Presentation is loading. Please wait.

Presentation is loading. Please wait.

04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder"— Presentation transcript:

1 04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder RyderJ@Oneonta.Edu

2 04-01-98 J.W. Ryder Introduction The internet is a vast wilderness, an infinite world of opportunity Exploring, e-mail, free software, chat, video, e- business, information, games Explored by humans

3 04-01-98 J.W. Ryder Internet Security Concepts Introduction of several basic security concepts General mechanisms for protection

4 04-01-98 J.W. Ryder Sniffing and Spoofing [1] Sniffing –The ability to inspect IP Datagrams which are not destined for the current host. Spoofing –After sniffing, create malicious havoc on the internet

5 04-01-98 J.W. Ryder Unprotected Internet node Private Network node Secure Gateway node A Guy Gabrielle Poirot (C) Sears Bank (I) A Guy’s Swiss Bank Wall Street (N) Steve Burns (C) Ramon Sanchez (A) 1

6 04-01-98 J.W. Ryder A Guy has no integrity Swiss Bank Scam Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

7 04-01-98 J.W. Ryder Ramon springs for sound Sears solid state stereos Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

8 04-01-98 J.W. Ryder A guy sniffs success Gabrielle and Steve almost strike it rich Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

9 04-01-98 J.W. Ryder Wall Street Woes A guy spots a hot stock tip Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

10 04-01-98 J.W. Ryder A guy becomes desperate Bring Wall St. to its knees Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

11 04-01-98 J.W. Ryder Physical Adapter IP In Comm. Stack One Way Hash Functions (MD5, SHA1) Crypto Functions (DES, CDMF, 3DES) Key Mgmt. Functions Application 2

12 04-01-98 J.W. Ryder Protocol Flow [2, 3] Through layers, each layer has a collection of responsibilities ISO OSI Reference Model - (Open Systems Interconnection) IP Datagram

13 04-01-98 J.W. Ryder IP Hdr.Data IP Datagram DataMAC FnDigest MAC Function IP Hdr.DataDigest Integrity 3

14 04-01-98 J.W. Ryder Keys Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication The longer the better - 40, 48, 56, 128 Brute force attacks can win with small keys

15 04-01-98 J.W. Ryder Symmetric Keys Have qualities such as life times, refresh rates, etc. Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

16 04-01-98 J.W. Ryder Asymmetric Public / Private key pairs Public key lists kept on well known public key servers Public key is no secret. If it is, the strategy will not work. Public and Private keys inverse functional values Private key is only known to you and must remain secret

17 04-01-98 J.W. Ryder Concept Sender encrypts data with private key Receiver decrypts data with public key Receiver replies after encrypting with public key Sender receives response and decrypts with private key

18 04-01-98 J.W. Ryder Data Encryption Function IP Hdr. Key Crypto Fn.Encrypted Data Encrypted Data Confidentiality 4

19 04-01-98 J.W. Ryder Decryption Function Data Key Crypto Fn. Encrypted Data Confidentiality Data 5

20 04-01-98 J.W. Ryder MACs Message Authentication Codes, One Way Hashing Functions A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that – h (M1) = h (M2) MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST) MD5 yields a 128 bit digest [3]

21 04-01-98 J.W. Ryder DES Data Encryption Standard U.S. Govt. Standard 56 bit key - originally 128 bits Absolute elimination of exhaustive search of key space U.S. Security Agency Request - Reduce to 56 bits Export CDMF (40 bits) Keys are secrets to algorithms, not algorithms themselves [4, 5]

22 04-01-98 J.W. Ryder IP Hdr. Encrypted Data Confidentiality, Integrity, & Authentication IP Hdr. Encrypted Data Digest Digital Signature (Enc. Digest) Confidentiality & Integrity

23 04-01-98 J.W. Ryder DataEM Key MAC CF DS Digest Keyed Digest MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest ? Why not? What types of Security are provided with EM, DS, Digest, Keyed Digest?

24 04-01-98 J.W. Ryder Msg EM Msg MD DS KD No Security Integrity Confidentiality Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth.

25 04-01-98 J.W. Ryder Purpose Some ideas on Internet Security Classes of mischief on Internet, definitions Tools to fight mischief Combinations of these tools

26 04-01-98 J.W. Ryder Purpose continued Very high level Good starting point for further study about General networking & strategies Cryptography Key Management Algorithm Analysis

27 04-01-98 J.W. Ryder Post Presentation Results Should be familiar with concepts & terms such as –Integrity, Authentication, Non- repudiation, Confidentiality –Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram –High level understanding of some methods to combat some the above types of Internet mischief

Download ppt "04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 11: Cryptography

Chapter 11: Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts.

© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Similar presentations

Ads by Google