Advanced Computer Networks: Lecture 41 - Dr. Amir Qayyum
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (605.39 KB, 31 trang )
CS716
Advanced Computer Networks
By Dr. Amir Qayyum
1
1
Lecture No. 41
2
Message Integrity Protocols
• Digital signature using RSA
– Special case of a message integrity where
the code can only have been generated by
one participant
– Compute signature with private key and
verify with public key
3
Message Integrity Protocols
• Keyed MD5
– Sender: m + MD5 (m + k) +
E(E(k, rcvpub), private)
– Receiver
• recovers random key using the
sender’s public key
• applies MD5 to the concatenation of
this random key message
4
Message Integrity Protocols
• MD5 with RSA signature
– Sender: m + E(MD5(m), private)
– Receiver
• Decrypts signature with sender’s
public key
• Compares result with MD5 checksum
sent with message
5
Authentication
6
Session Key Communication
7
Session Key Communication
8
Key
Distribution
Center
9
Kerberos
10
ManintheMiddle Attack
in DiffieHellman
11
Key Distribution
• Certificate
– Special type of digitally signed document:
“I certify that the public key in this document
belongs to the entity named in this document,
signed X.”
– The name of the entity being certified
– The public key of the entity
– The name of the certification authority
– A digital signature
12
Key Distribution
• Certification Authority (CA)
– Administrative entity that issues
certificates
– Useful only to someone that already
holds the CA’s public key.
13
Treestructured CA Hierarchy
14
Key Distribution (cont)
• Chain of Trust
– If X certifies that a certain public key
belongs to Y, and Y certifies that another
public key belongs to Z, then there exists
a chain of certificates from X to Z
– Someone that wants to verify Z’s public
key has to know X’s public key and
follow the chain
• Certificate Revocation List
15
PGP Message Integrity and
Authentication
Sender identity and message
integrity confirmed
if checksums match
Calculate MD5 checksum
over message contents
Sign checksum using RSA
with sender‘s private key
Calculate MD5 checksum on
received message and compare
against received value
Decrypt signed
checksum
with sender‘s private
key
Transmitted message
16
PGP Message Encryption
Create a random secret key
k
Encrypt message
using
DES with secret key
k
Encrypt k using RSA with
recipient s public key
Encode message + E(k)
in ASCII for transmission
Original message
Decrypt message using
DES with secret key k
Decrypt E(k) using RSA with
my private key k
Convert ASCII message
Transmitted message
17
Example (PGP)
18
SSH Port Forwarding
19
Secure Transport Layer
Application (e.g. HTTP)
Secure transport layer
TCP
IP
Subnet
20
TLS Handshake Protocol
Client
Server
Hell
o
[C
[Cer ertifica
te
t . Ve
rify] ] Keys
Finis
hed
h
Finis
ed
Data
21
TLS
Handshake
Protocol
22
IPSEC Authentication Header
NextHdr
PayloadLength
Reserved
SPI
SeqNum
AuthenticationData
23
IPSEC ESP Header
24
ESP Packet
25
