# Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Save this PDF as:

Size: px
Start display at page:

Download "Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols"

## Transcription

1 Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Security Web Security Social Issues Revised: August 2011

2 Network Security Security concerns a variety of threats and defenses across all layers Application Transport Network Link Physical

3 Network Security (1) Some different adversaries and security threats Different threats require different defenses

4 Cryptography Cryptography is a fundamental building block for security mechanisms. Introduction» Substitution ciphers» Transposition ciphers» One-time pads» Fundamental cryptographic principles»

5 Introduction The encryption model (for a symmetric-key cipher) Kerckhoff s principle: Algorithms (E, D) are public; only the keys (K) are secret Trudy Alice Bob

6 Substitution Ciphers Substitution ciphers replace each group of letters in the message with another group of letters to disguise it Simple single-letter substitution cipher

7 Transposition Ciphers Transposition ciphers reorder letters to disguise them Key gives column order Column Simple column transposition cipher

8 One-Time Pads (1) Simple scheme for perfect secrecy: XOR message with secret pad to encrypt, decrypt Pad is as long as the message and can t be reused! It is a one-time pad to guarantee secrecy Different secret pad decrypts to the wrong plaintext

9 One-Time Pads (2) Alice sending Bob a one-time pad with quantum crypto. Bob s guesses yield bits; Trudy misses some Bob can detect Trudy since error rate increases

10 Fundamental Cryptographic Principles 1. Messages must contain some redundancy All encrypted messages decrypt to something Redundancy lets receiver recognize a valid message But redundancy helps attackers break the design 2. Some method is needed to foil replay attacks Without a way to check if messages are fresh then old messages can be copied and resent For example, add a date stamp to messages

11 Symmetric-Key Algorithms Encryption in which the parties share a secret key DES Data Encryption Standard d» AES Advanced Encryption Standard» Cipher modes» Other ciphers» Cryptanalysis y»

12 Symmetric-Key Algorithms (1) Use the same secret key to encrypt and decrypt; block ciphers operate a block at a time Product cipher combines transpositions/substitutions Permutation (transposition) box Substitution box Product with multiple P- and S-boxes

13 Data Encryption Standard (1) DES encryption was widely used (but no longer secure) Contains transpositions & substitutions DES steps A single iteration

14 Data Encryption Standard (2) Triple encryption ( 3DES ) with two 56-bit keys Gives an adequate key strength of 112 bits Setting K 1 = K 2 allows for compatibility with DES Triple DES encryption Triple DES decryption

15 Advanced Encryption Standard (1) AES is the successor to DES: Symmetric block cipher, key lengths up to 256 bits Openly designed by public competition ( ) Available for use by everyone Built as software (e.g., C) or hardware (e.g., x86) Winner was Rijndael cipher Now a widely used standard

16 Advanced Encryption Standard (2) AES uses 10 rounds for 128-bit block and 128-bit key Each round uses a key derived from 128-bit key Each round has a mix of substitutions and rotations All steps are reversible to allow for decryption Round keys are derived from 128-bit secret key

17 Cipher Modes (1) Cipher modes set how long messages are encrypted Encrypting each block independently, called ECB (Electronic Code Book) mode, is vulnerable to shifts With ECB mode, switching encrypted blocks gives a different but valid message Leslie gets a large bonus!

18 Cipher Modes (2) CBC (Cipher Block Chaining) is a widely used mode Chains blocks together with XOR to prevent shifts Has a random IV (Initial Value) for different output CBC mode encryption CBC mode decryption

19 Cipher Modes (3) There are many other modes with pros / cons, e.g., cipher feedback mode is similar to CBC mode but can operate a byte (rather than a whole block) at a time Encryption Decryption

20 Cipher Modes (4) A stream cipher uses the key and IV to generate a stream that is a one-time pad; can t reuse (key, IV) pair Doesn t amplify transmission errors like CBC mode Encryption Decryption

21 Cipher Modes (5) Counter mode (encrypt a counter and XOR it with each message block) allows random access for decryption Encryption above; repeat the operation to decrypt

22 Other Ciphers Some common symmetric-key cryptographic algorithms Can be used in combination, e.g., AES over Twofish

23 Public-Key Algorithms Encryption in which each party publishes a public part of their key and keep secret a private part of it RSA (by Rivest, Shamir, Adleman)»

24 Public-Key Algorithms (1) Downsides of keys for symmetric-key designs: Key must be secret, yet be distributed to both parties For N users there are N 2 pairwise keys to manage Public key schemes split the key into public and private parts that are mathematically related: Private part is not distributed; easy to keep secret Only one public key per user needs to be managed Security depends d on the chosen mathematical property Much slower than symmetric-key, e.g., 1000X So use it to set up pper-session symmetric keys

