Network Security Technology Network Management

Size: px
Start display at page:

Download "Network Security Technology Network Management"

Transcription

1 COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission is hereby granted to reproduce the slides for any not-for-profit academic purpose, so long as this notice is contained in any document containing the slides, and each slide remains intact as provided, including the copyright label. Permission for any other use, either in machine-readable or printed form, must be obtained from the author in writing. 1

2 Network Security Technology 2

3 Network Security Basics Review Confidentiality - information disclosed only to those intended. Integrity - information cannot be modified without being detected. Authentication - ensure that communicating parties are who they say they are. Access Control - ensure that authenticated users are given access only to appropriate information. Nonrepudiation - stronger form of authentication which ensures that a party involved in some communication cannot later claim non-involvement Key Distribution Key Distribution - establish session keys between communicating parties. 3

4 Security Tools Message Authentication Codes or Message Hashes - digest of a message that is unlikely to match digest of a different message Encryption - scrambling data so its contents cannot be understood by a third party Encryption Keys - pattern unknown to a third party Key exchange algorithms - safe ways to pass keys between trusted parties 4

5 Encryption Systems and Keys An encryption system is a collection of encoding and decoding functions parameterized by keys. Basic building blocks of encryption algorithms are letter substitution codes and transpositions. An encryption system is only as secure as the keys; hence, keys must be distributed in a secure fashion. Could deliver by hand. Alternatively, could distribute using encrypted system believed to be secure (normally this involves a different key that was originally distributed by hand) 5

6 Cryptography Messages sent in plaintext are transformed into ciphertext. encryption decryption plaintext ciphertext plaintext Most systems involve a cryptography algorithm and a key. Algorithms may be well known and widely published but difficult to break. 6

7 Hardware CRC Generation Circuit Generator Polynomial: D 16 + D 12 +D 5 +1 Output FCS at end of data open switch to shift out result XOR gate Input DATA:

8 A Simple Encryption System feedback positions form a secret key which will also decrypt Output stream of ciphertext data XOR gate Input stream of plaintext data this is a simple example of a symmetric key algorithm the algorithm is known, the key is kept secret also called secret key encryption for this reason 8

9 Breaking an Encryption Scheme Definition: good guys are those who send the message, bad guys are those who try to break the message. Breaking the code usually requires trying a very large number of combinations to find a match when the bad guys have more information it is to their advantage normally they know the algorithm but not the key There are different types of attacks possible. Ciphertext only. Known plaintext, when the bad guys have some <plaintext, ciphertext> pair. Chosen plaintext, when the bad guys can encrypt the message and see the result 9

10 Breaking an Encryption Scheme A good cryptosystem should be able to defend against all three types of attacks Known plaintext makes a good yardstick can break code by trying all keys and comparing results more likely case than chosen plaintext Example of times to break a code: trials/second time to break 1 40,000 years years days minutes second 10

11 Data Encryption Standard (DES) DES is a symmetric-key block cipher developed by the US National Institutes of Standards and Technology (NIST). Input is 64 bit blocks of plaintext and 56 bit key Three phase algorithm Initial permutation of the input. 16 iterations of permutation and substitution using S-boxes. Final permutation of the output. 11

12 DES Iterations On each iteration, the block is divided into left and right 32 bit sections. The right side R i of the block becomes the left side of the next block. The left side of the block is XORed with a 32-bit value. This can be represented as L i = R i 1 ( ) R = L 1 f R 1, K i i i i 12

13 Public Key Cryptography Encryption and decryption algorithms are well known The encryption key is made public but the decryption key is kept secret For this to be secure, deducing the decryption algorithm from the encryption algorithm must be difficult Public Key Algorithms are based on functions that are easy to compute but very hard to find the inverse for example the problem of factoring the product of two large prime numbers (RSA algorithm) 13

