Chapter 9 security

DNS – The Domain Name System
• The DNS Name Space
• Resource Records
• Name Servers

The DNS Name Space
A portion of the Internet domain name space.

Resource Records
The principal DNS resource records types.

Resource Records (2)
A portion of a possible DNS database for cs.vu.nl.

Name Servers
Part of the DNS name space showing the division into zones.

Name Servers (2)
How a resolver looks up a remote name in eight steps.

Electronic Mail
• Architecture and Services
• The User Agent
• Message Formats
• Message Transfer
• Final Delivery

Electronic Mail (2)
Some smileys. They will not be on the final exam :-).

Architecture and Services
Basic functions
• Composition
• Transfer
• Reporting
• Displaying
• Disposition

The User Agent
Envelopes and messages. (a) Paper mail. (b) Electronic mail.

Reading E-mail
An example display of the contents of a mailbox.

Message Formats – RFC 822
RFC 822 header fields related to message transport.

Message Formats – RFC 822 (2)
Some fields used in the RFC 822 message header.

MIME – Multipurpose Internet Mail
Extensions
Problems with international languages:
• Languages with accents
(French, German).
• Languages in non-Latin alphabets
(Hebrew, Russian).
• Languages without alphabets
(Chinese, Japanese).
• Messages not containing text at all
(audio or images).

MIME (2)
RFC 822 headers added by MIME.

MIME (3)
The MIME types and subtypes defined in RFC 2045.

MIME (4)
A multipart message containing enriched and audio alternatives.

Message Transfer
Transferring a message
from elinore@abc.com
to carolyn@xyz.com.

Final Delivery
(a) Sending and reading mail when the receiver has a permanent
Internet connection and the user agent runs on the same machine as
the message transfer agent. (b) Reading e-mail when the receiver has
a dial-up connection to an ISP.

POP3
Using POP3 to fetch three messages.

IMAP
A comparison of POP3 and IMAP.

The World Wide Web
• Architectural Overview
• Static Web Documents
• Dynamic Web Documents
• HTTP – The HyperText Transfer Protocol
• Performance Ehnancements
• The Wireless Web

Architectural
Overview
(a) A Web page (b) The page reached by clicking on
Department of Animal Psychology.

Architectural Overview (2)
The parts of the Web model.

The Client Side
(a) A browser plug-in. (b) A helper application.

The Server Side
A multithreaded Web server with a front end and processing modules.

The Server Side (2)
A server farm.

The Server Side (3)
(a) Normal request-reply message sequence.
(b) Sequence when TCP handoff is used.

URLs – Uniform Resource Locaters
Some common URLs.

Statelessness and Cookies
Some examples of cookies.

HTML – HyperText Markup Language
(a) The HTML for a sample Web page. (b) The formatted page.
(b)

HTML (2)
A selection of common HTML tags.
some can have additional parameters.

Forms
(a) An HTML table.
(b) A possible rendition of this
table.

Forms (2)
(a) The HTML for an
order form.
(b) The formatted page.
(b)

Forms (3)
A possible response from the browser to the server with information
filled in by the user.

XML and XSL
A simple Web page
in XML.

XML and XSL (2)
A style sheet in
XSL.

Dynamic Web Documents
Steps in processing the information from an HTML form.

Cryptography
• Introduction to Cryptography
• Substitution Ciphers
• Transposition Ciphers
• One-Time Pads
• Two Fundamental Cryptographic Principles

Need for Security
Some people who cause security problems and why.

An Introduction to Cryptography
The encryption model (for a symmetric-key cipher).

Transposition Ciphers
A transposition cipher.

One-Time Pads
The use of a one-time pad for encryption and the
possibility of getting any possible plaintext from
the ciphertext by the use of some other pad.

Quantum Cryptography
An example of quantum cryptography.

Symmetric-Key Algorithms
• DES – The Data Encryption Standard
• AES – The Advanced Encryption Standard
• Cipher Modes
• Other Ciphers
• Cryptanalysis

Product Ciphers
Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.

Data Encryption Standard
The data encryption standard. (a) General outline.
(b) Detail of one iteration. The circled + means exclusive OR.

Triple DES
(a) Triple encryption using DES. (b) Decryption.

AES – The Advanced Encryption Standard
Rules for AES proposals
1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
3. Key lengths of 128, 192, and 256 bits supported.
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on
nondiscriminatory terms.

AES (2)
An outline of
Rijndael.

AES (3)
Creating of the state and rk arrays.

Electronic Code Book Mode
The plaintext of a file encrypted as 16 DES blocks.

Cipher Block Chaining Mode
Cipher block chaining. (a) Encryption. (b) Decryption.

Cipher Feedback Mode
(a) Encryption. (c) Decryption.

