How To Secure The Internet Of Things
|
|
- Della George
- 3 years ago
- Views:
Transcription
1 Pusan National University Howon Kim Oct. 2014
2 Agenda Security and Privacy Issues in Internet of Things 1. Vulnerabilities in IoT 2. Device Security in IoT 3. Comm./Network Security in IoT 4. Security in IoT Services 5. Privacy Issues in IoT 6. Concluding Remarks 2
3 1. Vulnerabilities in IoT Security Problems in IoT IoT is highly vulnerable due to its components complexity Also, different subjects make it difficult to resolve the security vulnerabilities Vulnerabilities are possible in device firmware, OS, network protocol, service software, service APIs, etc. It means that difference subjects such as device vendor, service provider, device manufacturer, ISP, etc. should be responsible for fixing the vulnerabilities Also, the horizontal market characteristics in IoT service make the vulnerabilities worse Once private information is gathered by service provider, Ensuring the the Right to self-control on private information is not easy Also, current data mining techniques make this difficulty worse IoT Service (Sensed Privacy information: DB) AP Current IoT devices have many risks such as device theft, data leakage, data disclosure, phising attack, spyware/malware attack, etc. Weight scale Vulnerable wireless protocol is able to be used for eavesdropping attack The cracked sensing device is able to be used for illegal private information gathering (The existence of the user at home, etc.) Adversary Service User [ Possible Security/Privacy Vulnerabilities in IoT Scale ] Ref) 3
4 1. Vulnerabilities in IoT Security & Privacy Domain in IoT Security technology for IoT devices Countermeasure against Side Channel Attack Countermeasure against Physical Attack Security technology for IoT comm./network protocols ZigBee security(ieee security) CoAP security(dtls security) LwM2M security UDP security MQTT security Security technology for IoT Services IoT Platform security IoT-A security Privacy enhancing technology for IoT services API security for IoT Services OAuth security 4
5 2. Device Security in IoT Vulnerabilities in IoT Devices Side Channel Attack ex) Power analysis attack (SPA, DPA, CPA) can extract critical information (key values, etc.) in IoT devices Cracking and Reversing Attack Chip Cloning, Chip Reversing, ROM Code extraction, key/password extraction, etc. Attack on Device OS and SW Injecting malicious code, Code cracking, etc. 5
6 2. Device Security in IoT Side Channel Attack 소비전력 정보 Power Trace Side Channel Analysis 6 Secret Key Extraction (RSA, ECC, AES keys, etc.)
7 2. Device Security in IoT Cracking and Reversing Attack Circuit Engineering Compa ny Limited continues to be recognized as the Souther n China Leader in Services for IC Read, MCU Crack, Chip Extract, Microcontroller Unlock service. With the advancement of today s modern circuit board technology, it is more important than ever to have specialists available to help you at a moment s notice. Our engineering and commercial teams collectively have a vast amount of electronic experience covering field include Consumer Electronics, Industrial Automation Electronics, Wireless Communication Electronics., etc. For more information please contact us through . 7
8 2. Device Security in IoT Security technology for IoT devices Tamper Resistance / Tamper Evidence Clone detection (with PUF, etc.) Key zeroisation when tampering attack, etc. Side Channel Attack Countermeasure SPA/DPA/CPA attack countermeasure : Random masking, Algorithmic approaches, etc. Device Authentication/Authorization Using secret credential, Certificate (X.509), etc. Access Control in IoT Devices Access Control techniques (ACL, RBAC, etc.) Code Integrity Hash value, MIC(Message Integrity Code), etc. 8
9 2. Device Security in IoT Cryptography Issues in IoT Devices Lightweight crypto algorithms Block Cipher: PRESENT, LEA, AES,etc. Public Key Cryptography: ECC (NIST compliant) Target Platform : MSP430, Atmega, Cortex M3, etc. How about Smart Dust? Security Architecture for Device Authentication/Authorization Based on X.509? CA server for Device Revocation List Management Server Pseudonym CA for Privacy Preserving 9
10 3. Communication & Network Security in IoT ZigBee security Security Architecture SSP (Security Service Provider)/APS (Application Support) provides NWK layer security TC (Trust Center) in ZC (ZigBee Coordinator) is in charge of key management Two security modes are provided: SSM (Standard Security Mode) & HSM (High Security Mode) ZigBee IEEE Application Object SSP (Security Service Provider) APL(Application Layer) ZDO (ZigBee Device Object) APS (Application Support) Layer NWK (Network) Layer MAC (Medium Access Control) Layer PHY(Physical) Layer ZigBee Stack Structure TC (Trust Center) ZC(ZigBee Coordinator) ZR(ZigBee Router) ZED(ZigBee End Device) ZigBee Network 10
