Bài giảng TCP/IP - Chapter 29: Internet Security

Chapter 29InternetSecurityCONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLSINTRODUCTION29.1Figure 29-1Aspects of securityPRIVACY29.2Figure 29-2Secret-key encryptionIn secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.Secret-key encryption is often called symmetric encryption because the same key can be used in both directions.Secret-key encryption is often used for long messages.We discuss one secret-key algorithm in Appendix E.KDC can solve the problem of secret-key distribution.Figure 29-3Public-key encryptionPublic-key algorithms are more efficient for short messages.A CA can certify the binding between a public key and the owner.Figure 29-4CombinationTo have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key.DIGITAL SIGNATURE29.3Figure 29-5Signing the whole documentDigital signature cannot be achieved using only secret keys. Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.Figure 29-6Signing the digestFigure 29-7Sender siteFigure 29-8Receiver siteSECURITY IN THEINTERNET29.4APPLICTION LAYERSECURITY29.5Figure 29-9PGP at the sender siteFigure 29-10PGP at the receiver siteTRANSPORT LAYERSECURITY(TLS)29.6Figure 29-11Position of TLSFigure 29-12Handshake protocolSECURITY AT THEIP LAYER(IPSec)29.7Figure 29-13AuthenticationFigure 29-14Header formatFigure 29-15ESPFigure 29-16ESP formatFIREWALLS29.8Figure 29-17FirewallFigure 29-18Packet-filter firewallA packet-filter firewall filters at the network or transport layer.Figure 29-19Proxy firewallA proxy firewall filters at the application layer.