Internet security protocols
|
|
- Jessie Phillips
- 8 years ago
- Views:
Transcription
1 Internet security protocols S E G U R A N Ç A R E D E S E D A D O S / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are by Mark Stamp Information Security: Principles and Practice 2nd edition (Wiley 2011). Some other slides from Dr Lawrie Brown (UNSW@ADFA) for Computer Security: Principles and Practice, 1/e, by William Stallings and Lawrie Brown With some minor changes/additions 2 Security Protocols 1
2 Protocol Human protocols the rules followed in human interactions Example: Asking a question in class Networking protocols rules followed in networked communication systems Examples: HTTP, FTP, etc. Security protocol the (communication) rules followed in a security application Examples: SSL, IPsec, Kerberos, etc. 3 Protocols Protocol flaws can be very subtle Several well-known security protocols have significant flaws Including WEP, GSM, and even IPsec Implementation errors can occur Such as IE implementation of SSL (CVE ) Not easy to get protocols right 4 Security Protocols 2
3 Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Robust Works when attacker tries to break it Works even if environment changes Easy to use & implement, flexible Difficult to satisfy all of these! 5 Simple Security Protocols Security Protocols 3
4 Secure Entry to NSA 1. Insert badge into reader 2. Enter PIN 3. Correct PIN? Yes? Enter No? Get shot by security guard 7 1. Insert ATM card 2. Enter PIN ATM Machine Protocol 3. Correct PIN? Yes? Conduct your transaction(s) No? Machine (eventually) eats card 8 Security Protocols 4
5 Identify Friend or Foe (IFF) 9 Russian MIG Angola SAAF Impala K 1. N 2. E(N,K) Namibia K MIG in the Middle N SAAF Impala K 4. E(N,K) 2. N Angola 5. E(N,K) Russian MiG 1. N 6. E(N,K) Namibia K Security Protocols 5
6 Authentication Protocols Authentication Alice must prove her identity to Bob Alice and Bob can be humans or computers May also require Bob to prove he s Bob (mutual authentication) Probably need to establish a session key May have other requirements, such as Use public keys Use symmetric keys Use hash functions Anonymity, plausible deniability, etc., etc. 12 Security Protocols 6
7 Authentication Authentication on a stand-alone computer is relatively simple Hash password with salt, etc. Secure path, attacks on authentication software, keystroke logging, etc., are issues Authentication over a network is challenging Attacker can passively observe messages Attacker can replay messages Active attacks possible (insert, delete, change) 13 Simple Authentication 14 I m Alice Prove it My password is frank Alice Bob Simple and may be OK for standalone system But insecure for networked system Subject to a replay attack (next 2 slides) Also, Bob must know Alice s password Security Protocols 7
8 Authentication Attack 15 I m Alice Prove it My password is frank Alice Bob Trudy Authentication Attack 16 I m Alice Prove it My password is frank Trudy Bob This is an example of a replay attack How can we prevent a replay? Security Protocols 8
9 Better Authentication 17 I m Alice Prove it h(alice s password) Alice Bob Better since it hides Alice s password From both Bob and Trudy Subject to replay? YES Challenge-Response To prevent replay, use challenge-response Goal is to ensure freshness Suppose Bob wants to authenticate Alice Challenge sent from Bob to Alice Challenge is chosen so that Replay is not possible Only Alice can provide the correct response Bob can verify the response 18 Security Protocols 9
10 Nonce To ensure freshness, can employ a nonce Nonce == number used once What to use for nonces? That is, what is the challenge? What should Alice do with the nonce? That is, how to compute the response? How can Bob verify the response? Should we rely on passwords or keys? 19 Challenge-Response 20 I m Alice Nonce h(alice s password, Nonce) Alice Nonce is the challenge The hash is the response Nonce prevents replay, ensures freshness Password is something Alice knows Bob must know Alice s pwd to verify Bob Security Protocols 10
11 Authentication protocols Segurança de Redes e Dados 2012/13 Generic Challenge-Response 21 I m Alice Nonce Something that could only be Alice from Alice (and Bob can verify) Bob In practice, how to achieve this? Hashed pwd works Encryption is better here (Why?) 22 Symmetric Keys Security Protocols 11
