# Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Save this PDF as:

Size: px
Start display at page:

Download "Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1"

## Transcription

1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1

2 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret key v Q: how to agree on key in first place (particularly if never met )? public key crypto v radically different approach [Diffie- Hellman76, RSA78] v sender, receiver do not share secret key v public encryption key known to all v private decryption key known only to receiver 8-2

3 Public key cryptography + K B - K B Bob s public key Bob s private key plaintext message, m encryption algorithm ciphertext + K (m) B decryption algorithm plaintext message - + m = K (K (m)) B B 8-3

4 Public key encryption algorithms requirements: B - + B need K ( ) and K ( ) such that K (K (m)) = m B B given public key K B, it should be impossible to compute private - key K B + RSA: Rivest, Shamir, Adelson algorithm 8-4

5 Prerequisite: modular arithmetic v v v v x mod n = remainder of x when divide by n facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n thus (a mod n) d mod n = a d mod n example: x=14, n=10, d=2: (x mod n) d mod n = 4 2 mod 10 = 6 x d = 14 2 = 196 x d mod 10 = 6 8-5

6 RSA: getting ready v message: just a bit pattern v bit pattern can be uniquely represented by an integer number v thus, encrypting a message is equivalent to encrypting a number. example: v m= This message is uniquely represented by the decimal number 145. v to encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext). 8-6

7 RSA: Creating public/private key pair 1. choose two large prime numbers p, q. (e.g., 1024 bits each) 2. compute n = pq, z = (p-1)(q-1) 3. choose e (with e<n) that has no common factors with z (e, z are relatively prime ). 4. choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. public key is (n,e). private key is (n,d). + K B - K B 8-7

8 RSA: encryption, decryption 0. given (n,e) and (n,d) as computed above 1. to encrypt message m (<n), compute c = m e mod n 2. to decrypt received bit pattern, c, compute m = c d mod n magic happens! m = (m e mod n) c d mod n 8-8

9 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). encrypting 8-bit messages. encrypt: decrypt: bit pattern m m e c = m e mod n 0000l c c d m = c d mod n

10 Why does RSA work? v must show that c d mod n = m where c = m e mod n v fact: for any x and y: x y mod n = x (y mod z) mod n where n= pq and z = (p-1)(q-1) due to Kaufman 1995 v thus, c d mod n = (m e mod n) d mod n = m ed mod n = m (ed mod z) mod n = m 1 mod n = m 8-10

11 RSA: another important property The following property will be very useful later: - + K (K (m)) = m B B use public key first, followed by private key = + - B B K (K (m)) use private key first, followed by public key result is the same! 8-11

12 - + Why K (K (m)) = m = K (K (m))? B B + - B B follows directly from modular arithmetic: (m e mod n) d mod n = m ed mod n = m de mod n = (m d mod n) e mod n 8-12

13 Why is RSA secure? v suppose you know Bob s public key (n,e). How hard is it to determine d? v essentially need to find factors of n without knowing the two factors p and q fact: factoring a big number is hard 8-13

14 RSA in practice: session keys v exponentiation in RSA is computationally intensive v DES is at least 100 times faster than RSA v use public key cryto to establish secure connection, then establish second key symmetric session key for encrypting data session key, K S v Bob and Alice use RSA to exchange a symmetric key K S v once both have K S, they use symmetric key cryptography 8-14

15 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-15

16 Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap1.0: Alice says I am Alice I am Alice Failure scenario?? 8-16

17 Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap1.0: Alice says I am Alice I am Alice in a network, Bob can not see Alice, so Trudy simply declares herself to be Alice 8-17

18 Authentication: another try Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address Alice s IP address I am Alice Failure scenario?? 8-18

19 Authentication: another try Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address Alice s IP address I am Alice Trudy can create a packet spoofing Alice s address 8-19

20 Authentication: another try Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it. Alice s IP addr Alice s password I m Alice Alice s IP addr OK Failure scenario?? 8-20

21 Authentication: another try Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it. Alice s IP addr Alice s password I m Alice Alice s IP addr OK playback attack: Trudy records Alice s packet and later plays it back to Bob Alice s IP addr Alice s password I m Alice 8-21

22 Authentication: yet another try Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it. Alice s IP addr encrypted password I m Alice Alice s IP addr OK Failure scenario?? 8-22

