chapter 8 network security - elsevier 8 network security computer networks, 5th edition copyright ©...

1

Chapter 8

Network Security

Computer Networks, 5th Edition

Copyright © 2012, Elsevier Inc. All rights Reserved

2Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.1 Symmetric-key encryption and decryption.

3Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.2 Cipher block chaining (CBC).

4Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.3 Public-key encryption.

5Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.4 Authentication using public keys.

6Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.5 Computing a MAC (a) versus computing an HMAC (b).

7Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.6 Tree-structured certification authority hierarchy.

8Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.7 A challenge-response protocol.

9Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.8 A public-key authentication protocol that depends on synchronization.

10Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.9 A public-key authentication protocol that does not depend on synchronization. Alice checks her own timestamp against her own clock, and likewise for Bob.

11Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.10 The Needham–Schroeder authentication protocol.

12Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.11 Kerberos authentication.

13Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.12 A man-in-the-middle attack.

14Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.13 PGP’s steps to prepare a message for emailing from Alice to Bob.

15Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.14 Using SSH port forwarding to secure other TCP-based applications.

16Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.15 Secure transport layer inserted between application and TCP layers.

17Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.16 Handshake protocol to establish TLS session.

18Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.17 IPsec’s ESP format.

19Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.18 An IP packet with a nested IP packet encapsulated using ESP in tunnel mode. Note that the inner and outer packets have different addresses.

20Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.19 Use of an Authentication Server in 802.11i.

21Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.20 A firewall filters packets flowing between a site and the rest of the Internet.

22Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.21 Diagram for Exercise 18.