11 3. Communication & Network Security in IoT ZigBee security Frame encryption & authentication(msg integrity) Confidentiality & Integrity are provided with AES-CCM* NWK Header APS Header Payload ZigBee frame with no security NWK Header Auxiliary Header Encrypted NWK Payload MIC NWK frame which provides confidentiality & integrity Integrity Protection NWK Header APS Header Auxiliary Header Encrypted APS Payload MIC APS frame which provides confidentiality & integrity Integrity Protection Security Level Security Control Key Identifier Frame Counter Extended Nonce Source Address Reserved Key Sequence Number Security Level : notifies CCM* mode is used or not Key Identifier : specifies the types of key used Extended Nonce : The extended nonce sub-field shall be set to 1 if the sender address field of the auxiliary header is present. Otherwise, it shall be set to 0 Frame Counter : prevents replay attack with this counter number Source Address : address of the sending device Key Sequence Number :used when Key Identifier is the NK 11
12 3. Communication & Network Security in IoT ZigBee security 8 types of security mode 모드 적용내용 No Security No security AES-CBC-MAC-32(MIC-32) 32bit msg authentication AES-CBC-MAC-64(MIC-64) 64bit msg authentication AES-CBC-MAC-128(MIC-128) 128bit msg authentication AES-CTR(ENC) Only encryption is provided AES-CCM-32 32bit Enc/Msg Auth AES-CCM-64 64bit Enc/Msg Auth AES-CCM bit Enc/Msg Auth There are 3 key types in ZigBee Symmetric Key Distribution Methods Key Transport: is where the Trust Center sends the key (securely wherever possible) to the device Key Establishment: is where the device negotiates with the Trust Center and keys are established at either end without being transported (using SKKE, etc.) Pre Installation: is where keys are placed into device using out-of-band method, e.g. commissioning tool MK(Master Key) LK(Link Key) NK(Network Key) - Shared key between two devices at initial state - Only shared by SKKE protocols - which is uniquely shared between two and only two devices for protecting frames at the APS layer - Usually dynamically established using key establishment service - Can also be pre-installed or transported from the Trust Center - Global key which is used by all devices in the network - Usually transported from the Trust Center - Can also be pre-installed
13 3. Communication & Network Security in IoT CoAP(Constrained Application Protocol) security CoAP is secured by DTLS (Datagram Transport Layer Security) while HTTP is secured by TLS (Transport Layer Security) Two main issues in CoAP security Difficulty in end-to-end security CoAP HTTP combination problem (Though TLS and DTLS are similar, it does not mean the seamless communication b/w CoAP and HTTP) Proxy is needed for CoAP-HTTP translation Also, dedicated security mechanism is needed for end-to-end security over CoAP and HTTP (To avoid message eavesdropping due to decryption in Proxy, double encryption may be needed) Lack of multicast security No standard exists for CoAP multicast security Dedicated verification method for signed multicast message is needed Certificate based multicast key verification can be considered Ref) Security for Practical CoAP Applications : Issues and Solution Approaches, FGSN
14 3. Communication & Network Security in IoT MQTT security Services based on MQTT should meets the following security requirements Authentication of users and devices Authorization of access to Server resources Integrity of MQTT Control Packets and application data contained therein Privacy of MQTT Control Packets and application data contained therein Security techniques recommended in MQTT standard (1) In MQTT standard, it recommends the standards which are defined in NIST cyber security framework, FIPS-140-2, NSA Suite B, etc. The recommended light weight crypto algorithms Though specific crypto algorithms are not defined in document, it recommends algorithms described in ISO 29192(PRESENT and CLEFIA for lightweight block cipher) 14
15 3. Communication & Network Security in IoT Security techniques recommended in MQTT standard(2) The following security requirements are defined Client Authentication by Server Client authentication by server with proper authentication methods are recommended VPN and SSL certificate can be used Client Authorization by Server Client access to server resources should be controlled by proper authorization Server Authentication by Client MQTT is assumed to be used in untrustable environment, client should do server authentication VPN or SSL can also be used for this purpose Provides Integrity for Application message and control packet Proper integrity should be provided No specific methods are not defined in standard 15