12 Symmetric Key Notation Encrypt plaintext P with key K C = E(P,K) Decrypt ciphertext C with key K P = D(C,K) Here, we are concerned with attacks on protocols, not attacks on crypto We assume crypto algorithms secure 23 Authentication: Symmetric Key Alice and Bob share symmetric key K Key K known only to Alice and Bob Authenticate by proving knowledge of shared symmetric key How to accomplish this? 24 Must not reveal key, must not allow replay (or other) attack, must be verifiable, Security Protocols 12
13 Authentication with Symmetric Key 25 I m Alice R Alice, K E(R,K) Bob, K Secure method for Bob to authenticate Alice Alice does not authenticate Bob So, can we achieve mutual authentication? Mutual Authentication? 26 I m Alice, R E(R,K) Alice, K E(R,K) Bob, K What s wrong with this picture? Alice could be Trudy (or anybody else)! Security Protocols 13
14 Mutual Authentication Since we have a secure one-way authentication protocol The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice Once for Alice to authenticate Bob This has got to work 27 Mutual Authentication 28 I m Alice, R A R B, E(R A, K) E(R B, K) Alice, K Bob, K This provides mutual authentication or does it? Security Protocols 14
15 Mutual Authentication Attack I m Alice, R A 2. R B, E(R A, K) Trudy Bob, K 3. I m Alice, R B 4. R C, E(R B, K) Trudy Bob, K Mutual Authentication Our one-way authentication protocol is not secure for mutual authentication Protocols are subtle! The obvious thing may not be secure Also, if assumptions or environment change, protocol may not be secure This is a common source of security failure 30 For example, Internet protocols Security Protocols 15
16 Authentication protocols Segurança de Redes e Dados 2012/13 Symmetric Key Mutual Authentication 31 I m Alice, R A R B, E( Bob,R A,K) E( Alice,R B,K) Alice, K Bob, K Do these insignificant changes help? Yes! 32 Public Keys Security Protocols 16
17 Public Key Notation 33 Encrypt M with Alice s public key: {M} Alice Sign M with Alice s private key: [M] Alice Then [{M} Alice ] Alice = M {[M] Alice } Alice = M Anybody can use Alice s public key Only Alice can use her private key Public Key Authentication 34 I m Alice {R} Alice R Alice Bob Is this secure? Trudy can get Alice to decrypt anything! So, should have two key pairs Security Protocols 17
18 Public Key Authentication 35 I m Alice R [R] Alice Alice Is this secure? Trudy can get Alice to sign anything! Same as previous should have two key pairs Bob Public Keys Generally, a bad idea to use the same key pair for encryption and signing Instead, should have one key pair for encryption/decryption and a different key pair for signing/verifying signatures 36 Security Protocols 18
19 Session Key Usually, a session key is required I.e., a symmetric key for a particular session Used for confidentiality and/or integrity How to authenticate and establish a session key (i.e., shared symmetric key)? When authentication completed, want Alice and Bob to share a session key Trudy cannot break the authentication and Trudy cannot determine the session key 37 Authentication & Session Key 38 I m Alice, R {R,K} Alice Alice {R +1,K} Bob Bob Is this secure? Alice is authenticated and session key is secure Alice s nonce, R, useless to authenticate Bob The key K is acting as Bob s nonce to Alice No mutual authentication Security Protocols 19
20 Public Key Authentication and Session Key 39 I m Alice, R [R,K] Bob [R +1,K] Alice Alice Bob Is this secure? Mutual authentication (good), but session key is not secret (very bad) Public Key Authentication and Session Key 40 I m Alice, R {[R,K] Bob } Alice {[R +1,K] Alice } Bob Alice Is this secure? Seems to be OK Mutual authentication and session key! Bob Security Protocols 20
21 Authentication protocols Public Key Authentication and Session Key 41 I m Alice, R [{R,K} Alice ] Bob [{R +1,K} Bob ] Alice Alice Is this secure? Seems to be OK Bob Anyone can see {R,K} Alice and {R +1,K} Bob 42 Public Keys and TimeStamps as nonces Security Protocols 21
22 Timestamps A timestamp T is derived from current time Timestamps used in some security protocols Kerberos, for example Timestamps reduce number of msgs (good) Like a nonce that both sides know in advance Time is a security-critical parameter (bad) Clocks never exactly the same, so must allow for clock skew creates risk of replay How much clock skew is enough? 43 Public Key Authentication with Timestamp T 44 I m Alice, {[T, K] Alice } Bob {[T +1, K] Bob } Alice Alice Bob Secure mutual authentication? Session key? Seems to be OK Security Protocols 22
