Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Slides:



Advertisements
Similar presentations
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Chapter 8.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information Security in Distributed Systems Distributed Systems1.
Chap1: Is there a Security Problem in Computing?.
Ch 13 Trustworthiness Myungchul Kim
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Network Security Celia Li Computer Science and Engineering York University.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Computer Communication & Networks
9.2 SECURE CHANNELS Medisetty Swathy.
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Presentation transcript:

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology

Outline Introduction to security Secure channels Access control Security management Example: electronic payment systems

Security concerns in distributed systems SECURE CHANNELS authentication message integrity confidentiality ACCESS CONTROL authorization

What are security threats ? (1) Interception: an unauthorized party has gained access to resource – communication between 2 parties has been overheard by someone else – data illegally copied after breaking into private directoty Interrupt: resources unavailable, unusable, destroyed,… – Denial of Service

What are security threats ? (2) Modification: unauthorized changing of data or tampering with a service so that it loses original specifications – changing program to log secretly user’s activities Fabrication: additional data or activity generated that would normally not exist – add an entry to password file

Security policy & security mechanisms Building a secure system is not to protect against all threats – First, security policies must be created Security policy = to describe which actions the entities are allowed to take and which ones are prohibited Security mechanism = to enforce security policies

Security mechanisms Encryption – hacker cannot understand (cryptography) – provide confidentiality, integrity Authentication – verify a claimed identity Authorization – check permissions (rights) to perform actions Auditing – trace clients’ access

Globus security

Design issues Focus of control – protection on data Data is protected against wrong or invalid operations Invocation Method State Object Operations can be performed, but main concern is data integrity

Design issues Focus of control – protection on invocation Data is protected against unauthorized invocations Invocation Method State Object Main concern is access control mechanisms

Design issues Focus of control – protection on user Data is protected by checking the role of invoker Invocation Method State Object Main concern is defining roles that users have

Design issues Layer of security mechanisms Application Middleware OS Services OS kernel Hardware Transport Network Datalink Physical Application Middleware OS Services OS kernel Hardware Transport Network Datalink Physical network low-level protocols high-level protocols Main concern is where security mechanisms are placed IDEA: TRUST depending on the trust a client has in how secure the services are in a particular layer

Trust on different layers SMDS Encryption device Different LANs trust each other, but do not trust SMDS Trust router (encryption device) If notUse SSL In distributed system, security mechanisms often placed in middleware

Design issues Distribution of security mechanisms Middleware-base distributed system trusts local OS it depends on – If not, part of functionality of OS must be integrated in distributed system Use the approach “Reduced Interfaces for Secure System Components” servers running secure services no direct access from other machines access control device

Design issues Simplicity Few, simple security mechanisms easily understood and trusted to work, the better it is – It is not easy in practice Applications are inherently complex, therefore security services, protocols should be simple

Cryptography Encryption method Plaintext, P Encryption key, E K Sender Decryption method Plaintext, P Decryption key, D K Receiver Ciphertext C=E K (P) Passive intruders only listen to C Active intruders can alter messages Active intruders can insert messages Symmetric cryptosystems: DES Public-key cryptosystems: RSA Hash functions: MD5

Secure channels Protecting clients and servers against – interception: ensureing confidentiality – modification, fabrication: mutual authentication and message integrity authentication and message integrity must go together Ex: A sends B a message m. A and B both authenticated, but how guaranteeing m is not modified

Authentication based on shared secret key ALICEALICE BOBBOB A RBRB K A,B (R B ) RARA K A,B (R A ) Challenge-response protocol - R A, R B : challenge from A, B respectively - K A,B : secret key shared by A, B - Key distribution center can reduce number of keys - No longer used because defeated by reflection attack

Authentication based on public-key cryptography ALICEALICE BOBBOB K B + (A, R A ) K A + (R A,R B,K A,B ) K A,B (R B ) K A +, K A - : public and private keys of A respectively - K A,B : session key shared by A, B

Digital signatures Example: – Bob sells Alice an item with price $500 – Alice sends Bob an to confirm – Two issues happen Alice needs to be sured Bob maliciously change to price to higher value Bob needs to be sures Alice cannot deny the price (preventing second thoughts) Require a signature associated with the ’s content

Digital signature using public-key Bob’s public key, K B + Alice’s private key, K A - m Bob’s private key, K B - Alice’s public key, K A + m Alice’s computerBob’s computer K B + (m, K A - (m))K A - (m)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.