Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security.

Published byDaniella Wilcox Modified over 7 years ago

Similar presentations

Presentation on theme: "Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security."— Presentation transcript:

1 Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security

2 Network Security To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage prudence. Hence before strangers are allowed to enter a district, or at least before they are permitted to mingle freely with the inhabitants, certain ceremonies are often performed by the natives of the country for the purpose of disarming the strangers of their magical powers, or of disinfecting, so to speak, the tainted atmosphere by which they are supposed to be surrounded. —The Golden Bough, Sir James George Frazer

3 Security Requirements  confidentiality - protect data content/access  integrity - protect data accuracy  availability - ensure timely service  authenticity - protect data origin

4 Passive Attacks  eavesdropping on transmissions  to obtain information release of possibly sensitive/confidential message contents release of possibly sensitive/confidential message contents traffic analysis which monitors frequency and length of messages to get info on senders traffic analysis which monitors frequency and length of messages to get info on senders  difficult to detect  can be prevented using encryption

5 Active Attacks  masquerade pretending to be a different entity pretending to be a different entity  replay  modification of messages  denial of service  easy to detect detection may lead to deterrent detection may lead to deterrent  hard to prevent focus on detection and recovery focus on detection and recovery

6 Requirements for Security  strong encryption algorithm even known, unable to decrypt without key even known, unable to decrypt without key even if many plaintexts & ciphertexts available even if many plaintexts & ciphertexts available  sender and receiver must obtain secret key securely  once key is known, all communication using this key is readable

7 Attacking Encryption  cryptanalysis relay on nature of algorithm plus some knowledge of general characteristics of plaintext relay on nature of algorithm plus some knowledge of general characteristics of plaintext attempt to deduce plaintext or key attempt to deduce plaintext or key  brute force try every possible key until plaintext is recovered try every possible key until plaintext is recovered rapidly becomes infeasible as key size increases rapidly becomes infeasible as key size increases 56-bit key is not secure 56-bit key is not secure

8 Block Ciphers  most common symmetric algorithms  process plain text in fixed block sizes producing block of cipher text of equal size  most important current block ciphers: Data Encryption Standard (DES) Data Encryption Standard (DES) Advanced Encryption Standard Advanced Encryption Standard

9 Data Encryption Standard  US standard  64 bit plain text blocks  56 bit key  broken in 1998 by Electronic Frontier Foundation special purpose US$250,000 machine special purpose US$250,000 machine with detailed published description with detailed published description less than three days less than three days DES now worthless DES now worthless

10 Location of Encryption Devices

11 Link Encryption  each communication link equipped at both ends  all traffic secure  high level of security  requires lots of encryption devices  message must be decrypted at each switch to read address (virtual circuit number)  security vulnerable at switches particularly on public switched network particularly on public switched network

12 End to End Encryption  encryption done at ends of system  data in encrypted form crosses network unaltered  destination shares key with source to decrypt  host can only encrypt user data otherwise switching nodes could not read header or route packet otherwise switching nodes could not read header or route packet  hence traffic pattern not secure  solution is to use both link and end to end

13 Message Authentication  protection against active attacks with falsification of data falsification of data falsification of source falsification of source  authentication allows receiver to verify that message is authentic has not been altered has not been altered is from claimed/authentic source is from claimed/authentic source timeliness timeliness

14 Authentication Using Symmetric Encryption  assume sender & receiver only know key  only sender could have encrypted message for other party  message must include one of: error detection code error detection code sequence number sequence number time stamp time stamp

15 Authentication Without Encryption  authentication tag generated and appended to each message  message not encrypted  useful when don’t want encryption because: messages broadcast to multiple destinations messages broadcast to multiple destinations have one destination responsible for authenticationhave one destination responsible for authentication one side heavily loaded one side heavily loaded encryption adds to workloadencryption adds to workload can authenticate random messagescan authenticate random messages programs authenticated without encryption can be executed without decoding programs authenticated without encryption can be executed without decoding

16 Message Authentication Code  generate authentication code based on shared key and message  common key shared between A and B  if only sender and receiver know key and code matches: receiver assured message has not altered receiver assured message has not altered receiver assured message is from alleged sender receiver assured message is from alleged sender if message has sequence number, receiver assured of proper sequence if message has sequence number, receiver assured of proper sequence  can use various algorithms, eg. DES

17 RSA Algorithm

18 RSA Example

19 RSA Security  brute force search of all keys given size of parameters is infeasible given size of parameters is infeasible but larger keys do slow calculations but larger keys do slow calculations  factor n to recover p & q a hard problem a hard problem well known 129 digit challenge broken in 1994 well known 129 digit challenge broken in 1994 key size of 1024-bits (300 digits) currently secure for most apps key size of 1024-bits (300 digits) currently secure for most apps

20 Public Key Certificates

21 WiFi Protected Access  WiFi Protected Access (WPA) extensions to address 802.11 security issues based on current 802.11i standard based on current 802.11i standard addresses authentication, key management, data transfer privacy addresses authentication, key management, data transfer privacy  uses authentication server and a more robust protocol  encryption with AES or 104-bit RC4

22 WiFi Protected Access

23 802.11i Access Control

24 802.11i Privacy & Integrity  have Temporal Key Integrity Protocol (TKIP) or WPA-1 s/w only changes to existing equipment s/w only changes to existing equipment using same RC4 algorithm as older WEP using same RC4 algorithm as older WEP  and Counter Mode CBC MAC (CCMP) or WPA-2 using AES encryption  both add message integrity code (MIC) generated using Michael algorithm generated using Michael algorithm

Download ppt "Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Network Security Md. Kamrul Hasan Assistant Professor and Chairman

Network Security Md. Kamrul Hasan Assistant Professor and Chairman
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptography and Network Security

Cryptography and Network Security
Cryptography and Network Security

Cryptography and Network Security
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Cryptography and Network Security Chapter 13

Cryptography and Network Security Chapter 13
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Similar presentations

Ads by Google