23 Public Key Authentication with Timestamp T 45 I m Alice, [{T, K} Bob ] Alice [{T +1, K} Alice ] Bob Alice Bob Secure authentication and session key? Trudy can use Alice s public key to find {T, K} Bob and then Public Key Authentication with Timestamp T 46 I m Trudy, [{T, K} Bob ] Trudy [{T +1, K} Trudy ] Bob Trudy Bob Trudy obtains Alice-Bob session key K Note: Trudy must act within clock skew Security Protocols 23
24 Public Key Authentication Sign and encrypt with nonce Secure Encrypt and sign with nonce Secure Sign and encrypt with timestamp Secure Encrypt and sign with timestamp Insecure Protocols can be subtle! 47 Public Key Authentication with Timestamp T 48 I m Alice, [{T, K} Bob ] Alice [{T +1} Alice ] Bob Alice Bob Is this encrypt and sign secure? o Yes, seems to be OK Does sign and encrypt also work here? Security Protocols 24
25 Zero Knowledge Proofs Zero Knowledge Proof (ZKP) Alice wants to prove that she knows a secret without revealing any info about it Bob must verify that Alice knows secret But Bob gains no info about the secret Process is probabilistic 50 Bob can verify that Alice knows the secret to an arbitrarily high probability An interactive proof system Security Protocols 25
26 Bob s Cave Alice knows secret phrase to open path between R and S ( open sarsaparilla ) Can she convince Bob that she knows the secret without revealing phrase? 51 P Q R S Bob s Cave 52 Bob: Alice come out on S side Alice (quietly): Open sarsaparilla If Alice does not know the secret then Alice could come out from the correct side with probability ½ If Bob repeats this n times, then Alice (who does not know secret) can only fool Bob with probability 1/2 n Q P R S Security Protocols 26
27 Fiat-Shamir Protocol Cave-based protocols are inconvenient Can we achieve same effect without the cave? Finding square roots modulo N is difficult Equivalent to factoring Suppose N = pq, where p and q prime Alice has a secret S N and v=s 2 mod N are public, S is secret Alice must convince Bob that she knows S without revealing any information about S 53 Alice secret S random r Fiat-Shamir Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e {0,1} 54 x = r 2 mod N e {0,1} y = r S e mod N Bob must verify: y 2 = x v e mod N Why? Because y 2 = r 2 S 2e = r 2 (S 2 ) e = x v e mod N Bob random e Security Protocols 27
28 Fiat-Shamir: e = 1 Alice secret S random r x = r 2 mod N e = 1 y = r S mod N Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e =1 If y 2 =x v mod N then Bob accepts it I.e., Alice passes this iteration of the protocol Note that Alice must know S in this case 55 Bob random e Alice secret S random r Fiat-Shamir: e = 0 x = r 2 mod N e = 0 Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e = 0 Bob must check whether y 2 = x mod N Alice does not need to know S in this case! 56 y = r mod N Bob random e Security Protocols 28
29 Fiat-Shamir Public: modulus N and v = S 2 Secret: Alice knows S mod N Alice selects random r and commits to r by sending x=r 2 mod N to Bob Bob sends challenge e {0,1} to Alice Alice responds with y=r S e Bob checks whether y 2 =x v e mod N mod N Does this prove response is from Alice? 57 Does Fiat-Shamir Work? If everyone follows protocol, math works: Public: v=s 2 mod N Alice to Bob: x=r 2 mod N and y=r S e mod N Bob verifies: y 2 =x v e mod N 58 Security Protocols 29
30 Does Fiat-Shamir Work? Can Trudy convince Bob she is Alice? If Trudy expects e=0, she sends x=r 2 in msg 1 and y=r in msg 3 (i.e., follow the protocol) If Trudy expects e=1, sends x=r 2 v 1 in msg 1 and y=r in msg 3 If Bob chooses e {0,1} at random, Trudy can only trick Bob with probability ½ 59 This can be improved by making S 1, S 2, S n and e 1, e 2, e n. And then y=r S 1 e1 S 2 e2 S n en mod N Fiat-Shamir Facts Trudy can trick Bob with probability 1/2, but after n iterations, the probability that Trudy can convince Bob that she is Alice is only 1/2 n Just like Bob s cave! Bob s e {0,1} must be unpredictable Alice must use new r each iteration, or else If e=0, Alice sends r mod N in message 3 If e=1, Alice sends r S mod N in message 3 Anyone can find S given r mod N and r S mod N 60 Security Protocols 30
31 Fiat-Shamir Zero Knowledge? Zero knowledge means that nobody learns anything about the secret S Public: v = S 2 mod N Trudy sees r 2 mod N in message 1 Trudy sees r S mod N in message 3 (if e = 1) If Trudy can find r from r 2 But that requires modular square root mod N, gets S If Trudy could find modular square roots, she could get S from public v Protocol does not seem to help to find S 61 ZKP in the Real World Public key certificates identify users No anonymity if certificates sent in plaintext ZKP offers a way to authenticate without revealing identities ZKP supported in MS s Next Generation Secure Computing Base (NGSCB), where 62 ZKP used to authenticate software without revealing machine identifying data ZKP is not just pointless mathematics! Security Protocols 31
