第二十九章 TCPIP讨论.pptVIP

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security CONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS INTRODUCTION 29.1 Figure 29-1 Aspects of security PRIVACY 29.2 Figure 29-2 Secret-key encryption In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Secret-key encryption is often called symmetric encryption because the same key can be used in both directions. Secret-key encryption is often used for long messages. We discuss one secret-key algorithm in Appendix E. KDC can solve the problem of secret-key distribution. Figure 29-3 Public-key encryption Public-key algorithms are more efficient for short messages. A CA can certify the binding between a public key and the owner. Figure 29-4 Combination To have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key. DIGITAL SIGNATURE 29.3 Figure 29-5 Signing the whole document Digital signature cannot be achieved using only secret keys. Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Figure 29-6 Signing the digest Figure 29-7 Sender site Figure 29-8 Receiver site SECURITY IN THEINTERNET 29.4 APPLICTION LAYERSECURITY 29.5 Figure 29-9 PGP at the sender site Figure 29-10 PGP at the receiver site TRANSPORT LAYER SECURITY(TLS) 29.6 Figure 29-11 Position of TLS McGraw-Hill The McGraw-Hill Companies, Inc., 2000