CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina

8/27/2007(C) 2007 Chin-Tser Huang2 About Me Chin-Tser Huang Ph.D. in Computer Sciences, 2003, University of Texas at Austin Research in network security, network protocol design and verification, distributed systems My web page can be found at

8/27/2007(C) 2007 Chin-Tser Huang3 About the Course A grad-level course focusing on basics and issues in network security First half will be lectures about elements of network security, cryptography backgrounds, and introduction to network security designs Second half will be your chance to present what you have learned from key research papers

8/27/2007(C) 2007 Chin-Tser Huang4 Course Information Online 715F07/index.htm 715F07/index.htm List of assigned paper and useful links are available on the page Lecture slides will be available online too

8/27/2007(C) 2007 Chin-Tser Huang5 Why Should You Take This Course Security is an increasingly important issue You want to have basic knowledge about network security You can learn latest attacks and newest skills to counter those attacks You have a chance to implement the skills learned in the class

8/27/2007(C) 2007 Chin-Tser Huang6 Your Best Strategy Come to every lecture to learn basic security problems and skills to counter them Keep yourself exposed to articles related to network security to collect project ideas Read each assigned paper and write good summary for each paper Do not wait till last minute to prepare for exam or work on project Enjoy the fun!

8/27/2007(C) 2007 Chin-Tser Huang7 What Can Go Wrong… …when your computer y receive or is waiting for a message m? m Internet x y ?

8/27/2007(C) 2007 Chin-Tser Huang8 Message Loss Adversary A can discard m in its transit m x y A

8/27/2007(C) 2007 Chin-Tser Huang9 Message Interception Adversary A can get a copy of m when m passes by m x y m m A

8/27/2007(C) 2007 Chin-Tser Huang10 Message Modification Adversary A can arbitrarily modify the content of m to become m’ m x y m’ A

8/27/2007(C) 2007 Chin-Tser Huang11 Message Insertion Adversary A can arbitrarily fabricate a message m, pretending that m was sent by x x y m src: x dst: y A

8/27/2007(C) 2007 Chin-Tser Huang12 Message Replay Adversary A can replay a message m that has been sent earlier by x and received by y x y m m A

8/27/2007(C) 2007 Chin-Tser Huang13 Denial-of-Service Attack Adversary A can send huge amount of messages to y to block m from arriving at y x y m ……………… ????? A

8/27/2007(C) 2007 Chin-Tser Huang14 More Scenarios In one case, x wants y to be able to verify message m is sent by a legitimate party but not able to determine identity of x m x y Internet src: ? dst: y

8/27/2007(C) 2007 Chin-Tser Huang15 More Scenarios In another case, y wants to be able to prove to third party z that y receives message m from x m x y Internet z x sent to y m

8/27/2007(C) 2007 Chin-Tser Huang16 Network Security Is Great… Protect messages from interception in their transit Provide desired level of privacy for user or data Detect and discard messages that are modified, inserted, or replayed Disallow unauthorized access to local system resource and sensitive data

8/27/2007(C) 2007 Chin-Tser Huang17 …But Hard To Achieve Many layers in network architecture Many different media of network connection Adversary’s location hard to determine New attacks keep emerging Cryptographic overhead

8/27/2007(C) 2007 Chin-Tser Huang18 Next Class Type of attacks Network security services Formal specification and verification of network protocols Read Ch. 1