首页 > 代码库 > [Network]Network Security
[Network]Network Security
1 What is network security
access && understand && modification
2 Principles of Cryptography
symmetric key
encryption key public decryption key secret
2.1 Symmetric Key
substitution cipher: encryption on a side, decryption on another side.
DES: Data Encryption Standard
56-bit symmetric key 64-bit plaintext input
AES: Advanced Encryption Standard
3 Message Integrity
3.1 Message Authentication Code
Hash code used belowmake secret encrypted
3.2 Digital Signatures
A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).
-- From WikiHash H(m) first, then sign it Ks(H(m))
Send both clear message m and Ks(H(m)) to receiver. Receiver Hash m and decrypt H(m), to compare them whether they are same.
Certification Authorities
The third company to verify the public key of Bob‘s.
A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).-- From Wiki
Hash H(m) first, then sign it Ks(H(m))
Send both clear message m and Ks(H(m)) to receiver. Receiver Hash m and decrypt H(m), to compare them whether they are same.
Certification Authorities
The third company to verify the public key of Bob‘s.
4 End Point Authentication
4.1 Authentication
Other method can be attacked by other host playback process.
5 Securing e-mail
5.1 Secrecy
sender:1. random symmetric private key, Ksy2. message m, Ks(m)3. use receiver‘s public key to encrypt the Ks, Kry(Ks)4. send both Ksy(m) and Kr(Ks) to receiverreceiver:1. Use own public key to decrypt the Ksy2. Use Ksy to decrypt message m
5.2 Sender Authentication
sender:1. sign the message m2. send both clear message m and signed message Ksen(H(m))receiver:decrypt the signed message.5.3 Combination
Three Keys: sender sign key, receiver public key, symmetric key
6 Securing TCP: SSL
6.1 Service
6.2 ProcessTwo parts: Client/Server authentication, data encryption
1. HandshakeEstablish TCP connectionAuthentication2. Key Derivation4 keysMAC key and encrption key3. Data Transfercompute MACencrypt data and MACform SSL format record6.3 Mechanism
Apply for key for encryption and keep secret between server and client.
7 Network Layer: IPsec
AH or ESP
8 Wireless LANs
WEP
9 Firewall and IDS
IDS: Inspection and correclation
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。