1 / 28

T101 Networks

T101 Networks. 15 – Review. Labs. observations this week if you’ve complete all three, no need to attend the lab this week, just concentrate on the final exam if not, aim to finish this week, it will be a lot easier if you don’t finish this week

sef
Download Presentation

T101 Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. T101 Networks 15 – Review

  2. Labs • observations this week • if you’ve complete all three, no need to attend the lab this week, just concentrate on the final exam • if not, aim to finish this week, it will be a lot easier • if you don’t finish this week • you will receive an invitation to attend one of the lab sessions

  3. Lesson Objectives • review of the paper • cover any subject causing difficulty

  4. A long time ago, in a classroom not far, far away… • LANs, WANs, MANs, PANs • Ethernet frames, copper/fibre media, shared media, CSMA/CD • Ethernet hubs and switches • Wireless, hidden nodes • IP addressing, IP routing, TCP and UDP

  5. Still to go… • the hosts file and DNS • DNS cacheing • Crypto basics • Key exchange • Message integrity • Certificates

  6. DNS • hosts file and its problems • describe some of the problems • DNS hierarchy and naming convention • the root of the DNS tree • FQDNs • delegation and authority • resolution process • hostname or domain name?

  7. Hierarchical Structure

  8. DNS nameservers

  9. DNS • DNS and delegated authority • nameservers • cacheing and TTL • negative cacheing • DNS and mail delivery • describe an MX record

  10. Cryptography Basics • Cryptography is… • protecting privacy • authentication of identities • preservation of integrity • …in an environment of mistrust

  11. Symmetric Ciphers • same key to encrypt as to decrypt • on a network, both parties must have the same key • the key is called a shared key • brute-force the shared key? • big problem is key exchange

  12. Lab Results • old substitution ciphers are very easy to crack • the strength of modern symmetric ciphers is entirely based on the length of the key • 128 bits (16 bytes) is a good strength key because:

  13. How many keys?

  14. Key Exchange • as the number of people gets big, the problems get worse • how to exchange keys securely with all these people? • how to keep a (secure) record of all those keys? • how to (securely) change a key if one gets lost?

  15. KDC I need a key for Alice Here is your shared key

  16. KDC Problems • who do you trust to be the KDC? • who does everybody trust to be the KDC? • the KDC knows all your secrets • how do you exchange initial keys with the KDC? • …and other problems

  17. Asymmetric Encryption • encryption key and decryption key are different • the encryption key is made public • the decryption key is kept private • hence the terms public and private keys • clearly the encryption and decryption keys are related to each other • helps to solve the shared key problem

  18. Problems with Asymmetric Ciphers • all current asymmetric systems rely on some awkward arithmetic • coding errors in the arithmetic have been known • about 1,000 times slower than symmetric • produce big chunks of ciphertext (because of those big numbers that are used) • so not suitable for encrypting a few bytes of data, especially if speed is important

  19. Key Exchange • using asymmetric encryption to exchange a shared key is a good solution because • the asymmetric encryption and decryption tasks only happen once, and at the start of the communication • so it takes a little longer to set the communication channel up but… • …fast symmetric encryption is used for the rest of the communication

  20. The MITM Problem • the Man-in-the-Middle attack (MITM) • intercepts the request for the bank’s public key, and sends his own public key to Alice

  21. Hash Values • hash values are typically 128-256 bits long • there must be multiple messages that produce the same hash • for 128 bits, we only have 2128 different hash values • surely we can find two messages with the same hash???

  22. Digital Signatures • this means that • only the owner of the private key can encrypt (or sign) • anybody can decrypt (or check the signature) • but what to encrypt (or sign)? • you don’t need to encrypt (sign) the entire message, only the hash of the message • The encryption of the hash of the message, using the private key, is called a digital signature.

  23. Digital Signatures • take a document to be signed and produce the hash for it Hash function Hash Private key Document asymm encrypt Document Signature

  24. Certificate • a certificate contains many elements, but three elements are particularly important • the identity of the certificate owner • the public key of that identity • a digital signature of the identity and public key • certificates are an example of a digitally signed document

  25. Certificates • a Certificate is a document used to transfer public keys • who signs the public key? • on the Internet, certificates are issued (signed) by a Certificate Authority (CA) • there are many CAs on the Internet • how does your browser check the CA’s signature? • it has the CA’s public key pre-loaded

  26. Public CA • a public CA has their certificate installed into the most popular browsers • a public CA charges for their signatures • from about US$30/year • certs signed by a public CA will work in a browser without any prompt or warning • most organisations will have at least one certificate signed by a public CA to enable https connections to their public web server

  27. Private CA • a private CA is one that you create yourself • your private CA is used to sign your own certificates • they are free, anybody can create one • will cause browsers to prompt users that something is wrong with the cert • most users will not know what to do • should you accept the cert or not???

  28. Exam Tips • complete the exercises and homework from the lesson notes • don’t rely on the Powerpoints • more wordy than previous exams • give three uses for … • explain the advantages of … • describe the … mechanism

More Related