!" # $%!" &$' *'! +&,% -./!&,%!!/ 0!" 1$! Eve. Bob. Alice. Bob. Alice

Size: px
Start display at page:

Download "!" # $%!" &$' *'! +&,% -./!&,%!!/ 0!" 1$! Eve. Bob. Alice. Bob. Alice"

Transcription

1 !" # $%!" &% &$' ) $%" '$ '! +&,% -./!&,%!!/ 0!" '$ $" 1$! Alice Bob Alice Eve 2$ Bob 1

2 ! " Alice Malek Bob Spikey Bob tampering Exemplo: spoofing... " ## Alice Dan, the Devil Alice Exemplo: Web-Site Masquerading... 2

3 $ ". " %0'0%+$ $0 0$! 300%0$0" %0$ $0$0%'0 $%%%04$ % ' %' &# %'$ 5%0300' 2%04%!% ' %$' %0' % %0' % 60.'!3'%7 8 +$0% ' %0 3

4 SSL ) $% %$./01% ) $23%! ) $% Signatures Encryption Hashing DSA RSA RSA DES SHA1 MD5 +, , 6 # 5, 6 & K A K B K AB K Apriv K Apub {M}K [M] K Alice s secret key Bob s secret key Secret key shared between Alice and Bob Alice s private key known only to Alice) Alice s public key published by Alice for all to read) Message M encrypted with key K Message Msigned with key K 4

5 8 8+ $4! $ Alice Alice and Bob share a secret that they have discussed previously KAB) Bob Alice Bob has a Public Key KBpub) Bob M Hello, I like you! {M}KAB acew345ksdas M Hello, I like you! M Hello, I like you! {M}KBpub acew345ksdas M Hello, I like you! encryptm, KAB) decrypt{m}kab, KAB) encryptm, KBpub) decrypt{m}kbpub, KBpriv).9$.%$0$).2 ::;"0<$=.!'>!.'+ 9#021' :>>"?$ $.!'8!.'+ PROBLEM: How to share the symmetric key among two anonymous persons? If there is one Web-site and multiple Clients, there cannot be a single encryption key for all the communications. Solution: use a Key Distribution Center. %9 $1'$0 ::"A.$ #=.!'>!.'+ 9' ::>"=+.!' #0.% 88&BC 5

6 ): ; )$'$0 10 %D! #' $0.$!'E 10.! D.%0'3!0'0!'!0'0$< < $, ;.!' ;.$ 6'%$'0'0$E $'!.'.%.% =.!'9 =.$ #0%.$00%.$%$ $ '.%F G%7 $0%% Se uma chave tiver 128 bits então há cerca de x ) combinações. Se for possível arranjar um bilião 10 3 x 10 6 ) de computadores, capazes de testarem um bilião de chaves por segundo cada um, é possível testar chaves por segundo. Então são necessários anos para completar o ataque a uma chave de 128 bits. Ora estima-se que a idade do universo é de cerca de anos. )= 1 91$.' &02$.%$.!' H::>9A)I30!'301-0'J#030.!'3! H%::>9!0.'.% A%9.3;0 30%9%&B4% 0$0.!%!0!'93!0!K0!' 5%!'%'9&0$ B%#<"30%:&04 5%1.%70$' '$0$.$ A)A);A)81 81 '$3.%,%$!'4. 1.$'% '301%. %$.$ L : M 6

7 ''0.$.%.$$!9. % > / $ ### ): ;! " # " $ %& '! " $ " ) #0,%0'!' 3%0%%.$!'0,%J $09 %%.$!''0' %& ' % '! + $ " + 7

8 ### #%'$.". $" ### + & -, +,, $. &,, -, /! " #!, $0 ): ;, $.N / $%. 0,% O % 1,% $0 O O %% % 0 $%PO9% % 0 O % %.%PO 0,%$$. 8

9 , 5,6 @1) /1 5/1 /1 2/1!/1 3/1 4/1, 5,6 7 /1! # $ 6 $% /1 6!! $ 6 $ $ &# / $ &# $ $.$ %$% %%% O % % % 6$,%,%$'?6 & %%,% $ %L!M %% $? %Q $R,% L%M PO,% $? Q O % A6, + B &, B, C,C,,% % $? R $ $ "O! B, C, B&DC, 4,%,% $ $ $0! E6 + B&D#?C,,% 4 %U,% 9

