1 NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia
2 O u t l i n e o f t h e P r e s e n t a t i o n What is Security Introduction to Computer Network Security Attacks, Services, and mechanisms Security Threats Cryptosystems Firewalls Security
3 What is Security and Why do we need it? Security is a concern of organizations with assets that are controlled by computer systems. By accessing or altering data, an attacker can steal tangible assets or lead an organization to take actions it would not otherwise take. By merely examining data, an attacker can gain a competitive advantage, without the owner of the data being any wiser. Computers at Risk: Safe Computing in the Information Age U.S. National Research Council, 1991.
4 Data Security Impossible to have 100% secure system. Given enough time and skill, the system can be broken. Strategies for data security:» Physical Security: Lock, Guard, Alarm» Personal Identification: Badges, user IDs, passwords» Encryption Passwords should be:» Chosen by the system;» Changed regularly;» Encrypted during login;
5 Introduction Two Major Developments During the Past Decade: 1. Widespread Computerization 2. Growing Networking and Internetworking The Internet Need for Automated Tools for Protecting Files and Other Information. Network and Internetwork Security refer to measures needed to protect data during its transmission from one computer to another in a network or from one network to another in an internetwork.
6 Introduction (Cont d) Network security is complex. Some reasons are: Requirements for security services are: Confidentiality Authentication Integrity Key Management is difficult. Creation, Distribution, and Protection of Key information calls for the need for secure services, the same services that they are trying to provide.
7 Attacks, Services, and Mechanisms Assessment of security needs of an organization involves the evaluation of types of services needed and the types of attacks that could occur and the cost of such attacks. Classification of Security Services: Confidentiality Authentication Integrity Nonrepudiation Access Control Availability
9 Attacks, Services, and Mechanisms (Cont d) Active Attacks: Interruption (availability) Modification (integrity) Fabrication (integrity)
10 Security Threats Unauthorized access Loss of message confidentiality or integrity User Identification Access Control Players: User community Network Administration Introducers/Hackers The bigger the system, the safer it is MVS mainframe users (5%) UNIX users (25%) Desktop users (50%)
11 yptography C r The Science of Secret writing. Encryption: Data is transformed into unreadable form. Decryption: Transforming the encrypted data back into its original form. Plaintext Types of Cipher» Transposition» Substitution Encryption Decryption Ciphertext
12 Types of Cryptosystems 1- Conventional Cryptosystems Secret key Cryptosystems. One secret key for Encryption and Decryption.» Example: DES 2- Public key cryptosystems» Two Keys for each user Public key (encryptions) Private key (decryptions)» Example: RSA
13 Types of Cryptosystems (Secret Key) Both the encryption and decryption keys are kept secret. Example: To encrypt, map each letter into the third letter forward in the alphabet order; To decrypt, map each letter into the third letter back. Problems with Secret Key Cryptosystems: Key transfer Too many keys
14 Secret Key Cryptosystems (DES) Data Encryption Standard (1977) Started with an IBM Project called LUCIFER (1971) DES key length: 56-bits Uses 16 iterations with» Transportation» Substitution» XOR operations DES Criticism Key length Design of S-Boxes in hidden Future Multiple DES IDEA ( International Data Encryption Algorithm)
15 Types of Cryptosystems (Public Key) Only the decryption key is kept secret. The encryption key is made public. Each user has two keys, one secret and one public. Public keys are maintained in a public directory. To send a message M to user B, encrypt using the public key of B. B decrypts using his secret key. Signing Messages For a user Y to send a signed message M to user X. 1. Y encrypts M using his secret key. 2. X decrypts the message using Y s public key.
16 Public Key A M encryption C Public key of B Ciphertext C Insecure communications or storage. Territory of the Intruder C B Private Key of B decryption M A wants to send M in a secure manner to B
17 RSA Public Key Cryptosystem Proposed by Rivest-Shamir-Adelman in Each user chooses two large primes p and q. Let n = p*q; k = (p -1)*(q -1). Also calculate two integers d and e such that d*e mod k =1 The user publishes the pair (n,e) as his public key, where a message M is encrypted as, C = M e mod n The message C is decrypted as follows: C e mod n = M
18 RSA Example Let n = 3 * 7 = 21; k = 2 * 6 = 12. d * e mod k = 17 * 5 mod 12 = 85 mod 12 = 1 d = 17 and e = 5 The pair (e,n) = (5,21) is the public key. The message M =2 is encrypted as 2 5 mod 21 = 9 The receiver decrypts as follows: 9 17 mod 21 = 2
19 Firewalls A firewall is a barrier placed between the private network and the outside world. All incoming and outgoing traffic must pass through it. Can be used to separate address domains. Control network traffic. Cost: ranges from no-cost (available on the Internet) to $ 100,000 hardware/software system. Types:» Router-Based» Host Based» Circuit Gateways
20 Firewall Filter Filter Inside Gateway(s) Outside Schematic of a firewall
21 Firewall Types (Router-Based) Use programmable routers Control traffic based on IP addresses or port information. Examples:» Bastion Configuration» Diode Configuration To improve security: Never allow in-band programming via Telnet to a firewall router. Firewall routers should never advertise their presence to outside users.
22 Bastion Firewalls External Router Secured Router Host PC Internet Private Internal Network
23 Firewall Types (Host-Based) Use a computer instead of router. More flexible (ability to log all activities) Works at application level Use specialized software applications and service proxies. Need specialized programs, only important services will be supported.
