Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Published byChrystal Strickland Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication."— Presentation transcript:

1 1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication Availability

2 2 1. Confidentiality (against eavesdropping) Eavesdropping: packet sniffing on net, in which attackers read transmitted information, including logon information and database contents. Brute Force attack 1975 US National Bureau of Standard (NBS): Data Encryption Standard (DES) – a 56-bit key is no longer considered to be very secure.DES 2001 US National Bureau of Standard (NBS): Advanced Encryption Standard (AES) – a choice of key length of 128, 192, or 256 bits.

3 Single-Key (conventional) and Dual-Key (public-key) Encryption Algorithms – Single-key encryption is faster but key-distribution is difficult. – Dual-key encryption is slower but key-distribution is easy. – One common solution is to use the dual-key encryption for key-distribution and authentication while the single-key encryption is used to encrypt message.

4 4 What are two major cryptographic methods? Conventional encryption: Message sender and recipient share single secret key for encryption and decryption. There are three basic operations: - Substitution: replace bits with other bits. - Transposition (permutation): arrange bits in a different order - XOR: 10110010  01110110 = 11000100 Public-key encryption: Key owner generates a pair of keys. One key, called public key (e), is made available for anyone to get. Another key, called private key (d), is kept by the owner. Message encrypted with one key can be decrypted with another. The RSA algorithm is one implementation of public key cryptography.

5 5 How do you choose an encryption algorithm? No inherent mathematical weakness: Algorithm survived extensive public review and assume that the brute force approach is the only efficient attack. Key length: A 128-bit key makes a brute force attack impractical with current technology. Key is easy to change and to manage: Frequent key change makes encryption more secure. Cost: Many algorithms are royalty-free. Permission for export: Strong cryptography products may not have permission to export.

6 2. Access Control (Password, read, write, execute, and delete) How does an attacker learn your password? Try default passwords Exhaustively try all short passwords Try words in system’s online dictionary or a list of likely passwords. Collect information about user. Try user’s phone number. Try user’s license plate numbers. Use a Trojan horse. Tap the line between a remote user and the host system.

7 3. Integrity, Non-repudiation and Digital Signature Integrity: prevent user’s data and message from being modified. Non-repudiation: prevent either sender or receiver from denying a transmitted message. How can dual-key encryption be used to authenticate a message? Digital signature is based on public-key cryptographic algorithm. A one-way hash function takes a message and returns a small fixed-length string (hash value). The hash value is encrypted with sender’s private key that can be verified by recipient using the sender’s public key. Therefore, the recipient is certain that the message is indeed from the sender. The hash value is also used to verify that the message was not altered in transit.

8 4. Authentication (Identity and Certificate) If you buy books from Amazon.com, we want to know whether the Web site you are dealing with is really Amazon. You want Amazon Web server to authenticate itself to you and Amazon may want you to authenticate yourself to Amazon. What is the secure socket layer (SSL) protocol? The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. An SSL- enabled Web server can be linked with a URL starting with https (port 443) instead of http (port 80). Netscape patented SSL in 1997.httpshttp

9 How does an SSL-enabled browser authenticate the server? An SSL-enabled Web server should be certified by a trusted third party - Certifying Authority (CA). An SSL-enabled browser maintains a list of trusted CAs along with the public keys of the CAs. When a client browser wants to communicate with an SSL-enabled Web server, the browser obtains the server’s certificate. The certificate is issued by a CA and digitally signed with this CA’s private key. If the CA is in the browser’s list, the signature can be verified with this CA’s public key. If not, client’s browser issues a security alert.

10 What are principle differences between SET and SSL? The secure electronic transaction (SET) is a protocol specifically designed to secure payment-card transactions over Internet. The principle differences are The SET is designed to encrypt specific kinds of payment-related messages. It cannot be used to encrypt arbitrary data as can SSL. The SET protocol involves all three players on Internet, namely, the customer, the merchant, and the merchant’s bank. All sensitive information sent between the three parties is encrypted. The SET requires all three players to have certificates. The customer’s and merchant’s certificates must be issued by their bank, thereby assuring that these players are permitted to make and receive payment-card purchases.

Download ppt "1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Security and Authentication Daniel L. Silver, Ph.D. Acadia & Dalhousie Univs.

Security and Authentication Daniel L. Silver, Ph.D. Acadia & Dalhousie Univs.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Cryptographic Technologies

Cryptographic Technologies
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Similar presentations

Ads by Google