Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Size: px
Start display at page:

Download "Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities"

Transcription

1 TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons Policy vulnerabilities Configuration vulnerabilities Technology vulnerabilities Doç. Dr. Halûk Gümüşkaya http: / /www.mam.gov.tr /~haluk Start: August 2001, Update: September And People Eager to Take Advantage of the Vulnerabilities 2 Contents 2. Cryptography - Definitions Security Threats telnet company.org username: dan password: Passive Threats m-y-p-a-s-s-w-o-r-d d-a-n Interception (Loss of Privacy) I m. Send Me All Corporate Correspondence with Cisco. Active Threats Fabrication (Impersonation) Deposit $1000 Deposit $ 100 CPU 3 Interruption (Denial of Service) Customer Modification (Loss of Integrity) Bank 4

2 UNIVERSAL PASSPORT Elements of Security Identity Identity Accurately identify users Determine what users are allowed to do Integrity Ensure network availability Provide perimeter security Ensure privacy Active Audit Recognize network weak spots Uniquely and accurately identify users, applications, services, and resources Username/password, one-time password Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) AAA server RADIUS, TACACS+, Kerberos, MS-login Digital Certificates, Directory Services Network Address Translation Detect and react to intruders Policy 5 6 Authentication, Authorization, and Accounting (AAA) Example: End-to-End Security Products Tool for enforcing security policy Authentication Verifies identity Who are you? Authorization Configures integrity What are you permitted to do? Accounting Assists with audit What, When, How long did you do? UNIVERSAL PASSPORT USA UNIVERSAL PASSPORT USA Identity Secure access control server Integrity Secure Integrated Software Firewall Access control lists VPN/encryption solutions (IPSec) Active Audit Secure Scanner Secure Intrusion Detection System 7 8

3 Components of Security Management Workstation Components of Security and Real World Security Examples WAN Firewall or Security Gateway Administration Audit Trails (Acounting) Corp IS Identity: Authentication, Authorization, Accounting (AAA) (Kimlik Doğrulama, Yetkilendirme, Takip) ID Card (i.e: Driver License), Notery, Physical Presence, Keys and Badges (Doors, locks, guards, Analogy: Firewalls & access controls ) Integrity (Bütünlük) Signature, barkode, stamp Active Audit Surveillance cameras & motion sensors Authentication Integrity Authorization Nonrepudiation (Gizlilik) Non-repudiation (İnkâr Edememezlik) Sealed Envelope Signature, Received, Approval Availability (Reliability) (Süreklilik) Different Communication Paths, Standby Systems and Power Supplies, Backup 9 10 Components of Security and Electronic Security Solutions Security Objective: Balance Business Needs with Risks Identity: Authentication, Authorization, Accounting (AAA) (Kimlik Doğrulama, Yetkilendirme, Takip) Digital Signatures, Secret key,hashing Integrity (Bütünlük) Hash, Digital Signatures, Certificates Active Audit Intrusion Detection System (Gizlilik) Ciphering Connectivity Performance Ease of Use Manageability Availability Authentication Authorization Accounting Assurance Data Integrity Non-repudiation (İnkâr Edememezlik) Digital Signatures, Log Files Access Security Availability (Reliability) (Süreklilik) Standby Systems, Backup, Maintenance 11 Policy Management 12

4 Cryptography 2. Cryptography Services: (Gizlilik) (ciphering) Integrity (Bütünlük) (one-way hash) Authentication (Kimlik Doğrulama) (secret key or digital signatures) Non-repudiation (İnkâr Edememezlik) Two types: Symmetric cryptography (secret key) Asymmetric cryptography (public key) Symmetric Cryptography Advantages Secret Key Fast ciphering / deciphering One secret key shared for: Ciphering (Encryption) Deciphering (Decryption) *^1 h Many algorithms available DES, Triple DES* RC2, RC4, RC5* IDEA* Blowfish* CAST* SkipJack FWZ-1 MPPE Reliability: Depends on the length of the key 15 * supported by IPSec 16

5 Symmetric Cryptography Key Management Symmetric Cryptography Key Management Users 3 4 Keys 3 6 One-to-Many Many-to-Many , ,500 49,995,000!!!? 18 Disadvantages Asymmetric [public key] cryptography Secret key = shared secret Problem to safely exchange the secret A distinct key for each couple communicating Many users = many keys to manage Finding the secret key = access to the data exchanged in the past and the present Consider the need to change keys often A key pair Public key / Private key Bound mathematically via very large numbers Theoretically impossible to find one of the key by knowing the other one No shared Secret! Private key Confidential Public key Published The more the key is used to cipher large blocks of data, the more the key is exposed 19 20

