Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities



Similar documents
Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

An Introduction to Cryptography as Applied to the Smart Grid

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 10. Network Security

Cornerstones of Security

CRYPTOGRAPHY IN NETWORK SECURITY

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Chapter 7 Transport-Level Security

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Network Security. Outline of the Tutorial

Chapter 8. Network Security

Transport Layer Security Protocols

How To Pass A Credit Course At Florida State College At Jacksonville

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

ICTTEN8195B Evaluate and apply network security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

NETWORK ADMINISTRATION AND SECURITY

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

CSE/EE 461 Lecture 23

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Tim Bovles WILEY. Wiley Publishing, Inc.

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Overview. Protocols. VPN and Firewalls

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

IP Security. Ola Flygt Växjö University, Sweden

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Overview. SSL Cryptography Overview CHAPTER 1

Network Security Essentials Chapter 5

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Network Security Fundamentals

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Network Security Protocols

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

DRAFT Standard Statement Encryption

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Communication Systems SSL

Cryptography and network security CNET4523

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

IT Networks & Security CERT Luncheon Series: Cryptography

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Lecture 9 - Network Security TDTS (ht1)

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Communication Security for Applications

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Information Security Basic Concepts

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Security Goals Services

Network Security. Lecture 3

Lukasz Pater CMMS Administrator and Developer

EXAM questions for the course TTM Information Security May Part 1

Release: 1. ICANWK502A Implement secure encryption technologies

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Internetwork Security

Network Security Part II: Standards

Introduction to Security and PIX Firewall

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

PA160: Net-Centric Computing II. Network Security

Chapter 6 Electronic Mail Security

(d-5273) CCIE Security v3.0 Written Exam Topics

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

CCNA Security 1.1 Instructional Resource

How To Encrypt Data With Encryption

Application Note: Onsight Device VPN Configuration V1.1

Introduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

7! Cryptographic Techniques! A Brief Introduction

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Savitribai Phule Pune University

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Client Server Registration Protocol

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

A Comparative Study of Security Features in FreeBSD and OpenBSD

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Transcription:

TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons Policy vulnerabilities Configuration vulnerabilities Technology vulnerabilities Doç. Dr. Halûk Gümüşkaya haluk@uekae.tubitak.gov.tr http: / /www.mam.gov.tr /~haluk Start: August 2001, Update: September 2001 1 And People Eager to Take Advantage of the Vulnerabilities 2 Contents 2. Cryptography - Definitions Security Threats telnet company.org username: dan password: Passive Threats m-y-p-a-s-s-w-o-r-d d-a-n Interception (Loss of Privacy) I m. Send Me All Corporate Correspondence with Cisco. Active Threats Fabrication (Impersonation) Deposit $1000 Deposit $ 100 CPU 3 Interruption (Denial of Service) Customer Modification (Loss of Integrity) Bank 4

UNIVERSAL PASSPORT Elements of Security Identity Identity Accurately identify users Determine what users are allowed to do Integrity Ensure network availability Provide perimeter security Ensure privacy Active Audit Recognize network weak spots Uniquely and accurately identify users, applications, services, and resources Username/password, one-time password Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) AAA server RADIUS, TACACS+, Kerberos, MS-login Digital Certificates, Directory Services Network Address Translation Detect and react to intruders Policy 5 6 Authentication, Authorization, and Accounting (AAA) Example: End-to-End Security Products Tool for enforcing security policy Authentication Verifies identity Who are you? Authorization 123 456 7 8 9 0 Configures integrity What are you permitted to do? Accounting Assists with audit What, When, How long did you do? 123 456 7 8 9 0 UNIVERSAL PASSPORT USA UNIVERSAL PASSPORT USA Identity Secure access control server Integrity Secure Integrated Software Firewall Access control lists VPN/encryption solutions (IPSec) Active Audit Secure Scanner Secure Intrusion Detection System 7 8

Components of Security Management Workstation Components of Security and Real World Security Examples WAN Firewall or Security Gateway Administration Audit Trails (Acounting) Corp IS Identity: Authentication, Authorization, Accounting (AAA) (Kimlik Doğrulama, Yetkilendirme, Takip) ID Card (i.e: Driver License), Notery, Physical Presence, Keys and Badges (Doors, locks, guards, Analogy: Firewalls & access controls ) Integrity (Bütünlük) Signature, barkode, stamp Active Audit Surveillance cameras & motion sensors Authentication Integrity Authorization Nonrepudiation (Gizlilik) Non-repudiation (İnkâr Edememezlik) Sealed Envelope Signature, Received, Approval Availability (Reliability) (Süreklilik) Different Communication Paths, Standby Systems and Power Supplies, Backup 9 10 Components of Security and Electronic Security Solutions Security Objective: Balance Business Needs with Risks Identity: Authentication, Authorization, Accounting (AAA) (Kimlik Doğrulama, Yetkilendirme, Takip) Digital Signatures, Secret key,hashing Integrity (Bütünlük) Hash, Digital Signatures, Certificates Active Audit Intrusion Detection System (Gizlilik) Ciphering Connectivity Performance Ease of Use Manageability Availability Authentication Authorization Accounting Assurance Data Integrity Non-repudiation (İnkâr Edememezlik) Digital Signatures, Log Files Access Security Availability (Reliability) (Süreklilik) Standby Systems, Backup, Maintenance 11 Policy Management 12

