Upload
iema-zhonyc-cuvacuby
View
231
Download
0
Embed Size (px)
Citation preview
7/27/2019 Keamanan - Internet Security
1/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Chapter 29
Internet
Security
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
CONTENTS
INTRODUCTION
PRIVACY
DIGITAL SIGNATURE
SECURITY IN THE INTERNET
APPLICATION LAYER SECURITY
TRANSPORT LAYER SECURITY: TLS
SECURITY AT THE IP LAYER: IPSEC
FIREWALLS
7/27/2019 Keamanan - Internet Security
2/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
INTRODUCTION
29.1
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-1
Aspects of security
7/27/2019 Keamanan - Internet Security
3/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
PRIVACY
29.2
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-2
Secret-key encryption
7/27/2019 Keamanan - Internet Security
4/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
In secret-key encryption,
the same key is used by the sender
(for encryption)
and the receiver
(for decryption).
The key is shared.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Secret-key encryption is often called
symmetric encryption because
the same key can
be used in both directions.
7/27/2019 Keamanan - Internet Security
5/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Secret-key encryption is
often used for long messages.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
We discuss one secret-key
algorithm in Appendix E.
7/27/2019 Keamanan - Internet Security
6/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
KDC
can solve the problem
of secret-key distribution.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-3
Public-key encryption
7/27/2019 Keamanan - Internet Security
7/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Public-key algorithms are more
efficient for short messages.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
A
CA
can certify the binding between
a public key and the owner.
7/27/2019 Keamanan - Internet Security
8/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-4
Combination
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
To have the advantages of both
secret-key and public-key
encryption, we can encrypt the secret key
using the public key and encrypt
the message using the secret key.
7/27/2019 Keamanan - Internet Security
9/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
DIGITAL SIGNATURE
29.3
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-5
Signing the whole document
7/27/2019 Keamanan - Internet Security
10/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Digital signature cannot be
achieved using only secret keys.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Digital signature does not
provide privacy.
If there is a need for privacy,
another layer of
encryption/decryption
must be applied.
7/27/2019 Keamanan - Internet Security
11/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-6
Signing the digest
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-7
Sender site
7/27/2019 Keamanan - Internet Security
12/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-8
Receiver site
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
SECURITY IN THE
INTERNET
29.4
7/27/2019 Keamanan - Internet Security
13/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
APPLICTION LAYER
SECURITY
29.5
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-9
PGP at the sender site
7/27/2019 Keamanan - Internet Security
14/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-10
PGP at the receiver site
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
TRANSPORT LAYER
SECURITY
(TLS)
29.6
7/27/2019 Keamanan - Internet Security
15/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-11
Position of TLS
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-12
Handshake protocol
7/27/2019 Keamanan - Internet Security
16/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
SECURITY AT THE
IP LAYER
(IPSec)
29.7
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-13
Authentication
7/27/2019 Keamanan - Internet Security
17/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-14
Header format
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-15
ESP
7/27/2019 Keamanan - Internet Security
18/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-16
ESP format
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
FIREWALLS
29.8
7/27/2019 Keamanan - Internet Security
19/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-17
Firewall
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-18
Packet-filter firewall
7/27/2019 Keamanan - Internet Security
20/21
10/25/20
2
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
A packet-filter firewall filters
at the network or transport layer.
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
Figure 29-19
Proxy firewall
7/27/2019 Keamanan - Internet Security
21/21
10/25/20
McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000
A proxy firewall
filters at the application layer.