quartz/content/notes/24-network-security.md

title	aliases	tags
24-network-security		cosc203 lecture

what is it?

• confidentiality
  • only sender and reciver should understand message contents
  • encryption
• authentication
  • sender and reciever want to confirm identity of each other
• message integrity
  • sender and reciever want to ensure message not altered (in transit, or afterwards) without detection
• access and availablility
  • services must be accessible and availble to users

sender and recieves:

• any king of onnline communication

what can trudy to

• eavesdrop
• insert messages into connection
• impersonation: fake (spoof) source address (or any field)
• hijacjking "take over" ongoing connection by removing sender or ereciever, inserting himself in place
• denial of service: prevent others from using a service (e.g., by overloading it)

terminology

• m: plaintext message

Symmetric key crypto

Public key

Authentication of devices

digital signature