10 $ " > ", 8" $' V O #%' % %. $$%PO %!,%.R. 8" #$<,% 4 %$ % V$,%. 6$ O 9?6 & %%,% $ %! %% $? %Q $R - %$4PO $'! A6, + B &, B, C, C,,% % $? B, C, B&DC, Client C Step A 1. Request for TGS ticket 2. TGS ticket Login session setup Server session setup DoOperation Kerberos Key Distribution Centre Authentication service A Authentication database Step B 3. Request for server ticket 4. Server ticket Ticketgranting service T Step C 5. Service request Request encrypted with session key Reply encrypted with session key Service function Server S E6 + B&D#?C, $, 5F-G6 PHASE 1: OBTAIN KERBEROS SESSION KEY AND TGS TICKET. ONCE PER LOGIN SESSION A -> AS: A, TGS, n1 Olá AS, eu sou a Alice e quero fazer login no sistema. AS -> A: { Ks, n1}ka, {A,TGS, t1, t2, Ks}Ktgs Toma lá uma chave Ks) cifrada com a tua chave, que te permite obter tickets e um ticket que te permite falar com o TGS, válido de t1 até t2. $) %%+ /.%&.%,. 1/ - /& $ 3%&.# %/&- B.0? A,C, B 9C, A 6$ #W%%,% $ #W,%,% $ #W% $0 $ R % 8",% $'.0 + B A,C, B?D AD,C,,% % $ AS= Authentication Service TGS: Ticket Granting Service 10

11 $) %%%+ %' I'. J%.).%,.- + B 9DC, B?D AD,C, 9 $) %+ '.)&.%. - + B9C,,% %,% $0 % 8",% % L0 $M $' 6$ O,% #WF 4 $,% N % %POX$ $',% %U,% $R,% O 4 8O,%,% /%$ X. $' ' $,?D $ 5 6PN0 ) $ % $ #W % 0 O %! $, $#, Alice Bob publishes his public key to the world. Everyone knows it. KBob_Public Bob keeps his private key safe from the world. KBob_Private Bob M Hello, I like you! {M}KPublic_Bob acew345ksdas M Hello, I like you! encryptm, KPublic_Bob) decrypt{m}kpublic_bob, KPrivate_Bob) 11

12 Y ;." 0 #)! ;;:" $%$0 &$9---- %.$!''<$30' ' - $ Key size/hash size bits) Extrapolated PRB optimized speed kbytes/s) kbytes/sec.) TEA DES Triple-DES IDEA RSA RSA MD SHA ):.; ) 1 #$'0$% $#: " Data Data $..'0L00M % Hash Message Hash - Creates a unique fingerprint for a message - Anyone can alter the data and calculate a new hash value - Hash has to be protected in some way 12

13 56 Data %0! Hash Hash Message Hash Sign Signature Signature Verify? Sender s Private Key ).0030$%$0 These digital signatures validate data integrity. Sender s Public Key H+ M hm = hashm) encrypt[hm, KSender_Private] M enc. digest Signed Document SENDER 1 E =." F =." )#?." Signed Document M hashm) enc. digest Equal? RECEIVER decrypt[enc. digest, KSender_Public] 13

14 ) K %% %.$!''%%.$ $%#$3 %.$!'''0'.3'!0.% 2%.$!'' 0 %0!' 0%.'05$ #. $ Alice Bob s public key Bob Bob s private key Session key: KAB Randomly generated) {KAB}KBob_Public Session key: KAB {KAB}KBob_Public Public key decryption Message M) Public key encrytion {Session key}kbob_public {M}KAB {M}KAB Message M) symmetric encrytion symmetric decryption 14

15 --- I--- $. Incoming Message... )..%00$J.$0&$!J B30%J Alice: mobile phone number $% %'%$ '0' 30 %.$!''0'% 0.$ Individual s Public-Key CA s Private-Key CA Signed Certificate )%0 )"0 $% 15

