Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITIS 6167/8167: Network and Information Security Weichao Wang.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ITIS 6167/8167: Network and Information Security Weichao Wang."— Presentation transcript:

1 ITIS 6167/8167: Network and Information Security Weichao Wang

2 2 Security overview Risks –Computers have controlled our lives Medical, ATM, banking, business Air traffic control –Why there are risks Adversaries –Smart and dedicated –Many of them –Hiding in the dark –From fun to profit (worm  self-changing  botnet)

3 3 Examples in real life Attack on Twitter –Hack into the victim’s email account –DDoS to paralyze Twitter, facebook, etc Data mining attacks on public database –In Tenn, a newspaper generates a database about all residents that have CCW permits. –In CA, there is a webpage listing all people that donate to Proposition 8 ballot measure

4 4 Security overview Physical security is not enough (can you be sure that your physical security methods are sound and enough?) Networked computers can be accessed remotely

5 5 Security overview Defending methods –Prevention Prevent (password, salt, private salt, searching) Deter: raising the bar (password guessing, login slow) Deflect: making other target more attractive Diversify –Detection Monitoring (who, what, and how) Intrusion detection (signature based, anomaly based) IP telephony track

6 6 Security Overview Recovery –Recover data (check point) –Identify the damage –Forensics –Containment Tolerance –Maintain a decent service quality –Automatically degrade video quality while reserving bandwidth for voice

7 7 Security overview How prevention works –Policies –Encryption Digital cash, time-stamp, secure multiparty computation, e-voting, e-bidding –Access control and authorization Hardware control (interaction free authentication) Software control (RFID credit card) Information disclosure (write prevention)

8 8 Security overview What can go wrong with prevention –Design, implement, configuration –Mal-code transfer (enterprise level security) –Attackers are smart and dedicated –Uncle Tom wants it to be safe against terrorists, but not to him

9 9 Security overview Some additional methods to improve security –Least privilege –Writing good code –Security testing –Embed security from beginning instead of as a patch

10 10

11 11 Network security overview The features causing security problems –Sharing: access control for a single system is not enough –Complexity of systems –Undefined boundary: one host may be on multiple networks –Multiple-node path before data reaches you: anonymity of attacker and hard to traceback: the South Bell example

12 12 A typical NFS operation and its security features: –A read from B: confidentiality –A write to B: Integrity and confidentiality –Forge communication from A to B: integrity –Block traffic b/w A and B: availability –Impersonation

13 13 Security problems in network protocols: –ARP: cache poisoning –IP: spoofing, fragmentation –ICMP: –UDP: –TCP: session hijacking, SYN flood, DoS –DNS systems –Buffer overflow

14 14 Security methods –Hiding: OS configuration, port, –Encryption: IPSec –Port protection: telnet, ftp, etc –Authentication –Data integrity: digital signature, checksum –Firewall: block unwanted traffic –IDS –Forensics –Proof of possession

15 15

16 16 Review of networks Network consists of –Hosts –Network devices –Links –Software The view of Internet –Users’ view –Real topology

17 17 How routers work –Look at the destination address of the packet –Look up in the local routing table –Determine the exit interface –The next router will do the same –Default router –Route based on sub-network instead of IP address

18 18 IP address classes –Class A to C –Class A can have: 16.78 million addresses –Class B can have: 65536 addresses –Class C can have: 256 address –A decent cooperation needs one to many class B addresses (Purdue’s joke)

19 19 Special address: –255.255.255.255: local broadcast –0.0.0.0: this host –127.-.-.-: loopback –CIDR: classless inter-domain routing What about IPv6 addresses

20 20

21 21 Review of Cryptography Two kinds of cryptographic algorithms –Keep the method secret Good: safe for low security requirement Bad: update, proof of correctness, how to communicate with outsider –Make the algorithm public but keep the key secret Safety depends on the key only Good: safety analysis can be conducted

22 22 Introduction (cnt’d) Symmetric algorithms –The encryption and decryption key can be calculated from each other easily (most of the time the same). –Block algorithms and stream algorithms Cipher text is same of longer in length: Why?? –Good: efficient and fast, easy to deploy –Bad: key distribution, scalability, broadcast or multicast

23 23 Introduction (cnt’d) Public-key encryption –First appear in 1970’s –Two keys: public key and private key –Private key cannot be derived from public key –Everyone can send a packet to Alice –Only Alice has the private key to recover the packet –If Alice uses the private key to encrypt a message, can be viewed as digital signature –Strong, scalable, easy for broadcast and multicast, but very slow

24 24 Introduction (cnt’d) Attack to encryption system –Cipher-text only attack The amount of traffic matters –Known plaintext attack –Chosen plaintext attack Key point –Keep the cost to break the system higher than the gain of the information

25 25 Introduction (cnt’d) Can you always break an encryption system? –One time pad –Brute-force attack: Try every possible key

26 26 Introduction (cnt’d) Several old fashion encryption algorithms –Substitution ciphers Replace a character in the plaintext with another character Example: Caesar cipher –Transposition ciphers Shuffle the order of characters The frequency of characters does not change –XOR and one-time pad: If the random bits repeat in cycle, it is bad Synchronization at both side is always a problem

27 27

28 28 One way functions One way function is easy to calculate in one direction, but not the other. –Given x, easy to get f(x) –Given f(x), even f() is known, still not easy to get a x Trap door one way function –Given x, easy to calculate f(x) –Given f(x), difficult to get x –Given f(x) and a secret y, easy to get x

29 29 One way hash function Map a variable-length input string to a fixed length string: fingerprint the file –Easy to get Hash(x) when giving x –Almost impossible to find a x that satisfies Hash(x) –Almost impossible to find two files x and x’ to have the same hash value –Minor change in x, large changes in Hash(x) Since the hash value is shorter, we have conflict: –We can easily rule out files, but not guarantee this is the origin file –Still good enough in courts, like DNA tests

30 30 One way hash function Usage of hash function –Timestamp a file and prove that you are the creator (can be used to timestamp the homework) –Verify the integrity of the files in a file system Security problems: how and where to save the hash values Hash(x, k) to prevent change on the computer

Download ppt "ITIS 6167/8167: Network and Information Security Weichao Wang."

Similar presentations

© N. Ganesan, All rights reserved. Chapter IP Addressing Format.

© N. Ganesan, All rights reserved. Chapter IP Addressing Format.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google