Computer and Communication Networks (paperback)
10.9. Summary
Network security is one of the top-priority issues in computer and communication networks. Security issues have pushed to the forefront of concern for end users, administrators, and equipment suppliers. Networking attacks can be classified as DNS hacking , routing table poisoning , packet mistreatment , and denial of service . Two major solutions for computer networking security are cryptographic techniques and authentication techniques (verification). The main tool that network security experts use to encrypt a message is a key , and the fundamental operation often used to encrypt a message is the Exclusive-OR operation. Two secret-key encryption protocols are the Data Encryption Standard (DES), and the Advanced Encryption Standard (AES). In both methods , a secret key is shared between a transmitter and its receiver by assigning it to both the transmitter point and the receiver point. Public-key cryptography is more effective; a sender/receiver pair use different keys for encryption and decryption, and each party can publish its public (encryption) key so that anyone can use it to encrypt a message for that party. Two public-key protocols are the Rivert, Shamir, and Aldeman (RSA) protocol and the Diffie-Hillman key-exchange protocol. A receiver can use message authentication methods to be assured that the incoming message is from its purported sender. Cryptographic hash functions are used in message authentication codes. Such codes can be generalized to produce a digital signature that guarantees a document's authenticity . The Secure Hash Algorithm (SHA) has been proposed as part of the digital signature standard. The IP security (IPsec) protocol requires both sender and receiver to exchange public encryption keys. IPsec has two encryption modes: tunnel and transport. The tunnel mode encrypts the header and the payload of each packet, and the transport mode encrypts the payload. IPsec can encrypt data between router and router, security device and router, PC and router, and PC and server. Another security mechanism is a firewall, which is placed on the link between a network router and the Internet or between a user and a router. The objective of such a configuration is to filter packets coming from unknown sources. Part II of the book follows . Chapter 11 presents analytical methods for delay estimations of single queues of packets and networks of single queues. |