14 Public Key Encryption DATA Encode encrypted data DECODE DATA Public Key Directory - Names with Keys Private Key 14

15 RSA Public Key Algorithm The Algorithm is initialized by the following steps: Choose two large prime numbers p and q Compute n = p q and z = (p-1)(q-1) Choose d such that gcd(z,d) = 1, i.e., z and d are relatively prime Find e such that e d = 1 mod z The numbers e and n are made public and encryption of a plain text P, where P is a member {0,1,...,n-1}, is performed by computing C = P e mod n Decryption is performed by computing P = C d mod n An eavesdropper only knows e and n. The task of computing d is equivalent to factoring n into p and q, which is known to be difficult 15

16 Why does RSA work? First, notice that when n = pq and z = (p-1)(q-1), and p and q are prime, z is the called the totient function, the number of numbers relatively prime to n. The numbers d and e are picked because de = 1 mod z From number theory x de = x mod n RSA encryption consists of taking x and raising it to the power of e. Then, if we take the result and raise it to the power of d (i.e., decrypt), we get x. 16

17 Public Key Encryption Example Let p = 3 and q = 11. Then, n = 33 and z =20. A choice for d is d =7, which yields e = 3. (7 * 3 = 1 mod 20) (The larger p and q, the more secure the encryption; this example is not very secure.) The encryption rule is C = P 3 mod 33 and decryption is done by P = C 7 mod 33. Example: Let P be the position of a letter in the alphabet, A =1, B =2,... Z = 26 Text P P^3 C C^7 P Text T T A A S S C C 17

18 Using Public Key Encryption Non-repudiation Since the encryption and decryption are inverses, given that I encode my identity with my private key, the fact that you can decode my identity with my public key proves that I sent the message. Confidentiality Further, if I encrypt data with your public key after encrypting the same data with my private key, then only you can decrypt the data and only you can find out that the data was from me. Key Distribution If the data I double encrypt is a private symmetric encryption key, then only you and I will be able to decrypt data encrypted with that private symmetric encryption key. 18

19 Using Public Key Encryption Public-key encryption takes much more computation than symmetric-key encryption but it scales well because only one key per party is needed and it can be published (in fact it should be) to be completely secure, you must trust the source of the key (this implies significant infrastructure) also provides non-repudiation by contrast symmetric-key encryption requires one key for every pair of parties and the key must be kept secret Therefore public-key encryption is normally used for small amounts of data, for example encrypting a symmetric key for distribution encrypting a message hash as a signature 19

20 Security and the Protocol Stack For effective security, the whole system must be considered Encryption can be used at any layer (or more than one) Application Presentation Session Transport Network Data Link Control Physical Peer Connection (secured) Physical Link Application Presentation Session Transport Network Data Link Control Physical 20

21 Link Encryption (layer 2) Plaintext P ABCDE... Ciphertext C Plaintext P ABCDE... Source Encryption E(K,P) Decryption D(K,C) Destination Unguarded Link KEY K KEY K Keys are used in location pairs Crypto circuit can be similar to CRC generator (symmetric key) 21

22 End-To-End Encryption (layer 3) WS Crypto NETWORK Crypto WS Crypto HDR DATA WS Body of packet encrypted, header in clear Community of sites all have the same key 22

23 Firewall Security (layer 3) WS Firewall NETWORK Firewall WS Firewall HDR DATA WS Body of packet in clear, header in clear or substituted by firewall Community of sites established by tables in firewalls Packet may contain authentication or be encrypted by firewall 23

24 Message Authentication Protects against faking data and transactions. Could use encryption; but this is expensive. Use message authentication code: message sent in plaintext but authentication tag is added for integrity. Could be used when you don t need to encrypt or can t decrypt all messages, or as a way of broadcasting a message so that other parties can t fake the source. 24

25 Message Authentication Code Use a secret shared key K to generate a small block of code. The code is a function of the message and the key. Message plus the code is sent to the receiver. If you can decode the message correctly, you know Message has not been altered Message is from the alleged sender Integrity through sequence numbers 25

26 Secure Hash Functions Produce a fingerprint of the file May not require shared secret keys. To be practical, should be applied to a block of any size and produce a fixed length output. Requirements: Difficult to find x such that H(x) = m (hard to generate a message given a code) For any x, difficult to find x <> y with H(x)=H(y) (prevents forgery) 26