32 It depends on Best Authentication Protocol? The sensitivity of the application/data The delay that is tolerable The cost (computation) that is tolerable What crypto is supported (public key, symmetric key, ) Whether mutual authentication is required Whether PFS, anonymity, etc., are concern and possibly other factors 63 Real world Protocols Security Protocols 32
33 Real world protocols Internet Security Protocols and Standards Secure Sockets Layer (SSL) / Transport Layer Security (TLS) IPsec S/MIME (Secure/Multipurpose Internet Mail Extension) Protocols SSL Security Protocols 33
34 What is SSL? 67 SSL is the protocol used for majority of secure transactions on the Internet For example, if you want to buy a book at amazon.com You want to be sure you are dealing with Amazon (authentication) Your credit card information must be protected in transit (confidentiality and/or integrity) As long as you have money, Amazon doesn t really care who you are So, no need for mutual authentication Secure Sockets Layer (SSL) 68 Transport layer security service originally developed by Netscape version 3 designed with public input Subsequently became Internet standard RFC2246: Transport Layer Security (TLS) Current version is TLS 1.2 RFC5246 Use TCP to provide a reliable end-to-end service May be provided in underlying protocol suite or embedded in specific packages Security Protocols 34
35 SSL Protocol Stack 69 Socket layer lives between application and transport layers SSL usually between HTTP and TCP Application Transport Network Logic Physical SSL SSL Record Protocol Services message integrity using a MAC with shared secret key similar to HMAC but with different padding confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 TSL1.2: IDEA and DES remove as cipher suites TSL1.2: RC4 is 128, RC2 removed message is compressed before encryption 70 Security Protocols 35
36 SSL Record Protocol Operation 71 Simple SSL-like Protocol 72 I d like to talk to you securely Here s my certificate {K} Bob Alice protected HTTP Bob Is Alice sure she s talking to Bob? Is Bob sure he s talking to Alice? Security Protocols 36
37 Simplified SSL Protocol 73 Can we talk?, cipher list, R A certificate, cipher, R B {S} Bob, E(h(msgs,CLNT,K),K) h(msgs,srvr,k) Alice Data protected with key K Bob S is known as pre-master secret K = h(s,r A,R B ) msgs means all previous messages CLNT and SRVR are constants SSL Keys 6 keys derived from K = h(s,r A,R B ) 2 encryption keys: send and receive 2 integrity keys: send and receive 2 IVs: send and receive 74 Why different keys in each direction? Q: Why is h(msgs,clnt,k) encrypted? A: Apparently, it adds no security Security Protocols 37
38 SSL Authentication Alice authenticates Bob, not vice-versa How does client authenticate server? Why would server not authenticate client? Mutual authentication is possible: Bob sends certificate request in message 2 Then client must have a valid certificate 75 If server wants to authenticate client, server could instead require password SSL MITM Attack? 76 R A R A certificate T, R B certificate B, R B {S 1 } Trudy,E(X 1,K 1 ) {S 2 } Bob,E(X 2,K 2 ) h(y 1,K 1 ) h(y 2,K 2 ) Alice E(data,K 1 ) Trudy E(data,K 2 ) Bob Q: What prevents this MITM attack? A: Bob s certificate must be signed by a certificate authority (CA) What does browser do if signature not valid? What does user do when browser complains? Security Protocols 38
39 SSL Sessions vs Connections SSL session is established as shown on previous slides SSL designed for use with HTTP 1.0 HTTP 1.0 often opens multiple simultaneous (parallel) connections Multiple connections per session SSL session is costly, public key operations SSL has an efficient protocol for opening new connections given an existing session 77 Several flaws on SSL RFC 6176 prohibits the use of SSL v2.0 in TLS due to: Message authentication uses MD5 (see RFC6151) Handshake messages are not protected. This permits a manin-the-middle to trick the client into picking a weaker cipher suite than it would normally choose. Message integrity and message encryption use the same key, which is a problem if the client and server negotiate a weak encryption algorithm. Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session. Security Protocols 39