16 / 3 2 '%0' )" 0 Q.$ $ Z% $,%,%$0 Q.$.9 "/ % 0. $E" "[ % ) 0 Q.$ &+ &+ J # + 3 &+ &+ %$ & J & # ' $+ ' 5P + #PQ6 3+ / /< &+ J %- - ' &+ J / :::--5 6 OL- :::--?NA-E?-??-F? M L- + $%. %,%%".%3$% $0!'$%$ 03".% % $ $ %.'% 1. Certificate type: Public key 2. Name: Bob s Bank 3. Public key: K Bpub 4. Certifying authority: Fred The Bankers Federation 5. Signature: {Digestfield 2 + field 3)} KFpriv 16

17 . $) 5) +& &) 3%.$0) )) [ #30 )A? &%$! W.. 0.% %.%0!' 0) %'%''%0)7 %.$!'E %.$!') %.$ 0%0% 0$ $)1 %03'%%0)JB3 '%0)7%.$!'%$'JJJ 17

18 $ " "!# !.! -! - & -! - " - # $ - - $!. # -! -!#! -. -! $ # & 9 9 # 8 # $ " " # "!. " $ #.!.! -! - & 18

19 $ 0 $ 5$0$6 $' 0 2'!' '0'%.$!' '0'00 %$ %. ' %0' 0$C 38' $ BEGIN PGP SIGNED MESSAGE-- - Hash: SHA1 Bob:My husband is out of town tonight.passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhhjrhhgjghgg/12epj+lo8ge4vb3 mqjhfevzp9t6n7g6m5gw2 ---END PGP SIGNATURE--- 3 $ 3 3 $ )..$ 5)..$ 36 %!5' #)+!'" %0%$% )%0$ $" )$'' ' 30 19

20 3 3+ SSL Handshake protocol SSL protocols: SSL Change Cipher Spec SSL Alert Protocol SSL Record Protocol HTTP Telnet Transport layer usually TCP) Network layer usually IP) Other protocols: 5,%5% 0$\00!\0 0$%00 ]' #0%0%$#, 00 0$. 600.%00$ %0,%#, 300'' $00' <000 '0'0% 3+ ) $?00%.$00!' %000$ 6 $'%00$0 $0'0$00 00'.0% 2%.$!''0,% 0.$0' $% 0 Q.$ ) 6.3$ % % ),% $ 6.3% 0 Q.$ ) < 0 Q.$ 20

21 3+ ) $ 3 / Client ClientHello ServerHello Certificate Certificate Request ServerHelloDone Certificate Certificate Verify Server Establish protocol version, session ID, cipher suite, compression method, exchange random values Optionally send server certificate and request client certificate S end client certificate response if requested Component Description Example Key exchange method Cipher for data transfer Message digest function the method to be used for exchange of a session key the block or stream cipher to be used for data for creating message authentication codes MACs) RSA with public-key certificates IDEA SHA Change Cipher Spec Finished Change cipher suite and finish handshake Change Cipher Spec Finished : 3 3-1' - F- &1$0$.'A A E- A '0 A1%'" - %.$!'$0.0'%0 1$.'A0$ H-!'<0$05. 0A$0 )#?- %B0$0,%$M,- $'!'$0$ D6A#CC$03%.'02W.#- 1$0 1%$$$ B## &#??#68D#" &$'%B## )%9 8)230;. A!'?3%%0 21

22 $Y.!:: #0;.0!'3.!.'.% 03!.%3!3 $$ %?A D )+ #0!'3%$$00$0!' =' &7$390%$30%.$ '=0 #'7%.%=<0:: ='+=^0% ) $ ) $ )$ 9,%3 )$9!0BBJ )$ 90 )$ #0%00$300 91A6W3 22

23 )#A. )

24 I 8 ; I %; Mitnick Simpson / 08 $9$0! )4<$ V %$.$ 6 $PU $ 1V$0 / % Z%J % 0. D43$,% <%,%.%F D$9. $ ` &O $F /: /: func 2 s address func 1 s address func buf s 2 s address func 1 s address buf c, d a, b evil_assembly_code) buf c, d a, b func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; } read_user_inputbuf); } func_3); } func_2); } read_user_inputbuf); } func_3); } func_2); Attacker is supplying input to buf so buf gets a very carefully constructed string containing assembly code, and overwriting func 2 s address with buf s address. When func3 returns, it will branch to buf instead of func2. 24

