Network Security. Outline of the Tutorial
|
|
- Samuel Phelps
- 8 years ago
- Views:
Transcription
1 Network Security Dr. Indranil Sen Gupta Head, School of Information Technology Professor, Computer Science & Engg. Indian Institute of Technology Kharagpur 1 Outline of the Tutorial Security attacks and services Cryptography: basic concepts Private key cryptography Public key cryptography Network security principles in use Penetration testing and ethical hacking 2 1
2 Security Attacks and Services 3 Security Attacks Any action that compromises the security of information. Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication Basic model: S Source D Destination 4 2
3 Interruption: Attack on availability S D Interception: Attack on confidentiality S D I 5 Modification: Attack on integrity S I D Fabrication: Attack on authenticity S D I 6 3
4 Passive and Active Attacks Passive attacks Obtain information that is being transmitted (eavesdropping). Two types: Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission. Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged. Very difficult to detect. 7 Active attacks Involve some modification of the data stream or the creation of a false stream. Four categories: Masquerade:- One entity pretends to be a different entity. Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification:- Some portion of a legitimate message is altered. Denial of service:- Prevents the normal use of communication facilities. 8 4
5 Security Services Confidentiality Authentication Integrity Non-repudiation Access control Availability Denial of Service Attacks Virus that deletes files 9 Network Access Security Model 10 5
6 Cryptography: Basic Concepts 11 Introduction Most important concept behind network security is encryption. Two forms of encryption are in common use: Private (or Symmetric) Single key shared by sender and receiver. Examples: DES, AES, IDEA Public-key (or Asymmetric) Separate keys for sender and receiver. Examples: RSA, Diffie-Hellman 12 6
7 Some Terminologies Plaintext: the data that is to be encrypted Ciphertext: the encrypted form of the data Encryption/Decryption algorithm the algorithm used to carry out the transformation. Key Usually a secret entity. Used as parameter to the encryption/decryption algorithm. 13 Private Key Cryptography 14 7
8 Simplified Model of Conventional Encryption Shared Key K Shared Key K Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P 15 Classical Techniques Broadly falls under two categories: 1. Substitution ciphers Each letter of group of letters of the plaintext are replaced by some other letter or group of letters, to obtain the ciphertext. 2. Transposition ciphers Letters of the plaintext are permuted in some form. 16 8
9 Substitution Ciphers 1. Caesar Cipher Earliest known substitution cipher. Replace each letter of the alphabet with the letter three places after that alphabet. Alphabets are assumed to be wrapped around ( Z is followed by A, etc.). P: H A P P Y N E W Y E A R C: K D S S B Q H Z B H D U 17 We can generalize the idea by replacing each letter by the k th following letter. If we assign a number to each letter (A=1, B=2, etc), then C = E (P) = (P + k 1) % P = D (C) = (C k + 25) % Drawback: Brute force attack is easy Try out all the 25 possible keys 18 9
10 2. Mono-alphabetic Cipher Allow any arbitrary substitution. There can be 26! or 4x10 26 possible keys. A typical key may be: (ZAQWSXCDERFVBGTYHNMJUIKLOP) Drawback: We can make guesses by observing the relative frequency of letters in the text. Compare it with standard frequency distribution charts in English (say). Also look at the frequency of digrams and trigrams, for which tables are also available. Easy to break in general Poly-alphabetic Cipher Use different mono-alphabetic substitutions as we proceed through the plaintext message. Vigenere cipher is the best known cipher of this class. Consists of 26 Caesar ciphers, with shifts of 0 to 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter a. To encrypt a message, a key is needed that is as long as the message (usually, a repeating keyword). Decryption is just the reverse
11 Drawback: Key and the plaintext share the same frequency distribution of letters. The best thing would have been to use a keyword which is as large as the plaintext, and has no statistical relationship to it. 21 Transposition Cipher Many techniques were proposed under this category. A simple scheme: Write out the plaintext in a rectangle, row by row, and read the message column by column, by permuting the order of the columns. Order of the column becomes the key
12 An example P: we have enjoyed the workshop in jadavpur Key: w e h a v e e n j o y e d t h e w o r k s h o p i n j a d a v p u r - C: howpv ayoip ejeoa wnhhd vernu edkjr etsa- 23 Drawback: The ciphertext has the same letter frequency as the original plaintext. Guessing the number of columns and some probable words in the plaintext holds the key