40 Real world protocols Segurança de Redes e Dados 2012/13 79 Protocols IPsec IP Security various application security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS security concerns cross protocol layers hence would like security implemented by the network for all applications authentication & encryption security features included in next-generation IPv6 also usable in existing IPv4 80 Security Protocols 40
41 general IP Security mechanisms provides authentication confidentiality key management IPsec applicable to use over LANs, across public & private WANs, & for the Internet 81 Application Transport Network Logic Physical IPsec IPsec Uses 82 Security Protocols 41
42 Benefits of IPsec in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture 83 IP Security Architecture 84 mandatory in IPv6, optional in IPv4 have two security header extensions: Authentication Header (AH) Encapsulating Security Payload (ESP) Key Exchange function VPNs want both authentication/encryption hence usually use ESP specification is quite complex numerous RFC s 4301/4302/4303/5996 Two modes: Transport mode: add info/security to original packet Tunnel mode: protect the original packet by encapsulating it in new IP packet Security Protocols 42
43 Security Associations a one-way relationship between sender & receiver that affords security for traffic flow defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier has a number of other parameters seq no, AH & ESP info, lifetime etc have a database of Security Associations 85 IPsec Transport Mode IPsec Transport Mode 86 IP header data IP header ESP/AH data Transport mode designed for host-to-host Transport mode is efficient Adds minimal amount of extra header The original header remains Passive attacker can see who is talking Security Protocols 43
44 IPsec transport mode IPsec: Host-to-Host 87 There may be firewalls in between if so, is that a problem? IPsec Tunnel Mode IPsec Tunnel Mode 88 IP header data new IP hdr ESP/AH IP header data Tunnel mode for firewall-to-firewall traffic Original IP packet encapsulated in IPsec Original IP header not visible to attacker New IP header from firewall to firewall Attacker does not know which hosts are talking Security Protocols 44
45 IPsec tunnel mode IPsec: Firewall-to-Firewall 89 No IPsec Alice s Firewall IPsec Internet Bob s Firewall No IPsec Alice Bob Local networks unprotected So, is there any advantage here? IPsec Security What kind of protection? Confidentiality? Integrity? Both? What to protect? Data? Header? Both? 90 ESP/AH do some combinations of these Security Protocols 45
46 AH vs ESP AH Authentication Header Integrity only (no confidentiality) Integrity-protect everything beyond IP header and some fields of header (why not all fields?) ESP Encapsulating Security Payload Integrity and confidentiality both required Protects everything beyond IP header Integrity-only by using NULL encryption 91 According to RFC 2410 ESP s NULL Encryption Null(P,K) = P for any P and any key K NULL encryption is a block cipher the origins of which appear to be lost in antiquity Despite rumors, there is no evidence that NSA suppressed publication of this algorithm Evidence suggests it was developed in Roman times as exportable version of Caesar s cipher Can make use of keys of varying length No IV is required 92 The bottom line: Security people are strange It is from November not an April RFC Security Protocols 46
47 Authentication Header AH Transport Mode Source: Stephen J. Friedl, IPsec illustrated Guide Security Protocols 47
48 95 AH Tunnel mode Source: Stephen J. Friedl, Ipsec illustrated Guide 96 AH and NAT Source: Stephen J. Friedl, Ipsec illustrated Guide Security Protocols 48
49 Encapsulating Security Payload (ESP) ESP Transport mode Source: Stephen J. Friedl, Ipsec illustrated Guide Security Protocols 49
50 99 ESP - Tunnel Mode Source: Stephen J. Friedl, Ipsec illustrated Guide Why Does AH Exist? (1) 100 Cannot encrypt IP header Routers must look at the IP header IP addresses, TTL, etc. IP header exists to route packets! AH protects immutable fields in IP header Cannot integrity protect all header fields TTL, for example, will change ESP does not protect IP header at all Security Protocols 50
51 Why Does AH Exist? (2) ESP encrypts everything beyond the IP header (if non-null encryption) If ESP-encrypted, firewall cannot look at TCP header (e.g., port numbers) Why not use ESP with NULL encryption? 101 Firewall sees ESP header, but does not know whether null encryption is used End systems know, but not the firewalls Why Does AH Exist? (3) 102 The real reason why AH exists: At one IETF meeting someone from Microsoft gave an impassioned speech about how AH was useless everyone in the room looked around and said `Hmm. He s right, and we hate AH also, but if it annoys Microsoft let s leave it in since we hate Microsoft more than we hate AH. Security Protocols 51
