1 CPS Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang
2 Previous lectures Worm Fast worm design
3 Today Network security Cryptography building blocks Existing secure protocols/applications Looking forward What s missing
4 Overview Why studying network security? Basic cryptography building blocks Security protocols Non-cryptography based security: firewalls
5 The Internet is insecure Attackers may eavesdrop, modify, or drop your packets!
6 Network security Confidentiality: Do you want to send your credit card #, login password over the Internet in plaintext? Integrity Data integrity: Imagine an Amazon transaction. Do you want your payment to be modified from $10.0 to $100? Replay attack: You do not want the same transaction confirmation to be sent multiple times! Timeliness: delay a stock purchase Authenticity Entity authentication: who are you talking to? Phishing attack Message authentication: who sent this message? Availability Denial of service attacks Non-repudiation You ve clicked the confirmation button!
7 How to address those problems Cryptography building blocks Confidentiality Encryption Authenticity Public key signatures Authentication protocols (later ) Non-cryptographic approach Firewalls
8 Cryptographic tools Cryptographic algorithms Ciphers and Cryptographic hashes Not a solution in themselves, but building blocks from which a solution can be built Key distribution Protocols built on cryptographic algorithms System builders need to get familiar with the tools
9 Principles of Ciphers Encrypt key (plaintext) à ciphertext Ciphertext is unintelligible Decrypt key (ciphertext) à plaintext The transformation is called a cipher
10 Security of a Cipher Encrypt() and Decrypt() are public knowledge Only key is secret Designing a cipher is like a black art No news is good news Cryptanalysis (code breaking) Known plaintext Know the plaintext and its encrypted version and make use of them to guess other part of secrete information such as secrete keys Chosen plaintext analysis An attacker can get arbitrary plaintext encrypted Some plaintext has known vulnerabilitites
11 Block ciphers CBC XOR Input is a fixed size block of text, eg, bits Modes of operation Electronic codebook (ECB) mode: each block is encrypted independently The same block value will always result in the same cipher text block Cipher block chaining Each plaintext block is XORed with the previous block s ciphertext before being encrypted Context dependent
12 Standard symmetric-key ciphers National Institute of Standards and Technology (NIST) issued ciphers Data encryption standard (DES) 56-bit key 64-bit block size Insecure against brute-force attacks Triple DES (3DES) First encrypt using DES-key1, decrypt using DES-key2, and encrypt using DES-key3 Backward compatible: can be decrypted by DES Advanced encryption standard (AES) Originally named Rijndael 128, 192, 256-bits
13 Public-key ciphers RSA Difficult to factor large numbers Key length >= 1024 bits ElGamal Discrete logarithm is hard Key length >= 1024 bits Public-key ciphers are orders of magnitude slower than symmetric cipher
14 Cryptography building blocks Confidentiality Encryption Authenticity Public key signatures Authentication protocols (later)
15 Public key authentication Everyone can validate who sends the message Not good enough No data integrity: modifying a ciphertext message may produce a readable output I owe you $10 à I owe you $100000
16 Authenticators Message Message Digest (hash) Encrypt authenticator Detect tampering Attach to a message Problem: Encryption alone does not provide data integrity Modifying a cipher may still allow decrypting to a valid plaintext An authenticator is a value, to be included in a transmitted message that can be used to verify simultaneously the authenticity and the data integrity of a message Why are these two properties combined? 1. Message digest + encryption Modifying the message cannot produce the correct authenticator
17 Authenticator methods Asymmetric cryptography Digital signatures Symmetric cryptography Message authentication code (MAC) Another MAC!
18 Hash functions A secure one-way function f(x) Knowing f(x) gives little knowledge about x Collision attacks Attacks finding any collision Preimage attacks A 2 nd message that collides with a given first message Common ones: MD5, SHA-1 SHA-1 expires by 2010 SHA-2
19 Digital signatures A digest encrypted using the private key of a public-key algorithm Common digital signatures Digital signature standard (DSS) May use any one of three public-key ciphers RSA, ElGamal, Elliptic Curve Digital Signature Algorithm
20 Authenticators Message Authentication Code Hashed message authentication code Instead of encrypting a hash, it uses a hash-like function that takes a secret value (known only to the sender and the receiver) as a parameter. How does two ends obtain the key? Security of HMAC: what if hash s not one-way?
21 Two problems: Key distribution How do participants know which entity has which public key? A complete scheme for certifying bindings between public keys and identities what keys belongs to who is called a public key infrastructure (PKI) Comments: not easy to scale People don t use it that much How do each end know the symmetric shared key?