13 Some Important Issues Security of the scheme Depends entirely on the secrecy of the key. Does not depend on the secrecy of the algorithm. (Has to be public for criticism!) So, the assumptions that we make: Algorithms for encryption/decryption are known to the public. Keys used are kept secret. 25 What is meant by Security lies in the Keys Key Size (bits) Number of Alternative Keys 2 32 = 4.3 x = 7.2 x = 3.4 x = 3.7 x Time required at 10 6 decryptions / µs 2.15 milliseconds 10 hours 5.4 x years 5.9 x years 26 13
14 Practical Encryption Algorithms Data Encryption Standard (DES) Block size is 64 bits. Key is 56 bits. IDEA Block size is 64 bits. Key size is 128 bits. Advanced Encryption Standard (AES) Also known as Rijndael cryptosystem. Block size can be 128, 192, or 256 bits. Key size can be 128, 192, or 256 bits. 27 Block Encryption Algorithms Data Encryption Standard (DES) The most widely used encryption scheme. Known as the Data Encryption Algorithm (DEA). It is a block cipher. The plaintext is 64-bits in length. The key is 56-bits in length. Longer plaintexts are processed in 64-bit blocks
15 P (64-bit) K (56-bit) Initial Permutation Permuted Choice 1 Round 1 K 1 Permuted Choice 2 Left circular shift Round 2 K 2 Permuted Choice 2 Left circular shift Round 16 K 16 Permuted Choice 2 Left circular shift 32-bit Swap Reverse Inverse Permutation C (64-bit) General Schematic of DES Algorithm 29 Single Iteration of DES Algorithm 30 15
16 DES The overall processing at each iteration: L i = R i-1 R i = L i-1 F(R i-1, K i ) Fiestel Structure Concerns about: The algorithm and the key length (56-bits) Longer key lengths essential for critical applications 31 Problems with DES 56-bit key size considered to be too small for providing acceptable level of security for most applications. Broken by various cryptanalysis groups
17 Hence, Triple DES! Use three keys and three executions of the DES algorithm (encrypt-decryptencrypt). C = E K3 [D K2 [E K1 [P]]] C = ciphertext P = Plaintext E K [X] = encryption of X using key K D K [Y] = decryption of Y using key K Effective key length of 168 bits. 33 Triple DES: Illustration K 1 K 2 K 3 P E D E X Y C K 3 K 2 K 1 C D E D Y X P 34 17
18 Some Points to Observe Key distribution problem of secret key systems: Establish key before communication. Need n(n-1)/2 keys with n different parties. A B E C D 35 Key Distribution Two parties A and B trying to communicate. A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to both A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B
19 Key Distribution (contd.) Session key: Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed Permanent key: Used between entities for the purpose of distributing session keys. 37 Public Key Cryptography 38 19
20 Basic Concept Uses two keys for every simplex logical communication link. a) Public key b) Private key Every communication node will have a pair of keys. For n number of nodes, total number of keys required is 2n. 39 Encryption using Public Key System B s public key KU B B s private key KR B Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P A B 40 20
21 Authentication using Public Key System A s private key KR A A s public key KU A Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P A B 41 Applications Three categories: a) Encryption/decryption: The sender encrypts a message with the recipient s public key. b) Digital signature / authentication: The sender signs a message with its private key. c) Key exchange: Two sides cooperate to exhange a session key
22 Requirements Computationally easy for a party B to generate a key pair Public key KU B Private key KR B Easy for sender to generate ciphertext: C = E (M, KU B ) Easy for the receiver to decrypt ciphertext using private key: M = D (C, KR B ) = D (E (M, KU B ), KR B ) 43 Computationally infeasible to determine KR B knowing KU B. Computationally infeasible to recover message M, knowing KU B and ciphertext C. Either of the two keys can be used for encryption, with the other used for decryption: M = D (E (M, KU B ), KR B ) = D (E (M, KR B ), KU B ) 44 22
23 The RSA Public Key Algorithm RSA Algorithm Developed by Ron Rivest, Adi Shamir and Len Adleman at MIT, in A block cipher. The most widely implemented. 45 The RSA Algorithm Key Generation 1. Select p,q p and q both prime 2. Calculate n = p x q 3. Calculate Φ( n) = ( p 1)( q 1) 4. Select integer e gcd( Φ( n), e) = 1;1 < e < Φ( n) 1 5. Calculate d d = e mod Φ( n) 6. Public Key KU = {e,n} 7. Private key KR = {d,n} φ(n) is the number of positive numbers less than n and relatively prime to n (called Euler totient)
24 The RSA Algorithm - Encryption Plaintext: M < n Ciphertext: C = M e (mod n) 47 The RSA Algorithm - Decryption Ciphertext: C Plaintext: M = C d (mod n) 48 24
25 Example Select two prime numbers, p=7 and q=17. Calculate n = pq = 7 17 = 119. Calculate φ(n) = (p-1)(q-1) = 96. Select e such that e is relatively prime to φ(n)=96, and less than φ(n). In this case, e=5. Determine d such that de = 1 (mod 96) and d<96. d=77, because 77 5 = 385 = Public key KU = {5,119} Private key KR = {77,119} 49 Example (contd.) 50 25
