CSE/EE 461 Lecture 23



Similar documents
Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Message authentication and. digital signatures

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Principles of Network Security

SSL A discussion of the Secure Socket Layer

SECURITY IN NETWORKS

CRYPTOGRAPHY IN NETWORK SECURITY

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Chapter 7 Transport-Level Security

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview. SSL Cryptography Overview CHAPTER 1

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Chapter 8. Network Security

Is your data safe out there? -A white Paper on Online Security

Network Security Protocols

Savitribai Phule Pune University

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Lecture 9 - Network Security TDTS (ht1)

What is network security?

Network Security. HIT Shimrit Tzur-David

An Introduction to Cryptography as Applied to the Smart Grid

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 7: Network security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Lecture 9: Application of Cryptography

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Cryptography & Digital Signatures

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Message Authentication Codes

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

EXAM questions for the course TTM Information Security May Part 1

How To Protect Your Data From Attack

SSL Protect your users, start with yourself

Application Layer (1)

Cornerstones of Security

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Properties of Secure Network Communication

Chapter 10. Network Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Communication Systems SSL

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

NETWORK ADMINISTRATION AND SECURITY

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Client Server Registration Protocol

IT Networks & Security CERT Luncheon Series: Cryptography

Cryptographic Hash Functions Message Authentication Digital Signatures

Authentication requirement Authentication function MAC Hash function Security of

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Transport Level Security

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

TLS and SRTP for Skype Connect. Technical Datasheet

How To Encrypt Data With Encryption

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security: Focus of Control. Authentication

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Communication Security for Applications

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Lukasz Pater CMMS Administrator and Developer

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Computer System Management: Hosting Servers, Miscellaneous

Hash Functions. Integrity checks

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Network Security Part II: Standards

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Security Protocols/Standards

Cryptography & Network Security

Network Security Fundamentals

SSL/TLS: The Ugly Truth

Information Security

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

CPSC 467b: Cryptography and Computer Security

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Network Security Technology Network Management

Transcription:

CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data Link Email/URLs Physical Focus Topics djw // CSE/EE 461, Winter 2003 L23.2 1

This Time Network security Application Presentation How do we secure distributed systems? Session Transport Network Privacy, integrity, authenticity Data Link Cryptography Physical Focus Topics djw // CSE/EE 461, Winter 2003 L23.3 What do we mean by Security? Networks are fundamentally shared Need means to protect messages sent by legitimate participants from others with access to the network Privacy: messages can t be eavesdropped Integrity: messages can t be tampered with Authenticity: messages were sent by the right party These are in addition to the need to protect networked systems from intrusions and compromise by attackers djw // CSE/EE 461, Winter 2003 L23.4 2

Approaches at 10,000 ft Physical security Tackle the problem of sharing directly Security through obscurity Hope no-one will find out what you re doing! Throw math at the problem Cryptography Why is security difficult? It s a negative goal: can you be sure there are no flaws? Often assumptions turn out to be invalid, esp. randomness djw // CSE/EE 461, Winter 2003 L23.5 Basic Encryption for Privacy Sender (M) Receiver (M) Encrypt E(M,K E ) Ciphertext (C) Decrypt D(C, K D ) Cryptographer chooses functions E, D and keys K E, K D Mathematical basis Cryptanalyst try to break the system Depends on what is known: E and D, M and C? djw // CSE/EE 461, Winter 2003 L23.6 3

Secret Key Functions (DES, IDEA) Encrypt with secret key Ciphertext Decrypt with secret key Single key (symmetric) is shared between parties Often chosen randomly, but must be communicated djw // CSE/EE 461, Winter 2003 L23.7 Basics of DES Initial permutation Each Round: L i 1 R i 1 Round 1 F K i Round 2 56-bit key L i R i Round 16 Final permutation DES uses a 64 bit key (56 8) Message encrypted 64 bits at a time 16 rounds in the encryption Each round scrambles 64 bits djw // CSE/EE 461, Winter 2003 L23.8 4

DES (cont.) Block 1 Block 2 Block 3 Block 4 IV DES DES DES DES Cipher 1 Cipher 2 Cipher 3 Cipher 4 Repeat process for larger messages with chaining djw // CSE/EE 461, Winter 2003 L23.9 Public Key Functions (RSA) Encrypt with public key Ciphertext Decrypt with private key Public and private key related mathematically Public key can be published; private is a secret djw // CSE/EE 461, Winter 2003 L23.10 5

Authentication Protocols Three-way handshake for mutual authentication Client and server share secrets, e.g., login password Client Server Client authenticates server here Session key exchanged ClientId, E(x, CHK) E(x 1, SHK), E(y, SHK) E(y 1, CHK) E(SK, SHK) Server authenticates client here djw // CSE/EE 461, Winter 2003 L23.11 Authenticity and Integrity Sometimes we care about knowing messages authentic, but don t care about privacy. If only sender and receiver knew the keys we would be done but that s often not the case A pair of keys for each pair of communicating parties? In public key (RSA) systems the encryption key is potentially known by everyone anyone could have sent us a confidential message by encrypting with our public key djw // CSE/EE 461, Winter 2003 L23.12 6

RSA Digital Signature Encrypt with PRIVATE key Ciphertext Decrypt with PUBLIC key Notice that we reversed the role of the keys (and the math just works out) so only one party can send the message but anyone can check it s authenticity djw // CSE/EE 461, Winter 2003 L23.13 A Faster RSA Signature Encryption can be expensive, e.g., RSA 1Kbps To speed up, let s sign just the checksum instead! Check that the encrypted bit is a signature of the checksum Problem: Easy to alter data without altering checksum Answer: Cryptographically strong checksums called message digests where it s computationally difficult to choose data with a given checksum But they still run much more quickly than encryption MD5 (128 bits) is the most common example djw // CSE/EE 461, Winter 2003 L23.14 7

Message Digests (MD5, SHA) Act as a cryptographic checksum or hash Typically small compared to message (MD5 128 bits) One-way : infeasible to find two messages with same digest Initial digest Transform Message (padded) 512 bits 512 bits 512 bits Transform Transform Message digest djw // CSE/EE 461, Winter 2003 L23.15 Cryptography in Protocols These techniques can be applied at different levels: IP packets (IPSEC) Web transfers or other transports (SSL/TLS, Secure HTTP) Email (PGP) Next time.. djw // CSE/EE 461, Winter 2003 L23.16 8

Key Concepts Privacy, integrity, and authenticity Cryptographic mechanisms are used to support these properties: private key, public key and digests djw // CSE/EE 461, Winter 2003 L23.17 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information