25 RSA (1) RSA is a widely used public-key encryption method whose security is based on the difficulty of factoring large numbers Key generation: Choose two large primes, p and q Compute n = p q and z = ( p 1) (q 1). Choose d to be relatively prime to z Find e such that e d = 1 mod z Public key is (e, n), and private key is (d, n) Encryption (of k bit message, for numbers up to n): Cipher = Plain e (mod n) Decryption: Plain = Cipher d (mod n) d

26 RSA (2) Small-scale example of RSA encryption For p=3, q=11 n=33, z=20 d=7, e=3 Encryption: C = P 3 mod 33 Decryption: P = C 7 mod 33

27 Digital Signatures Lets receiver verify the message is authentic Symmetric-Key signatures» Public-Key signatures» Message digests» The birthday attack»

28 Digital Signatures (1) Requirements for a signature: Receiver can verify claimed identity of sender. Sender cannot later repudiate contents of message. Receiver cannot have concocted message himself.

29 Symmetric-key Signatures Alice and Bob each trust and share a key with Big Brother; Big Brother doesn t trust anyone A=Alice, B=Bob, P=message, R A =random, t=time Only Alice can send this encrypted message to BB Only BB can send this encrypted message to Bob

30 Public-Key Signatures No Big Brother and assumes encryption and decryption are inverses that can be applied in either order But relies on private key kept and secret RSA & DSS (Digital Signature Standard) widely used

31 Message Digests (1) Message Digest (MD) converts arbitrary-size message (P) into a fixed-size identifier MD(P) with properties: Given P, easy to compute MD(P). Given MD(P), effectively impossible to find P. Given P no one can find P so that MD(P ) = MD(P). Changing 1 bit of P produces very different MD. Message digests (also called cryptographic hash) can stand for messages in protocols, e.g., authentication Example: SHA bit hash, widely used Example: MD5 128-bit hash now known broken

32 Message Digests (2) Public-key signature for message authenticity but not confidentiality with a message digest Message sent in the clear Alice signs message digest

33 Message Digests (3) In more detail: example of using SHA-1 message digest and RSA public key for signing nonsecret messages

34 Message Digests (4) SHA-1 digests the message 512 bits at a time to build a 160-bit hash as five 32-bit components SHA-1 Message in 512-bit blocks Five 32-bit hashes output

35 Birthday Attack How hard is it to find a message P that has the same message digest as P? Such a collision will allow P to be substituted for P! Analysis: Nbith hash hhas 2 N possible values Expect to test 2 N messages given P to find P But expect only 2 N/2 messages to find a collision This is the birthday attack

36 Management of Public Keys We need a trusted way to distribute public keys Certificates t» X.509, the certificate standard» Public Key infrastructures»

37 Management of Public Keys (1) Trudy can subvert encryption if she can fake Bob s public key; Alice and Bob will not necessarily know Trudy replaces E B with E T and acts as a man in the middle

38 Certificates CA (Certification( Authority) issues signed statements about public keys; users trust CA and it can be offline A possible certificate

39 X.509 X.509 is the standard for widely used certificates Ex: used with SSL for secure Web browsing Basic fields in X.509 certificates

40 Public Key Infrastructures (PKIs) PKI is a system for managing public keys using CAs Scales with hierarchy, h may have multiple l roots Also need CRLs (Certificate Revocation Lists) Trust anchor Hierarchical PKI Chain of certificates for CA 5

41 Communication Security Applications of security to network protocols IPsec (IP security)» Firewalls» Virtual private networks» Wireless security»

42 IPsec (1) IPsec adds confidentiality and authentication to IP Secret keys are set up for packets between endpoints called security associations Adds AH header; inserted after IP in transport mode Identifies security association AH (Authentication Header) provides integrity and anti-replay

43 IPsec (2) ESP (Encapsulating Security Payload) provides secrecy and integrity; expands on AH Adds ESP header and trailer; inserted after IP header in transport or before in tunnel mode Transport mode Tunnel mode Whole IP packet is wrapped

44 Firewalls A firewall protect an internal network by filtering packets Can have stateful rules about what packets to pass E.g., no incoming packets to port 80 (Web) or 25 (SMTP) DMZ helps to separate internal from external traffic E.g., run Web and servers there DMZ (DeMilitarized Zone)

45 Virtual Private Networks (1) VPNs (Virtual Private Networks) join disconnected islands of a logical network into a single virtual network Islands are joined by tunnels over the Internet Tunnel VPN joining London, Paris, Home, and Travel

46 Virtual Private Networks (2) VPN traffic travels over the Internet but VPN hosts are separated from the Internet Need a gateway to send traffic in/out of VPN Topology as seen from inside the VPN

