Presentation is loading. Please wait.

Presentation is loading. Please wait.

Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin."— Presentation transcript:

1 Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin Su and Cheng-Wen Wu

2 Chih-Pin Su 2 Outline  Introduction to Security System  Security service, mechanism and algorithm  Security System Architecture  Conclusion

3 Chih-Pin Su 3 Reference  “Cryptography and Network Security”, William Stallings  “Network Processors: Architectures, Protocols and, Platforms”, Panos C. Lekkas  “SSL: Foundation for Web Security”, William Stallings, IPJ, Vol.1, No.1  “Security: Adding Protection to the Network via the Network Processor”, Intel Technology journal, Vol.6, Issue 3, P40-49

4 Chih-Pin Su 4 Security Requirement  Access Control – unauthorized users are kept out  Authentication – Assurance of identity of person or originator of data  Confidentiality – Protection from disclosure to unauthorized person  Integrity – Maintain data consistency, protection against unauthorized data alternation  Non-repudiation – Originator of communications can not deny it later  Availability – Legitimate users have access when they need it

5 Chih-Pin Su 5 Security Threat  Information disclosure  Integrity violation  Masquerading  Denial of service  Illegitimate use  Generic threat: backdoors, Trojan horses, insider attacks

6 Chih-Pin Su 6 Security Service  From Open System Interconnection (OSI) definition  Access Control  Authentication  Confidentiality  Integrity  Non-repudiation ITU-TT, X.800: Security Service of OSI

7 Chih-Pin Su 7 Security Mechanisms  Three basic building blocks are used  Encryption is used to provide confidentiality, can provide authentication and integrity protection  Digital signatures are used to provide authentication, integrity protection, and non- repudiation  Checksums/hash algorithms are used to provide integrity, can provide authentication  Multiple security mechanisms are combined to provide a security service

8 Chih-Pin Su 8 Service, Mechanism, Algorithm  Services are built from Mechanisms  Mechanisms are implemented using algorithms SSL SignaturesEncryptionHashing RSADSAAESSHA1MD5DES Service (in security Protocol) Mechanism Algorithm

9 Chih-Pin Su 9 Conventional Encryption  Using a shared key  Problem of transferring a large message in secret reduced to transferring a small key in secret  Also called Private- or Symmetric-Key Encryption  Block cipher and stream cipher  Cryptographic mode – ECB, CBC, CFB, OFB mode

10 Chih-Pin Su 10 Public-Key Encryption  Uses matched public/private key pairs  Asymmetric-key encryption  Anyone can encrypt with the public key, only one person can decrypt with the private key

11 Chih-Pin Su 11 Key Agreement  Allow two parties to agree on a shared key  Provides part of the required secured channel for exchanging a conventional encryption key

12 Chih-Pin Su 12 Hash Function  Create a unique “fingerprint” for a message  Anyone can alter the message and create a new hash value

13 Chih-Pin Su 13 MAC  Message Authentication Code, adds a password/key to a hash  Only password/key holder can generate the MAC  HMAC-SHA, HMAC-MD5

14 Chih-Pin Su 14 Digital Signatures  Combines a hash with a digital signature algorithm

15 Chih-Pin Su 15 Message/Data Encryption  Combines symmetric- and asymmetric-key encryption

16 Chih-Pin Su 16 Security Protocol Layers

17 Chih-Pin Su 17 SSL  Secure Socket Layer – TCP/IP socket encryption  Usually authenticates server using digital signature  Can authenticate client but never used  Confidentiality protection via encryption  Integrity protection via MAC’s  Provides end-to-end protection of communication sessions

18 Chih-Pin Su 18 SSL Handshake  Negotiate the cipher suite  Established a shared session key  Authenticate the server (opt.)  Authenticate the client (opt.)  Authenticate previously exchange data

19 Chih-Pin Su 19 SSL Data Transfer

20 Chih-Pin Su 20 Popular Security Algorithm  Hash algorithm: HMAC-MD5, HMAC-SHA1, RIPEMD-128/160  Encryption algorithm: DES/3DES, AES, ARC4  Public Key algorithm: RSA, DSA sign and verify, ECC

21 Chih-Pin Su 21 Key Management  Key management is the hardest part of cryptography  Two classes of keys  Short-term session keys  Generated automatically and invisibly  Used for one message or session and discarded  Long-term keys  Generated explicitly by the user  Long-term keys are used for two purposes  Authentication (including access control, integrity, and non- repudiation)  Confidentiality (encryption)  Establish session keys  Protect stored data

22 Chih-Pin Su 22 Key Management Problem  Key certification  Key distribution  Obtaining someone else’s public key  Distributing your own public key  Establishing a shared key with another party  Confidentiality: Is it really known only to the other party?  Authentication: is it really shared with the intended party?  Key storage  Secure storage of keys  Revocation  Revoking published key  Determining whether the published key is still valid

23 Chih-Pin Su 23 Key Distribution  A Certification Authority (CA) solve the problem Intercept!

24 Chih-Pin Su 24 Functional Block of Network Processing Host Processing Switch Fabric chip PHY layer chip Queuing Compression Encryption Modification Lookup/classification Parsing/Framing Slow Path Processing Transmission medium

25 Chih-Pin Su 25 Security System Architecture (1)  Look-aside architecture Switch Fabric Network Processor PHY/MAC Security Coprocessor Host CPU subsystem SDRAM Session State memory Incoming trafficOutgoing traffic

26 Chih-Pin Su 26 Security System Architecture (2)  Flow-through architecture Switch Fabric Network Processor PHY/MAC Security Coprocessor Host CPU subsystem SDRAM Session State memory Incoming trafficOutgoing traffic

27 Chih-Pin Su 27 SafeNet 1741  IPSec accelerator

28 Chih-Pin Su 28 Motorola MPC8272  PowerQUICC with integrated security engine

29 Chih-Pin Su 29 Intel IXP2850

30 Chih-Pin Su 30 Crypto-Engine in IXP2850

31 Chih-Pin Su 31 Conclusion  Basic concept of a security system is introduced  System architecture of security processor  Look-aside architecture  Flow-through architecture  Integrated architecture

Download ppt "Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google