52 Key Management handles key generation & distribution typically need 2 pairs of keys A pair per direction for AH & ESP manual key management sysadmin manually configures every system automated key management automated system for on demand creation of keys for SA s in large systems has Oakley & ISAKMP elements Internet Security Association and Key Management Protocol Uses Inter Key Exchange protocol (IKE) RFC IKE has 2 phases IKE 104 Phase 1 IKE security association (SA) Phase 2 AH/ESP security association Phase 1 is comparable to SSL session Phase 2 is comparable to SSL connection Not an obvious need for two phases in IKE If multiple Phase 2 s do not occur, then it is more costly to have two phases! Security Protocols 52
53 Result of IKE phase 1 is Mutual authentication Shared symmetric key IKE Phase 1 Summary IKE Security Association (SA) But phase 1 is expensive 105 Especially in public key and/or main mode Developers of IKE thought it would be used for lots of things not just IPsec Partly explains the over-engineering Plausible Deniability in Phase 1 Trudy can create conversation that appears to be between Alice and Bob Public Key main and aggressive mode Appears valid, even to Alice and Bob! A security failure? 106 In this mode of IPSec, it is a feature Plausible deniability: Alice and Bob can deny that any conversation took place! In some cases it might create a problem E.g., if Alice makes a purchase from Bob, she could later repudiate it (unless she had signed) Security Protocols 53
54 IKE Summary Phase 1 establishes IKE SA Phase 2 establishes IPsec SA Both sides have a shared symmetric key 107 IPsec SSL vs IPsec Lives at the network layer (part of the OS) Encryption, integrity, authentication, etc. Is overly complex (some security issues) SSL (and TLS) 108 Lives at socket layer (part of user space) Encryption, integrity, authentication, etc. Relatively simple and elegant specification Security Protocols 54
55 Real world protocols SSL vs IPsec IPsec: OS must be aware, but not apps SSL: Apps must be aware, but not OS SSL built into Web early-on (Netscape) IPsec often used in VPNs (secure tunnel) Reluctance to retrofit applications for SSL IPsec not widely deployed (complexity, etc.) The bottom line Internet less secure than it should be! Protocols S/MIME Security Protocols 55
56 S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME original Internet RFC822 was text only MIME provided support for varying content types and multipart messages (RFC2045) with encoding of binary data to textual form S/MIME added security enhancements (RFC5751) have S/MIME support in many mail agents 111 eg MS Outlook, Mozilla, Mac Mail etc enveloped data S/MIME Functions encrypted content and associated keys signed data encoded message + signed digest clear-signed data clear text message + encoded signed digest signed & enveloped data 112 nesting of signed & encrypted entities Security Protocols 56
57 S/MIME Process 113 S/MIME Cryptographic Algorithms digital signatures: RSA hash functions: SHA-256 (SHA-1 & MD5 backward compatibility) session key encryption: RSA 114 message encryption: AES, 3DES, etc MAC: HMAC with SHA-1, DES-MAC must map binary values to printable ASCII use radix-64 or base64 mapping Security Protocols 57
58 S/MIME Public Key Certificates S/MIME has effective encryption and signature services but also need to manage public-keys S/MIME uses X.509 v3 certificates each client has a list of trusted CA s certs and own public/private key pairs & certs certificates must be signed by trusted CA s Mail certificate Security Protocols 58
59 Real world protocols 117 Kerberos Kerberos In Greek mythology, Kerberos is 3-headed dog that guards entrance to Hades Wouldn t it make more sense to guard the exit? In security, Kerberos is an authentication protocol based on symmetric key crypto Originated at MIT Based on work by Needham and Schroeder Relies on a Trusted Third Party (TTP) RFC Security Protocols 59