6 Asymmetric cryptography - Application Asymmetric cryptography - Alice Encryption Receiver s Public key Decryption Receiver s Private key Message Authentication Encryption Decryption Alice s public key *&^1 Alice s private key Sender s Private key Sender s Public key Asymmetric cryptography - Examples Diffie-Hellman exchange key protocol Much slower than symmetric cryptography From 100 to 1000 times slower Not usable for ciphering major flows Alice Examples : DH private key s DH public key Alice s DH public key s DH public key Alice s DH public key DH private key RSA (Rivest Shamir Adleman): Algorithm providing encryption and authentication Diffie-Hellman: Key Exchange Protocol 23 DH Secret key 24

7 Cryptography - IPSec combination Public key cryptography not well-adapted for fast ciphering Use of secret key cryptography How to make secret key sharing secure? Use of public key cryptography Diffie-Hellman (used by IPSec) Digital envelope (used by SSL) 2. Cryptography One-way Hash (message digest) Data Integrity (1) Verification of the integrity of the data transmitted Comparable to a CRC, but much more sophisticated Usually 128-bit or 160-bit message digest No return possible to the original text from the message digest One bit modified on the message affects half of the bits of the digest! Two different messages do not produce the same digest Example of a hash algorithm: MD2 (128-bit digest) MD4 (128-bit digest) MD5* (128-bit digest) (Ron Rivest, RFC 1321) SHA-1* (160-bit digest) (NIST) Hash Algorithm Digest Digest Message sent to Alice * supporté par IPSec 27 28

8 Data Integrity (2) Alice 2. Cryptography Hash Algorithm Digest Digest If Digest = Digest Verified! Authentication - Message Authentication Code How does Alice know the message is coming from? combines the hash function with cryptography (Hash + cryptography) Result = MAC, Message Authentication Code Hash Algorithm + Key Authentication methods Two cryptographic techniques Two MAC computations Symmetric cryptography MAC = hash + secret key Asymmetric cryptography MAC = hash + private key Called Digital Signature + Hash Algorithm Secret key + Hash Algorithm Private key 31 32

9 Secret key Authentication Secret key Authentication Alice + Secret key Hash Algorithm MAC A to table eat! MAC + Secret key Hash Algorithm MAC Message sent to Alice If MAC = MAC verified! MAC Secret key Authentication - Examples Public key Authentication (signature) Authentication using secret key (symmetric cryptography) Keyed-MD5 Keyed-SHA-1 IPSec implementation : the HMAC transform Defined by RFC 2104 Based on a keyed-md5 or keyed-sha-1 mechanism Apply twice the keyed hash function Optionally truncates the result : RFC 2403 : HMAC-MD5-96 RFC 2404 : HMAC-SHA-1-96 Hash Algorithm Digest s Private key Encryption * ^1 Message sent to Alice * ^

10 How Public-Key Cryptography Works 2. Cryptography

11 2. Cryptography Where can we put security in the TCP/IP Protocol Stack? OSI Modeli Uygulama (Application) Sunum (Presentation) Oturum (Session) Aktarım (Transport) Ağ (Network) Veri Bağı (Data Link) TCP/IP Uygulama (Application) Aktarım (Transport) (TCP/UDP) IP Veri Bağı (Data Link) S-MIME S-HTTP SET... SOCKS, SSL, TSL IPSEC (AH, ESP) Packet Filtering Tunneling Link Encription Fiziksel (Physical) Fiziksel (Physical) 41 Security Levels 42 Application Layer SHTTP S/MIME TCP/UDP IP Transport Layer HTTP FTP SMTP Presentation Layer HTTP FTP SMTP SET PGP TCP/UDP IP Network Layer HTTP FTP SMTP Main References Some papers from IEEE W. Stallings, Network Security Essentials, Applications and Standards, Prentice Hall, N. Rivat, Description of IPSec Tutorial, IPSEC 99 Conferance Proceedings, Paris, France, October 1999 CISCO Business Essentials, Self-Paced Training CD, Security Basics. My experience. Internet. SSL/TLS/SOCKS TCP/UDP IP TCP/UDP AH ESP IP Secure IP 43 44

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Cryptography and Network Security

Cryptography and Network Security PART-A Questions 1. Name the aspects to be considered of information security. 2. What is meant by deciphering? 3. What are the two different uses of public key cryptography related to key distribution?

