Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.



Similar documents
Cryptography and Network Security Chapter 1

Information System Security

Cryptography and Network Security

COSC 472 Network Security

CSCI 4541/6541: NETWORK SECURITY

Cryptography and Network Security: Overview

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Chap. 1: Introduction

544 Computer and Network Security

Introduction to Security

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Table: Security Services (X.800)

CS 203 / NetSys 240. Network Security

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

IY2760/CS3760: Part 6. IY2760: Part 6

Notes on Network Security - Introduction

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Content Teaching Academy at James Madison University

Lecture II : Communication Security Services

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

Network Security. Network Security Hierarchy. CISCO Security Curriculum

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

TELECOMMUNICATION NETWORKS

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

MANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

Network Security Essentials Chapter 5

Securing Distribution Automation

Overview of computer and communications security

Basics of Internet Security

Network Security Administrator

Computer Security: Principles and Practice

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Compter Networks Chapter 9: Network Security

CRYPTOGRAPHY IN NETWORK SECURITY

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Cryptography and Network Security Chapter 12

Chapter 7 Transport-Level Security

World Summit on Information Society (WSIS) Forum May 2013

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Security and Privacy in Cloud Computing

Cryptography and Network Security Chapter 14

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Curran, K. Tutorials. Independent study (including assessment) N/A

(Instructor-led; 3 Days)

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Introduction to Internet Security

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Network Security. Chapter 1 Introduction. Network Security IN2101. Georg Carle. Course organization

Security Implications Associated with Mass Notification Systems

Part 2: ICT security standards and guidance documents

Securing IP Networks with Implementation of IPv6

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Risk Management Guide for Information Technology Systems. NIST SP Overview

Using BroadSAFE TM Technology 07/18/05

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

ECE Lecture 1. Security Services. Need for information security. widespread use of data processing equipment: computer security

90% of data breaches are caused by software vulnerabilities.

Supporting FISMA and NIST SP with Secure Managed File Transfer

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

IT Security Management Risk Analysis and Controls

Chapter 6 Electronic Mail Security

Lesson 4: Introduction to network security

MSIT-121C (Elective 2): Cryptography and Network Security

Cryptography and Network Security Chapter 11

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

A NEW FRAMEWORK FOR BRIDGING THE GAP BETWEEN IT SERVICE MANAGEMENT AND IT GOVERNANCE FROM A SECURITY PERSPECTIVE

Data Protection: From PKI to Virtualization & Cloud

Healthcare Compliance Solutions

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Chapter 10. Network Security

Cybersecurity for the C-Level

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Transport Level Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Information Security

Message Authentication Codes

Network Security Essentials Chapter 7

CSE 5392 Sensor Network Security

CPSC 467: Cryptography and Computer Security

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Advanced Authentication

Practical Overview on responsibilities of Data Protection Officers. Security measures

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Cryptography and Network Security Chapter 10

PRIVACY AND DATA SECURITY MODULE

Transcription:

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. The Art of War, Sun Tzu Roadmap Cryptographic algorithms symmetric ciphers asymmetric encryption hash functions Mutual Trust Network Security Computer Security Standards Organizations National Institute of Standards & Technology (NIST) Internet Society (ISOC) International Telecommunication Union Telecommunication Standardization Sector (ITU-T) T) International Organization for Standardization (ISO)

Chapter 1 Introduction The combination of space, time, and strength that must be considered as the basic elements of this theory of defense makes this a fairly complicated matter. Consequently, it is not easy to find a fixed point of departure.. On War, Carl Von Clausewitz Outline We will look at: topic roadmap & standards organizations security concepts: confidentiality, integrity, availability X.800 security architecture security attacks, services, mechanisms models for network (access) security Computer Security the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)

Key Security Concepts Levels of Impact can define 3 levels of impact from a security breach Low Moderate High Examples of Security Requirements confidentiality student grades integrity patient information availability authentication service

Computer Security Challenges 1. not simple 2. must consider potential attacks 3. procedures used counter-intuitive 4. involve algorithms and secret info 5. must decide where to deploy mechanisms 6. battle of wits between attacker / admin 7. not perceived of benefit until fails 8. requires regular monitoring 9. too often an after-thought thought 10. regarded as impediment to using system OSI Security Architecture ITU-T T X.800 Security Architecture for OSI defines a systematic way of defining and providing security requirements for us it provides a useful, if abstract, overview of concepts we will study Aspects of Security Passive Attacks consider 3 aspects of information security: security attack security mechanism security service note terms threat a potential for violation of security attack an assault on system security, a deliberate attempt to evade security services

Active Attacks

Security Service enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed Security Services X.800: a a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers RFC 2828: a a processing or communication service provided by a system to give a specific kind of protection to system resources Security Services (X.800) Authentication - assurance that communicating entity is the one claimed have both peer-entity entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality - protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability - resource accessible/usable Security Mechanism feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques hence our focus on this topic

Security Mechanisms (X.800) Model for Network Security specific security mechanisms: encipherment,, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: trusted functionality, security labels, event detection, security audit trails, security recovery Model for Network Security Model for Network Access Security using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service

Model for Network Access Security using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information