Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Published byElwin Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution."— Presentation transcript:

1 1 Network Security Basics

2 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution and certification Security in practice: r application layer: secure e-mail r transport layer: Internet commerce, SSL, SET r network layer: IP security

3 3 Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice (lovers!) want to communicate “securely” r Trudy, the “intruder” may intercept, delete, add messages Figure 7.1 goes here

4 4 What is network security? Secrecy: only sender, intended receiver should “understand” msg contents m sender encrypts msg m receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

5 5 Internet security threats Packet sniffing: m broadcast media m promiscuous NIC reads all packets passing by m can read all unencrypted data (e.g. passwords) m e.g.: C sniffs B’s packets A B C src:B dest:A payload

6 6 Internet security threats IP Spoofing: m can generate “raw” IP packets directly from application, putting any value into IP source address field m receiver can’t tell if source is spoofed m e.g.: C pretends to be B A B C src:B dest:A payload

7 7 Internet security threats Denial of service (DOS): m flood of maliciously generated packets “swamp” receiver m Distributed DOS (DDOS): multiple coordinated sources swamp receiver m e.g., C and remote host SYN-attack A A B C SYN

8 8 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Figure 7.3 goes here plaintext ciphertext K A K B

9 9 Symmetric key cryptography substitution cipher: substituting one thing for another m monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How hard to break this simple cipher?: brute force (how hard?) other?

10 10 Symmetric key crypto: DES DES: Data Encryption Standard r US encryption standard [NIST 1993] r 56-bit symmetric key, 64 bit plaintext input r How secure is DES? m DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months m no known “backdoor” decryption approach r making DES more secure m use three keys sequentially (3-DES) on each datum m use cipher-block chaining

11 11 Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation

12 12 Public Key Cryptography symmetric key crypto r requires sender, receiver know shared secret key r Q: how to agree on key in first place (particularly if never “met”)? public key cryptography r radically different approach [Diffie- Hellman76, RSA78] r sender, receiver do not share secret key r encryption key public (known to all) r decryption key private (known only to receiver)

13 13 Public key cryptography Figure 7.7 goes here

14 14 Public key encryption algorithms need d ( ) and e ( ) such that d (e (m)) = m B B B B.. need public and private keys for d ( ) and e ( ).. B B Two inter-related requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm

15 15 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d).

16 16 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens!

17 17 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). letter m m e c = m mod n e l 12 248832 17 c m = c mod n d 17 481968572106750915091411825223072000 12 c d letter l encrypt: decrypt:

18 18 RSA: Why: m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Number theory result: If p,q prime, n = pq, then x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

19 19 Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario??

20 20 Authentication: another try Protocol ap2.0: Alice says “I am Alice” and sends her IP address along to “prove” it. Failure scenario??

21 21 Authentication: another try Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario?

22 22 Authentication: yet another try Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Failure scenario? I am Alice encrypt(password)

23 23 Authentication: yet another try Goal: avoid playback attack Failures, drawbacks? Figure 7.11 goes here Nonce: number (R) used only once in a lifetime ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key

24 24 Figure 7.12 goes here Authentication: ap5.0 ap4.0 requires shared symmetric key m problem: how do Bob, Alice agree on key m can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography

25 25 Figure 7.14 goes here ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Need “certified” public keys (more later …)

26 26 Digital Signatures Cryptographic technique analogous to hand- written signatures. r Sender (Bob) digitally signs document, establishing he is document owner/creator. r Verifiable, nonforgeable: recipient (Alice) can verify that Bob, and no one else, signed document. Simple digital signature for message m: r Bob encrypts m with his public key d B, creating signed message, d B (m). r Bob sends m and d B (m) to Alice.

27 27 Digital Signatures (more) r Suppose Alice receives msg m, and digital signature d B (m) r Alice verifies m signed by Bob by applying Bob’s public key e B to d B (m) then checks e B (d B (m) ) = m. r If e B (d B (m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: m Bob signed m. m No one else signed m. m Bob signed m and not m’. Non-repudiation: m Alice can take m, and signature d B (m) to court and prove that Bob signed m.

Download ppt "1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution."

Similar presentations

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.

1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google