In this chapter, you will learn to: Differentiate between two categories of cryptography schemes; understand four aspects of security; understand the concept of digital signature; understand the role of key management in entity authentication; know how and where IPSec, TLS, and PPG provide security. | Chapter 29 Internet Security CONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS INTRODUCTION Figure 29-1 Aspects of security PRIVACY Figure 29-2 Secret-key encryption In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Secret-key encryption is often called symmetric encryption because the same key can be used in both directions. Secret-key encryption is often used for long messages. We discuss one secret-key algorithm in Appendix E. KDC can solve the problem of secret-key distribution. Figure 29-3 Public-key encryption Public-key algorithms are more efficient for short messages. A CA can certify the binding between a public key and the owner. Figure 29-4 Combination To have the advantages of both secret-key and public-key encryption, we can encrypt the secret key using the public key and encrypt the message using the secret key. DIGITAL SIGNATURE Figure 29-5 Signing the whole document Digital signature cannot be achieved using only secret keys. Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Figure 29-6 Signing the digest Figure 29-7 Sender site Figure 29-8 Receiver site SECURITY IN THE INTERNET APPLICTION LAYER SECURITY Figure 29-9 PGP at the sender site Figure 29-10 PGP at the receiver site TRANSPORT LAYER SECURITY (TLS) Figure 29-11 Position of TLS Figure 29-12 Handshake protocol SECURITY AT THE IP LAYER (IPSec) Figure 29-13 Authentication Figure 29-14 Header format Figure 29-15 ESP Figure 29-16 ESP format FIREWALLS Figure 29-17 Firewall Figure 29-18 Packet-filter firewall A packet-filter firewall filters at the network or transport layer. Figure 29-19 Proxy firewall A proxy firewall filters at the application layer. | Chapter 29 Internet Security CONTENTS INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS INTRODUCTION Figure 29-1 Aspects of security PRIVACY Figure 29-2 Secret-key encryption In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Secret-key encryption is often called symmetric encryption because the same key can be used in both directions. Secret-key encryption is often used for long messages. We discuss one secret-key algorithm in Appendix E. KDC can solve the problem of secret-key distribution. Figure 29-3 Public-key encryption Public-key algorithms are more efficient for short messages. A CA can certify the binding between a public key and the owner. Figure 29-4 Combination To have the advantages of both secret-key and public-key encryption, we can encrypt the secret