27 Message-Digest 5 (MD5) Algorithm takes an arbitrary input, chops it into 512 bit blocks, and outputs a 128 bit message digest. Requires 5 steps: Append padding bits so that its length is 448 mod 512. Use a 1 followed by 0s. Append length, up to 64 bits. Resulting message is multiple of 512 bits, or bit words Message Padding Length 27

28 MD5 Algorithm Initialize 4 32-bit buffers with constant values. Process the message in 512 bit blocks. Each block is processed 4 different rounds, using a different function each time, i.e. F(X,Y,Z) = (X Y ) (~X Z ) Each function uses bitwise operations and takes three 32 bit words: the output from the previous round, the 32-bit word, and one element from a 64 element table. Output is the final value. 28

29 MD5 Operation constant Padded Message 4 rounds per 32bit word digest * * * digest 512 bits 512 bits * * * * * * * * * * * * * * * * * * Message Digest 29

30 Encryption Used For Packet Authentication (layer 3) Packet Auth Algorithm Packet Auth KEY NETWORK Packet Auth Auth Algorithm Packet Validation KEY 30

31 Encryption by the Application (Layer 7) Privacy-Enhanced Mail Dear Fred, $#AX3qvd.! encoder stack KEY NETWORK $#AX3qvd.! Dear Fred, stack decoder KEY 31

32 Network Management 32

33 Network Management Components One or more managed objects each has a NM agent or proxy agent process At least one NM Station (NMS) a computer system, typically a workstation hosting one or more NM applications A NM protocol A database definition for management information (Management Information Base) determines the structure and content of management information 33

34 Network Management Functions per ITU-T 6 Fault 6 Configuration 6 Accounting 6 Performance 6 Security 34

35 Dimensions Of Network Management FUNCTIONS Fault Configuration Accounting Performance Security Network System SCOPE Application Monitor ROLES Control 35

36 Network Monitoring Network monitoring is the basis for all other network management functions Network Management systems may lack network control, but must have network monitoring Key network monitoring design issues what to monitor how to access the monitored objects what data to collect what to do with the data collected 36

37 Simple Network Management Protocol (SNMP) Purpose: ease/consistency of managing Internet resources Each managed object has SNMP agent and Management Information Base (MIB) Remote management program (usually a console) can query status, direct changes Security authentication required for changes Standardized network management software available to visualize status OSI network management (CMIP CMIP) is usable in the Internet as CMOT but SNMP is much more popular 37

38 Good Network Management Tools Support standards (at least SNMP) Run on multiple platforms Integrate with other management tools Example: HP OpenView powerful graphic network status display 38

39 Extra-Credit Project INT2: firewall packet filter one community of trust per NW network (list of subnets) firewall runs in router members of community do not accept packets from non-members 39

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Properties of Secure Network Communication

Properties of Secure Network Communication Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it

More information

First Semester Examinations 2011/12 INTERNET PRINCIPLES

First Semester Examinations 2011/12 INTERNET PRINCIPLES PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

Public Key Cryptography Overview

Public Key Cryptography Overview Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

More information

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5) Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

Principles of Network Security

Principles of Network Security he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide

More information

Designing Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages:

Designing Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages: Designing Hash functions and message authentication codes Reviewing... We have seen how to authenticate messages: Using symmetric encryption, in an heuristic fashion Using public-key encryption in interactive

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Network Security. Omer Rana

Network Security. Omer Rana Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption

More information

Application Layer (1)

Application Layer (1) Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

Message Authentication

Message Authentication Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the

More information

Security in Distributed Systems. Network Security

Security in Distributed Systems. Network Security Security in Distributed Systems Introduction Cryptography Authentication Key exchange Computer Science Lecture 18, page 1 Network Security Intruder may eavesdrop remove, modify, and/or insert messages

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014 Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes

More information

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/ Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP

More information

Symmetric Key cryptosystem

Symmetric Key cryptosystem SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

