University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.

Slides:



Advertisements
Similar presentations
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Advertisements

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
L0. Introduction Rocky K. C. Chang, January 2013.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Introduction to Security Computer Networks Computer Networks Term B10.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks
Network Security understand principles of network security:
Lecture 3 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
1-1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching, packet.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
I-4 security.
Cryptography, Authentication and Digital Signatures
CS 3830 Day 5 Introduction 1-1. Announcements  Program 1 due today at 3pm  Program 2 posted by tonight (due next Friday at 3pm)  Quiz 1 at the end.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Introduction 1-1 Chapter 1 Introduction Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
Network Security7-1 Chapter 8: Network Security Chapter goals: r Understand principles of network security: m cryptography and its many uses beyond “confidentiality”
CPSC441 Computer Communications Aniket Mahanti Introduction 1-1.
CPSC 441 TUTORIAL – APRIL 4, 2012 TA: MARYAM ELAHI NETWORK SECURITY.
Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network security Cryptographic Principles
What is network security?
Chapter 7 Network Security
Basic Network Encryption
Network Security Basics
1DT057 Distributed Information System Chapter 8 Network Security
Review and Announcement
Protocol ap1.0: Alice says “I am Alice”
Basic Network Encryption
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

University of Calgary – CPSC 441

 The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against attacks  how to design architectures that are immune to attacks  Internet not originally designed with (much) security in mind  original vision: “a group of mutually trusting users attached to a transparent network”  Internet protocol designers playing “catch-up”  Security considerations in all layers! 2

 Malware can get in host from a virus, worm, or trojan horse.  Spyware malware can record keystrokes, web sites visited, upload info to collection site.  Infected host can be enrolled in a botnet, used for spam and DDoS attacks.  Malware is often self-replicating: from an infected host, seeks entry into other hosts 3

 Trojan horse  Hidden part of some otherwise useful software  Today often on a Web page (Active-X, plugin)  Virus  infection by receiving object (e.g., attachment), actively executing  self-replicating: propagate itself to other hosts, users  Worm:  infection by passively receiving object that gets itself executed  self- replicating: propagates to other hosts, users 4

 Also know as Sapphir Worm  Exploited a buffer overflow bug in Microsoft SQL Server  Caused a denial of service on some hosts  Dramatically slowed down general Internet traffic 5

 Bad guys can attack servers and network infrastructure  Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic target 1. select target 2. break into hosts around the network (see botnet) 3. send packets toward target from compromised hosts 6

 The bad guys can sniff packets  broadcast media (shared Ethernet, wireless)  promiscuous network interface reads/records all packets (e.g., including passwords!) passing by A B C src:B dest:A payload Wireshark software is an example of a packet-sniffer 7

The bad guys can use false source addresses IP spoofing: send packet with false source address A B C src:B dest:A payload 8

The bad guys can record and playback sniff sensitive info (e.g., password), and use later password holder is the legit user from system point of view A B C src:B dest:A user: B; password: foo 9

 Bob and Alice want to communicate securely.  Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Alice Bob Trudy 10

“… is the practice and study of techniques for secure communication” [Wikipedia]. Goals:  Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection  Access and availability: services must be accessible and available to users 11

m plaintext message K A (m) ciphertext, encrypted with key K A m = K B (K A (m)) plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B 12

substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Key: the mapping from the set of 26 letters to the set of 26 letters 13

 Cipher-text only attack: Trudy has ciphertext that she can analyze Two approaches:  Search through all keys: must be able to differentiate resulting plaintext from gibberish  Statistical analysis  Known-plaintext attack: Trudy has some plaintext corresponding to some ciphertext ▪ e.g., in monoalphabetic cipher, Trudy determines pairings for a,l,i,c,e,b,o,  Chosen-plaintext attack: Trudy can get the cypher-text for some chosen plaintext 14

 Crypto often uses keys:  Algorithm is known to everyone  Only “keys” are secret  Public key cryptography  Involves the use of two keys  Symmetric key cryptography  Involves use of one key  Hash functions  Involves the use of no keys  Nothing secret: How can this be useful? 15

 Allows communicating parties to verify that received messages are authentic.  Content of message has not been altered  Source of message is who/what you think it is  Message has not been replayed  Sequence of messages is maintained Hash functions are useful here. 16

 Function H( ) that takes as input an arbitrary length message and outputs a fixed- length string: “message signature”  H( ) is often called a “hash function” To be able check the integrity of a message:  Sender sends the message signature along with the message  Receiver applies the hash function on the received message and compares it to the message signature  Desirable properties:  Easy to calculate  Irreversibility: Can’t determine m from H(m)  Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)  Seemingly random output large message m H: Hash Function H(m) 17

symmetric key crypto: Bob and Alice share same (symmetric) key: K  e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? plaintext ciphertext K encryption algorithm decryption algorithm K plaintext message, m K (m) m = K(K(m)) 18

 Problem with symmetric keys cryptography:  requires sender, receiver know shared secret key  Q: how to agree on key in first place (particularly if never “met”)? Public key cryptography o radically different approach [Diffie-Hellman76, RSA78] o sender, receiver do not share secret key o public encryption key known to all o private decryption key known only to receiver 19

 Used against playback attack, IP spoofing, …  Also, provides non-repudiation  Using the public key encryption scheme  sender (Bob) digitally signs document, using his private key ▪ establishing he is document owner/creator.  recipient (Alice) decrypts the signature with Bob’s public key ▪ verifying Bob is the document owner/creator.  verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document 20

 Take CPSC 526: Network Systems Security  Course Description: “Attacks on networked systems, tools and techniques for detection and protection against attacks including firewalls and intrusion detection and protection systems, authentication and identification in distributed systems, cryptographic protocols for IP networks, security protocols for emerging networks and technologies, privacy enhancing communication. Legal and ethical issues will be introduced.” 21

Some of the slides are courtesy of the slide supplements for: Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March