22 Distributing public keys A public-key certificate is a digitally signed statement that binds the identity of the entity to a public key If A trusts B, and knows B s public key, then A can learn C s public key if B issues a public key certification of C X.509 certificate The ID of the entity The public key of the entity The identity of the signer The digital signature A digital signature algorithm Optional: expiration time
23 Certification authorities A CA is an entity claimed to be trustworthy to verify identities and issuing public key certificates Verisign CAs can be organized into a tree Trust is binary: yes or no Everyone trusts the root
24 Multiple CAs In the real world, there is no single rooted trust Multiple CAs whose public keys are trusted by different people Self-certifying certificates Signer is self Accepted by TLS
25 Web of Trust Pretty Good Privacy: No single hierarchical Establishing trust is a personal matter and gives users the raw material to make their own decisions IETF s PGP signing session: Collect public keys from others whose identity one knows Provide his public key to others Get his public key signed by others Sign the public key of others Collect the certificate from other individuals whom he trusts enough to sign keys Trust is a matter of degree A public-key certificate includes a confidence level Trust dependent on the number of certificates of a key, and the confidence level of each certificate
26 Certificate Revocation Certificate revocation list Periodically updated and publicly available Digitally signed Lists may be large Online certificate status protocol Query the status of a certificate
27 Two problems: Key distribution How do participants know which entity has which public key? A complete scheme for certifying bindings between public keys and identities what keys belongs to who is called a public key infrastructure (PKI) Comments: not easy to scale People don t use it that much How do each end know the symmetric shared key?
28 Symmetric key distributions If there are N entities, N(N-1)/2 keys Key distribution center (KDC) A trusted entity Each user maintains a key with the KDC KDC generates a session key when a user wants to communicate with another destination Kerberos is a widely used key-distribution system
29 Discrete log is hard Diffie-Hellman key agreement g a modp g b mod p Long considered as the invention of public key cryptography Establishes a session key without using any predistributed keys
30 Diffie-Hellman Key Agreement Two parameters: g, and p p: a prime; g: a primitive root of p s.t. for every number of n from 1 through p-1 there must be some value k such that n=g k mod p 1=2 0 mod 5, 2 = 2 1 mod 5, 3=2 3 mod 5, 4=2 2 mod 5 Alice picks a private value a, and sends g a modp Bob picks b, ands sends g b mod p g ab mod p = g ba mod p Discrete log is hard Attackers cannot guess a, or b, even when they see g a mod p or g b mod p
31 Man in the middle attack Fixed DH: Alice and Bob has fixed a, and b values g a mod p is certified
32 Overview Why studying network security? The topic itself is worth another class Basic cryptography building blocks Security protocols Case studies of using cryptography to build secure systems Non-cryptography based security: firewalls
33 Secure systems PGP for security Works well for Could be replayed, but a user can detect No need of prior message exchange Confidentiality Does not prove Alice is talking to Bob
34 Secure Shell (ssh) Both the SSH protocol and applications that use it Widely used Replacing telnet, rsh, rcp No need to send plaintext passwords to authenticate Prior to it, passwords are sent in plaintext!
35 Components of SSH2 SSH 2 consists of three protocols SSH-TRANS: a transport layer protocol Provides an encrypted channel between the client and server machines A secure channel is established before a client authenticates A client authenticates the server to establish the channel SSH-AUTH, an authentication protocol Client authenticates to the server You may type your password! SSH-TRANS takes care of encryption SSH-CONN, a connection protocol Used for port forwarding
36 SSH s server key distribution A server tells the client its public key at connection time Attackers are not always present Vulnerability window is small The first time a key is sent, ssh asks the user If accepts, ssh remembers the key and compares the stored key with an offered key in a subsequent connection Prompts the user if changed Otherwise accept
37 Establishing a secure channel After a client authenticates the server Establish a session key All subsequent messages are encrypted using the session key
38 SSH s client authentication Password A secure channel is already established! Public key encryption Places your public key in ~/.ssh/authorized_keys Host authentication A user claiming to be so-and-so from a certain set of trusted hosts is automatically believed to be the same user on the server The client host authenticates itself to the server SSH-TRANS only authenticates server by default User claims to be so-and-so from a set of trusted hosts is believed to be the same user on the server
39 SSH login w/o typing in your passwords Use ssh-keygen to generate a public/private key pair ssh-keygen t dsa Append.id_dsa.pub to.ssh/authorized_keys on the server scp ~/.ssh/id_dsa.pub linux1.cs.duke.edu:~/ ssh linux1.cs.duke.edu cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
40 SSH port forwarding SSH can be used to establish a secure channel between two hosts using the SSH-CONN protocol Secure legacy applications
41 Example: X11 forwarding Local host X server Remote host xterm Localhost:10.0 ssh client sshd ssh X remote-host sshd at the remote host creates a TCP listening socket (6010), and X authentication information, and set your display variable to localhost:10.0 When you type xterm, it speaks the X11 protocol with the sshd faked X server port (10.0), and sshd forwards it back to the ssh client at local host. The ssh client forwards back to the X server running on your local host You see the xterm displays on your local host, and all commands you type in the xterm is encrypted!
