280 likes | 409 Vues
Chapter 11 Security Protocols. Chapter Figures. replay. Request. Server. Client. Response. Server. Client Imposter. Server. Attacker. Figure 11.1 – part 1. Server Imposter. Client. Man in the middle. Client. Server. Figure 11.1 – part 2. Encryption. Decryption. C=E. (P).
E N D
Chapter 11Security Protocols Chapter Figures
replay Request Server Client Response Server Client Imposter Server Attacker Communication Networks Figure 11.1 – part 1
Server Imposter Client Man in the middle Client Server Communication Networks Figure 11.1 – part 2
Encryption Decryption C=E (P) Ciphertext Plaintext P P K DK(.) EK(.) Key K Key K Communication Networks Figure 11.2
John to Jane, “let’s talk” Receiver Sender r Ek(r) r´ Ek(r´) Communication Networks Figure 11.3
Encryption Decryption C = EK1(P) P Ciphertext Plaintext P DK2(.) EK2(.) Private key K2 Public key K1 Communication Networks Figure 11.4
Receiver Sender John to Jane, “let’s talk” EK1(r) r Communication Networks Figure 11.5
B A KDC D C Communication Networks Figure 11.6
T = gx Receiver Transmitter R = gy K = Tymod p = gxymod p K = Rxmod p = gxymod p Communication Networks Figure 11.7
T T' Man in the middle Receiver Transmitter R R' K1 = R´x = gxy´ K1 = T y´ = gxy´ K2 = R x´ K2 = T´y = gx´ y = gx´ y Communication Networks Figure 11.8
(a) Internet (b) Internet (c) Internet Communication Networks Figure 11.9
(a) Packet header Authentication header Packet payload Authenticated except for changeable fields (b) Authentication header New header Original header Packet payload In tunnel mode Authenticated except for changeable fields in new header Communication Networks Figure 11.10
Internet Tunnel Communication Networks Figure 11.11
(a) Packet header Encryption header Packet + pad payload Encrypted (b) Encryption header New header Authentication header Packet + pad payload Encrypted (c) New header Original header Packet payload Encryption header In tunnel mode Encrypted Communication Networks Figure 11.12
Initiator Host Responder Host HDR, SA Cookie Request HDR, SA Cookie Response HDR, KE, Ni Key Request HDR, KE, Nr Key Response HDR, IDi, Sigi Signature Request HDR, IDr, Sigr Signature Request Communication Networks Figure 11.13
IPv4 Header AH Upper Layer (e.g., TCP or UDP) Communication Networks Figure 11.14
0 8 16 31 Next Header Length Reserved Security Parameters Index Sequence Number Authentication Data Communication Networks Figure 11.15
0 16 24 31 Security Parameters Index Sequence Number Payload Data Padding Pad Length Next Header Authentication Data Communication Networks Figure 11.16
Handshake Protocol HTTP Protocol Alert Protocol Change cipher spec Protocol TLS Record Protocol TCP IP Communication Networks Figure 11.17
Client Server ClientHello ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished Application Data Application Data Communication Networks Figure 11.18
Communication Networks Figure 11.19
Communication Networks Figure 11.20
Communication Networks Figure 11.21
Frame CRC XOR KEY 802.11 header IV Cyphertext Communication Networks Figure 11.22
64-bit plaintext 56-bit key Generate 16 per-iteration keys Initial permutation 48-bit Key 1 Iteration 1 48-bit Key 2 Iteration 2 48-bit Key 16 Iteration 16 32-bit swap Inverse permutation 64-bit ciphertext Communication Networks Figure 11.23
Ri-1 Li-1 Li-1 f(Ri-1, K) Ri L1 Communication Networks Figure 11.24
(a) Encryption P1 P2 P3 IV … Encrypt Encrypt Encrypt C1 C2 C3 (b) Decryption C3 C1 C2 … Decrypt Decrypt Decrypt IV P3 P1 P2 Communication Networks Figure 11.25