7/27/2019 Keamanan - Internet Security

1/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Chapter 29

Internet

Security

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

CONTENTS

INTRODUCTION

PRIVACY

DIGITAL SIGNATURE

SECURITY IN THE INTERNET

APPLICATION LAYER SECURITY

TRANSPORT LAYER SECURITY: TLS

SECURITY AT THE IP LAYER: IPSEC

FIREWALLS

7/27/2019 Keamanan - Internet Security

2/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

INTRODUCTION

29.1

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-1

Aspects of security

7/27/2019 Keamanan - Internet Security

3/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

PRIVACY

29.2

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-2

Secret-key encryption

7/27/2019 Keamanan - Internet Security

4/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

In secret-key encryption,

the same key is used by the sender

(for encryption)

and the receiver

(for decryption).

The key is shared.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Secret-key encryption is often called

symmetric encryption because

the same key can

be used in both directions.

7/27/2019 Keamanan - Internet Security

5/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Secret-key encryption is

often used for long messages.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

We discuss one secret-key

algorithm in Appendix E.

7/27/2019 Keamanan - Internet Security

6/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

KDC

can solve the problem

of secret-key distribution.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-3

Public-key encryption

7/27/2019 Keamanan - Internet Security

7/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Public-key algorithms are more

efficient for short messages.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

A

CA

can certify the binding between

a public key and the owner.

7/27/2019 Keamanan - Internet Security

8/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-4

Combination

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

To have the advantages of both

secret-key and public-key

encryption, we can encrypt the secret key

using the public key and encrypt

the message using the secret key.

7/27/2019 Keamanan - Internet Security

9/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

DIGITAL SIGNATURE

29.3

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-5

Signing the whole document

7/27/2019 Keamanan - Internet Security

10/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Digital signature cannot be

achieved using only secret keys.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Digital signature does not

provide privacy.

If there is a need for privacy,

another layer of

encryption/decryption

must be applied.

7/27/2019 Keamanan - Internet Security

11/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-6

Signing the digest

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-7

Sender site

7/27/2019 Keamanan - Internet Security

12/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-8

Receiver site

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

SECURITY IN THE

INTERNET

29.4

7/27/2019 Keamanan - Internet Security

13/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

APPLICTION LAYER

SECURITY

29.5

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-9

PGP at the sender site

7/27/2019 Keamanan - Internet Security

14/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-10

PGP at the receiver site

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

TRANSPORT LAYER

SECURITY

(TLS)

29.6

7/27/2019 Keamanan - Internet Security

15/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-11

Position of TLS

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-12

Handshake protocol

7/27/2019 Keamanan - Internet Security

16/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

SECURITY AT THE

IP LAYER

(IPSec)

29.7

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-13

Authentication

7/27/2019 Keamanan - Internet Security

17/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-14

Header format

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-15

ESP

7/27/2019 Keamanan - Internet Security

18/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-16

ESP format

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

FIREWALLS

29.8

7/27/2019 Keamanan - Internet Security

19/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-17

Firewall

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-18

Packet-filter firewall

7/27/2019 Keamanan - Internet Security

20/21

10/25/20

2

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

A packet-filter firewall filters

at the network or transport layer.

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

Figure 29-19

Proxy firewall

7/27/2019 Keamanan - Internet Security

21/21

10/25/20

McGr aw- Hi l l The McGr aw- Hi l l Compani es, Inc. , 2000

A proxy firewall

filters at the application layer.