26 The Security of RSA RSA is secure since We use large number of bits in e and d. The problem of factoring n into two prime factors is computationally very difficult. Knowing p and q will allow us to know Φ(n). This will help an intruder to know the values of e and d. Until recently, this was felt to be infeasible for numbers in the range of 100 decimal digits or so (approximately 300 bits). A worldwide team cooperating over the internet and using 1600 computers recently cracked the code in eight months. Currently, a 1024-bit key size (about 300 decimal digits) is considered strong enough for virtually all applications. Key sizes in the range of 1024 to 2048 bits seems safe. 51 Private and Public Key Systems: a Comparison Symmetric encryption/decryption is much faster than asymmetric encryption/ decryption: RSA: kilobits/second DES: megabits/second DES is about 100 times faster than RSA 52 26
27 Network Security Principles in Use 53 Authentication Application:: KERBEROS Users wish to access services on servers. Three threats exist: User pretend to be another user. User alter the network address of a computer. User eavesdrop on exchanges and use a replay attack
28 Provides a centralized authentication server (AS) to authenticate users to servers and servers to users. Relies on conventional encryption. Makes no use of public-key encryption. Two versions: version 4 and 5. Version 4 makes use of DES
29 Electronic Mail Security:: Pretty Good Privacy (PGP) PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. Why popular? It is availiable free on a variety of platforms. Based on well known algorithms. Wide range of applicability 57 Summary of PGP services: Function Digital Signature Message Encryption Compression Compatibility Algorithm Used DSS/SHA or RSA/SHA CAST or IDEA or 3- key Triple DES with Diffie-Hellman or RSA ZIP Radix-64 Conversion 58 29
30 PGP Cryptographic Functions 59 Secure Socket Layer (SSL) SSL was first used by Netscape. To ensure security of data sent through HTTP, LDAP or POP3. Uses TCP to provide reliable end-to-end secure service. In general, SSL can be used for secure data transfer for any network service running over TCP/IP
31 HTTP LDAP POP3 Application Layer SSL TCP/IP Network Layer 61 The main objectives of SSL are: Authenticate the client and server to each other. Ensure data integrity. Ensure data privacy. Required for both the protocol data and also the application data
32 SSL Architecture SSL consists of two layers of protocols: SSL Record Protocol Ensures data security and integrity. Protocols required to establish SSL connection. Three protocols used in this layer: SSL Handshake Protocol SSL ChangeCipherSpec Protocol SSL Alert Protocol 63 SSL Handshake Protocol SSL ChangeCipherSpec Protocol SSL Alert Protocol Application Protocol (HTTP, etc.) SSL Record Protocol TCP IP 64 32
33 SSL Record Protocol Mainly responsible for data encryption and integrity. Basic function: Take an application message to be sent. Fragment the application message data. 16 Kbytes or smaller. Encapsulate it with appropriate headers and create an object called a record. Encrypt the record and forward it to TCP. 65 Application Data Fragments Compressed data Add MAC MAC Encrypt data TCP packet H H: SSL record header 66 33
34 The Higher Layer Protocols SSL Alert Protocol Used to send session messages associated with data exchange and functioning of the protocol. Each message consists of two bytes: First byte is either 1 (warning) or 2 (fatal). If fatal, the SSL session is terminated. Second byte contains one of the defined error codes. 67 SSL ChangeCipherSpec Protocol Consists of a single message that carries the value of 1. Purpose of this message is to cause the pending session state to be established as a fixed state. Define the set of protocols to be used. Must be sent from client to server, and vice versa
35 SSL Handshake Protocol Used to initiate a session between the server and the client. Within the application data, algorithms and keys used for data encryption can be negotiated. Provides mutual authentication. Process of negotiation divided into four phases. 69 Client sends to the server SSL version Random (used to protect key exchange) Session ID CipherSuite Server sends back SSL version Random (a different number is generated) Session ID CipherSuite 70 35
36 Transport Layer Security (TLS) Extension of SSL. Aim is to provide security and data integrity features at the transport layer between two web applications. Supported my most web servers and browsers today. 71 Secure Shell (SSH) Originally developed in As a secure replacement for telnet, rlogin, rcp, etc. Allows port forwarding (tunneling over SSH) Built-in support for proxies/firewalls. Widely used nowadays
37 In SSHv1 protocol, the server uses two keys: Long-term server identification key. Binds the connection to the server bit RSA. Short-term encryption key, changed every hour. Makes later recovery impossible. Short-term keys are regenerated as a background task. 768 bit RSA. 73 Multiple authentication mechanisms Straight passwords (protected by SSH encryption). RSA based authentication. Client decrypts a challenge from the server; returns the hash to the server. Plug-in mechanisms (biometrics, smartcard, etc.)