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

WEB Security: Secure Socket Layer

WEB Security: Secure Socket Layer WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade

More information

Network Security. Outline of the Tutorial

Network Security. Outline of the Tutorial Network Security Dr. Indranil Sen Gupta Head, School of Information Technology Professor, Computer Science & Engg. Indian Institute of Technology Kharagpur 1 Outline of the Tutorial Security attacks and

More information

APNIC elearning: Cryptography Basics. Contact: esec02_v1.0

APNIC elearning: Cryptography Basics. Contact: esec02_v1.0 APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption Symmetric-Key Algorithm Block and Stream Cipher Asymmetric Key Algorithm

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843  Prof. John A. Copeland 404 894-5177 fax 404 894-0035 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

ICTTEN8195B Evaluate and apply network security

ICTTEN8195B Evaluate and apply network security ICTTEN8195B Evaluate and apply network security Release 1 ICTTEN8195B Evaluate and apply network security Modification History Release Release 2 Comments This version first released with ICT10 Integrated

More information

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

NETWORK ADMINISTRATION AND SECURITY

NETWORK ADMINISTRATION AND SECURITY NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013 City University of Hong Kong Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 01/013 Part I Course Title: Course Code: Course Duration: Cryptography

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces

More information

Overview. Protocols. VPN and Firewalls

Overview. Protocols. VPN and Firewalls Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

The Elements of Cryptography

The Elements of Cryptography The Elements of Cryptography (March 30, 2016) Abdou Illia Spring 2016 Learning Objectives Discuss Cryptography Terminology Discuss Symmetric Key Encryption Discuss Asymmetric Key Encryption Distinguish

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

symmetric key distribution requirements for public key algorithms asymmetric (or public) key algorithms

symmetric key distribution requirements for public key algorithms asymmetric (or public) key algorithms topics: cis3.2 electronic commerce 6 dec 2005 lecture # 18 internet security, part 2 symmetric (single key) and asymmetric (public key) methods different cryptographic systems electronic payment mechanisms

More information

Global Telehealth Conference 2012

Global Telehealth Conference 2012 A Best Practice Guide to Encryption for Telehealth Liam Caffery PhD Centre for Online Health The University of Queensland Recommendations on best practice Slide 1 of 33 Slide 2 of 33 Introduction Security

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

PA160: Net-Centric Computing II. Network Security

PA160: Net-Centric Computing II. Network Security PA160: Net-Centric Computing II. Network Security Luděk Matyska Slides by: Tomáš Rebok Faculty of Informatics Masaryk University Spring 2015 Luděk Matyska (FI MU) 1. Network Security Spring 2015 1 / 125

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

More information

Embedded TCP/IP-Security

Embedded TCP/IP-Security Embedded TCP/IP-Security Agenda What is security? A look into a security data sheet Symmetric vs. asymmetric cryptography TCP/IP security SSL/TLS CB ussl SSH CB ussh Demo Summary Page 2 What is security?

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

Internet Security Specialist Compaq Computer

Internet Security Specialist Compaq Computer Internet Security Specialist Compaq Computer Proof of Concept Partners Projects Workshop Seminars Customer Briefings Compaq White Paper Performance White Papers ASE Symposium $40-80 billion potential

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Security for e-commerce

Security for e-commerce 11 Security for e-commerce Course Outline (tentative) 1. Basic Internet Concepts 2. HTML 3. XHTML 4. CSS (Style Sheets) 5. JavaScript (Client-Side Scripting) 6. XML and related technologies 7. WAP (Wireless

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Release: 1. ICANWK502A Implement secure encryption technologies

Release: 1. ICANWK502A Implement secure encryption technologies Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information

More information

VPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

VPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

More information

(d-5273) CCIE Security v3.0 Written Exam Topics

(d-5273) CCIE Security v3.0 Written Exam Topics (d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

Internetwork Security

Internetwork Security Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt

More information

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD TCP/IP and Encryption CIT304 University of Sunderland Harry R. Erwin, PhD Resources Garfinkel and Spafford, 1996, Practical UNIX and Internet Security, O Reilly, ISBN: 1-56592-148-8 B. Schneier, 2000,

More information

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information

CCNA Security 1.1 Instructional Resource

CCNA Security 1.1 Instructional Resource CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where

More information

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

SSH Technology White Paper

SSH Technology White Paper SSH Technology White Paper Keywords: SSH, SFTP, RSA, DSA, DES, AES, AAA Abstract: Secure Shell (SSH) offers an approach to logging into a remote device securely and performing secure file transfer. By

More information

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information