25 1: evil Internet DMZ internal network 1: Firewall ensures that the internal network and the Internet can both talk to the DMZ, but usually not to each other; The DMZ relays services at the application level, e.g. mail forwarding, web proxying; The DMZ machines and firewall are centrally administered by people focused on security fulltime installing patches, etc.); it s easier to secure 20 machines than 20,000. Now the internal network is safe but not from internal attacks,.) J$+ $ 5%6 J1 5RGA-??6 $00%$4 OO% $A);;.&%$! = %09=< ' =." 25

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Lab 7. Answer. Figure 1

Lab 7. Answer. Figure 1 Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,

More information

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843  Prof. John A. Copeland 404 894-5177 fax 404 894-0035 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

, ) I Transport Layer Security

, ) I Transport Layer Security Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent

More information

CS 3251: Computer Networking 1 Security Protocols I

CS 3251: Computer Networking 1 Security Protocols I Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

0. Course Overview. Architecture models; network architectures: OSI, Internet and LANs; interprocess communication

0. Course Overview. Architecture models; network architectures: OSI, Internet and LANs; interprocess communication 0. Course Overview I. Introduction II. Fundamental Concepts of Distributed Systems Architecture models; network architectures: OSI, Internet and LANs; interprocess communication III. Time and Global States

More information

CSC 774 -- Network Security

CSC 774 -- Network Security CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

More information

CSC 474 Information Systems Security

CSC 474 Information Systems Security CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

SECURE SOCKETS LAYER (SSL)

SECURE SOCKETS LAYER (SSL) INFS 766 Internet Security Protocols Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS

More information

Authenticity of Public Keys

Authenticity of Public Keys SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security

More information

WEB Security: Secure Socket Layer

WEB Security: Secure Socket Layer WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice: Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Web Security. Mahalingam Ramkumar

Web Security. Mahalingam Ramkumar Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos SSL, PGP, Kerberos Secure Socket Layer (Web Security), Pretty Good Privacy (Email Security) and Authentication Agenda SSL PGP Kerberos SSL, PGP, Kerberos, v4.4 2 Page 96-1 SSL versus IPsec Application

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

TLS/SSL in distributed systems. Eugen Babinciuc

TLS/SSL in distributed systems. Eugen Babinciuc TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History

More information

Protocol Rollback and Network Security

Protocol Rollback and Network Security CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Information Security

Information Security SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

The Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols INFS 766 Internet Security s Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)

More information

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:

More information

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012 Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher

More information

As enterprises conduct more and more

As enterprises conduct more and more Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside

More information

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms Chapter 11 Security Protocols Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms Chapter 11 Security Protocols Network Security Threats Network Security

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

ECE 428 Network Security

ECE 428 Network Security ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA

More information

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture OS Appl. CSC/ECE 574 Computer and Network Security Outline I. Overview II. The Record Protocol III. The Handshake and Other Protocols Topic 8.3 /TLS 1 2 Reminder: What Layer? Overview of 3 4 Protocols

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice: Managing and Securing Computer Networks Guy Leduc Chapter 3: Securing applications Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.5)

More information

Network Security Standards. Key distribution Kerberos SSL/TLS

Network Security Standards. Key distribution Kerberos SSL/TLS Network Security Standards Key distribution Kerberos SSL/TLS 1 Many-to-Many Authentication? Users Servers How do users prove their identities when requesting services from machines on the network? Naïve

More information

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132) Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture

More information

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Lecture 7: Transport Level Security SSL/TLS. Course Admin Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA A Research Project By NAGENDRA KARRI Submitted to the College of Graduate Studies Oregon State University in partial fulfillment of the requirements for

More information

1. a. Define the properties of a one-way hash function. (6 marks)

1. a. Define the properties of a one-way hash function. (6 marks) 1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

SSL: Secure Socket Layer

SSL: Secure Socket Layer SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties

More information

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect

More information

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3 Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 3 Cryptographic Protocols for Encryption, Authentication and Key Establishment Overview

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014 Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes

More information

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

More information

Network Security. Network Security. Security in Computer Networks

Network Security. Network Security. Security in Computer Networks Network Security Network Security introduction cryptography authentication key exchange Reading: Tannenbaum, section 7.1 Ross/Kurose, Ch 7 (which is incomplete) Intruder may eavesdrop remove, modify, and/or

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

Chapter 15: Security

Chapter 15: Security Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling

More information

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information