/decryption:Secret keyPublic key
©Brooks/Cole, 2003
Figure 16-2
Secret key encryption (加密 )
Plaintext (顯文 ) : the data are not encryptedCiphertext (密文 ) : data are encryptedNote that the secret key encryption
algorithms are often referred to as symmetric encryption algorithms.
©Brooks/Cole, 2003
In secret key encryption, In secret key encryption, the the same key same key is used in is used in
encryption and decryption. encryption and decryption. However, the encryption and However, the encryption and decryption algorithms are the decryption algorithms are the
inverse of each other.inverse of each other.
Note:Note:
©Brooks/Cole, 2003
An example
DES: data encryption standard DES encrypts and decrypts at the bit level.The plaintext are broken into segments of
64 bits. Each section is encrypted using a 56-bit
key. (Fig. 16.3)Every bit of ciphertext depends on every
bit of plaintext and the key.It is very difficult to guess the bits of
plaintext from the bits of ciphertext.
Figure 16-3
DES: data encryption standard
Stage 1, 18, and 19 of the algorithm are just permutation Stage 1, 18, and 19 of the algorithm are just permutation operations.operations.
Stages 2 to 17 are identical stages.Stages 2 to 17 are identical stages. The right 32 bits of a stage become the left 32 bits of the next The right 32 bits of a stage become the left 32 bits of the next
stage.stage. The left 32 bits of a stage are scrambled with the key and The left 32 bits of a stage are scrambled with the key and
become the right 32 bits of the next stage.become the right 32 bits of the next stage. The scrambling is complex The scrambling is complex and beyond the scope of this book.
©Brooks/Cole, 2003
Privacy with secret keyPrivacy with secret key
Data encryption standard (DNS)Data encryption standard (DNS)AdvantageAdvantage
EfficiencyEfficiencyThey are very good candidates for long messages.They are very good candidates for long messages.
DisadvantagesDisadvantagesEach pair of user must have a secret key.Each pair of user must have a secret key.
NN people people NN((NN-1)/2 secrete keys-1)/2 secrete keysThe distribution of the keys between two parties The distribution of the keys between two parties
can be difficult.can be difficult.
©Brooks/Cole, 2003
Figure 16-4
Public key encryption
The whole idea of this method is that the The whole idea of this method is that the encryption and decryption algorithms are encryption and decryption algorithms are not the inverse of each other. of each other.
©Brooks/Cole, 2003
An exampleAn example
RSA: Rivest-Shamir-Adleman encryptionRSA: Rivest-Shamir-Adleman encryptionThe private key is a pair of numbers (N, d)The public key is a pair of numbers (N, e)Encryption: C = P e mod N
C: ciphertext P: plaintextDecryption: P = C d mod NFig. 16.5
©Brooks/Cole, 2003
Figure 16-5
RSA
An intruder (侵入者 ) could guess the value of d.
A major concept of the RSA algorithm is the use of very large numbers for d and e.
©Brooks/Cole, 2003
Choosing public and private keysChoosing public and private keys
Procedure:Choose two large prime numbers, p and q.Computer N = p X qChoose e (less than N) such that e and [(p -1)
X (q -1)] are relatively prime (having no common factor other than 1)
Choose d such that (e X d) mod [(p -1)(q -1)] is equal to 1
Example: p = 5, q = 7, N = 35, e = 11, …
©Brooks/Cole, 2003
RSARSA
AdvantageIndividuals can post their public key on their
Web site.The number of the keys is only twice of the
number of user.Disadvantage
The complexity of the algorithm: calculating the ciphertext from plaintext using the long keys takes a lot of time.
©Brooks/Cole, 2003
Figure 16-6
Combination
The public key is used to encrypt the secret key. The secret key is used to encrypt the message.
©Brooks/Cole, 2003
DIGITALDIGITALSIGNATURESIGNATURE
DIGITALDIGITALSIGNATURESIGNATURE
16.216.2
©Brooks/Cole, 2003
Digital signature (Digital signature ( 數位簽章數位簽章 ))
Digital signatureWhen an author signs a document, it cannot
be changed.When you send a document electronically,
you can also sign it.Digital signature can be done in two ways:
You can sign the whole documentYou can sign a digest (摘要 ) of the document
©Brooks/Cole, 2003
Figure 16-7
Signing the whole document
You can not provide these aspects of security using the secret key.
The method does not provide secrecy.
©Brooks/Cole, 2003
Figure 16-8
Signing the digest
The two most common hash functions are: Message digest 5 (MD5) Secure hash algorithm (SHA-1)
The properties of hash function One-way: the digest can only be created from the
message, but not vice versa One-to-one: be very difficult to find two messages that
create the same digest.
©Brooks/Cole, 2003
Figure 16-9
Sender site
©Brooks/Cole, 2003
Figure 16-10
Receiver site
©Brooks/Cole, 2003
Key termsKey terms
AuthenticationAuthentication Cipher-textCipher-text DESDES DecryptionDecryption Digital signatureDigital signature EncryptionEncryption Non-repudiationNon-repudiation PermutationPermutation
Plaintext Plaintext Private keyPrivate key Public keyPublic key Public key encryptionPublic key encryption RSA encryptionRSA encryption Secret keySecret key Security Security