L0. Introduction Rocky K. C. Chang, January 2013.

Slides:

Advertisements

Similar presentations

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Advertisements

Digital Signatures and Hash Functions. Digital Signatures.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Applied Cryptography for Network Security

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Chapter 20: Network Security Business Data Communications, 4e.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.

Network Security Sorina Persa Group 3250 Group 3250.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

@Yuan Xue CS 285 Network Security Fall 2008.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Computer and Internet Security. Introduction Both individuals and companies are vulnerable to data theft and hacker attacks that can compromise data,

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Network Security David Lazăr.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Digital Signatures, Message Digest and Authentication Week-9.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

Ch 13 Trustworthiness Myungchul Kim

UNIT-VIII Syllabus Application Layer – Network Security, Domain name system, SNMP, Electronic Mail; the World WEB, Multi Media.

CPSC 441 TUTORIAL – APRIL 4, 2012 TA: MARYAM ELAHI NETWORK SECURITY.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003.

Network Security Celia Li Computer Science and Engineering York University.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 발표자 : 최두호 Applied Cryptography.

Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Reviews Rocky K. C. Chang 20 April 2007.

USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY

Computer Communication & Networks

Cryptographic Hash Function

Presentation transcript:

L0. Introduction Rocky K. C. Chang, January 2013

The Internet is inherently insecure. 2 Rocky K. C. Chang  Internet backbone infrastructure: DoS, worm  Routing protocols (BGP): route hijacking  DNS: poisoning, DoS  Core Internet protocols (e.g., IP, TCP/UDP, HTTP): eavesdropping, modification, authentication  LAN security: eavesdropping, modification, authentication  Host security (e.g., Web servers, database): DoS, authentication, phishing, malicious software implant, identity and data theft, data exfiltration, etc.

Internet security is inherently complex. 3 Rocky K. C. Chang  A packet goes through many hops and links.  Involve from the physical layer and up.  Physical layer security  Network security  System security  Application security  Complexity in software and protocols  Software ages  Some protocol fields are never tested.  The weakest link  The human factor  The success of Internet makes things worse.  Security verses privacy (anonymity)  How to measure security?

Internet security is more than cryptography. 4 Rocky K. C. Chang  Cryptography is not the solution to many security problems, e.g., software exploit, DoS.  The vulnerability could come from the implementations of the cryptographic algorithms.  Cryptography affects performance.  Ease of use

Security involves 5 Rocky K. C. Chang  Threats: potential violation of security  Policies  Security policies: trust and access control  Confidentiality policies: The Bell-LaPadula model  Integrity policies: Clark-Wilson integrity model  Hybrid policies: Chinese Wall models  Design and implementation  Identity representation, access control lists, information flow, etc  Encryption and key management  Authentication (human, user account, machine, service)

Security involves 6 Rocky K. C. Chang  How to ascertain how well a system meets its security goals?  Assurance, system evaluation (TCSEC)  Miscellaneous, e.g.,  Viruses, worms, software security  Auditing  Intrusion detection  System security  Network security  User security

This course is not about 7 Rocky K. C. Chang  Cryptography, the art of secret writing,  Writing computer viruses and worms,  Special techniques of attacking and defending,  The lower layer security measures,  System security,  Biometrics,  Application-specific security ……

This course is about 8 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions used in network security.  Understand the issues involved when applying the cryptographic functions to the network protocols.  Understand the main elements in securing today’s Internet infrastructure.  Exposed to some current Internet security problems.

Purposes of network security 9 Rocky K. C. Chang  Confidentiality (or secrecy): Prevent others from reading information shared between two participants.  Authentication: Verify someone’s or something’s identity.  Message integrity: Assure that the message received has not be altered since it was generated by a legitimate source.  Nonrepudiation: A sender should not be able to falsely deny later that he sent a message.  Legitimate (and authorized) usage: Ensure that the network and system resources are properly utilized.

Possible threats 10 Rocky K. C. Chang  Obtaining information for …  Secrecy, authentication  Modifying information for …  Authentication, message integrity  Stealing information for …  Secrecy, authentication, legitimate usage  Lying electronically for …  Nonrepudiation  Backmail for …  Secrecy, legitimate usage, message integrity  Revenge for …  Legitimate usage, message integrity  Testing for …  Legitimate usage, message integrity  Contracted for …  Secrecy, authentication, legitimate usage, message integrity  Fun for …  Secrecy, authentication, legitimate usage, message integrity

The goals of security 11 Rocky K. C. Chang  Prevention:  Confidentiality, source authentication, nonrepudiation, and legitimate usage  Active countermeasures  Detection:  Message authentication, nonrepudiation, and legitimate usage  Active and passive countermeasures  Recovery:  Legitimate usage  Rely on the detection.  Traceback:  Locate the actual attack source(s).