60 Motivation for Kerberos Authentication using public keys N users N key pairs Authentication using symmetric keys N users requires (on the order of) N 2 keys Symmetric key case does not scale! Kerberos based on symmetric keys but only requires N keys for N users - Security depends on TTP + No PKI is needed 119 Kerberos KDC Kerberos Key Distribution Center or KDC KDC acts as the TTP 120 TTP is trusted, so it must not be compromised KDC shares symmetric key K A with Alice, key K B with Bob, key K C with Carol, etc. Master key K KDC known only to KDC KDC enables authentication, session keys Session key for confidentiality and integrity In practice, crypto algorithm is AES Security Protocols 60
61 Kerberos Tickets KDC issue tickets containing info needed to access network resources KDC also issues Ticket-Granting Tickets or TGTs that are used to obtain tickets Each TGT contains Session key User s ID Expiration time 121 Every TGT is encrypted with K KDC So, TGT can only be read by the KDC Kerberized Login Alice enters her password Then Alice s computer 122 Derives K A from Alice s password Uses K A to get TGT for Alice from KDC Alice then uses her TGT (credentials) to securely access network resources Plus: Security is transparent to Alice Minus: KDC must be secure it s trusted! Security Protocols 61
62 Kerberized Login 123 Alice wants Alice s password a TGT E(S A,TGT,K A ) Alice Computer Key K A = h(alice s password) KDC KDC creates session key S A Alice s computer decrypts S A and TGT Then it forgets K A TGT = E( Alice, S A, K KDC ) Alice Requests Ticket to Bob Talk to Bob 124 I want to talk to Bob REQUEST REPLY Alice Computer REQUEST = (TGT, authenticator) authenticator = E(timestamp, S A ) REPLY = E( Bob, K AB, ticket to Bob, S A ) ticket to Bob = E( Alice, K AB, K B ) KDC gets S A from TGT to verify timestamp TGT = E( Alice, SA, K KDC ) KDC Security Protocols 62
63 Alice Uses Ticket to Bob 125 ticket to Bob, authenticator E(timestamp + 1, K AB ) Alice s Computer Bob ticket to Bob = E( Alice, K AB, K B ) authenticator = E(timestamp, K AB ) Bob decrypts ticket to Bob to get K AB which he then uses to verify timestamp Kerberos Key S A used in authentication For confidentiality/integrity Timestamps for replay protection Recall, that timestamps 126 Reduce the number of messages like a nonce that is known in advance But, time is a security-critical parameter Security Protocols 63
Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationNetwork Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.
Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationNetwork Security Essentials Chapter 7
Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationChapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationComputer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------
Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationNetzwerksicherheit: Anwendungen
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
More informationElectronic Mail Security
Electronic Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCryptography and network security CNET4523
1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More information12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028
Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationPart 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext
Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationComputer and Network Security
Computer and Network Security c Copyright 2000 R E Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@ciseufledu Network Security Protocols
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationPGP from: Cryptography and Network Security
PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'amore Electronic Mail Security Despite the refusal of VADM Poindexter
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationIP SECURITY (IPSEC) PROTOCOLS
29 IP SECURITY (IPSEC) PROTOCOLS One of the weaknesses of the original Internet Protocol (IP) is that it lacks any sort of general-purpose mechanism for ensuring the authenticity and privacy of data as
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationInternetwork Security
Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationQ: Why security protocols?
Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:
More informationPart III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationChapter 3. Network Domain Security
Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More informationHTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)
CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationCPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu
CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationDr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/
Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University
More information