a Top-Down Approach (8th ed.):
Chapter 8 Security in Computer Networks
8.1 What Is Network Security?
Alice and Bob want to communicate "securely." Trudy: the intruder.
Desirable properties of secure communication (安全通信):
• Confidentiality (机密性).
• Only the sender and intended receiver should be able to understand the contents of the transmitted message.
• Because eavesdroppers may intercept the message, this necessarily requires that the message be somehow encrypted (加密) so that an intercepted message cannot be understood by an interceptor.
• Message integrity (报文完整性).
• Alice and Bob want to ensure that the content of their communication is not altered, either maliciously or by accident, in transit.
• End-point authentication (端点鉴别).
• Both the sender and receiver should be able to confirm the identity of the other party involved in the communication.
• Operational security (运行安全性).
• Attackers can attempt to deposit worms into the hosts in the network, obtain corporate secrets, map the internal network configurations, and launch DoS attacks.
• Operational devices such as firewalls and intrusion detection systems are used to counter attacks against an organization's network.
The scenario:
Alice, the sender, wants to send data to Bob, the receiver.
In order to exchange data securely, while meeting the requirements of confidentiality, end-point authentication, and message integrity, Alice and Bob will exchange control messages and data messages.
An intruder can potentially perform
• eavesdropping—sniffing and recording control and data messages on the channel.
• modification, insertion, or deletion of messages or message content.
The Internet equivalents of Alice and Bob:
• Human users at two end systems,
• exchange secure e-mail
• Participants in an electronic commerce transaction.
• transfer his credit card number securely to a Web server to purchase an item online.
• interact with her bank online.
• The parties needing secure communication
• The domain name system (DNS) or routing daemons that exchange routing information
• Network management applications.
8.2 Principles of Cryptography
8.2.1 Symmetric Key Cryptography
8.2.2 Public Key Encryption
8.3 Message Integrity and Digital Signatures
8.3.1 Cryptographic Hash Functions
8.3.2 Message Authentication Code
8.3.3 Digital Signatures
8.4 End-Point Authentication
8.6 Securing TCP connections: TLS
8.6.1 The Big Picture
8.6.2 A More Complete Picture