Cryptography Application - PowerPoint PPT Presentation

1 / 55

About This Presentation

Title:

Cryptography Application

Description:

Title: Security in Computing Author: Director Last modified by: UP-Employee Created Date: 3/20/2003 8:02:21 AM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:81

Avg rating:3.0/5.0

Slides: 56

Provided by: Direc207

Category:

more less

Transcript and Presenter's Notes

Title: Cryptography Application

1
Cryptography Application
235034 Security in Computer Systems and Networks

Lec. Sanchai Yeewiyom
School of Information and Communication
Technology
University of Phayao

2
???????????????????????????????

Authentication
Mail Security
Web Security
Remote Login Security
Network Security

3
Authentication

?????????????????????????? ??????????????????????
????
???????
Password
Kerberos

4
Password

?????????????????????????????????????????????????
?????
??????????????????????????????? Plain Text
???????????????????????????
Exp. Linux, Unix ?????????????????????? Login
????????????????????? Password

5
Password

??????????? ?????????? ???????????, ????????,
?????????????????????, ????????????, ??????????,
Home Directory, Program Shell
????????????????????????? DES ??? Key
????????????????????????????? 8
???????????????????????

6
Kerberos

????????????????? Needham ??? Schroeder ???
Massachusetts Institute of Technology (MIT)
???? Protocol ????????????????????????????????????
????????? Single Sign-On (????????????????????????
???????????????????????????? Server???????????????
??????)
?????????????????? Client/Server
????????????????? Secret Key Cryptography

7
Kerberos

???????????? Login Session ????????? Username ???
Password ???
????????????????? Resource ??? Server
?????????????? Session ????????? ????????? Login
Session ???????????????

8
Kerberos

??????????????? Kerberos ?????????? 3 ????????
???
?????????????????????????????????????????? ????
Key Distribution Center (KDC) ????????????????????
?? ????????????????????????????? ???????????????
(Client)
????????????? (Client) ??? ?????? ????? ????
?????????????????????????? Ticket ??? KDC ???
??????? Application Server ??? Server
?????????????????? ???? telnet ???? ftp
???????????????????????????????? ???? Kerberos

9
Kerberos

???????????? Kerberos ????????????????????????????
? Ticket ??????????? kinit ??? Principal
(?????????????????????????????????????????????????
??????) ?????????????????????? Kerberos Server
??????????????????? Authentication Service (AS)
??? Ticket Granting Service (TGS)

10
Kerberos

AS ????????????????? Principal ???????????
Kerberos Database ??????? ????? Kerberos Server
???????????? Ticket Granting Ticket (TGT) ??? TGS
???????????????? TGT ?????????????????????????????
????????????????
??????? ???????????????????????????????
TGT??????????????????? ????????? TGT ???
??????????????????????????????????????????????????
???????

11
(No Transcript)
12
?????????? Application server

??????????? ??????????? TGT ????? KDC
??????????? TGT ???? KDC ?????????????? TGT
????????????????? Service Ticket
??????????????????????????????????????? ????
Service Ticket ???????????????????????????????????
??????? Application Server ???????????????????????
?? ???????????????????????????????????????

13
?????????? Application server

????????????????? Service Ticket
??????????????????????????????????????????????????
?????????????? Service Ticket ????????????????????
? Application Server ?????????????????????????????
???????????? Application Server
????????????????????????????????????????? Key
Tables ?? Application Server
??????????????????? ??????????????????????????????

14
(No Transcript)
15
Mail Security

????????? e-Mail ??? SMTP, POP3, IMAP
??????????
???????? ?????????????????????????????????????????
??? ????
PGP (Pretty Good Privacy)
S/MIME (Secure/Multipurpose Internet Mail
Extensions)

16
PGP (Pretty Good Privacy)

?????????????????????????????? ???????????????????
???????? ?????????????????????????????
??????????????????????? Symmetric Key ???
Asymmetric Key
???????? Phil Zimmermann ???? 1991
??????????????????? Web of Trust
????????????????? Digital Signature
??????????????????????????????????
??????????????????????????????????????????????????
???????? Digital Signature ????????????????

17
PGP (Pretty Good Privacy)

???????? Digital Signature ?????? Private Key
?????????
??????? ??? Digital Signature ????????????????
Symmetric Key ?????? Key ????????????????????????
????????? (Session Key) ??????????? Key
????????????????????? Public Key ?????????
??????????????????????????????? e-Mail

18
PGP (Pretty Good Privacy)

????? e-Mail ????? ??????????? Private Key
??????????????????????????? Session Key
????????????????????????????? ??????? ??? Digital
Signature
??????? Digital Signature ????????????????????????
????????