42 SSH port forwarding Some legacy applications do not have security mechanism built-in: pop3 How can you read your without sending your password in cleartext? ssh L 9999:localhost:110 mail.cs.duke.edu Run your pop3 mail client, and make it use localhost: 9999 All commands will be sent via an encrypted connection Pop3 ß à localhost:9999 ß à ssh client ß à mail.cs.duke.edu:sshd ß à mail.cs.duke.edu:110
43 The VNC example Local disp Remote disp VNC client VNC server Inseure network A real world application The free VNC servers do not have encryption Figure out how to do it yourself! Vncviewer sends your password in plaintext a vncserver Unless you purchase the non-free version How can we establish a secure tunnel between the vncclient and server?
44 SSL/TLS Transport layer security (TLS) is based on Secure Socket Layer (SSL) https: port 443 A handshake protocol for negotiating parameters, and a secret session key Each direction has a key A record protocol to transmit messages
45 The handshake protocol Negotiate encryption hash, symmetric key cipher, and session key establishment protocol Mutual authentication Or authenticating one participant only Or no authentication Nc: client nonce Ns: server nonce Diffie-Hellman Key exchange e.g. a certificate and DH parameters Agree on the master secret Detect any discrepancy
46 The record protocol Fragmented or coalesced into blocks of a convenient size Optionally compressed Integrity-protected using an HMAC as an authenticator for each record Comments: quite heavy was not the default for a long time Encrypted using a symmetric key cipher Passed to the transport layer Each record message has its own sequence number to prevent replay attacks. TCP s sequence number is not sufficient! An active adversary can modify TCP sequence numbers in packets!
47 IPSec A framework specifies how to secure all IP traffic between two machines Two parts Security services: Authentication header (AH): rarely used, Encapsulating Security Payload (ESP) Key management: Internet security association and key management protocol (ISAKMP). Defines message format, not the detailed key generation algos.
48 Security Association A security association (SA) is created for each direction IP is connectionless, but IPSec is not An SA includes connection state such as keys, and sequence numbers An SA is identified by a security parameter SPI (a multiplexing key) SPI and destination address identifies an SA SAs are established, negotiated, modified and deleted using ISAKMP Internet Key Exchange (IKE) is one key exchange protocol
49 The ESP header Padding is necessary due to cipher requirement Payload s encrypted Two modes: tunnel, or transport
50 Modes Company site 1 Company site 2 Internet VPN tunnel Tunnel mode: bump-in-the-wire Useful in creating VPNs Payload is an IP packet
51 Transport model Upper layer payload is encrypted UDP, TCP
52 Discussion Differences between IPsec and TLS Pros and cons
53 Firewalls Firewalls create zones of trust The internal network Demilitarized zone (DMZ) DNS, servers Hosts in DMZ accessible by anyone Cannot access internal hosts DMZ can be periodically restored The rest of the Internet Widely used in practice Unilaterally deployed
54 Firewall configurations Access lists: similar to tcpdump s filter lists Allows outside connection to Duke CS s main mail server one.cs.duke.edu: (*,*, , 25, allow) Disallow to internal mail server (152.3/16, *, , 25, allow ) (*,*, , 25, deny)
55 Using Firewalls to Create DMZ A firewall with three interfaces
56 Using Firewalls to Create DMZ Dual firewalls
57 Conclusion Network security in practice Building blocks Symmetric key cryptography Public key cryptography Protocols and applications SSH TLS IPSec Firewalls
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
Network Security  Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
APNIC elearning: IPSec Basics Contact: email@example.com esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist firstname.lastname@example.org Specialties: Routing &
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
PART-A Questions 1. Name the aspects to be considered of information security. 2. What is meant by deciphering? 3. What are the two different uses of public key cryptography related to key distribution?
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you
1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local
Basics of Cryptography What is Cryptography? Cryptography is an applied branch of mathematics In some situations it can be used to provide Confidentiality Integrity Authentication Authorization Non-repudiation
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
CSE/EE 461 Lecture 23 Network Security David Wetherall email@example.com Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
SSH: Secure Shell Readings RFC 4251- RFC 4254 Manual page of ssh command What is SSH? SSH Secure Shell Program vs. company vs. protocol Will concentrate on SSH-2 protocol SSH is a protocol for secure remote
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003 History of Cryptography The concept of securing messages through cryptography has a long history.
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: firstname.lastname@example.org my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador email@example.com Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
Insecure network services NFS (port 2049) - Read/write entire FS as any non-root user given a dir. handle - Many OSes make handles easy to guess Portmap (port 111) - Relays RPC requests, making them seem
Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!