21-NetworkSecurity

Encryption devices devices link encryption link each

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: affic secure high level of security requires lots of encryption devices message must be decrypted at each switch to message read address (virtual circuit number) read security vulnerable at switches particularly on public switched network End to End Encryption End encryption done at ends of system data in encrypted form crosses network data unaltered unaltered destination shares key with source to decrypt host can only encrypt user data otherwise switching nodes could not read header or otherwise route packet route hence traffic pattern not secure solution is to use both link and end to end Key Distribution Key symmetric encryption needs key distribution protected for access by others changed frequently key selected by A and delivered to B third party selects key and delivers to A and B use old key to encrypt & transmit new key from A to B use old key to transmit new key from third party to A use and B and possibilities for key distribution 1. 2. 3. 4. Automatic Key Distribution Automatic Traffic Padding Traffic addresses concern about traffic analysis though link encryption reduces opportunity attacker can still assess traffic volume traffic padding produces ciphertext traffic continuously continuously if no plaintext, sends random data makes traffic analysis impossible Message Authentication Message protection against active attacks with falsification of data falsification of source authentication allows receiver to verify that authentication message is authentic message has not been altered is from claimed/authentic source timeliness Authentication Using Symmetric Encryption Symmetric assume sender & receiver only know key only sender could have encrypted only message for other party message message must include one of: error detection code error sequence number time stamp Authentication Without Encryption Encryption authentication tag generated and appended to authentication each message each...
View Full Document

This note was uploaded on 04/06/2011 for the course EE 5363 taught by Professor Kang during the Spring '09 term at NYU Poly.

Ask a homework question - tutors are online