47 Wireless Security (1) Wireless signals are broadcast to all nearby receivers Important to use encryption to secure the network This is an issue for , Bluetooth, 3G, Common design: 1. Clients have a password set up for access 2. Clients authenticate to infrastructure and set up a session key 3. Session key is then used to encrypt packets

48 Wireless Security (2) i session key setup handshake (step 2) Client and AP share a master key (password) MIC (Message Integrity Check) is like a signature K X (M) means a message M encrypted with key K X

49 Authentication Protocols Authentication verifies the identity of a remote party Shared Secret Key» Diffie-Hellman Key Exchange» Key Distribution Center» Kerberos» Public-Key Cryptography p y»

50 Shared Secret Key (1) Authenticating with a challenge-response (first attempt) Alice (A) and Bob (B) share a key K AB R X is random, K X (M) is M encrypted with key K X Challenge Response Bob knows it s Alice Alice knows it s Bob

51 Shared Secret Key (2) A shortened two-way authentication (second attempt) But it is vulnerable to reflection attack

52 Shared Secret Key (3) Trudy impersonates Alice to Bob with reflection attack Second session gets Bob to give Trudy the response Bob thinks he is talking to Alice now

53 Shared Secret Key (4) First attempt is also vulnerable to reflection attack! Trudy impersonates Bob to Alice after Alice initiates Alice thinks she is talking to Bob Alice thinks she is talking to Bob again

54 Shared Secret Key (5) Moral: Designing g a correct authentication protocol is harder than it looks; errors are often subtle. General design rules for authentication: 1. Have initiator prove who she is before responder 2. Initiator, responder use different keys 3. Draw challenges from different sets 4. Make protocol resistant to attacks involving second parallel session

55 Shared Secret Key (6) An authentication protocol that is not vulnerable HMAC (Hashed Message Authentication Code) is an authenticator, like a signature Alice knows it s Bob Bob knows it s Alice

56 Diffie-Hellman Key Exchange (1) Lets two parties establish a shared secret Eavesdropper can t compute secret g xy mod n without knowing x or y Shared secret Shared secret

57 Diffie-Hellman Key Exchange (2) But it is vulnerable to a man-in-the-middle attack Need to confirm identities, not just share a secret g xz mod n g xz mod n g zy mod n g zy mod n

58 KDC Key Distribution Center (1) Trusted KDC removes need for many shared secrets Alice and Bob share a secret only with KDC (K A, K B ) End up with K S, a shared secret session key First attempt below is vulnerable to replay attack in which Trudy captures and later replays messages Alice has session key K S Trudy can send this later to impersonate Alice to Bob Bob has session key K S

59 Key Distribution Center (2) The Needham-Schroeder authentication protocol Not vulnerable to replays; doesn t use timestamps Alice knows it s Bob Bob knows it s Alice

60 Key Distribution Center (3) The Otway-Rees authentication protocol (simplified) Slightly stronger than previous; Trudy can t replay even if she obtains previous secret K S

61 Kerberos Kerberos V5 is a widely used protocol (e.g., Windows) Authentication includes TGS (Ticket( Granting Server) ) Gets session key K S Ticket Alice asks for a secret shared with Bob Gets shared key K AB Ticket Bob gets key K AB Knows it s Alice Knows it s Bob

62 Public-Key Cryptography Mutual authentication using public-key cryptography Alice and Bob get each other s public keys (E A, E B ) from a trusted directory; shared K S is the result

63 Security Use of security for authenticated, confidential PGP Pretty P Good Privacy»

64 PGP Pretty Good Privacy (1) PGP uses public- and symmetric-key cryptography for secrecy and signatures; it also manages keys Levels of public-key strengths: Casual (384 bits): Can be broken easily today. Commercial (512 bits): b Breakable by three-letter organizations. Military (1024 bits): Not breakable by anyone on earth. Alien (2048 bits): Unbreakable by anyone on other planets

65 PGP Pretty Good Privacy (2) Signing and encrypting a message from Alice to Bob For speed, message symmetric-key y IDEA encrypted with K M ; K M is RSA public-key encrypted with K B Authentication Confidentiality

66 PGP Pretty Good Privacy (3) Three parts of a PGP message and their encryption: K M PGP also manages public keys for a user: Private key ring has user s public/private keys Public key ring has correspondent s public keys

67 Web Security Applications of security to the Web Secure naming» SSL Secure Sockets Layer» Many other issues with downloaded code

68 Secure Naming (1) DNS names are included as part of URLs so spoofing DNS resolution causes Alice contact t Trudy not Bob Trudy sends spoofed reply

69 Secure Naming (2) How Trudy spoofs the DNS for bob.com in more detail To counter, DNS servers randomize seq. numbers DNS cache at Alice s ISP

