 |
Security in a Computer Network
Security in a network can come in many different ways. There are basic needs that
most networks provide, like Access control, and passwords. Some organizations need better
protection of their data, and need more sophisticated means, like the ability to encrypt
messages, so that only the receiver will be able to read them (It's quite easy to read
messages sent over a normal network).
What we may want in our local network :
Control of Access to computers and information
 Many operation systems use a password mechanism to
control access to the computer. Each user has a login and a password, and whenever he
wished to enter the computer, he needs to enter his password. When accessing computer from
a terminal (through the network), it's not a good idea to transfer the password as-is,
because it is possible to wiretap the network. We might need to encrypt
the password, or find a way to use it safely.
When the information is extremely sensitive, we might simply not allow to access it
through the network. It is always easier to break through network security than to break
into an isolated computer!
Sometimes we need to protect a certain file, so that it won't be available to all. Some
operation system provide such protection (Like in unix, a user can decide who can view
this file, and who can't, and who can Write to it, or execute it), and one could always
use a program to encrypt the File.
When encrypting the file, we save a scrambled version of it, and then only the ones that
are allowed to read the file can decrypt it (un-scramble). The simplest use of encryption
needs a key. The encryption program produces a new file, given the original file, and the
key. It looks like that:
Encrypted File = Encrypt (Original File, Key).
When we want to open the Encrypted file, we need the Key again :
Original File = Decrypt ( Encrypted File, Key)
Mail protection
 When we need to send a mail message (or a file
through the network, for that matter) we need to be sure that only the intended receiver
will be able to read it. Because most network won't guarantee that fact, The messages are
usually encrypted.
But the Encryption scheme described before, is not suitable now. We need to use a key, but
we cannot transmit the key to the receiver, because the transmission isn't safe... So we
need to know in advance the key that is used, in order to deccrypt the message!
A better method, is Public Key Encryption. It works like that:
Every one has a public key, that is known by all. When we want to send someone an
encrypted message, we use his public key.
In addition to the public key, everyone also have a Private key, known to himself only.
The encrypted message (using the public key) can only be decrypted using the private key!
so we could send someone a message, be sure of its safety, without needing to agree upon a
key.
It works like that :
Encrypted Message = Encrypt ( Original Message, Receiver Public Key)
When the receiver gets the message, he opens it, using his Private key :
Original Message = Decrypt (Encrypted Message, Receiver Private Key)
Authentication
Another problem with networks, is that we are never sure who sent us a message. It's
very easy to write a message pretending to be someone else.
A technique called a Digital Signature was developed for that. The sender 'signs' his
message, using a key that only he knows. The receiver can then decrypt the
signature, just like a regular encrypted message. Again, we usually use a private/public
key combination :
A signature can only be signed using a private key, and can be decrypted using a public
key. In that way, the receiver can be sure as to who sent the message.
To ensure authentication and privacy, we can use a digital signature and then
encrypt the message. The receiver will need to both decrypt the message using the public
key of the sender, and then to authenticate, he'll use his own private key. |