16 3. Communication & Network Security in IoT Security techniques recommended in MQTT standard(3) Confidentiality in application message & control packet Verified crypto algorithms can be used for encrypting application message Also, TLS and VPN can be used for privacy Other security requirements in MQTT standard Abnormal behavior detection mechanism is needed Repeated connection attempts Repeated authentication attempts Abnormal termination of connections Topic scanning (attempts to send or subscribe to many topics) Sending undeliverable messages (no subscribers to the topics) Clients that connect but do not send data etc. Non-repudiation mechanism is also needed 16
17 4. Security in IoT Services IoT Platform Security Privacy/Trust management Authentication/Authorization Secure Data Exchange System Security Security & Privacy Privacy/Trust management Data anonymization ID management Trust management Authentication & Authorization Secure identification Access control Privilege management Secure data exchange Data encryption Secure protocols System Security Firewall & Intrusion detection Runtime verification & Malware detection Key management Bootstrapping 17
18 4. Security in IoT Services IoT-A Security In IoT-A, 5 security components (AuthZ, AuthN, IM, KEM, TRA) are defined for providing service security Component Name and Short Name Component Functionality Security Goals Targeted AuthZ(Authorization) Access control on services Service access control Confidentiality (data) Integrity (data) Access control on resolution infrastructure Service privacy Service availability AuthN (Authentication) IM (Identity Management) Authentication of service users Management of Identities, Pseudonyms and related access policies Authentication Accountability User privacy Service privacy KEM (Key Exchange and Management) TRA (Trust & Reputation) Exchange of cryptographic keys Collecting user reputation scores and calculating service trust levels Confidentiality (communication) Integrity (communication) Service Reputation Metering Service Trust 18
19 4. Security in IoT Services Relationships b/w Security Techniques defined in IoT-A Secret key, certificate mgmt KEM (Key Exchange & Mgmt) Trust and reputation mgmt on Things, Services TRA (Trust & Reputation) User authentication, object(things, services) authentication Authentication (AuthN) Access rights are granted Authorization (AuthZ) Execution Thing/Service Discovery, Resolution and Lookup Thing/Service Resolution Infrastructure Access Access Control (RBAC, ABAC) Fine grain access control IM (ID Mgmt) ID mgmt., Pseudonym, Anonymity mgmt 19
20 4. Security in IoT Services IoT-A security (1/2) AuthN: Authentication For authentication, methods, password, smartcard, secure token, fingerprint can be used Also, Pre-shared secret key and public key based certificate can be used for user/server/thing authentication AuthZ: Authorization Through authentication, access rights are assigned to a certain resource Authorization may be combined to resource finding operations(discovery/resolution/lookup) RBAC(Role Based Access Control) or ABAC(Attribute Based Access Control) can be used for fine grain access control to resources IM: ID Management From the privacy viewpoint, the ID management is needed for privacy enhancing Anonymization or Pseudonymization techniques can be used for this purposes 20
21 4. Security in IoT Services IoT-A security (2/2) KEM: Key Exchange & Management Secret key/certificate management, key distribution and exchange are needed TRA: Trust & Reputation In IoT services, user reputation on sensor and services should be collected and then trust levels should be calculated This is necessary because the sensed data and remotely located IoT services may be malfunctioned and even be malicious 21
22 5. Privacy Issues in IoT Privacy Enhancing Technology in IoT PII (Personally Identifiable Information) : Name, Social Security number, phone number, , address, etc. Anything that identifies a person directly Does removing PII mean Privacy Preservation? Not enough! PII can be constructed from Re-identification by Linking It means that Re-identification by Data mining in IoT Services à infringes the Privacy 22
23 5. Privacy Issues in IoT Example of the Re-identification by Linking NAHDO(National Association of Health Data Organization) can collect Medical Data legally Ethnicity Visit date Diagnosis Procedure Medication Total charge Medical Data ZIP Birthdate Gender Name Address Date registered Party affiliation Date last voted Voter List Group Insurance Commission in Massachusetts bought anonymized Medical Data from NAHDO Massachusetts State sells its Medical Data to Disease Researchers based on the rule One of Researcher who had Medical Data got Voter List information in Massachusetts Using the ZIP, Birthdate, Gender information from Voter List, the Researcher can get someone s Medical Information From Data Linking, the Researcher can specify someone (Re-identification by Linking) 23