23 Authentication: yet another try Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it. Alice s IP addr encrypted password I m Alice Alice s IP addr OK record and playback still works! Alice s IP addr encrypted password I m Alice 8-23

24 Authentication: yet another try Goal: avoid playback attack nonce: number (R) used only once-in-a-lifetime ap4.0: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key I am Alice R Failures, drawbacks? K A-B (R) Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! 8-24

25 Authentication: ap5.0 ap4.0 requires shared symmetric key v can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography R I am Alice - K A (R) send me your public key + K A Bob computes + - K A (K (R)) = R A and knows only Alice could have the private key, that encrypted R such that + - K A (K (R)) = R A 8-25

26 ap5.0: security hole man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) - + m = K (K (m)) A A I am Alice R - K (R) A Send me your public key K + A + K (m) A Trudy gets - + m = K (K (m)) T T sends m to Alice encrypted with Alice s public key I am Alice R - K (R) T Send me your public key K + T + K (m) T 8-26

27 ap5.0: security hole man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) difficult to detect: v Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation!) v problem is that Trudy receives all messages as well! 8-27

28 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-28

29 Digital signatures cryptographic technique analogous to hand-written signatures: v sender (Bob) digitally signs document, establishing he is document owner/creator. v verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document 8-29

30 Digital signatures simple digital signature for message m: v Bob signs m by encrypting with his private key K B, - creating signed message, K B (m) - Bob s message, m Dear Alice Oh, how I have missed you. I think of you all the time! (blah blah blah) Bob - K Bob s private B key Public key encryption algorithm - m,k (m) B Bob s message, m, signed (encrypted) with his private key 8-30

31 Digital signatures v suppose Alice receives msg m, with signature: m, K B (m) v Alice verifies m signed by Bob by applying Bob s public key K B to K B (m) then checks K B (K B (m) ) = m. + - v If K B (K B (m) ) = m, whoever signed m must have used Bob s private key. Alice thus verifies that: Bob signed m no one else signed m Bob signed m and not m non-repudiation: - ü Alice can take m, and signature K B (m) to court and prove that Bob signed m

32 Message digests computationally expensive to public-key-encrypt long messages large message m H: Hash Function H(m) goal: fixed-length, easy- tocompute digital fingerprint v apply hash function H to m, get fixed size message digest, H(m). Hash function properties: v many-to-1 v produces fixed-size msg digest (fingerprint) v given message digest x, computationally infeasible to find m such that x = H(m) 8-32

33 Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of message is many-to-one But given message with given hash value, it is easy to find another message with same hash value: message ASCII format message ASCII format I O U B O B 49 4F E D2 42 I O U B O B 49 4F E D2 42 B2 C1 D2 AC different messages but identical checksums! B2 C1 D2 AC 8-33

34 Digital signature = signed message digest Bob sends digitally signed message: large message m + Bob s private key H: Hash function - K B H(m) digital signature (encrypt) encrypted msg digest - K B (H(m)) Alice verifies signature, integrity of digitally signed message: large message m H: Hash function H(m) Bob s public key + K B equal? encrypted msg digest - K B (H(m)) digital signature (decrypt) H(m) 8-34

35 Hash function algorithms v MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x v SHA-1 is also used US standard [NIST, FIPS PUB 180-1] 160-bit message digest 8-35

36 Recall: ap5.0 security hole man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) - + m = K (K (m)) A A I am Alice R - K (R) A Send me your public key K + A + K (m) A Trudy gets - + m = K (K (m)) T T sends m to Alice encrypted with Alice s public key I am Alice R - K (R) T Send me your public key K + T + K (m) T 8-36

37 Public-key certification v motivation: Trudy plays pizza prank on Bob Trudy creates order: Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob Trudy signs order with her private key Trudy sends order to Pizza Store Trudy sends to Pizza Store her public key, but says it s Bob s public key Pizza Store verifies signature; then delivers four pepperoni pizzas to Bob Bob doesn t even like pepperoni 8-37

38 Certification authorities v certification authority (CA): binds public key to particular entity, E. v E (person, router) registers its public key with CA. E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing E s public key digitally signed by CA CA says this is E s public key Bob s identifying information Bob s public + key K B digital signature (encrypt) CA private key K - CA + K B certificate for Bob s public key, signed by CA 8-38