Scope of considerations 12 Rocky K. C. Chang  Two cases  The secrecy, message integrity, authentication, and nonrepudiation services are provided by some cryptographic functions.  Denial-of-service, worms, viruses, etc  Scope:  Concern mainly communication between two parties (group communication security is another important topic).  Concern attacks against protocols, not those against cryptographic algorithms or cryptographic techniques used to implement the algorithms.

Cryptography 13 Rocky K. C. Chang  Plaintext  (encryption)  ciphertext  Ciphertext  (decryption)  plaintext  What is the secret?  The cryptographic algorithm (restricted algorithm)  The cryptographic algorithm is not a secret, but the key is.  Level of security  the length of the key  the time of discovering the key using brute force  The security problem is reduced to the securing of the key.

Types of attacks 14 Rocky K. C. Chang  Passive attacks (eavesdropping), e.g.,  ciphertext-only attacks (recognizable plaintext attacks)  Fred has seen some ciphertext.  known-plaintext attacks  Fred has obtained some pairs.  chosen-plaintext attacks  Fred can choose any plaintext he wants.  Active attacks, e.g.,  pretend to be someone else  introduce new messages in the protocol  delete existing messages  substituting one message for another  replay old messages

Three cryptographic functions  Hash functions: require 0 key  Secret key functions: require 1 key  Public key functions: require 2 keys 15 Rocky K. C. Chang

Secret key (symmetric) cryptography 16 Rocky K. C. Chang  Given:  Alice and Bob agree on a secret key cryptosystem.  Alice and Bob agree on a key (secret) K.  Encryption and decryption using the key.  Alice encrypts M with K: K{M}  Bob decrypts K{M} with K  M  Problems:  Keys must be distributed in secret.  Compromising keys means compromising all aspects of security.  The number of keys is not scalable to the user population size.

Usages of the secret key cryptography  Transmitting over an insecure channel  Secure storage on insecure media  Authentication:  Challenge-response authentication with shared secret  Message integrity check 17 Rocky K. C. Chang

Public key (asymmetric) cryptography 18 Rocky K. C. Chang  Given:  Alice and Bob agree on a public key cryptosystem.  Alice owns a pair of public key and private key, and Bob knows Alice’s public key, which is not a secret.  Encryption using the public key and decryption using the private key.  Alice encrypts M with Bob’s public key: {M} Bob  Bob decrypts {M} Bob with its private key  M  Generate a digital signature on a message:  Alice signs M with its private key: [M] Alice.  Bob verifies Alice’s signature on [M] Alice with Alice’s public key.

Usages of the public key cryptography  Problems:  Public-key algorithms are slow. Secret key algorithms are at least 1,000 times faster.  Obtain the public key reliably.  Usages:  Transmitting over an insecure channel  Secure storage on insecure media (difference as compared with the secret key cryptography?)  Authentication:  Nonrepudiation with the digital signatures. 19 Rocky K. C. Chang

Hash functions 20 Rocky K. C. Chang  A hash (message digest or one-way function) produces a short, fixed-sized output h(m) for a message m.  Properties:  One-way functions are relatively easy to compute, i.e., given x and compute h(x).  However, given h(x), it is significantly harder to compute x.  It is computationally infeasible to find two inputs that hash to the same value.

Usages of hash functions 21 Rocky K. C. Chang  Password hashing  Message integrity  Keyed hash: compute h(message | key) and send the result with the message.  Message fingerprinting  Downline load security  Digital signature efficiency

Securing the Internet 22 Rocky K. C. Chang  IP Security (IPSec)  TCP and UDP insecurity  SSL/TLS  DNS security  Firewalls  DoS attacks and the countermeasures  Buffer overflow attacks and the countermeasures  Wireless LAN security

Acknowledgments 23 Rocky K. C. Chang  This set of notes is based on  C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in Public World, Second Edition, Prentice Hall PTR,  L. Peterson and B. Davie, Computer Networks: A Systems Approach, Morgan Kaufmann,  B. Schneier. Applied Cryptography, Second Edition, Wiley,  M. Bishop, Introduction to Computer Security, Addison Wesley, 2005.