Cryptography and Network Security 1. Overview. Lectured by Nguyễn Đức Thái

Similar documents
Chap. 1: Introduction

IY2760/CS3760: Part 6. IY2760: Part 6

Cryptography and Network Security

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Notes on Network Security - Introduction

Content Teaching Academy at James Madison University

Information System Security

Table: Security Services (X.800)

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Chapter 1

COSC 472 Network Security

CSCI 4541/6541: NETWORK SECURITY

Cryptography and Network Security: Overview

Introduction to Security

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security. Network Security Hierarchy. CISCO Security Curriculum

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

544 Computer and Network Security

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

Compter Networks Chapter 9: Network Security

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

Information Security Basic Concepts

Chapter 7 Transport-Level Security

Chapter 6 Electronic Mail Security

Overview of computer and communications security

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

SecureMessageRecoveryandBatchVerificationusingDigitalSignature

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

MSIT-121C (Elective 2): Cryptography and Network Security

Network Security. HIT Shimrit Tzur-David

How To Write A Transport Layer Protocol For Wireless Networks

CPSC 467: Cryptography and Computer Security

Institute of Southern Punjab, Multan

Lecture II : Communication Security Services

Insight Guide. Encryption: A Guide

CPSC 467b: Cryptography and Computer Security

Information Security

Message Authentication Codes

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Welcome to Information Systems Security (503009)

IT Networks & Security CERT Luncheon Series: Cryptography

Security Requirements for Wireless Networks and their Satisfaction in IEEE b and Bluetooth

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

How To Protect Your Data From Being Hacked On A Network (Kerberos) On A Pc Or Mac Or Ipad (Ipad) On An Ipad Or Ipa (Networking) On Your Computer Or Ipam (Network

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Cybersecurity for the C-Level

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Introduction to Network Security Security Overview

Chapter 10. Cloud Security Mechanisms

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Chapter 6: Fundamental Cloud Security

Introduction to Internet Security

Chapter 17. Transport-Level Security

Third Party Security Requirements Policy

SSL A discussion of the Secure Socket Layer

Security Goals Services

Cryptography & Network Security

Weighted Total Mark. Weighted Exam Mark

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Network Security. Instructor: Adam Hahn

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Your Wireless Network has No Clothes

Authentication requirement Authentication function MAC Hash function Security of

CRYPTOGRAPHY IN NETWORK SECURITY

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Data Security Incident Response Plan. [Insert Organization Name]

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Lesson 4: Introduction to network security

Wireless Network Security

Cryptography and Network Security

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Cryptography and Network Security Chapter 12

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Module 7 Security CS655! 7-1!

Chapter 10. Network Security

SFWR ENG 4C03 - Computer Networks & Computer Security

CS 203 / NetSys 240. Network Security

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Introduction to Encryption

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

TELE 301 Network Management. Lecture 18: Network Security

Intrusion Detection for Mobile Ad Hoc Networks

Why you need secure

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Transcription:

Cryptography and Network Security 1. Overview Lectured by Nguyễn Đức Thái

Outline Security concepts X.800 security architecture Security attacks, services, mechanisms Models for network (access) security Network security terminologies 2

Computer Security Objectives Confidentiality Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Integrity Data integrity Assures that information and programs are changed only in a specified and authorized manner System integrity Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability Assures that systems work promptly and service is not denied to authorized users 3

CIA Triad The Security Requirements Triad 4

Possible Additional Concepts Authenticity Verifying that users are who they say they are and that each input arriving at the system came from a trusted source Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity 5

Terms 6

Security Attacks A means of classifying security attacks, used both in X.800 and RFC 4949, is in terms of passive attacks and active attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources An active attack attempts to alter system resources or affect their operation 7

Passive Attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are i. the release of message contents and ii. traffic analysis. 8

Active Attacks Involve some modification of the data stream or the creation of a false stream Difficult to prevent because of the wide variety of potential physical, software, and network vulnerabilities Goal is to detect attacks and to recover from any disruption or delays caused by them Masquerade Replay Modification of messages Takes place when one entity pretends to be a different entity Usually includes one of the other forms of active attack Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect Denial of service Prevents or inhibits the normal use or management of communications facilities 9

Passive Attacks - Interception Release of message contents 10

Passive Attacks Traffic Analysis Observe traffic pattern Traffic analysis 11

Handling Attacks Passive attacks focus on Prevention Easy to stop Hard to detect Active attacks focus on Detection and Recovery Hard to stop Easy to detect 12

Security Services (X.800) Authentication - assurance that communicating entity is the one claimed have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability resource accessible/usable 13

Authentication Concerned with assuring that a communication is authentic In the case of a single message, assures the recipient that the message is from the source that it claims to be from In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties Two specific authentication services are defined in X.800: Peer entity authentication Data origin authentication 14

Access Control The ability to limit and control the access to host systems and applications via communications links To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual 15

Data Confidentiality The protection of transmitted data from passive attacks Broadest service protects all user data transmitted between two users over a period of time Narrower forms of service includes the protection of a single message or even specific fields within a message The protection of traffic flow from analysis This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility 16

Data Integrity Can apply to a stream of messages, a single message, or selected fields within a message Connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays A connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only 17

Non-repudiation Prevents either sender or receiver from denying a transmitted message When a message is sent, the receiver can prove that the alleged sender in fact sent the message When a message is received, the sender can prove that the alleged receiver in fact received the message 18

Security Mechanism As known as control Feature designed to detect, prevent, or recover from a security attack No single mechanism that will support all services required However one particular element underlies many of the security mechanisms in use: cryptographic techniques 19

Security Mechanism (X.800) Specific Security Mechanisms Encipherment Digital signatures Access controls Data integrity Authentication exchange Traffic padding Routing control Notarization Pervasive Security Mechanisms Trusted functionality Security labels Event detection Security audit trails Security recovery 20

A Model for Network Security 21

A Model for Network Security Using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service 22

A Model for Network Access Security 23

A Model for Network Access Security Using this model requires us to: 1. Select appropriate gatekeeper functions to identify users 2. Implement security controls to ensure only authorised users access designated information or resources Note that model does not include: 1. monitoring of system for successful penetration 2. monitoring of authorized users for misuse 3. audit logging for forensic uses, etc. 24

Unwanted Access Placement in a computer system of logic that exploits vulnerabilities in the system and that can affect application programs as well as utility programs such as editors and compilers Programs can present two kinds of threats: Information access threats o Intercept or modify data on behalf of users who should not have access to that data Service threats o Exploit service flaws in computers to inhibit use by legitimate users 25

Some Basic Terminologies plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering plaintext from ciphertext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis 26

Summary Security concepts Confidentiality, Integrity, Availability X.800 security architecture Security attacks, services, mechanisms Models for network (access) security 27

References Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, Sixth Edition, 2013 28

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information