38 IP Security (IPSec) Security built into the IP layer. Provides host-to-host (or firewall-to-firewall) encryption and authentication. Required for IPv6, but optional for IPv4. Consists of two parts: IPSec proper (for encryption and authentication). IPSec key management. 75 IPSec Provides two modes of protection Tunnel Mode Transport Mode Authentication and Integrity Confidentiality Replay Protection 76 38
39 Protection in Tunnel Mode Encapsulates the entire IP packet within IPSec protection. Tunnels can be created between several different node types: Firewall to firewall Host to firewall Host to host 77 Protection in Transport Mode Encapsulates only the transport layer information within IPSec protection. Can only be created between host nodes. Authentication and Integrity Verifies the origin of data. Assures that data sent is the data received. Assures that the network headers have not changed since the data was sent
40 Confidentiality Encrypts data to protect against eavesdropping. Can hide data source when encryption is used over a tunnel. Replay Prevention Causes transmitted packets to be dropped. 79 Problems with IPSec Excessively complex and difficult to use. Does now allow use of NAT. Routers need to be made IPSec aware
41 Secure HTTP (S-HTTP) An extension to the HTTP protocol to support sending data securely over the web. Difference from SSL: SSL is designed to establish a secure connection between two hosts. s-http is designed to send individual messages securely. 81 Some Features: Provides a variety of security mechanisms to HTTP clients and servers. Does not require client-side public certificates (or public keys), as it supports symmetric key-only operation modes. Provides full flexibility of cryptographic algorithms. s-http and HTTPS are not the same. HTTPS is an alternative to s-http. HTTP runs on top of SSL or TSL
42 Penetration Testing and Ethical Hacking 83 What is a Penetration Test? A process of actively evaluating the information security measures in an organization. Most common procedure: The security measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities. Results are delivered in a comprehensive report
43 Ethical Hacking. Definition of ethical hacking A situation where a computer and network expert attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hacking uses the same methods as their less principled counterparts (hackers), but report problems instead of taking advantage of them. Also called penetration testing. 85 Why is it Required? There are several reasons why organizations choose to perform a penetration test. To identify the threats facing the information assets of the organization. Reduce the IT security costs by identifying and resolving vulnerabilities and weaknesses. Provide the organization with information assurance. Gain and maintain certification to an industry regulation (BS7789, HIPAA, etc.)
