Security in Communication Networks
|
|
- Osborn Payne
- 8 years ago
- Views:
Transcription
1 Networks Prof. Dr. Otto Spaniol Dipl. Inform. Roland Büschkes Dipl. Inform. Christian Cseh Dipl.-Math. techn. Roland Stenzel General Information 2 / 33 Lecture course: Networks Principal lecturer: Prof. Dr. Otto Spaniol Number of lectures: 4 hours per week Lecture locations: AH II, AH V Lecture times: Monday, (a.m.) (a.m.), Tuesday (a.m.) (p.m.) Exercises: Dipl. Inform. Roland Büschkes, Dipl. Inform. Christian Cseh, Dipl.- Math. techn. Roland Stenzel Number: 2 hours per week Locations: AH IV Times: Wednesday (a.m.) (p.m.) (Starting date: October 25, 2000) Subject: A basic introduction to contemporary cryptology and computer network security 1
2 References 3 / 33 C. Kaufman, R. Perlman and M. Spencier: Network Security: Private Communication in a Public World, Prentice-Hall, 1995 O. Spaniol. M. Günes: Skript der Vorlesung Sicherheit in Kommunikationsnetze, 1988 B. Schneier: Applied Cryptography: Protocols, Algorithms, and Source Code in C, (2nd Edition), John Wiley & Sons, 1996 R. Oppliger: Internet and Intranet Security, Artech House, 1998 D. R. Stinson: Cryptograhy: Theory and Practice, CRC Press, 1995 W. R. Cheswick and S.M. Bellovin: Firewalls and Internet Security, Addison-Wesley, 1994 R. G. Bace: Intrusion Detection, Macmillan Technical Publishing, 2000 Topics 4 / 33 Topics: Introduction Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Security Handshake Protocols Anonymity/Privacy Transport Layer Security Application Layer Security Firewall Intrusion Detection Mobile Agents Mobile Communication Electronic Commerce Network Layer Security 2
3 Contents 5 / 33 Prologue Protection of Subscribers Protection of Network Designing Security in Layered Protocols (Internet) Challenging Areas Prologue: Networks 6 / 33 This course discusses questions concerning security in data communications The subjects of this lecture include: Protection of Subscribers Cryptography (Secret Key, Public Key) Digital Signature Authentication/Identification (Security Handshake Protocols) Anonymity/Privacy Protection of Networks Access Control Firewall Intrusion Detection Designing Security in Layered Protocols (Internet) IPSEC, SSL, PGP,... Challenging Areas: mobile agents, mobile communication, electronic commerce 3
4 Prologue: Internet 7 / 33 Necessity is the mother of invention, and computer networks are the mother of modern cryptography. - R. L. Rivest The Story of the Internet: During the latter half of the 1980's ARPANET moved from the research domain into a transcontinental reality In November 1988 the "Internet worm" brought the ARPANET to its knees Since then an almost continuous stream of security-related incidents has affected thousands of computer systems and networks throughout the world (see for more information By 2000, the Internet had grown from 60,000 host computer systems to over 93 million (see Many companies and private users now rely on the Internet for their daily business and private communication (sharing financial, business, or personal information) Attacks: illegal gain of information, unrecognized change of information, disturbance of the functionality (Confidentiality, Integrity, Availability) Prologue: Attacks on Computer Stand-alone computer system (UNIX operating system): Only legitimate user with physical access to the computer system is able to log in by providing name and password Intruder must have physical access and the login information Networked computer (UNIX operating system): System makes available some basic network services: telnetd: remote terminal access service, provided at port 23 sendmail: electronic mail service, provided at port 25 httpd: WWW, provided at port 80 nsfd: network file service, provided at port 2049 Intruder does not need physical access Intruder can use any TCP/IP service offered by the system 8 / 33 4
5 Prologue: Attacks on Computer Only an intruder, who is able to physically access or connect to a computer system can attack it. By adding more network connections, more vulnerabilities are added automatically. Networked computer system run software that is inherently more complex and error prone. Intruder must know and be able to exploit just one single bug (administrator or security expert must know and fix each bug). 9 / 33 Passive Attack: Prologue: Attacks on Networks passive wiretapping attack: the intruder is able to interpret the data and to extract the information traffic analysis attack: intruder can observe who communicates with whom (e.g. two companies begin to exchange a large number of messages merging) available programs: etherfind, tcpdump,... Active Attack: modify, extend, delete, and replay data units influence or modify routing tables denial of service attack (flood a receiver) Network router Alice 10 / 33 intruder 5
6 Protection of Confidentiality: Prologue: Security Requirements Message contents should be kept confidential; i.e., only the communication partners may see it. Sender and/or addressee of messages should remain anonymous, and third parties (including the network operator(s)) should be unable to observe their communication. Neither potential communication partners nor third parties (including the network operator(s)) should be able to locate mobile stations or their users. Protection of Integrity: Forging message contents (including sender s address) should be detected. The recipient of a message should be able to prove that a particular message has been sent, and if that the addressee has received the message. Nobody can cheat the network operator(s) in terms of usage fees. On the other hand, the network operator(s) can only charge fees for correctly delivered services. Protection of Availability The communication network enables communication between all parties who wish to communicate and who are allowed to do so. 11 / 33 Prologue: Realization of Data Protection Requirements 12 / 33 Known techniques for Confidentiality: Cryptography, anonymity techniques Integrity: Cryptography, digital signatures, access control and authentication codes Availability: Fault-tolerant systems, access control, firewall, intrusion detection Cryptography Secrecy Steganography: Hide message, e.g., in a picture Encryption: enc_algorithm: (plaintext, key) ciphertext Authentication Identification, entity authentication: Who is currently on the other end of this connection? Message authentication: Who created this message? Digital Signature: Convince a third party about who created this message. 6