24 5. Privacy Issues in IoT Traditional Privacy Preserving Method Get owner s permission when gathering information When gathering information, getting owner s permission should be provided Privacy enhancing by encryption Data confidentiality is provided by encryption However, privacy is different from encryption Preventing information leakage by strong access control Well defined access control blocks the information leakaga Also DB encryption techniques, searchable encryption technique can be used Using legacy security technology Firewall, sandbox, etc. Privacy is not preserved by encryption, access control and firewall etc. Because current big data processing, data mining techniques will cause privacy imfringement problem 24
25 5. Privacy Issues in IoT Privacy Preserving at the stage of Data Collection and Publishing à Sanitization Input perturbation Add noise to sensed input data (i.e., add noise to database) Output perturbation Add noise to data statistics(published information) 25
26 5. Privacy Issues in IoT Privacy Preserving at the Stage of Data Processing/Usage à Privacy preserving data mining Privacy-preserving data publishing Data mining algorithm which applies to perturbed data ex) Anonymization Changing the results of data mining applications Many data mining methods such as association rule mining, classification rule mining infringe privacy. So mining results are needed to modify to enhance privacy ex) Association rule hiding method Query auditing Query requests and results are controlled ex) Query output perturbing, Query restriction 26
27 5. Privacy Issues in IoT Cryptographic methods for Distributed Privacy Restricts information gathering by data distribution ex) Pinkas s multiparty protocol Randomization 기법 Add noise to data ex) data perturbation 27
28 5. Privacy Issues in IoT Differential Privacy Differential Privacy : DB Privacy Preserving Technique Alice Bob You M Collection and sanitization Users (government, rese archers, marketers, ) Census problem Utility: Users can extract global statistics Privacy: Individual information stays hidden à Typical method for providing differential privacy : Sanitization technique 28
29 5. Privacy Issues in IoT Differential Privacy Differential Privacy example of sanitization Input perturbation Change data before processing E.g. Randomized response Summary statistics Means, variances Marginal totals (# people with blue eyes and brown hair) Regression coefficients Output perturbation Summary statistics with noise Interactive versions of above: Auditor decides which queries are OK 29
30 5. Privacy Issues in IoT Differential Privacy Differential Privacy definition of Differential Privacy The risk to my privacy should not substantially increase as a result of participating in a statistical database Pr [t] Any info adversary can obtain, it could obtain without Me (my data). 30
31 5. Privacy Issues in IoT Differential Privacy Differential Privacy can be implemented by output perturbation User Database Tell me f(x) f(x)+noise x 1 x n For noise, Laplace noise is used frequently 31
32 5. Privacy Issues in IoT Differential Privacy Differential Privacy Laplace noise Laplace distribution K adds noise to the function output f(x) Add noise to each of the k dimensions 32
33 5. Privacy Issues in IoT Differential Privacy Differential Privacy Also in differential privacy, indistinguishability should be satisfied DB= Differ in 1 row DB = x 1 x 2 x 3 M x n-1 x n x 1 x 2 y 3 M x n-1 x n Sanitization random coins Sanitization query 1 answer 1 M query T answer T query 1 answer 1 M query T answer T transcript S transcript S Distance between distributions is at most e random coins 33
34 6.Concluding Remarks III. 맺음말 Security/Privacy Issues exist in each IoT Service Components From devices to services via network and platform, each IoT domains need proper (different) security/privacy technology Also, the perimeter security and the security/privacy issues in integration of different domains should be carefully designed and managed Main Issues in IoT Security/Privacy Device Security Self-control on private information 34
35 Howon Kim Pusan National University 35
36 참고 자료 참고 자료 [1] 부산대학교, 개방형 고성능 표준 IoT 기술 개발, [2] Internet of Things Architecture, IoT-A, Project Deliverable D4.2 [3] Getting Started with OAuth 2.0 [4] OAuth Web Authorization Protocol [5] OAuth 공식 홈페이지 - [6] Google Developer site - [7] MAC Access Authentication 자료 - [8] Karol Furdik, IoT challenges, approaches, and outcomes in the context of European research projects [9] CISCO, The Internet of Things, How the Next Evolution of the Internet Is Changing Everything [10] Security as a Service for User Customized Data Protection by Kenichi Takahashi, etc., Software Engineering and Computer Systems,
7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationAn Overview of ZigBee Networks
An Overview of ZigBee Networks A guide for implementers and security testers Matt Hillman Contents 1. What is ZigBee?... 3 1.1 ZigBee Versions... 3 2. How Does ZigBee Operate?... 3 2.1 The ZigBee Stack...
