Chapter 8 Network Security - Elsevier 8 Network Security Computer Networks, 5th Edition Copyright © 2012, Elsevier Inc. All rights Reserved Copyright © 2012, Elsevier Inc. All rights

1

Chapter 8

Network Security

Computer Networks, 5th Edition

Copyright © 2012, Elsevier Inc. All rights Reserved

2Copyright © 2012, Elsevier Inc. All rights Reserved

FIGURE 8.1 Symmetric-key encryption and decryption.


FIGURE 8.2 Cipher block chaining (CBC).


FIGURE 8.3 Public-key encryption.


FIGURE 8.4 Authentication using public keys.


FIGURE 8.5 Computing a MAC (a) versus computing an HMAC (b).


FIGURE 8.6 Tree-structured certification authority hierarchy.


FIGURE 8.7 A challenge-response protocol.


FIGURE 8.8 A public-key authentication protocol that depends on synchronization.


FIGURE 8.9 A public-key authentication protocol that does not depend on synchronization. Alice checks her own timestamp against her own clock, and likewise for Bob.


FIGURE 8.10 The Needham–Schroeder authentication protocol.


FIGURE 8.11 Kerberos authentication.


FIGURE 8.12 A man-in-the-middle attack.


FIGURE 8.13 PGP’s steps to prepare a message for emailing from Alice to Bob.


FIGURE 8.14 Using SSH port forwarding to secure other TCP-based applications.


FIGURE 8.15 Secure transport layer inserted between application and TCP layers.


FIGURE 8.16 Handshake protocol to establish TLS session.


FIGURE 8.17 IPsec’s ESP format.


FIGURE 8.18 An IP packet with a nested IP packet encapsulated using ESP in tunnel mode. Note that the inner and outer packets have different addresses.


FIGURE 8.19 Use of an Authentication Server in 802.11i.


FIGURE 8.20 A firewall filters packets flowing between a site and the rest of the Internet.


FIGURE 8.21 Diagram for Exercise 18.

Documents

Chapter 8 Network Security - Elsevier 8 Network Security Computer Networks, 5th Edition Copyright © 2012, Elsevier Inc. All rights Reserved Copyright © 2012, Elsevier Inc. All rights