7 Prologue: Trusted Domains 13 / 33 Protection against every possible attacker is impossible. Before the design of a protection technique it is necessary to identify trusted domains. A trusted domain comprises systems or parts of systems (e.g. security module). No attackers are assumed within a trusted domain (restriction of the attacker). A trusted domain is always related to a single user or group of users. Trusted Domain Source Untrusted Area Trusted Domain Destination Protection technique Protection technique 14 / 33 Protection of Subscribers 7
8 Protection of subscribers: Shared-key Encryption Scheme 15 / 33 One-time pad, DES, IDEA etc. Can handle data volumes of several Gigabyte/s, but security is questionable Key sizes of bit Key distribution: secret channel needs key distribution center or public-key scheme random secur. param. Key generator Secret Channel Trusted Domain or error Decryption algorithm ( Encryption algorithm Protection of subscribers: Shared-key Authentication Scheme 16 / 33 Message authentication codes Specific constructions, or based on block ciphers or keyed hash functions Limitation: third party cannot check authenticity random secur. param. Key generator Secret Channel Trusted Domain Auth. algorithm Test algorithm ok or error 8
9 Protection of subscribers: Cryptographic Hash Functions 17 / 33 Hash Function H: variable length in, fixed length out ( 128 bit) easy One-way: H easy to compute infeasible to invert Collision resistant Practical hash functions: SHA, MD5, etc. Cryptographic primitive H: collision-resistant one-way hash-function fixed H: H(x) simulates a random oracle variable H: Keyed hash functions, family of hash functions infeasible Protection of subscribers: Public-key Encryption Scheme 18 / 33 RSA, Diffie-Hellman/El Gamal ca. 10-times slower than symmetric schemes Key size of bit for RSA Typically used to exchange a shared key for a symmetric scheme random secur. param. Trusted Domain Key generator Authenticated Channel Trusted Domain or error Decryption algorithm ( Encryption algorithm 9
10 Protection of subscribers: Digital Signature Scheme 19 / 33 Digital Signature: A hash value (collision-resistant) of a message is encrypted with the secret key of a public-key encryption scheme. RSA, El Gamal, etc. Asymmetry allows third party to check authenticity (since public key is known to all). random secur. param. Trusted Domain Key generator Authenticated Channel Trusted Domain Signature algorithm Test algorithm ok or error Protection of subscribers: Anonymity 20 / 33 Multi-party protocol: collectively use of cryptographic protocols Anonymity: The sender and/or the recipient of a communication can remain anonymous. Unobservability Nobody (not even the network operator) can trace communication relations. Untraceability Alice Bob Unobservable by Outsiders 10
11 21 / 33 Protection of networks Protection of networks: Access Control 22 / 33 General: Authentication refers to the process of verifying the claimed identity of a principal User Computer knows (proof of knowledge) possesses (proof of possession) biometric characteristics (proof by property) User System (via network) password-based (Name A, Password B) address-based (Name A, Address B) cryptographic: Name: A Challenge: X Response: Y=f(X) 11
12 Protection of networks: Firewall A Firewall represents a barrier between a privately owned and protected network and another network (e.g. the Internet). Purpose: prevent unwanted and unauthorized communication into or out of the protected network. Assume: Firewall is a trusted domain. 23 / 33 intranet Internet Firewall Accessibility Security Protection of networks: Intrusion Detection System (IDS) IDS is a burglar alarm for computers and networks Functional components An analysis engine that finds signs of intrusion. A response component that generates reactions based on the outcome of the analysis engine. Analysis engine: Offline: analysis of stored log data. Online: on the fly analysis of observed data. Response capabilities after analysis: Alarm Deny operation Attack Recognition: learning of attack patterns or usual habit of users Privacy problem 24 / 33 12
13 25 / 33 Design Security in Layered Protocols Design Security in Layered Protocols 26 / 33 There are always alternative ways to provide a service... Services may need to be provided at more than one layer. Security functionality should not duplicate communications functionality. Application Presentation Session Transport Network Data Link Physical The OSI reference model Application TCP & UDP IP, ICMP Data Link Physical The TCP/IP reference model User Programs Operating System Peripherals and network equipment 13
14 Design Security in Layered Protocols 27 / 33 Higher layers are more application dependent and technology independent. End-to-end security is easier provided at higher layers; link (point-to-point) security at lower layers. Higher layers are more likely implemented in software; lower layers in hardware. Higher layer encryption cannot protect lower layer headers; lower layer encryption may have to trust intermediate nodes. Application PGP, PEM,... Application Transport SSH, SSL,... Transport IP AH, ESP IP PGP = Pretty Good Privacy, PEM = Privacy Enhanced Mail, SSH = Secure Shell, SSL= Secure Socket Layer, AH = Authentication Header, ESP = Encapsulating Security Payload 28 / 33 Challenging Areas 14