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationEmbedded Java & Secure Element for high security in IoT systems
Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product
More informationAGAINST OUTSIDE THREATS
SECURING CONTROL NETWORKS AGAINST OUTSIDE THREATS MARK BUCKLAND MAY 2015 2015 Echelon Corporation IzoT PLATFORM PILLARS Full Monitoring and Control over IP Legacy Co-Existence and Evolution Industrial-strength
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationLightweight Security using Identity-Based Encryption Guido Appenzeller
Lightweight Security using Identity-Based Encryption Guido Appenzeller Chief Technology Officer Voltage Security Inc. Identity-Based Encryption (IBE) IBE is a new public key encryption algorithm A number
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationZigBee Security. Robert Cragie Chair, ZigBee Alliance ZARC Securit y Task Group Principal Engineer, Jennic Ltd.
ZigBee Security Robert Cragie Chair, ZigBee Alliance ZARC Securit y Task Group Principal Engineer, Jennic Ltd. 1 Security in the ZigBee stack 2 Specification constraints The specification assumes an 'open
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationChapter 8 Network Security. Slides adapted from the book and Tomas Olovsson
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationEnd-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich
End-to-End Security in Wireless Sensor (WSNs) Talk by Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationOverview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security
Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect
More informationThreat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationWIRELESS LAN SECURITY FUNDAMENTALS
WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015 #ATM15ANZ @ArubaANZ Learning Goals Authentication with 802.1X But first: We need to understand some PKI And before that, we need a cryptography
More informationNSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationUG103.5 EMBER APPLICATION DEVELOPMENT FUNDAMENTALS: SECURITY
EMBER APPLICATION DEVELOPMENT FUNDAMENTALS: SECURITY This document introduces some basic security concepts, including network layer security, trust centers, and application support layer security features.
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationBlackBerry Enterprise Solution
BlackBerry Enterprise Solution Security Technical Overview for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5 2008 Research In Motion Limited. All rights
More informationZigBee Security. Introduction. Objectives
ZigBee Security Introduction Whether you re a homeowner or a manager of a mission critical automatic industrial production line, security is an issue that you should be concerned about. Tech savvy burglars
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationCS 600.443 Final Exam
CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationInternet of things (IOT) applications covering industrial domain. Dev Bhattacharya dev_bhattacharya@ieee.org
Internet of things (IOT) applications covering industrial domain Dev Bhattacharya dev_bhattacharya@ieee.org Outline Internet of things What is Internet of things (IOT) Simplified IOT System Architecture
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationM-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationIoT Security. Introduction. Threat Model
IoT Security Introduction In this 1248 white paper we summarise the various aspects of security which need to be considered when designing connected products for the Internet of Things. We give a general
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationSecurity Analysis of PLAID
Security Analysis of PLAID Dai Watanabe 1 Yokoyama Laboratory, Hitachi, Ltd., 292 Yoshida-cho, Totsuka-ku, Yokohama, 244-0817, Japan dai.watanabe.td@hitachi.com Abstract. PLAID is a mutual authentication
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationHuman Factors in Information Security
University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationFRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationW ith an estimated 14 billion devices connected to
Renesas Synergy Security Portfolio Delivers Comprehensive Protection from Industrial and IoT Threats Advanced capabilities give developers tools to counter attacks W ith an estimated 14 billion devices
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationSECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9
SECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9 Author: Timothy N. Scaggs, IBM, March 2014 Edited: Rodney Thomas, IBM, June, 2015 Table of Contents Executive Summary... 2 IBM WebSphere
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationTop Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America
1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More information