Security: Focus of Control. Authentication



Similar documents
Network Security. Network Security. Security in Computer Networks

What is network security?

Chapter 7: Network security

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Key Management (Distribution and Certification) (1)

TELE 301 Network Management. Lecture 18: Network Security

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Chapter 8. Network Security

Network Security. HIT Shimrit Tzur-David

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Cornerstones of Security

SECURITY IN NETWORKS

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Internet Programming. Security

Chapter 10. Network Security

CS 3251: Computer Networking 1 Security Protocols I

CS5008: Internet Computing

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Principles of Network Security

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Transport Level Security

Chapter 7 Transport-Level Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

ISM/ISC Middleware Module

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Network Security Protocols

Application Layer (1)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Using etoken for SSL Web Authentication. SSL V3.0 Overview

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Client Server Registration Protocol

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Q: Why security protocols?

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Lecture 9: Application of Cryptography

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Chapter 16: Authentication in Distributed System

CSE/EE 461 Lecture 23

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Module 7 Security CS655! 7-1!

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Cryptography and Network Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

SSL Protect your users, start with yourself

Transport Layer Security Protocols

CTS2134 Introduction to Networking. Module Network Security

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Information Security

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Is your data safe out there? -A white Paper on Online Security

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Security in Distributed Systems. Network Security

Chapter 17. Transport-Level Security

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Sync Security and Privacy Brief

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Chapter 37. Secure Networks

Web Security. Mahalingam Ramkumar

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

The Case For Secure

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Chapter 8 Network Security

Internet Security. Christopher Kruegel

SSL A discussion of the Secure Socket Layer

Lecture 9 - Network Security TDTS (ht1)

Content Teaching Academy at James Madison University

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI

Proxy Server, Network Address Translator, Firewall. Proxy Server

Overview of Network Security

Computer System Management: Hosting Servers, Miscellaneous

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security Essentials Chapter 5

Netzwerksicherheit: Anwendungen

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

NETWORK ADMINISTRATION AND SECURITY

Computer Networks - CS132/EECS148 - Spring

Why you need secure

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Three attacks in SSL protocol and their solutions

How To Protect Your Data From Attack

How To Protect Your From Being Hacked On A Pc Or Mac Or Ipa From Being Stolen On A Network (For A Free Download) On A Computer Or Ipo (For Free) On Your Pc Or Ipom (For An Ipo

Quickstream Connectivity Options

Transcription:

Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized users Lecture 23, page 1 Authentication Question: how does a receiver know that remote communicating entity is who it is claimed to be? Lecture 23, page 2 1

Authentication Protocol (ap) Ap 1.0 Alice to Bob: I am Alice Problem: intruder Trudy can also send such a message Ap 2.0 Authenticate source IP address is from Alice s machine Problem: IP Spoofing (send IP packets with a false address) Ap 3.0: use a secret password Alice to Bob: I am Alice, here is my password (e.g., telnet) Problem: Trudy can intercept Alice s password by sniffing packets Lecture 23, page 3 Authentication Protocol Ap 3.1: use encryption use a symmetric key known to Alice and Bob Alice & Bob (only) know secure key for encryption/decryption A to B: msg = encrypt("i am A") B computes: if decrypt(msg)=="i am A" then A is verified else A is fradulent failure scenarios: playback attack Trudy can intercept Alice s message and masquerade as Alice at a later time Lecture 23, page 4 2

Authentication Using Nonces Problem with ap 3.1: same password is used for all sessions Solution: use a sequence of passwords pick a "once-in-a-lifetime-only" number (nonce) for each session Ap 4.0 A to B: msg = "I am A" /* note: unencrypted message! */ B to A: once-in-a-lifetime value, n A to B: msg2 = encrypt(n) /* use symmetric keys */ B computes: if decrypt(msg2)==n then A is verified else A is fradulent note similarities to three way handshake and initial sequence number choice problems with nonces? Lecture 23, page 5 Authentication Using Public Keys Ap 4.0 uses symmetric keys for authentication Question: can we use public keys? symmetry: DA( EA(n) ) = EA ( DA(n) ) AP 5.0 A to B: msg = "I am A" B to A: once-in-a-lifetime value, n A to B: msg2 = DA(n) B computes: if EA (DA(n))== n then A is verified else A is fradulent Lecture 23, page 6 3

Problems with Ap 5.0 Bob needs Alice s public key for authentication Trudy can impersonate as Alice to Bob Trudy to Bob: msg = I am Alice Bob to Alice: nonce n (Trudy intercepts this message) Trudy to Bob: msg2= DT(n) Bob to Alice: send me your public key (Trudy intercepts) Trudy to Bob: send ET (claiming it is EA) Bob: verify ET(DT(n)) == n and authenticates Trudy as Alice!! Moral: Ap 5.0 is only as secure as public key distribution Lecture 23, page 7 Man-in-the-middle Attack Trudy impersonates as Alice to Bob and as Bob to Alice Alice Trudy Bob I am A I am A nonce n DT(n) send me ET ET nonce n DA(n) send me EA EA Bob sends data using ET, Trudy decrypts and forwards it using EA!! (Trudy transparently intercepts every message) Lecture 23, page 8 4