Stream Cipher Mode
A stream cipher. (a) Encryption. (b) Decryption.

Counter Mode
Encryption using counter mode.

Cryptanalysis
Some common symmetric-key cryptographic algorithms.

Public-Key Algorithms
• RSA
• Other Public-Key Algorithms

RSA
An example of the RSA algorithm.

Digital Signatures
• Symmetric-Key Signatures
• Public-Key Signatures
• Message Digests
• The Birthday Attack

Symmetric-Key Signatures
Digital signatures with Big Brother.

Public-Key Signatures
Digital signatures using public-key cryptography.

Message Digests
Digital signatures using message digests.

SHA-1
Use of SHA-1 and RSA for signing nonsecret messages.

SHA-1 (2)
(a) A message padded out to a multiple of 512 bits.
(b) The output variables. (c) The word array.

Management of Public Keys
• Certificates
• X.509
• Public Key Infrastructures

Problems with Public-Key Encryption
A way for Trudy to subvert public-key encryption.

Certificates
A possible certificate and its signed hash.

X.509
The basic fields of an X.509 certificate.

Public-Key Infrastructures
(a) A hierarchical PKI. (b) A chain of certificates.

Communication Security
• IPsec
• Firewalls
• Virtual Private Networks
• Wireless Security

IPsec
The IPsec authentication header in transport mode for IPv4.

IPsec (2)
(a) ESP in transport mode. (b) ESP in tunnel mode.

Firewalls
A firewall consisting of two packet filters and an application gateway.

Virtual Private Networks
(a) A leased-line private network. (b) A virtual private network.

802.11 Security
Packet encryption using WEP.

Authentication Protocols
• Authentication Based on a Shared Secret Key
• Establishing a Shared Key: Diffie-Hellman
• Authentication Using a Key Distribution Center
• Authentication Using Kerberos
• Authentication Using Public-Key Cryptography

Authentication Based on a Shared Secret Key
Two-way authentication using a challenge-response protocol.

Authentication Based on a Shared Secret Key (2)
A shortened two-way authentication protocol.

The reflection attack.

A reflection attack on the protocol of Fig. 8-32.

Authentication using HMACs.

Establishing a Shared Key:
The Diffie-Hellman Key Exchange
The Diffie-Hellman key exchange.

Establishing a Shared Key:
The Diffie-Hellman Key Exchange
The bucket brigade or man-in-the-middle attack.

Authentication Using a Key Distribution Center
A first attempt at an authentication protocol using a KDC.

Authentication Using a Key Distribution Center (2)
The Needham-Schroeder authentication protocol.

Authentication Using a Key Distribution Center (3)
The Otway-Rees authentication protocol (slightly simplified).

Authentication Using Kerberos
The operation of Kerberos V4.

Authentication Using Public-Key Cryptography
Mutual authentication using public-key cryptography.

E-Mail Security
• PGP – Pretty Good Privacy
• PEM – Privacy Enhanced Mail
• S/MIME

PGP – Pretty Good Privacy
PGP in operation for sending a message.

PGP – Pretty Good Privacy (2)
A PGP message.

Web Security
• Threats
• Secure Naming
• SSL – The Secure Sockets Layer
• Mobile Code Security

Secure Naming
(a) Normal situation. (b) An attack based on breaking
into DNS and modifying Bob's record.

Secure Naming (2)
How Trudy spoofs Alice's ISP.

Secure DNS
An example RRSet for bob.com. The KEY record is Bob's
public key. The SIG record is the top-level com server's
signed has of the A and KEY records to verify their
authenticity.

Self-Certifying Names
A self-certifying URL containing a hash of server's
name and public key.

SSL—The Secure Sockets Layer
Layers (and protocols) for a home user browsing with SSL.

SSL (2)
A simplified version of the SSL connection establishment subprotocol.

SSL (3)
Data transmission using SSL.

Java Applet Security
Applets inserted into a Java Virtual Machine
interpreter inside the browser.

Social Issues
• Privacy
• Freedom of Speech
• Copyright

Anonymous Remailers
Users who wish anonymity chain requests through
multiple anonymous remailers.

Freedom of Speech
Possibly banned material:
1. Material inappropriate for children or teenagers.
2. Hate aimed at various ethnic, religious, sexual, or other
groups.
3. Information about democracy and democratic values.
4. Accounts of historical events contradicting the
government's version.
5. Manuals for picking locks, building weapons, encrypting
messages, etc.

Steganography
(a) Three zebras and a tree. (b) Three zebras, a tree, and the
complete text of five plays by William Shakespeare.

Chapter 9 security

More Related Content

What's hot (20)

Similar to Chapter 9 security (20)

More from Naiyan Noor (20)

Recently uploaded (20)

Chapter 9 security