Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security.

Published byBridget Lee Modified over 7 years ago

Similar presentations

Presentation on theme: "Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security."— Presentation transcript:

1 network security tkkwon@snu.ac.kr 1

2 Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security cryptography 2

3 Security dichotomy Computer (system) Security –automated tools and mechanisms to protect data in a computer, even if the computers are connected to a network against hackers (intrusion) against viruses against Denial of Service attacks –Access control, authorization, … Internet (network) Security –measures to prevent, detect, and correct security violations that involve the transmission of information in a network or interconnected network –Everything on the network can be a target –Every transmitted bit can be tapped 3

4 Friends and enemies: Alice, Bob, Trudy/Eve well-known in network security world Bob, Alice want to communicate “securely” Trudy (intruder) may tap, delete, add, modify messages secure sender secure receiver channel data, control messages data Alice Bob Trudy Source: Kurose at UMass 4

5 There are bad guys out there! Q: What can a “bad guy” do? A: A lot! –eavesdrop: intercept messages –Insert/modify/delete messages into connection –impersonation: can fake (spoof) source address in packet (or any field in packet) –hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place –denial of service: prevent service from being used by others (e.g., by overloading resources) Source: Kurose at UMass 5

6 many kinds of attacks! cryptographic attacks –find a key passive attacks active attacks 6

7 passive attacks wiretapping –cf. lawful interception port scanner idle scan –secretly scanning 7

8 active attacks Denial-of-service attack Spoofing Man in the middle poisoning –DNS, ARP,… Smurf attack –ICMP, src: spoofed address, dest: IP broadcast address system attacks –Buffer overflow, Heap overflow, SQL injection,… 8

9 Thwart the attacks! Basic Security services –C onfidentiality –I ntegrity Data (or message) integrity –A vailability –authentication –Non-repudiation 9

10 attacks against CIA 10 source: Forouzan, TCP/IP Protocol Suite

11 More Security services Access control –identification –authentication –authorization Anonymity Accountability Privacy forensics 11

12 Security mechanisms Encipherment –Encryption and decryption –Keys Message digest –Hash function characteristics it is easy to compute the hashed value for any given message, it is infeasible to find a message that has a given hash, it is infeasible to find two different messages with the same hash Digital Signatures –demonstrating the authenticity of a digital message or document 12

13 Meaning of Cryptography from Greek –Cryptos: secret, hidden –graphos: writing –cryptography: study of secret writing cf. cryptology 13

14 Basics of a cryptosystem Encryption (Encipherment) Message (plaintext, cleartext) Encryption key Ciphertext (cryptogram) Decryption (Decipherment) Decryption key plaintext cipher - algorithm for performing encryption or decryption key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/methods of deciphering ciphertext without knowing key 14

15 Classification of Cryptosystems The way in which keys are used –Symmetric cryptography Single key –Public key cryptography Two keys the way in which plaintext is processed –Block cipher –Stream cipher 15

16 Kerckhoffs’s Principle two choices for security of a cryptosystem –encryption/decryption algorithm can be hidden security by obscurity –key can be hidden A cryptosystem should be secure even if everything about the system, except the key, is public knowledge 16

17 information security source: Wikipedia#information security 17

Download ppt "Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security."

Similar presentations

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
Network Security understand principles of network security:

Network Security understand principles of network security:
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.

University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.

CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Information Security Principles (ESGD4222)

Information Security Principles (ESGD4222)
1-1 1DT066 Distributed Information System Chapter 8 Network Security.

1-1 1DT066 Distributed Information System Chapter 8 Network Security.
1 2004.5.27.  This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.

 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.

Similar presentations

Ads by Google