Digital Signatures Using Public Keys Goals of digital signatures: sender cannot repudiate message never sent ("I never sent that") receiver cannot fake a received message Suppose A wants B to "sign" a message M B sends DB(M) to A A computes if EB ( DB(M)) == M then B has signed M Question: can B plausibly deny having sent M? Lecture 23, page 9 Message Digests Encrypting and decrypting entire messages using digital signatures is computationally expensive Routers routinely exchange data Does not need encryption Needs authentication and verify that data hasn t changed Message digests: like a checksum Hash function H: converts variable length string to fixed length hash Digitally sign H(M) Send M, DA(H(m)) Can verify who sent the message and that it has been changed! Property of H Given a digest x, it is infeasible to find a message y such that H(y) = x It is infeasible to find any two messages x and y such that H(x) = H(y) Lecture 23, page 10 5

Hash Functions : MD5 The structure of MD5 Lecture 23, page 11 Symmetric key exchange: trusted server Problem: how do distributed entities agree on a key? Assume: each entity has its own single key, which only it and trusted server know Server: will generate a one-time session key that A and B use to encrypt communication will use A and B's single keys to communicate session key to A, B Lecture 23, page 12 6

Key Exhange: Key Distribution Center (1) The principle of using a KDC. Lecture 23, page 13 Authentication Using a Key Distribution Center (2) Using a ticket and letting Alice set up a connection to Bob. Lecture 23, page 14 7

Authentication Using a Key Distribution Center (3) The Needham-Schroeder authentication protocol. Lecture 23, page 15 Public Key Exchange Mutual authentication in a public-key cryptosystem. Lecture 23, page 16 8

Public key exchange: trusted server public key retrieval subject to man-in-middle attack locate all public keys in trusted server everyone has server's encryption key (ES public) suppose A wants to send to B using B's "public" key Lecture 23, page 17 Protection Against Intruders: Firewalls A common implementation of a firewall. Lecture 23, page 18 9

Firewalls Firewall: network components (host/router+software) sitting between inside ("us") and outside ("them) Packet filtering firewalls: drop packets on basis of source or destination address (i.e., IP address, port) Application gateways: application specific code intercepts, processes and/or relays application specific packets e.g., email of telnet gateways application gateway code can be security hardened can log all activity Lecture 23, page 19 Secure Email Requirements: Secrecy Sender authentication Message integrity Receiver authentication Secrecy Can use public keys to encrypt messages Inefficient for long messages Use symmetric keys Alice generates a symmetric key K Encrypt message M with K Encrypt K with E B Send K(M), E B (K) Bob decrypts using his private key, gets K, decrypts K(M) Lecture 23, page 20 10

Secure Email Authentication and Integrity (with no secrecy) Alice applies hash function H to M (H can be MD5) Creates a digital signature D A (H(M)) Send M, D A (H(M)) to Bob Putting it all together Compute H(M), D A (H(M)) M = { H(M), D A (H(M)) } Generate symmetric key K, compute K(M ) Encrypt K as E B (K) Send K(M ), E B (K) Used in PGP (pretty good privacy) Lecture 23, page 21 Secure Sockets Layer (SSL) SSL: Developed by Netscape Provides data encryption and authentication between web server and client SSL lies above the transport layer Useful for Internet Commerce, secure mail access (IMAP) Features: SSL server authentication Encrypted SSL session SSL client authentication Lecture 23, page 22 11

Secure Socket Layer Protocol: https instead of http Browser -> Server: B s SSL version and preferences S->B: S s SSL version, preferences, and certificate Certificate: server s RSA public key encrypted by CA s private key B: uses its list of CAs and public keys to decrypt S s public key B->S: generate K, encrypt K with with E S B->S: future messages will be encrypted, and K(m) S->B: future messages will be encrypted, and K(m) SSL session begins Lecture 23, page 23 SSL Homework: get your own digital certificate Click on security icon (next to print icon) in Netscape Click on Certificates and then on obtain your certificate Send an email to yourself signed with your certificate Also examine listed of trusted CAs built into the browser Lecture 23, page 24 12

Electronic Payment Systems (1) Payment systems based on direct payment between customer and merchant. a) Paying in cash. b) Using a check. c) Using a credit card. Lecture 23, page 25 E-cash The principle of anonymous electronic cash using blind signatures. Lecture 23, page 26 13

Secure Electronic Transactions (SET) The different steps in SET. Lecture 23, page 27 key concerns: encryption authentication key exchange Security: conclusion also: increasingly an important area as network connectivity increases digital signatures, digital cash, authentication, increasingly important an important social concern further reading: Crypto Policy Perspectives: S. Landau et al., Aug 1994 CACM Internet Security, R. Oppliger, CACM May 1997 www.eff.org Lecture 23, page 28 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information