数据与计算机通信第21章.ppt

William StallingsData and Computer Communications7th Edition Chapter 21 Network Security Security Requirements Confidentiality Integrity Availability Passive Attacks Eavesdropping on transmissions To obtain information Release of message contents Outsider learns content of transmission Traffic analysis By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed Difficult to detect Can be prevented Active Attacks Masquerade Pretending to be a different entity Replay Modification of messages Denial of service Easy to detect Detection may lead to deterrent Hard to prevent Symmetric Encryption (Simplified) Ingredients Plain text Encryption algorithm Secret key Cipher text Decryption algorithm Requirements for Security Strong encryption algorithm Even if known, should not be able to decrypt or work out key Even if a number of cipher texts are available together with plain texts of them Sender and receiver must obtain secret key securely Once key is known, all communication using this key is readable Attacking Encryption Crypt analysis Relay on nature of algorithm plus some knowledge of general characteristics of plain text Attempt to deduce plain text or key Brute force Try every possible key until plain text is achieved Algorithms Block cipher Process plain text in fixed block sizes producing block of cipher text of equal size Data encryption standard (DES) Triple DES (TDES) Advanced Encryption Standard Data Encryption Standard US standard 64 bit plain text blocks 56 bit key Broken in 1998 by Electronic Frontier Foundation Special purpose machine Less than three days DES now worthless Triple DEA ANSI X9.17 (1985) Incorporated in DEA standard 1999 Uses 3 keys and 3 executions of DEA algorithm Effective key length 112 or 168 bit Slow Block size (64 bit) too small Advanced Encryption Standard National Institute of Standards and Technology (NIST) in 1997 issued call for Advanced Encryption Standard (AES) Security streng