15 Challenging Areas: mobile agents 29 / 33 Development of applications in distributed systems: Yesterday: Host-based computing. Today: Client/server computing. Tomorrow: Agent-based computing (most promising). A software agent is a program that acts on behalf of a (human) user A mobile agent is a program which represents a user in a computer network, is capable of migrating autonomously (under its own control) from node to node in the network, is able to perform some computation on behalf of the user. Application: online shopping, real-time device control, distributed scientific computing, etc. Major problem: security Challenging Areas: mobile agents - security problems 30 / 33 Insecure Networks (protection of users) Privacy: Sensitive data contained within an agent dispatched by a user may be compromised, due to eavesdropping on insecure networks, or if the agent executes on a malicious server. Integrity: The agent's code, control flow and results could be altered by servers for malicious purposes. Threats to host resources (protection of network): unauthorized access damage to resources denial of service annoyance attacks Security mechanisms: privacy and integrity mechanisms (to protect secret data and code), authentication mechanisms (to establish the identities of communicating parties) authorization mechanisms (controlled access to server resources). 15
16 Challenging Areas: electronic commerce 31 / 33 Electronic commerce (e-commerce) use networks (typically the Internet) to market goods and services without the need to be physically present at the point of sale. What will be used in the digital world? The same types as in the paper world cash, for small and anonymous payments, cheques, credit cards, money transfer orders, payment-like systems: vouchers, coupons. Same metaphor, i.e., same business model, at least as cost-effective, at least as secure, privacy protecting. Security problems: payment integrity and privacy Challenging Areas: mobile communication 32 / 33 Mobile phones have become a mass product (very soon: 100% coverage). GSM (Global System for Mobile Communication) is the best known and most widely used mobile communication standard. Emphasis on security functions dealing with eavesdropping and unauthorized use: Protection of Subscriber encryption of communication on the radio interface, i.e. between mobile station and base station, concealing the users identity on the radio interface, i.e. temporary valid identity code (TMSI) is used for the identification of a mobile user. Protection of Network access control by means of a personal smart card (called subscriber identity module, SIM) and PIN (personal identification number), authentication of the users towards the network carrier and generation of a session key in order to prevent abuse. 16
17 Challenging Areas: mobile communication 33 / 33 Security Problems and known attacks on GSM: IMSI Catcher: discloses the identities of all users within a radio cell. SIM Cloning and interception of authentication data: attempts to make phone calls at the expense of other users. Billing and Privacy (who communicates with whom and how long). Protection of location information. Future: The Universal Mobile Telecommunication System (UMTS) integrates the existing mobile radio networks and the Internet. UMTS supports new services with higher data rates. The standardization process for UMTS remains open chance to define appropriate security function (better than in GSM). The installation of appropriate security functions after standardization would result in higher costs and unnecessary compromises. 17
How To Protect Your Data From Attack
Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1 Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More information12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028
Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationDepartment of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus
Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationELECTRONIC COMMERCE OBJECTIVE QUESTIONS
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationOverview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security
Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationNETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia
NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationNETWORK ADMINISTRATION AND SECURITY
NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationCryptography and network security CNET4523
1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationCPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu
CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationReport to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999
Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks
More informationA Comparative Study of Security Features in FreeBSD and OpenBSD
Department of Computer Science Magnus Persson A Comparative Study of Security Features in FreeBSD and OpenBSD Master s Thesis 2006:02 A Comparative Study of Security Features in FreeBSD and OpenBSD Magnus
More informationCommon security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon
1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationISM/ISC Middleware Module
ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationWireless Mobile Internet Security. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationChapter 8 Network Security. Slides adapted from the book and Tomas Olovsson
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
More informationMeasurement of the Usage of Several Secure Internet Protocols from Internet Traces
Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationLecture G1 Privacy, Security, and Cryptography. Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007
Lecture G1 Privacy, Security, and Cryptography Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007 Functionalia Instructor Chipp Jansen, chipp@sci.brooklyn.cuny.edu Course Web Page http://www.sci.brooklyn.cuny.edu/~chipp/cc3.12/
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationNetzwerksicherheit: Anwendungen
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More information