70 Secure Naming (3) DNSsec (DNS security) adds strong authenticity to DNS Responses are signed with public keys Public keys are included; client starts with top-level Also optional anti-spoofing to tie request/response Now being deployed in the Internet Resource Record set for bob.com. Has Bob s public key (KEY), and is signed by.com server (SIG)

71 SSL Secure Sockets Layer (1) SSL provides an authenticated, secret connection between two sockets; uses public keys with X.509 TLS (Transport Layer Security) is the IETF version SSL runs on top of TCP and below the application HTTPS means HTTP over SSL SSL in the protocol stack

72 SSL Secure Sockets Layer (2) Phases in SSL V3 connection establishment (simplified) Only the client (Alice) authenticates the server (Bob) Session key computed on both sides (E B, R A, R B )

73 SSL Secure Sockets Layer (3) Data transmission using SSL. Authentication and encryption for a connection use the session key.

74 Social Issues Networks give rise to many social issues Privacy» Freedom of speech»

75 Privacy Anonymous r ers hide the identity of the sender Unlike PGP, which only hides message contents A chain can be used for stronger anonymity Alice looks up keys E1, E2, E3 separately Bob gets a very anonymous mail

76 Freedom of Speech Steganography g hides messages on unrelated content Can help avoid censorship or protect ownership Text hidden in low-order bits Three zebras and a tree Three zebras and a tree, with five plays by Shakespeare

77 End Chapter 8

### Chapter 8. Network Security

Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

### Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

### Chapter 10. Network Security

Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

### Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

### EEC-682/782 Computer Networks I

EEC-682/782 Computer Networks I Lecture 26 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB

### 7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

### IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

### CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing

### EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

### Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

### Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

### CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

### Security: Focus of Control. Authentication

Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

### Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

### Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

### Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

### Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

### APNIC elearning: Cryptography Basics. Contact: esec02_v1.0

APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption Symmetric-Key Algorithm Block and Stream Cipher Asymmetric Key Algorithm

### Network Security. HIT Shimrit Tzur-David

Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

### What is network security?

Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

### : Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

### Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

### Netzwerksicherheit: Anwendungen

Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

### Client Server Registration Protocol

Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

### Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

### Network Security Technology Network Management

COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice

### Chapter 7 Transport-Level Security

Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

### Chapter 17. Transport-Level Security

Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

### Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing

### Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

### Applied Cryptology. Ed Crowley

Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric

### ECE 428 Network Security

ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA

### INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

### Network Security Part II: Standards

Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

### Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

### Cryptography and Network Security

PART-A Questions 1. Name the aspects to be considered of information security. 2. What is meant by deciphering? 3. What are the two different uses of public key cryptography related to key distribution?

### Communication Security for Applications

Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Properties of Secure Network Communication

Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,

### 12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application

### CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

### Today ENCRYPTION. Cryptography example. Basic principles of cryptography

Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Chapter 11 Security Protocols Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms Chapter 11 Security Protocols Network Security Threats Network Security

### Cornerstones of Security

Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

### Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

### Cryptography and network security CNET4523

1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

### Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

### Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

### An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

### Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Application Layer (1)

Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

### Chapter 7: Network security

Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

### Authentication requirement Authentication function MAC Hash function Security of

UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

### Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

### APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

### INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

### Authenticity of Public Keys

SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

### Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

### Securing an IP SAN. Application Brief

Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### 159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

### Protocol Rollback and Network Security

CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

### Communication Systems SSL

Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

### Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

### CMPT 471 Networking II

CMPT 471 Networking II Authentication and Encryption Janice Regan, 2006-2013 1 Janice Regan, 2006-2013 2 IPsec usage Host to host May use transport mode May use tunnel mode Security Gateway to Security

### Network Security Fundamentals

APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

### Standards and Products. Computer Security. Kerberos. Kerberos

3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

### Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

### APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

### Internet Security and Cryptography

Internet Security and Cryptography John Heffner Carnegie Mellon University 15-441 Computer Networks Spring 2003 Outline Security motivations Private key cryptosystems Encryption, authentication tools Kerberos

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### Security in Computer Networks

Security in Computer Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu Audio/Video recordings of this lecture are available on-line at: http://www.cse.wustl.edu/~jain/cse473-10/

### PA160: Net-Centric Computing II. Network Security

PA160: Net-Centric Computing II. Network Security Luděk Matyska Slides by: Tomáš Rebok Faculty of Informatics Masaryk University Spring 2015 Luděk Matyska (FI MU) 1. Network Security Spring 2015 1 / 125

### Chapter 32 Internet Security

Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

### HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer

### Virtual Private Networks

Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

### 2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

### Network Security Protocols

Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

### Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

### Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

### Computer Networks. Secure Systems

Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

### Savitribai Phule Pune University

Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

### Secure Sockets Layer

SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated