hannam university http://netwk.hannam.ac.kr 1 chapter 29 internet security
TRANSCRIPT
1HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
Chapter 29
InternetSecurity
2HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
CONTENTSCONTENTS• INTRODUCTION• PRIVACY• DIGITAL SIGNATURE• SECURITY IN THE INTERNET• APPLICATION LAYER SECURITY• TRANSPORT LAYER SECURITY: TLS• SECURITY AT THE IP LAYER: IPSEC• FIREWALLS
3HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
INTRODUCTIONINTRODUCTION
29.129.1
4HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.1 29.1 개요개요
보안에서 필요한 기능
5HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
PRIVACYPRIVACY
29.229.2
6HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
비밀키 암호화
7HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender
(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.
8HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because
the same key can the same key can be used in both directions.be used in both directions.
9HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.
10HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.
11HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
KDCKDC can solve the problem can solve the problem
of secret-key distribution.of secret-key distribution.
12HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
공개키 암호화
13HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.
14HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
A A CACA
can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.
15HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
비밀키와 공개키의 결합
16HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.2 29.2 기밀성기밀성
To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key
encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.
17HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
DIGITAL SIGNATUREDIGITAL SIGNATURE
29.329.3
18HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
전체 문서에 서명
19HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
Digital signature cannot be Digital signature cannot be achieved using only secret keys. achieved using only secret keys.
20HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
Digital signature does not Digital signature does not provide privacy. provide privacy.
If there is a need for privacy, If there is a need for privacy, another layer of another layer of
encryption/decryption encryption/decryption must be applied.must be applied.
21HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
다이제스트에 서명
22HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
송신자 측
23HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.3 29.3 디지털 서명디지털 서명
수신자 측
24HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
SECURITY IN THESECURITY IN THEINTERNETINTERNET
29.429.4
25HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.4 29.4 인터넷 보안인터넷 보안
인터넷 보안 기능 제공응용 계층
Client 와 server 고려전송 계층
새로운 계층 추가IP 계층
OSPF, ICMP, IGMP 층과 같은 프로토콜을 위한 서비스
26HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY
29.529.5
27HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.5 29.5 응용계층 보안응용계층 보안
PGP(Pretty Good Privacy)Phill Zimmermann 에 의해 개발기밀성 , 무결성 , 인증 , 부인방지 서비스 제공무결성 , 인증 , 부인 방지를 위해 디지털 서명 사용기밀성을 위해 비밀키와 공개키 암호화 조합 이용
28HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.5 29.5 응용계층 보안응용계층 보안
송신측의 PGP
29HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.5 29.5 응용계층 보안응용계층 보안
수신측의 PGP
30HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.5 29.5 응용계층 보안응용계층 보안
SSH(Secure Shell)보안을 제공하는 클라이언트 - 서버 프로그램인증 , 권한부여 , 기밀성 , 무결성 , 터널링 기능
제공
31HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY
(TLS)(TLS)
29.629.6
32HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.6 29.6 전송계층 보안전송계층 보안
TLS 의 위치
33HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.6 29.6 전송계층 보안전송계층 보안
TLS(Transport Layer Security)전송계층 보안 제공넷스케이프사 개발 SSL(Secure Socket Layer)IETF 에 의해 설계된 SSL 의 공개 버전Handshake Protocol : 보안 협상 , 브라우저 / 서버간
인증Data Exchange Protocol : 무결성 , 기밀성 제공
34HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.6 29.6 전송계층 보안전송계층 보안
핸드쉐이크 프로토콜
35HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
SECURITY AT THESECURITY AT THEIP LAYERIP LAYER
(IPSec)(IPSec)
29.729.7
36HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.7 IP 29.7 IP 계층 보안 계층 보안 : IPSEC: IPSEC
인증
37HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.7 IP 29.7 IP 계층 보안 계층 보안 : IPSEC: IPSEC
헤더 형식
38HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.7 IP 29.7 IP 계층 보안 계층 보안 : IPSEC: IPSEC
ESP
39HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.7 IP 29.7 IP 계층 보안 계층 보안 : IPSEC: IPSEC
ESP 형식
40HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
FIREWALLSFIREWALLS
29.829.8
41HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.8 29.8 방화벽방화벽
42HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.8 29.8 방화벽방화벽
패킷 - 필터 방화벽
43HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.8 29.8 방화벽방화벽
A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.
44HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.8 29.8 방화벽방화벽
프록시 방화벽
45HANNAM UNIVERSITYHttp://netwk.hannam.ac.kr
29.8 29.8 방화벽방화벽
A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.