39 Certification authorities v when Alice wants Bob s public key: gets Bob s certificate (Bob or elsewhere). apply CA s public key to Bob s certificate, get Bob s public key + K B digital signature (decrypt) + K B Bob s public key CA public key K + CA 8-39

### Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### Network Security. HIT Shimrit Tzur-David

Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

### Chapter 7: Network security

Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

### Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

### What is network security?

Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

### Principles of Network Security

he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy

### Chapter 8 Network Security

Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

### Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

### Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

### Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

### Overview of Network Security

Overview of Network Security from à Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross AddisonWesley, July 2007. 81 Roadmap: What is network security? Principles of cryptography

### TELE 301 Network Management. Lecture 18: Network Security

TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not

### Application Layer (1)

Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Security: Focus of Control. Authentication

Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

### Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

### Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing

### Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### Applied Cryptology. Ed Crowley

Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric

### Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

### 159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

### Telematics Chapter 11: Network Security Beispielbild User watching video clip

Telematics Chapter 11: Network Security Beispielbild User watching video clip Server with video clips Application Layer Application Layer Prof. Dr. Mesut Güneş Presentation Layer Presentation Layer Computer

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

### Today ENCRYPTION. Cryptography example. Basic principles of cryptography

Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

### Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

### An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

### Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it

### Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

### Public Key Cryptography Overview

Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

### Network Security. Network Security. Security in Computer Networks

Network Security Network Security introduction cryptography authentication key exchange Reading: Tannenbaum, section 7.1 Ross/Kurose, Ch 7 (which is incomplete) Intruder may eavesdrop remove, modify, and/or

### Introduction to Computer Security

Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors

### Security in Computer Networks

CHAPTER 8 Security in Computer Networks Way back in Section 1.6 we described some of the more prevalent and damaging classes of Internet attacks, including malware attacks, denial of service, sniffing,

### Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Netzwerksicherheit: Anwendungen

Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

### APNIC elearning: Cryptography Basics. Contact: esec02_v1.0

APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption Symmetric-Key Algorithm Block and Stream Cipher Asymmetric Key Algorithm

### Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

### Symmetric Key cryptosystem

SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

### Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

### Network Security Technology Network Management

COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission

### Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Cryptography some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) modern secret key cryptography DES, AES public key cryptography RSA, digital signatures cryptography in practice

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

### Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

### Chapter 8 Network Security

Chapter 8 A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete slides (including

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

### Security in Computer Networks

Security in Computer Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu Audio/Video recordings of this lecture are available on-line at: http://www.cse.wustl.edu/~jain/cse473-10/

### Information Security

Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

### Client Server Registration Protocol

Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

### CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

### Cryptography & Digital Signatures

Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.

### Security and the Internet

Security and the Internet Original key design goals of Internet protocols: resiliency availability scalability Security has not been a priority until mid 1990s Security Attacks Cast of characters: Alice,

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### Network Security Protocols

Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

### Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

### System and Network Security

System and Network Giuseppe Anastasi g.anastasi@iet.unipi.it Pervasive Computing & Networking Lab. () Dept. of Information Engineering, University of Pisa Based on original slides by - Silberschatz, Galvin

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

### Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

### USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

### Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

### CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

### Chapter 8. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, sl April 2009. Thanks and enjoy!

Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

### APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

### Network Security Concepts: Review

Network Security Concepts: Review Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/

### Chapter 10. Network Security

Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### Digital Signatures. Good properties of hand-written signatures:

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is

### Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

### Introduction to Cryptography

Introduction to Cryptography Part 2: public-key cryptography Jean-Sébastien Coron January 2007 Public-key cryptography Invented by Diffie and Hellman in 1976. Revolutionized the field. Each user now has

### NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security

### 9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics IT443 Network Security Administration Instructor: Bo Sheng Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions 1 2 Encryption/Decryption

### CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

### How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

### Basics of Cryptography

Basics of Cryptography What is Cryptography? Cryptography is an applied branch of mathematics In some situations it can be used to provide Confidentiality Integrity Authentication Authorization Non-repudiation

### Savitribai Phule Pune University

Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

### Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### An Introduction to Cryptography and Digital Signatures

An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through

### Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

### ECE 428 Network Security

ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA

### Chapter 8. Network Security

Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

### Data Communications & Networks. Session 11 Main Theme Network Security. Dr. Jean-Claude Franchitti

Data Communications & Networks Session 11 Main Theme Network Security Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences Adapted from