19
(No Transcript)
20
(No Transcript)
21
S/MIME

Secure/Multipurpose Internet Mail Extensions
Public Key Encryption
???????? RSA Data Security Inc. ??????? 1995
????????????????????? IETF (Internet Engineering
Task Force) ???? 2002
?????????????????????????????????? Client e-Mail
Integrate ???????????????? e-Mail ???? Outlook,
Outlook Express, Lotus Notes, Mozilla Mail,
iCloud ???????

22
S/MIME

??????????????????????????????????? Key ???
Certificate ??? CA (Certificate Authority)
??????????? e-Mail ????????????????? Certificate
????????????????????????????????????????????

23
Web Security

???????????? WWW ??????????????? HTTP
??????????????????????????? ??????????????????????
???????????????????
S-HTTP
HTTPS
SSL/TLS

24
S-HTTP

Secure Hypertext Transfer Protocol
???????? Enterprise Integration Technology (EIT)
??????????????????????????????????
???????????????????????????????????????? TCP ??
Transport Layer
????????????????? RSA
?????????????????????

25
HTTPS

Hypertext Transfer Protocol Secure
????????????????? Netscape ??????? ?.?. 1994
??????????????????????????????-???
??????????????????? ????????????????-?????????????
?????????????????????????????
???????????????? 443
?????????????????????????????????
(Authentication) ????????????????????
(Encryption) ????? HTTP ??? TCP
???????????????? Web e-Commerce
????????????????????? ???? ?????????

26
SSL/TLS

Transport Layer Security (TLS) ????????????
Secure Sockets Layer (SSL)
SSL ???????????? Netscape
????????????????????????????????????? Web Server
??? Client
??????? ???????????????? ??????? Web Server ???
Client ?????????? Algorithm ??? Session Key
?????? ??????????????????????????????????
???????? Transport Layer

27
SSL/TLS

SSL ????????????????? RSA ?????? X.509
Certificate ??????????????????? Web Server
??????????????? SSL ??????????????? IETF
????????????? TLS ?????????
TLS ???????????????????? SSL ????????????????????
?? Key ??? Digital Signature

28
SSL/TLS

????????? SSL
Server Authentication
Client Authentication
Encrypted Session (Symmetric Encryption)

29
??????????????? SSL

Browser ??? Request ????? Web Server ???????????
SSL Version ??? Algorithm ??????????????
Web Server ????? SSL Version, Algorithm ??????
??? Digital Certificate ????????? CA ??? Client
???????? ????????? Public Key ??? Web Server
????? Browser
Browser ????????? Digital Certificate ??? CA
????????????????????? ?????????????????????
Public Key ??? CA ??????????????????????????
Public Key ??? Web Server

30
??????????????? SSL

Browser ????? Symmetric Key ??????? Public Key
??? Web Server ???????? ???????????????? Server
Browser ?????????????? Server ????????????????????
????????? Key ??????????????????????????????????
?????????????????????? (Handshaking)
??????? Server ????????????????????????? Client
??????????? Session Key ??? ??????????????????????
??????????????????????? Session Key ????????

31
??????????????? SSL
32
Remote Login Security

Secure Shell (SSH)
??????????????????????????????????????
Client-Server
????????????? Linux, Unix ????????? Remote Login
??????????? Version 2 ?????????????? IETF
??????? TCP Port 22

33
Remote Login Security

???????????? ???????? Client ??????????????
Server ?????????????????? Secret Key ????????
???????? Algorithm ??? Diffie-Hellman Key
Exchange
????????? Session Key ??????????????????????
Algorithm ??? Blowfish
???????????????? telnet
??????? SSH ?????????? ???? Putty, OpenSSH,
OpenTerm

34
Network Security

???????????????????????? Lower Layer ??? OSI
?????????????? Virtual Private Network (VPN)
?????????????
Exp. VPN
PPTP (Point-to-Point Tunneling Protocol)
L2F (Layer 2 Forwarding)
L2TP (Layer 2 Tunneling Protocol)
IPSec (IP Security)

35
Virtual Private Network (VPN)

?????????????????????????????????????????????????
?????????????????????????? (????????????
????????????) ?????????????????
??????????????????????????????????? (Private
Network) ???????????????????????????????
?????????????????????????????????

36
Virtual Private Network (VPN)

?????????????????????????????????????????????????(
Tunneling) ???????????????????????????? (Public
Network) ?????????????????????????????????????????
???????????????????? VPN ???????????????

37
VPN
38
??????????? VPN

Authentication VPN
Encryption
Tunneling
Firewall

39
??????????? VPN

Authentication VPN ?????????????????????????????
??????????????? ????????????????
???????????????????????? ?????????????????????????
???????????????? ???????????????????????????
Tunnel ???
Encryption ?????????????????????
??????????????????????????????? Packet
??????????????????????????????????????????????????
??????????????????????????????????????????????????
?????????????