Compter Networks Chapter 9: Network Security

Compter Networks Chapter 9: Network Security Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau

More information

Waspmote Encryption Libraries. Programming guide

Waspmote Encryption Libraries. Programming guide Waspmote Encryption Libraries Programming guide Index Document version: v4.3-01/2015 Libelium Comunicaciones Distribuidas S.L. INDEX 1. General Concepts... 4 2. Integrity... 7 2.1. Waspmote Libraries...7

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

Evaluation of the RC4 Algorithm for Data Encryption

Evaluation of the RC4 Algorithm for Data Encryption Evaluation of the RC4 Algorithm for Data Encryption Allam Mousa (1) and Ahmad Hamad (2) (1) Electrical Engineering Department An-Najah University, Nablus, Palestine (2) Systems Engineer PalTel Company,

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

NETWORK ADMINISTRATION AND SECURITY

NETWORK ADMINISTRATION AND SECURITY NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

More information

ECE 428 Network Security

ECE 428 Network Security ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Message Authentication Codes

Message Authentication Codes 2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Message authentication and. digital signatures

Message authentication and. digital signatures Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

SecureMessageRecoveryandBatchVerificationusingDigitalSignature

SecureMessageRecoveryandBatchVerificationusingDigitalSignature Global Journal of Computer Science and Technology: F Graphics & Vision Volume 14 Issue 4 Version 1.0 Year 2014 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Cryptography & Network Security

Cryptography & Network Security Cryptography & Network Security Lecture 1: Introduction & Overview 2002. 3. 27 chlim@sejong.ac.kr Common Terms(1) Cryptography: The study of mathematical techniques related to aspects of information security

More information

CS3235 - Computer Security Third topic: Crypto Support Sys

CS3235 - Computer Security Third topic: Crypto Support Sys Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)

More information

Lecture 5 - Cryptography

Lecture 5 - Cryptography CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

Security in Computer Networks

Security in Computer Networks Security in Computer Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu Audio/Video recordings of this lecture are available on-line at: http://www.cse.wustl.edu/~jain/cse473-10/

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

ELECTRONIC COMMERCE WORKED EXAMPLES

ELECTRONIC COMMERCE WORKED EXAMPLES MODULE 13 ELECTRONIC COMMERCE WORKED EXAMPLES 13.1 Explain B2B e-commerce using an example of a book distributor who stocks a large number of books, which he distributes via a large network of book sellers.

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

Symmetric Mechanisms for Authentication in IDRP

Symmetric Mechanisms for Authentication in IDRP WG1/SG2 WP WG2/WP 488 International Civil Aviation Organization Aeronautical Telecommunication Network Panel (ATNP) WG2 and WG1/SG2 Meetings Honolulu, Hawaii, USA January 1999 Symmetric Mechanisms for

More information

6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure

More information

Cryptographic process for Cyber Safeguard by using PGP

Cryptographic process for Cyber Safeguard by using PGP Cryptographic process for Cyber Safeguard by using PGP Bharatratna P. Gaikwad 1 Department of Computer Science and IT, Dr. Babasaheb Ambedkar Marathwada University Aurangabad, India 1 ABSTRACT: Data security

More information

Chapter 37. Secure Networks

Chapter 37. Secure Networks Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3. Introduction Within the last ten years, there has been a vast increase in the accumulation and communication of digital computer data in both the private and public sectors. Much of this information has

More information

A PPENDIX G S IMPLIFIED DES

A PPENDIX G S IMPLIFIED DES A PPENDIX G S IMPLIFIED DES William Stallings opyright 2010 G.1 OVERVIEW...2! G.2 S-DES KEY GENERATION...3! G.3 S-DES ENRYPTION...4! Initial and Final Permutations...4! The Function f K...5! The Switch

More information

Brocade Product Training

Brocade Product Training Brocade Product Training Introducing SNMP Web-based Training Brocade Education Services Page 1-1 Objectives Describe SNMP basics: terminology and concepts Describe the need for SNMP Describe the advantages

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information