Lecture II : Communication Security Services



Similar documents
Table: Security Services (X.800)

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Content Teaching Academy at James Madison University

Cryptography and Network Security

Cryptography and Network Security Chapter 1

Chap. 1: Introduction

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Notes on Network Security - Introduction

Information System Security

COSC 472 Network Security

Lecture VII : Public Key Infrastructure (PKI)

CSCI 4541/6541: NETWORK SECURITY

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

IY2760/CS3760: Part 6. IY2760: Part 6

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Module 7 Security CS655! 7-1!

Introduction to Security

Information Security Basic Concepts

544 Computer and Network Security

Network Security Protocols

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Syllabus MCA Sem-IV, Paper - III Network Security


TELE 301 Network Management. Lecture 18: Network Security

Chapter 10. Network Security

CipherShare Features and Benefits

Information Security

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

How To Protect Your Data From Attack

Client Server Registration Protocol

Transport Layer Security Protocols

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security. Framework of security technologies for home network

Security and Privacy in Cloud Computing

Network Security. Network Security Hierarchy. CISCO Security Curriculum

CIS 253. Network Security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Security: Focus of Control. Authentication

CISCO IOS NETWORK SECURITY (IINS)

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Standard: Event Monitoring

Application Intrusion Detection

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Cryptography & Network Security

Welcome to Information Systems Security (503009)

CSC 474 Information Systems Security

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Evaluate the Usability of Security Audits in Electronic Commerce

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Reference Guide for Security in Networks

CHAPTER THREE, Network Services Management Framework

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CPSC 467b: Cryptography and Computer Security

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

The Information Security Problem

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Weighted Total Mark. Weighted Exam Mark

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Cryptography and Network Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection

Cloud Security and Managing Use Risks

CS 356 Lecture 28 Internet Authentication. Spring 2013

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

The Comprehensive Guide to PCI Security Standards Compliance

Description: Objective: Attending students will learn:

Security + Certification (ITSY 1076) Syllabus

CS 758: Cryptography / Network Security

Skoot Secure File Transfer

CorreLog Alignment to PCI Security Standards Compliance

True False questions (25 points + 5 points extra credit)

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

OpenHRE Security Architecture. (DRAFT v0.5)

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Transcription:

Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University

2 What is Communication Security? To provide safe communication over unsafe media Alice Eve Safe Communication Bob Alice can send a message to Bob that only Bob can understand Confidentiality Nobody can tamper with message content during communication Integrity Bob can know for sure it was Alice who sent the message Authentication Unsafe Media Medium over which passive and active attacks are possible

Network (Communication) Security Model

Passive Attacks

Active Attacks

6 X.800 : Security Architecture Security Services Different kinds of security protection Service Types Service Layer Mapping Security Mechanisms Different ways to implement security protection Mechanism Definition Service - Mechanism Mapping

7 Communication Security Services Confidentiality Data Confidentiality Traffic Confidentiality Data Integrity Authentication Data Origin Authentication Peer Authentication Access Control Non-Repudiation Audit Non-Repudiation of Origin Non-Repudiation of Reception Primary Services Availability an after-thought but increasingly important Note: all services are defined here in context of Communication Security

8 Confidentiality Protection of information from disclosure to unauthorized entities (organizations, people, machines, processes). Information includes data contents, size, existence, communication characteristics, etc. Service Types Data Confidentiality / Disclosure Protection Connection Oriented Connectionless Selective Field Traffic Flow Confidentiality Origin Destination Association Message Size Transmission Patterns Accompanied with Data Integrity Protection Mechanisms Data Encryption Symmetric (Secret-Key) Asymmetric (Public-Key)

9 Integrity Protection of data against creation, alteration, deletion, duplication, reordering by unauthorized entities (organizations, people, machines, processes). Integrity violation is always caused by active attacks. Service Types Message Integrity Associated with connectionless communication Message Stream Integrity Associated with connection oriented communication Protection Mechanisms Message Digests (Hashing) Sequence Numbers Nonce ID (Random Number) Time Stamps

10 Authentication Communicating entities are provided with assurance & information of relevant identities of communicating partners (people, machines, processes). Personnel Authentication requires special attention. Service Types Data Origin Authentication Associated with Connectionless Communication Peer Entity Authentication Associated with Connection Oriented Communication Fundamental for access control hence, confidentiality & integrity Protection Mechanisms Password Manual One-Time Password Key Sharing Manual Symmetric Key (Tickets) Asymmetric Key (Certificates) Challenge Response Nonce Based Zero Knowledge Proof

11 Internet Security - ComSec Services & Mechanisms Spring 2011 Access Control Protection of information resources or services against unauthorized access or use by entities (organizations, people, machines, processes). Policies Subject-Action-Target rules prescribing access restrictions Principles entities own access control privileges Subjects entities exercise access control privileges Privileges rights to access or use resources or services Objects / Targets resources or services accessed/used by subjects Authorization Assertion of access control privileges Delegation Transfer of access control privileges Service Types Subject Based Typing Identity Based Role Based Enforcement Based Typing Mandatory Access Control Management Directed Discretionary Access Control Resource Owner Directed Protection Mechanisms Access Control Lists (ACLs) Object Based Specification Ex.: UNIX File System Capabilities Subject Based Specification Issue Tickets/Certificates

12 Non-Repudiation Protection against denial of participation by communicating entities in all or part of a communication. Service Types Non-Repudiation of Origin Non-Repudiation of Reception Protection Mechanisms Notarization Time Stamp Digital Signature

13 Audit Recording & analyses of participation, roles and actions in information communication by relevant entities. Service Types Off-line Analysis (Computer Forensic) On-line Analysis (Real-time Intrusion Detection) Protection Mechanisms Syslog Intrusion Monitors / Sensors Common Intrusion Detection Framework (CIDF) Common Information Model (CIM)

14 Service vs. Layer Mapping APPLICATION PRESENTATION SESSION TRANSPORT NETWORK DATA LINK PHYSICAL MSP, PEM KEY MGMT TLSP NLSP, IPSP SILS Secure Signaling Relationship between Security Services and Protocol Layers Service Layer 1 2 3 4 5 6 7* Peer Entity Authentication Y Y Y Data Origin Authentication Y Y Y Access Control Y Y Y Connection Confidentiality Y Y Y Y Y Y Connectionless Confidentiality Y Y Y Y Y Selective Field Confidentiality Y Y Traffic Flow Confidentiality Y Y Y Connection Integrity with Recovery Y Y Connection integrity without Recovery Y Y Y Selective Field Connection Integrity Y Connectionless Integrity Y Y Y Selective Field Connectionless Integrity Y Non-repudiation, Origin Y Non-repudiation, Delivery Y

15 Further Reading Textbook Network Security Essentials, Ch. 1, Introduction, pp. 15 35 Web page: http://williamstallings.com/networksecurity/ Websites X.800 Security Services: http://en.wikipedia.org/wiki/security_service_(telecommunicati on) Availability: http://en.wikipedia.org/wiki/availability

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information