24 Firewall Types Host-Based (Cont d) Example: Proxies and Host-Based Firewalls Proxies and Host-Based Firewalls Host running only proxy versions of FTP,Telnet and so on. Internal Network Internet Filtering Router (Optimal)
25 Electronic Mail Security is the most widely used application in the Internet. Who wants to read your mail?» Business competitors» Reporters,Criminals» Friends and Family Two approaches are used:» PGP: Pretty Good Privacy» PEM: Privacy-Enhanced Mail
26 Security (PGP) Available free worldwide in versions running on:» DOS/Windows» Unix» Macintosh Based on:» RSA» DIDEA» MD5
27 Security (PGP cont d) Where to get PGP» Free from FTP site on the Internet» Licensed version from ViaCrypt in USA Example: pgp -kg ID-A pgp esa m.txt ID-B pgp message Signature Encryption Decryption
28 S u Function Algorithms used Description Message IDEA, RSA A message is encrypted encryption using IDEA with a one time session key generated by the sender. The session key is encrypted using RSA with the recipient s public key, and included with the message. Digital RSA, MD5 A hash code of a message signature is created using MD5. This message digest is encrypted using RSA with the sender s private key, and included with the message. Compression ZIP A message may be compressed, for storage or transmission, using ZIP.
29 Summary of PGP Services Function Algorithms used Description Radix 64 conversion To provide transparency compatibility for applications, an encrypted message may be converted to an ASCII string using radix-64 conversion. Segmentation To accommodate maximum message size limitations, PGP performs segmentation and reassembly.
30 Security (PEM) A draft Internet Standard (1993). Used with SMTP. Implemented at application layer. Provides:» Disclosure protection» Originator authenticity» Message integrity
31 Security (PEM cont d) Does not address» Access Control» Traffic Flow» Routing Control» Assurance of message receipt.
32 Summary of PEM Services Function Algorithms used Description Message DES-CBC A message is encrypted using encryption DES-CBC with a one-time session key.the session key is encrypted using RSA with with the recipient s public key and included with the message. Authentication RSA with A hash code of a message and Digital sig- MD2 or MD5 is created using MD2 or MD5. Nature (asymmetric This message digest is encrypted encryption) using RSA with the sender s private key,and included with the message.
33 Summary of PEM Services (cont d) Function Algorithms used Description Authentication DES-ECB or A hash code of a message (asymmetric DES-EDE with is created using MD2 or MD5. encryption) MD2 or MD5 This message digest is encrypted using either DES-ECB or DES-EDE (triple DES) using a symmetric key shared by sender and receiver, and included with the message. Symmetric key DES-ECB or The session key is encrypted Management DES-EDE using either DES-ECB or DES-EDE (triple DES) using a symmetric key shared by sender and receiver, and included with the message.
34 Summary of PEM Services (cont d) Function Algorithms used Description Asymmetric key RSA, MD2 Public-key certificates are management created and signed using MD2 to hash the certificate and RSA to encrypt the hash code. The session key is encrypted using RSA with the recipient s public key, and included with the message. Radix 64 conversion To provide transparency for compatibility applications, an encrypted message may be converted to an ASCII string using radix-64 conversion.
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
Cunsheng DING Version 3 Lecture 17: Electronic Mail Security Outline of this Lecture 1. Email security issues. 2. Detailed introduction of PGP. Page 1 Version 3 About Electronic Mail 1. In virtually all
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
Network Security  Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 firstname.lastname@example.org www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
Network Security Dr. Indranil Sen Gupta Head, School of Information Technology Professor, Computer Science & Engg. Indian Institute of Technology Kharagpur 1 Outline of the Tutorial Security attacks and
Table 15.1 Summary of PGP Services Function Algorithms Used Description Digital signature Message encryption Compression Email compatibility DSS/SHA or RSA/SHA CAST or IDEA or Three-key Triple DES with
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot
Managed Communications JPMorgan - Global Client Access Managed Internet (EC Gateway) Managed Communications Overview JPMorgan offers a variety of electronic communications services that are reliable and
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: email@example.com my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
Yufei Tao Department of Computer Science and Engineering Chinese University of Hong Kong In this lecture, we will discuss the RSA cryptosystem, which is widely adopted as a way to encrypt a message, or
VALLIAMMAI ENGINEERING COLLEGE (A member of SRM Institution) SRM Nagar, Kattankulathur 603203. DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year and Semester : I / II Section : 1 Subject Code : NE7202
E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of
Cryptographic process for Cyber Safeguard by using PGP Bharatratna P. Gaikwad 1 Department of Computer Science and IT, Dr. Babasaheb Ambedkar Marathwada University Aurangabad, India 1 ABSTRACT: Data security
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
Local Area Networks: Internetworking Chapter 81 Learning Objectives List the reasons for interconnecting multiple local area networks and interconnecting local area networks to wide area networks. Identify
E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
CSE/EE 461 Lecture 23 Network Security David Wetherall firstname.lastname@example.org Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO In The Next 15 Minutes, You May Know What is PGP? Why using PGP? What can it do? How did it evolve? How does it work? How to work it? What s its limitation?
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
Lecture G1 Privacy, Security, and Cryptography Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007 Functionalia Instructor Chipp Jansen, email@example.com Course Web Page http://www.sci.brooklyn.cuny.edu/~chipp/cc3.12/
PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'amore Electronic Mail Security Despite the refusal of VADM Poindexter
ICTTEN8195B Evaluate and apply network security Release 1 ICTTEN8195B Evaluate and apply network security Modification History Release Release 2 Comments This version first released with ICT10 Integrated
NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define
topics: cis3.2 electronic commerce 6 dec 2005 lecture # 18 internet security, part 2 symmetric (single key) and asymmetric (public key) methods different cryptographic systems electronic payment mechanisms
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric