Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Digital Signatures and Hash Functions. Digital Signatures.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Introduction to Cryptography

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Network Security Sorina Persa Group 3250 Group 3250.

Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Cryptography, Authentication and Digital Signatures

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Types of Electronic Infection

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.

Network Security David Lazăr.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Chap1: Is there a Security Problem in Computing?.

Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy

Computer and Network Security - Message Digests, Kerberos, PKI –

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Network Security Celia Li Computer Science and Engineering York University.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Security Protecting information data confidentiality

Security Outline Encryption Algorithms Authentication Protocols

Message Digest Cryptographic checksum One-way function Relevance

Advanced Computer Networks

Chapter 8 roadmap 8.1 What is network security?

Presentation transcript:

Computer and Network Security Mini Lecture by Milica Barjaktarovic

Why do we need computer security? Potentially very costly loss of data and/or equipment due to: –Hardware and software failures –Natural disasters –External attacks: From the Internet –Internal attacks: From employees

Disaster prevention and recovery Disaster scenarios Backup/restore procedures Network fault tolerance Attack protection: –Network-based intrusion detection Detect dangers coming into our network from the outside and going from our network to the outside –Host-based intrusion detection Detect tampering with individual hosts

Protecting Data and Networks Data/file types: –Public, internal, confidential, secret On UNIX: set file permission with chmod On PC: file permission window Network access levels: –Local, remote, public Solution: LAN behind a firewall

Attacks 101 Types: –Internal attack –Organizational attacks –Accidental security breaches Ways of attacking: –Social engineering –Denial of Service (DoS) –Automated computer attacks –Probing (precursor to a real attack) SATAN, ISS tools –Spoofing –Viruses, worms, trojan horses –Spamming –Steganography Players: –Hackers –Security analysts –Security watchdogs (e.g. CERT) and resources (e.g. SANS)

Organizational Attacks and Defense Organizational attacks: –For (financial) crime –For terrorism/espionage Organizational defense: –By the military: mandatory access controls, levels of security, Orange Book, professional and numerous security analysts –By corporations: system administrators often doubling as security analysts –Firewalls –Network and host intrusion detection –Tight grip on employees –Security evaluation and certification –Cryptographic services

Cryptography 101 Cryptography allows production and exchange of “secret messages” Cryptography is used to provide security services: –Privacy Only the intended recipient can access data –Authentication The identity of communicating parties can be verified –Message integrity Nobody tampered with the message Cryptography utilizes: –cryptographic hash functions: provide a way to “scramble” data. No possibility of unscrambling. –cryptographic algorithms: provide a way to “scramble” data using a specific key. The data can be “unscrambled” only with another specific key.

Cryptographic Hash Functions A hash function H is a mathematical transformation that takes an input message m and returns a fixed-size string, which is called the hash value h –h = H(m) A cryptographic hash function is a hash function with additional properties: –The input can be of any length. –The output has a fixed length. –H(x) is relatively easy to compute for any given x. –H(x) is one-way. –H(x) is collision-free. A hash function H is said to be one-way if it is hard to invert, where ``hard to invert'' means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h. A hash function H is said to be a weakly collision-free if, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y). A hash function H is said to be strongly collision-free if it is computationally infeasible to find any two messages x and y such that H(x) = H(y).

Cryptographic Algorithms Secret key (e.g. DES) –The same secret key is used to scramble and unscramble data –Pros: only one key –Cons: both parties must share the same key Public key (e.g. RSA) –The sender scrambles with receiver’s public key, the receiver unscrambles with his private key –Pros: the public keys can be publicly posted –Cons: how do you distribute public keys in a trustworthy manner PKI (Public Key Infrastructure) and X.509 standard for public key distribution Chain of trust of Certification Authorities (CAs)

Protecting a Message: Levels of Protection Strength 1.CRC 2.Message digest (i.e. message hash) –Message digest is the string obtained by applying a cryptographic hash function to message Cryptographic hash function is an irreversible, collision-free hash function that takes as input data of any length and produces a fixed length string –Sample algorithms: MD2, MD5, SHA. 3.Encrypted message –Obtained by applying a cryptographic algorithm (public or secret key) to message –Sample algorithms: RSA, DES, Blowfish, IDEA, etc. Crypto++ library

Cryptographic Applications Message Integrity Code (MIC): –A fixed-length quantity generated cryptographically and associated with the message. Usually: compute message digest (i.e. message hash) and encrypt it, usually using secret key cryptography. Digital Signature (Digital Signature Algorithm (DSA)) –the sender encrypts message using his private key, recipient verifies it using sender’s public key. Usually: compute message digest and then encrypt it. Secure –PGP assumes that each user decides whom to trust –PEM assumes a rigid hierarchy of CAs Transmitting over insecure channel (virtual encrypted tunnel) –Tunneling protocols: Point-to-point Layer 2 tunneling protocol (L2TP) / IPsec Secure storage on insecure media Authentication –3-way handshake –Third trusted party –Digital signature: the sender signs using his private key, others verify it using the sender’s public key

Network Security Firewalls: –Filter based –Proxy based Application level security (e.g. HTTPS) Transport layer security –TSL (Secure Transport Layer) E-commerce, public key, 3-way handshake Network Layer Security: –IPsec SSL (Secure Sockets Layer)