Cryptography 2. Cryptography Services: (Gizlilik) (ciphering) Integrity (Bütünlük) (one-way hash) Authentication (Kimlik Doğrulama) (secret key or digital signatures) Non-repudiation (İnkâr Edememezlik) Two types: Symmetric cryptography (secret key) Asymmetric cryptography (public key) 13 14 Symmetric Cryptography Advantages Secret Key Fast ciphering / deciphering One secret key shared for: Ciphering (Encryption) Deciphering (Decryption) *^1 h Many algorithms available DES, Triple DES* RC2, RC4, RC5* IDEA* Blowfish* CAST* SkipJack FWZ-1 MPPE Reliability: Depends on the length of the key 15 * supported by IPSec 16

Symmetric Cryptography Key Management Symmetric Cryptography Key Management 5 1 4 4 6 3 Users 3 4 Keys 3 6 One-to-Many 17 5 6 2 Many-to-Many 1 2 3 10 100 1000 10000 55 5,050 500,500 49,995,000!!!? 18 Disadvantages Asymmetric [public key] cryptography Secret key = shared secret Problem to safely exchange the secret A distinct key for each couple communicating Many users = many keys to manage Finding the secret key = access to the data exchanged in the past and the present Consider the need to change keys often A key pair Public key / Private key Bound mathematically via very large numbers Theoretically impossible to find one of the key by knowing the other one No shared Secret! Private key Confidential Public key Published The more the key is used to cipher large blocks of data, the more the key is exposed 19 20

Asymmetric cryptography - Application Asymmetric cryptography - Alice Encryption Receiver s Public key Decryption Receiver s Private key Message Authentication Encryption Decryption Alice s public key *&^1 )-h@ Alice s private key Sender s Private key Sender s Public key 21 22 Asymmetric cryptography - Examples Diffie-Hellman exchange key protocol Much slower than symmetric cryptography From 100 to 1000 times slower Not usable for ciphering major flows Alice Examples : DH private key s DH public key Alice s DH public key s DH public key Alice s DH public key DH private key RSA (Rivest Shamir Adleman): Algorithm providing encryption and authentication Diffie-Hellman: Key Exchange Protocol 23 DH Secret key 24

Cryptography - IPSec combination Public key cryptography not well-adapted for fast ciphering Use of secret key cryptography How to make secret key sharing secure? Use of public key cryptography Diffie-Hellman (used by IPSec) Digital envelope (used by SSL) 2. Cryptography 25 26 One-way Hash (message digest) Data Integrity (1) Verification of the integrity of the data transmitted Comparable to a CRC, but much more sophisticated Usually 128-bit or 160-bit message digest No return possible to the original text from the message digest One bit modified on the message affects half of the bits of the digest! Two different messages do not produce the same digest Example of a hash algorithm: MD2 (128-bit digest) MD4 (128-bit digest) MD5* (128-bit digest) (Ron Rivest, RFC 1321) SHA-1* (160-bit digest) (NIST) Hash Algorithm Digest Digest Message sent to Alice * supporté par IPSec 27 28

Data Integrity (2) Alice 2. Cryptography Hash Algorithm Digest Digest If Digest = Digest Verified! 29 30 Authentication - Message Authentication Code How does Alice know the message is coming from? combines the hash function with cryptography (Hash + cryptography) Result = MAC, Message Authentication Code Hash Algorithm + Key Authentication methods Two cryptographic techniques Two MAC computations Symmetric cryptography MAC = hash + secret key Asymmetric cryptography MAC = hash + private key Called Digital Signature + Hash Algorithm Secret key + Hash Algorithm Private key 31 32

Secret key Authentication Secret key Authentication Alice + Secret key Hash Algorithm MAC A to table eat! MAC + Secret key Hash Algorithm MAC Message sent to Alice If MAC = MAC verified! MAC 33 34 Secret key Authentication - Examples Public key Authentication (signature) Authentication using secret key (symmetric cryptography) Keyed-MD5 Keyed-SHA-1 IPSec implementation : the HMAC transform Defined by RFC 2104 Based on a keyed-md5 or keyed-sha-1 mechanism Apply twice the keyed hash function Optionally truncates the result : RFC 2403 : HMAC-MD5-96 RFC 2404 : HMAC-SHA-1-96 Hash Algorithm Digest s Private key Encryption * ^1 Message sent to Alice * ^1 35 36

How Public-Key Cryptography Works 2. Cryptography 37 38 39 40

2. Cryptography Where can we put security in the TCP/IP Protocol Stack? OSI Modeli Uygulama (Application) Sunum (Presentation) Oturum (Session) Aktarım (Transport) Ağ (Network) Veri Bağı (Data Link) TCP/IP Uygulama (Application) Aktarım (Transport) (TCP/UDP) IP Veri Bağı (Data Link) S-MIME S-HTTP SET... SOCKS, SSL, TSL IPSEC (AH, ESP) Packet Filtering Tunneling Link Encription Fiziksel (Physical) Fiziksel (Physical) 41 Security Levels 42 Application Layer SHTTP S/MIME TCP/UDP IP Transport Layer HTTP FTP SMTP Presentation Layer HTTP FTP SMTP SET PGP TCP/UDP IP Network Layer HTTP FTP SMTP Main References Some papers from IEEE W. Stallings, Network Security Essentials, Applications and Standards, Prentice Hall, 2000. N. Rivat, Description of IPSec Tutorial, IPSEC 99 Conferance Proceedings, Paris, France, October 1999 CISCO Business Essentials, Self-Paced Training CD, Security Basics. My experience. Internet. SSL/TLS/SOCKS TCP/UDP IP TCP/UDP AH ESP IP Secure IP 43 44

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information