Ch 8. Security in computer networks Myungchul Kim

Slides:



Advertisements
Similar presentations
Chapter 8 Network Security
Advertisements

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CSE401n:Computer Networks
1DT014/1TT821 Computer Networks I Chapter 8 Network Security
Network Security understand principles of network security:
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 20: Network Security Business Data Communications, 4e.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network Security Sorina Persa Group 3250 Group 3250.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
Firewalls A note on the use of these ppt slides:
1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.
Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students, readers). They’re.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
8: Network Security8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Prof. Younghee Lee 1 1 Computer Networks u Lecture 13: Network Security Prof. Younghee Lee * Some part of this teaching materials are prepared referencing.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 5: Mobile security,
Network Security David Lazăr.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Network Security Understand principles of network security:
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 Symmetric key cryptography: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plaintext input How secure.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
8: Network Security 8-1 IPsec: Network Layer Security r network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments;
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.
Chapter 10: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m authentication.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
K. Salah1 Security Protocols in the Internet IPSec.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Security in the layers 8: Network Security.
Network Security.
What is network security?
Network Security Basics
1DT057 Distributed Information System Chapter 8 Network Security
Session 20 INST 346 Technologies, Infrastructure and Architecture
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Ch 8. Security in computer networks Myungchul Kim

2 What is network security? Confidentiality: only sender, intended receiver should “ understand ” message contents – sender encrypts message – receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users

8-3 There are bad guys (and girls) out there! Q: What can a “ bad guy ” do? A: a lot!  eavesdrop: intercept messages  actively insert messages into connection  impersonation: can fake (spoof) source address in packet (or any field in packet)  hijacking: “ take over ” ongoing connection by removing sender or receiver, inserting himself in place  denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later ……

4

5 Principles of cryptography – The encryption technique is known – published, standardized, and available to everyone. – Symmetric key systems – Public key systems o Symmetric key cryptography – Block ciphers  PGP, SSL, IPsec

6 Symmetric key crypto: DES DES: Data Encryption Standard o US encryption standard [NIST 1993] o 56-bit symmetric key, 64-bit plaintext input o How secure is DES? – DES Challenge: 56-bit-key-encrypted phrase ( “ Strong cryptography makes the world a safer place ” ) decrypted (brute force) in 4 months – no known “ backdoor ” decryption approach o making DES more secure: – use three keys sequentially (3-DES) on each datum – use cipher-block chaining

7 Symmetric key crypto: DES initial permutation 16 identical “ rounds ” of function application, each using different 48 bits of key final permutation DES operation

8 AES: Advanced Encryption Standard o new (Nov. 2001) symmetric-key NIST standard, replacing DES o processes data in 128 bit blocks o 128, 192, or 256 bit keys o brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

9 o Public key encryption – Diffie and Hellman, 1976 – For encryption, authentication, digital signature – A public key available to every one and a private key that is known only to a person

10 Message integrity – Cryptographic hash function  Originated from …  Not tampered with on its way to …  A cryptograhic hash function: it is computationaly infeasible to find any two different messages x and y such that H(x) = H(y). – MD5 (128-bit hash)

11

12 o Message authentication code

13 o Digital signatures – Verifiable and nonforgeable

14

15

16 o Public key certification – Verify that you have the actual public key fo the entity – Certification Authority: binding a public key to a particular entity – ITU X.509

17

18 A certificate contains: o Serial number (unique to issuer) o info about certificate owner, including algorithm and key value itself (not shown) o info about certificate issuer o valid dates o digital signature by issuer

19 End-point authentication – The process of proving one’s identity to someone else.

20

21

22 - nonce: once in a lifetime

23

24

25

26 Securing – Confidentiality, sender authentication, message integrity, receiver authentication

27

28 Pretty Good Privacy (PGP): MD5 or SHA for message digest; CAST, triple-DES or IDEA for symmetric key encryption and RSA for the public key encryption

29 Securing TCP connections: SSL – Secure Sockets Layer (SSL) – Transport Layer Security (TLS)

30 – Handshake, key distribution, and data transfer

31 Network-layer security: IPsec – Virtual private networks (VPNs) – Authentication Header (AH) protocol: source host authentication and data integrity – Encapsulation Security Payload (ESP) protocol: … and confidentiality – AH header: next header, security parameter index, sequence number, authentication data

32 – The ESP protocol  Key distribution – Manual – Automated: Internet Key Exchange protocol using public-key cryptography

33 IEEE security o war-driving: drive around Bay area, see what networks available? – More than 9000 accessible from public roadways – 85% use no encryption/authentication – packet-sniffing and various attacks easy! o securing – encryption, authentication – first attempt at security: Wired Equivalent Privacy (WEP): a failure – current attempt: i

34 Securing wireless LANs o Wired equivalent privacy (WEP) – Authentication and data encryption – Symmetric shared key – No key distribution

35 o IEEE i

36

37 Firewalls and Intrusion Detection Systems o The goals of firewall – All traffic from outside to inside, and vice versa, passes through the firewall – Only authorized traffic, as defined by the local security policy, will be allowed to pass. – The firewall itself is immune to penetration.

38 o Traditional packet filters – Filtering decision  IP source or destination address  Protocol type in IP datagram field: TCP, UDP, ICMP, OSPF, …  TCP or UDP source and destination port  TCP flag bits: SYN, ACK, …  ICMP message type  Different rules for datagrams leaving and entering the network  Different rules for the different router interfaces.

39 Policy Firewall Setting No outside Web access. Drop all outgoing packets to any IP address, port 80 No incoming TCP connections, except those for institution ’ s public Web server only. Drop all incoming TCP SYN packets to any IP except , port 80 Prevent Web-radios from eating up the available bandwidth. Drop all incoming UDP packets - except DNS and router broadcasts. Prevent your network from being used for a smurf DoS attack. Drop all ICMP packets going to a “ broadcast ” address (eg ). Prevent your network from being tracerouted Drop all outgoing ICMP TTL expired traffic Stateless packet filtering: more examples

40 - Access control list for /16

41 o stateful packet filters – Actually track TCP connections – Check connections o Application gateway – Policy decision based on application data – Disadvantages  A different application gateway for each application  Perfrance penalty  The client software must know how to contact the gateway

42

43 o Intrusion detection systems – Deep packet inspection – A high-security region and a lower-security region (demilitarized zone(DMZ)) – Signature-based system: require previous knowledge of the attach to generate an accurate signature – Anomaly-based system: create a traffic profile – Example: snort

44

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.