31-05-2012, 01:36 PM
Virtual Private Networks
vpn.ppt (Size: 2.5 MB / Downloads: 93)
What a VPN needs
VPNs must be encrypted
so no one can read it
VPNs must be authenticated
No one outside the VPN can alter the VPN
All parties to the VPN must agree on the security properties
Symmetric Key Algorithms
DES—56-bit key
Triple-DES—encrypt, decrypt, encrypt, using either two or three 56-bit keys
IDEA—128-bit key
Blowfish—variable-length key, up to 448 bits
PKI vs Symmetric Key
PKI easier as you don’t have to manage keys on a per user basis
But MUCH more compute intensive (up to 1000 times faster)
Many systems do a combination I.e. PGP
Use PKI to send a symmetric key
Then use the symmetric key to crypto the data
Transport Layer: IPSEC
A standard
is composed of:
Diffie-Huffman key exchange
PKI for the DH exchanges
DES and other bulk encryption
Hash to authenticate packets
Digital Certificates to validate keys
Tunnel vs Transport
Transport
Implemented by the end point systems
Real address to real address
Cannot ‘go through’ other networks
Tunnel
Encapsulation of the original IP packet in another packet
Can ‘go through’ other networks
End systems need not support this
Often PC to a box on the ‘inside’
Diffie-Hellman Key Exchange (1976)
By openly exchanging non-secret numbers, two people can compute a unique shared secret number known only to them