40
??????????? VPN

Tunneling ??????????????????????????????????????
??????????????????????????????????????????????????
?????????????????????????????????????
??????????????????????????????
Firewall ???????????????????????????????????????
????????????????????????????????????

41
???????????? VPN

?????? VPN ??????????? 3 ?????? 1. Intranet VPN
2. Extranet VPN
3. Access VPN

42
???????????? VPN

1. Intranet VPN ?????????????????????????????
?? VPN ?????????????????????????????? ????
????????????????????? ????????????????????????????
? ??????????? ????????????? ????????? ????????
??????????? (Leased Line)
2. Extranet VPN ???????????????????????????????
??????????? Intranet VPN ???????????????????
?????????????? Supplier ??? Partner

43
???????????? VPN

3. Access VPN ???????????????????????????????
VPN ????????????????????????? ????????????????????
??????????????????? ???? ?????????????????????????
?

44
?????????????????????? Tunnel

PPTP (Point - to - Point Tunneling Protocol)
L2F (Layer 2 Forwarding protocol)
L2TP (Layer 2 Tunneling Protocol)
IPSec (IP Security)

45
PPTP (Point - to - Point Tunneling Protocol)

???? Protocol ?????????????? VPN
?????????????? Dial-Up
???????? Microsoft ???????????? Windows
????????????????????? Protocol PPP
????????????? ??????? Data Link Layer
???????????? Protocol ?????????? IP ???? IPX,
NetBEUI ???????

46
PPTP (Point - to - Point Tunneling Protocol)

??????? ??? ????????????????????????
????????????? Token Based Authentication
(??????????? Authentication User ???????? Token
???????????????????? Resource ????? ??????????
Authentication ??? ??????????? Session Token
Based Authentication)

47
L2F (Layer 2 Forwarding protocol)

Protocol ?????????????? CISCO System
?????????? Dial-Up
??????? Layer 2 ??????????????? Frame Relay ????
ATM ?????? X.25 ??????? Tunnel
????????????????? L2F ?????????????????????????
PPTP ????? ???? ??? Authentication ??????????? 2
??????? Tunnel
??????????????????????????????????????????????????
???

48
L2TP (Layer 2 Tunneling Protocol)

????????? IETF
?????????? Dial-Up
????????????????? PPTP ?????????? L2TP ????? User
Datagram Protocol (UDP) ??????????????????????????
?????????????????? Tunnel
??????????????????????????? Protocol
????????????? ????? Protocol ??????? Layer 2 ????
PPP ?????? Packet ?? Layer 3 ????????????????? IP
Packet ??????? ??????????????????????????? PPP
?????????? L2TP ???????????????? Tunnel ?????
????????????? Client ?????????????

49
IPSec (IP Security)

??????? Network Layer
?????????????????????????????????? Internet
Protocol
??????????????? ????????????????????? ????
DiffieHellman Key Exchange, Public Key
Cryptography, DES, Hash Algorithm, Digital
Certificate
??????????????????? Key ?? 2 ????
????????? Admin ????????????????
IKE (Internet Key Exchange) ??????????????

50
IPSec (IP Security)

?????????????????? VPN ???????????????????????????
????????????????????
??????? ??? ????????? Internet Protocol (IP)
??????????????????

51
IPSec (IP Security)

?????? Packet ??? IPSec ?????????? 2 ????
AH (Authentication Header) ??????????????
?????????? (Integrity) ?????????
??????????????????????????? (Authentication )
ESP (Encapsulating Security Payload)
?????????????? ?????????? (Integrity) ?????????
??????????????????????????? (Authentication ) ???
???????????????? (Confidentiality)

52
Authentication Header AH

Header ??? AH ?????? 24 ???? ???????????????
Next Header ??????????????????????????????????????
?????????? IPSec ??????? Tunnel mode ????????? 4
???? Transport mode ????????? 6

53
Authentication Header AH

Payload length ?????????????????????????????
Header ??????? Reserved ????? 2 ????
Security Parameter Index (SPI) ????? Security
Association ????????????????????? Packet
???????????????
Sequence Number ???? 32 ????????????????? Packet
Hash Message Authentication Code (HMAC)
????????????????? Hash Function ???? MD5 ????
SHA-1 ???????

54
Encapsulated Security Payload ESP

Security Parameter Index (SPI) ????? Security
Association (SA) ???? ESP ??????????????

55
Encapsulated Security Payload ESP

Sequence Number ???????????? Packet
Initialization Vector (IV) ???????????????????????
????? ???????????????? Packet ????????????????????
??????????
Data ????????????????????
Padding ??????????? Data ?????????????????????????
?????????
Padding Length ????????????? Padding ????????
Next Header ????? Header ?????
HMAC ???????????????????????????? 96 ???