ece509 cyber security : concept, theory, and practice cryptography spring 2014
TRANSCRIPT
ECE509 Cyber Security :
Concept, Theory, and Practice
CryptographySpring 2014
Attack Types
• Passive attack: observe communications and/or data
• Active attack: modify communications and/or data
What are the security services in the OSI model?
Security Services in OSI Model
• Physical Layer:
• Data-Link Layer:
• Network Layer:
• Transport Layer:
• Session Layer:
• Presentation Layer:
• Application Layer:
Security Services in OSI Model
• Confidentiality • Integrity
• Authentication
• Access Control
• Non-repudiation
Security Mechanisms to provide the needed security services
• Checksums/hash algorithms: Authorization and Integrity
• Encryption: Confidentiality, Integrity, Authentication
• Digital signatures: Integrity, Authentication, Non-repudiation
Secure Sockets Layer (SSL)
• Mechanisms:– Hashing
• SHA: Secure Hash Algorithm• MD5: Message-Digest algorithm
– Encryptions• DES: Data Encryption Standard• RSA: Ron Rivest, Adi Shamir, and Leonard
Adleman– Signatures
• DSA: Digital Signature Algorithm • RSA: Ron Rivest, Adi Shamir, and Leonard
Adleman
Hash Function
Data Channel
Hashing
MessageHash
Data
MAC (Message Authentication Code)
Data Channel
MAC
Data
ChannelMessage
MAC
Traditional Encryption(Symmetric Encryption)
Common Key
Insecure ChannelData Data
Key Agreement
Key Agreement
Insecure ChannelData Data
Public Key Encryption
Insecure ChannelData Data
Digital Signature
Data
Channel
Hashing
MessageHash
Data
Encrypt Signature Channel Signature
Digital Signature
Data
Signature
Hashing
Decrypt
Compare Message Hash
Message/Data Encryption
Data Data
EncryptedSession
Key
EncryptedSession
KeyChannel
Channel
Reading
• “Understanding Security Using the OSI Model”, SANS Institute InfoSec Reading Room, [ https://www.sans.org/reading-room/whitepapers/protocols/understanding-security-osi-model-377 ]