复旦大学：《计算机网络 Computer Networking》课程电子教案（PPT课件讲稿）25 Secure Communication with an Insecure Internet Infrastructure

Secure communication with an Insecure Internet Infrastructure

Secure Communication with an Insecure Internet Infrastructure

Internet Design Decisions and Securit Origin as a small and cooperative network ( largely trusted infrastructure) Global Addressing ( every sociopath is your next-door neighbor) Connection-less datagram service ( cant verify source, hard to protect bandwidth) Dan geer

Internet Design Decisions and Security ◼ Origin as a small and cooperative network (=> largely trusted infrastructure) ◼ Global Addressing (=> every sociopath is your next-door neighbor*) ◼ Connection-less datagram service (=> can’t verify source, hard to protect bandwidth) * Dan Geer

Internet Design Decisions and Securit anyone can connect (> ANYONE can connect) Millions of hosts run nearly identical software ( single exploit can create epidemic Most internet users know about as much as Senator Stevens aka the tubes guy (> God help us all.)

Internet Design Decisions and Security ◼ Anyone can connect (=> ANYONE can connect) ◼ Millions of hosts run nearly identical software (=> single exploit can create epidemic) ◼ Most Internet users know about as much as Senator Stevens aka “the tubes guy” (=> God help us all…)

Our Narrow focus YO es a Protecting network resources and limiting connectivity(Last time) a Creating a secure channel for communication (today) a Preventing software vulnerabilities& malware,or soclal engineering

Our “Narrow” Focus ◼ Yes: ❑ Protecting network resources and limiting connectivity (Last time) ❑ Creating a “secure channel” for communication (today) ◼ No: ❑ Preventing software vulnerabilities & malware, or “social engineering

Secure communication with an Untrusted Infrastructure Bob ISP D ISP B ISP C ISP A Alice

Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Bob

Secure communication with an Untrusted Infrastructure Mallory Bob ISP B ISP C ISP A Alice

Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Bob Mallory

Secure communication with an Untrusted Infrastructure ISP D ISP B ISP C ISP A Alice Hello. 'm “Bob

Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Hello, I’m “Bob

What do we need for a secure communication channel? Authentication(Who am I talking to? Confidentiality(Is my data hidden?) Integrity(Has my data been modified? Availability(Can I reach the destination?

What do we need for a secure communication channel? ◼ Authentication (Who am I talking to?) ◼ Confidentiality (Is my data hidden?) ◼ Integrity (Has my data been modified?) ◼ Availability (Can I reach the destination?)

What is cryptography? cryptography is about communication in the presence of adversaries Ron rivest tricks to approximate mag/c"other crazy cryptography is using math and Unknown 441 TA

What is cryptography? "cryptography is about communication in the presence of adversaries." - Ron Rivest “cryptography is using math and other crazy tricks to approximate magic” - Unknown 441 TA

What is cryptography? Tools to help us build secure communication channels that provide 1) Authentication 2) Integrity 3)Confidentiality

What is cryptography? Tools to help us build secure communication channels that provide: 1) Authentication 2) Integrity 3) Confidentiality