44 Types of Tests 1. External Penetration Testing This is the traditional approach. The testing is focused on servers, infrastructure, and the underlying software (OS, database, etc.). Two broad approaches: Black box testing: performed with no prior knowledge of the infrastructure to be tested. White box testing: performed with full disclosure of the topology and the environment. 87 This basically involves the following: Comprehensive analysis of publicly available information about the target. Identification and analysis of the target hosts. Analysis of the behavior of security devices like screening routers and firewalls. Identification and analysis of the vulnerabilities within the target hosts
45 2. Internal Penetration Testing Follows a methodology similar to external testing. Provides a more complete view of the site security. Testing is typically carried out from a number of network access points, representing each logical and physical segment. Can include DMZ, VPNs, subnets, etc Application Security Assessment To identify and assess threats to the organization through proprietary applications or systems. The application must not expose the underlying servers and software to attack. A malicious user should not be able to access, modify, or destroy data or services within the system. Even in a well-deployed and secured infrastructure, a weak application can expose the organization s assets to risk
46 4. Remote Access Security Assessment This addresses the security risks associated with an increasingly mobile workforce. Working from home Broadband always-on Internet access wireless networking Increased exposure by extending the traditional perimeter of the organization. 91 Some of the Typical Areas Network Security Network surveying Port scanning System identification Services identification Router testing Firewall testing Intrusion detection system testing Trusted systems testing Password cracking Denial of service testing 92 46
47 Wireless Security Wireless networks testing WEP security testing Infrared systems testing Cordless communications testing Other areas include Information Security, Social Engineering, Physical Security, etc. 93 About the Tools to be Used Tools are essential for automating the penetration testing process. Where to find the tools? A number of commercial tools are available. They work by using sets of thousands of pre-defined signatures that can identify vulnerabilities in a system. Signatures need to be updated on a regular basis. Open-source tools that are freely available. Also called hacker tools, and are often made available on hacker web sites
48 May range from very professionally developed and maintained tools, to poorly documented scripts meant to perform specific tasks. Special care must be taken to ensure that the tools themselves do not contain virus or any other malicious contents. Specialist penetration testing providers can develop their own tools. Because available tools are mostly incomplete, and multiple tools need to be used. Many vulnerabilities are not covered by them. 95 Hacker Web SItes Some pointers. there are many many more
49
50
51 References 1. Cryptography and Network Security: Principles and Practice, 2 nd Edition, William Stallings, Prentice Hall, New Jersey, Network Security Essentials: Applications and Standards, William Stallings, Pearson Education Asia, Applied Cryptography, B. Schneier, Wiley, New York, Internet Cryptography, R. Smith, Addison Wesley, MA, Handbook of Applied Cryptography, A.J. Menezes, et al Journals IEEE Transactions on Information Theory Computer Security Communications of the ACM IEEE Communications Magazine Computer Communications Review 7. The Internet
Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationLecture G1 Privacy, Security, and Cryptography. Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007
Lecture G1 Privacy, Security, and Cryptography Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007 Functionalia Instructor Chipp Jansen, chipp@sci.brooklyn.cuny.edu Course Web Page http://www.sci.brooklyn.cuny.edu/~chipp/cc3.12/
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationNETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia
NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationSecurity Sensor Network. Biswajit panja
Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationProperties of Secure Network Communication
Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationCryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.
Cryptography: Motivation Many areas have sensitive information, e.g. Data Structures and Algorithms Cryptography Goodrich & Tamassia Sections 3.1.3 & 3.1.4 Introduction Simple Methods Asymmetric methods:
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNETWORK ADMINISTRATION AND SECURITY
NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationCRYPTOG NETWORK SECURITY
CRYPTOG NETWORK SECURITY PRINCIPLES AND PRACTICES FOURTH EDITION William Stallings Prentice Hall Upper Saddle River, NJ 07458 'jkfetmhki^^rij^jibwfcmf «MMr""'-^.;
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationThree attacks in SSL protocol and their solutions
Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationNetwork Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.
Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCity University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013
City University of Hong Kong Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 01/013 Part I Course Title: Course Code: Course Duration: Cryptography
More informationSoran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification
1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationAN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES
HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationThe Secure Sockets Layer (SSL)
Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationHow To Protect Your Data From Attack
Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1 Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationNetwork Security Essentials:
Network Security Essentials: Applications and Standards Fifth Edition William Stallings International Editions contributions by B. R. Chandavarkar National Institute of Technology Karnataka, Surathkal
More informationECE 428 Network Security
ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu
CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationChapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms
Chapter 11 Security Protocols Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms Chapter 11 Security Protocols Network Security Threats Network Security
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More information12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028
Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCryptography and Security
Cunsheng DING Version 3 Lecture 17: Electronic Mail Security Outline of this Lecture 1. Email security issues. 2. Detailed introduction of PGP. Page 1 Version 3 About Electronic Mail 1. In virtually all
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationInternet Security. Christopher Kruegel
Internet Security Christopher Kruegel Automation Systems Group (E183-1) Technical University Vienna Treitlstrasse 1, A-1040 Vienna, Austria chris@auto.tuwien.ac.at Abstract This chapter describes security
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More information