1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Slides:

Advertisements

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Cryptographic Technologies

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.

CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 23 – April 6, 2010.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

5-Sep-154/598N: Computer Networks Recap UDP: IP with port abstraction TCP: Reliable, in order, at most once semantics –Sliding Windows –Flow control: ensure.

CSS432 Network Security Textbook Ch8

Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:

 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Network Security David Lazăr.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Lecture 18: Security Reading: Chapter 8 (Some material thanks to William Perrizo) ? CMSC 23300/33300 Computer Networks

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Computer and Network Security - Message Digests, Kerberos, PKI –

CS 6401 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003.

ClientServer ClientID, E(x, CHK) E(x+1, SHK), E(y, SHK) E(y+1, CHK) E(SK, SHK) Three-way handshake Authentication Protocols CHK, SHK are keys known by.

Network Security Celia Li Computer Science and Engineering York University.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

CSE Operating System Principles Security. CSE – Operating System Principles2 Security The Security Problem Program Threats System and Network.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Security Outline Encryption Algorithms Authentication Protocols

Security Outline Encryption Algorithms Authentication Protocols

Advanced Computer Networks

Computer Communication & Networks

Message Digest Cryptographic checksum One-way function Relevance

Security Outline Homework 1, selected solutions Encryption Algorithms

Taxonomy of real time applications

Security Outline Encryption Algorithms Authentication Protocols

Advanced Computer Networks

Presentation transcript:

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

2 Overview Cryptography functions –Secret key (e.g., DES) –Public key (e.g., RSA) –Hash or Message digest (e.g., MD5) Security services –Privacy: preventing unauthorized release of information –Authentication: verifying identity of the remote participant –Integrity: making sure message has not been altered

3 Secret Key (DES)

4 Encrypts a 64-bit block of plaintext with 64-bit key (56-bits + 8-bit parity) 16 rounds Each Round + F L i─ 1 R i─ 1 R i K i L i 32 bits

5 Repeat for larger messages (Cipher Block Chaining, CBC)

6 Public Key (RSA) Encryption & Decryption c = m e mod n m = c d mod n

7 RSA (cont) Choose two large prime numbers p and q (each 256 bits) Multiply p and q together to get n Choose the encryption key e, such that e and (p - 1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no common factor greater than one Compute decryption key d such that d = e -1 mod ((p - 1) x (q - 1)) Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q

8 RSA Example Example, p = 7, q = 11 n = p x q = 77 and (p-1)x(q-1) = 60 Pick a value of e that is relatively prime of 60, e = 7 d = 7 -1 mod ((7-1) x (11-1)) 7d = 1mod60, we have d = 43 Public key = Private key = A message = 9 c = m e mod n = 9 7 mod 77 = 37 m = c d mod n = mod 77 = 9

9 Message Digest Cryptographic checksum –just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message. One-way function –given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum. Relevance –if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

10 Authentication Protocols Three-way handshake ClientServer ClientId, E (, CHK) E( y +, CHK) E(SK, SHK) Y x, y : random numbers, CHK, client handshake Key

11 Trusted third party (Kerberos) T: Timestamp (like random number), L: Livetime, K: share session Key,

12 Public key authentication AB E ( x, Public B ) x

13 Message Integrity Protocols Digital signature using RSA –special case of a message integrity where the code can only have been generated by one participant –compute signature with private key and verify with public key Keyed MD5 –sender: m + MD5(m + k) + E(k, private) –receiver recovers random key using the sender’s public key applies MD5 to the concatenation of this random key message MD5 with RSA signature –sender: m + E(MD5(m), private) –receiver decrypts signature with sender’s public key compares result with MD5 checksum sent with message

14 Message Integrity Protocols Digital signature using RSA –special case of a message integrity where the code can only have been generated by one participant –compute signature with private key and verify with public key Keyed MD5 –sender: m + MD5(m + k) + E(E(k, rcv-pub), private) –receiver recovers random key using the sender’s public key applies MD5 to the concatenation of this random key message MD5 with RSA signature –sender: m + E(MD5(m), private) –receiver decrypts signature with sender’s public key compares result with MD5 checksum sent with message

15 Key Distribution Certificate –special type of digitally signed document: “I certify that the public key in this document belongs to the entity named in this document, signed X.” –the name of the entity being certified –the public key of the entity –the name of the certified authority –a digital signature Certified Authority (CA) –administrative entity that issues certificates –useful only to someone that already holds the CA’s public key.

16 Key Distribution (cont) Chain of Trust –if X certifies that a certain public key belongs to Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z –someone that wants to verify Z’s public key has to know X’s public key and follow the chain Certificate Revocation List

17 Firewalls Filter-Based Solution –example ( , 1234, , 80 ) (*,*, , 80 ) –default: forward or not forward? –how dynamic?

18 Proxy-Based Firewalls Problem: complex policy Example: web server Solution: proxy Design: transparent vs. classical Limitations: attacks from within

19 Denial of Service Attacks on end hosts –SYN attack Attacks on routers –Christmas tree packets –pollute route cache Authentication attacks Distributed DoS attacks