Escolar Documentos
Profissional Documentos
Cultura Documentos
Yang
Data Path
Client
Security Issues
Now,
Internet Explore
Netscape
Return
Data
App.1
XML
ODBC
App 2
Web
Server
The Internet
HTML
ODBC
Application Server
Security Requirements
Secrecy: Information is accessible to only
Possible Attacks
Normal data transmission
Interruption, attk on Avail
e.g. Hardware/soft failure
Interception: attk on
confidentiality,
e.g.wiretapping, il. copy
authorized parties
Modification, attk on integrity
e.g.change file, msg, program
Fabrication, authenticity
spurious msg, false id
Types of Attacks
Active attack:
Principles of Cryptography
Plaintext---encryption-
cypher-text,
Cyphertext---decryption-plaintext
Symmetric
Public
key algorithm
key algorithm
Substitution Ciphers:
Substitution Ciphers:
Key= qwer tyui opas dfgh jklz xcvb nm
Transposition Ciphers:
Key = MEGABUCK
plaintext=please send a million dollars to Q. Yang
Initial Transposition
Li-1 32 bits
Ri-1 32 bits
M = D (K_prv, E(K_pub,M));
Iteration 1
56bit
Iteration 2
Key
Li-1+f(Ri-1,Ki)
Iteration 16
32 bit swap
Li 32 bits
Inverse Transposition
use public key to encrypt messages, only the person with K_prv
can read it
Ri 32 bits
64 bit ciphertext
Firewalls
Authentication vs Authorization
Authentication deals with the question of whether
or not you are actually communicating with a
specific process
Authorization is concerned with what that process
is permitted to do
Packet
filtering
Network layer
Transport layer
Application
Gateway
Firewalls
Firewalls: Why
firewall
isolates organizations internal net from larger
Internet, allowing some packets to pass,
blocking others.
public
Internet
administered
network
firewall
Packet Filtering
Application gateways
Packet Filtering
Should arriving
packet be allowed
in? Departing packet
let out?
host-to-gateway
telnet session
application
gateway
gateway-to-remote
host telnet session