Presentation is loading. Please wait.

Presentation is loading. Please wait.

© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts."— Presentation transcript:

1 © MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts

2 © MMII JW RyderCS 428 Computer Networking2 Purpose Some ideas on Internet Security Classes of mischief on Internet, definitions Tools to fight mischief Combinations of these tools

3 © MMII JW RyderCS 428 Computer Networking3 Purpose continued  Very high level  Good starting point for further study about  General networking & strategies  Cryptography  Key Management  Algorithm Analysis

4 © MMII JW RyderCS 428 Computer Networking4 Introduction The Internet is a vast wilderness, an infinite world of opportunity Exploring, e-mail, free software, chat, video, e-business, information, games Explored by humans

5 © MMII JW RyderCS 428 Computer Networking5 Internet Security Concepts  Introduction of several basic security concepts  General mechanisms for protection

6 © MMII JW RyderCS 428 Computer Networking6 Sniffing and Spoofing  [1]  Sniffing  The ability to inspect IP Datagrams which are not destined for the current host.  Spoofing  After sniffing, create malicious havoc on the internet

7 © MMII JW RyderCS 428 Computer Networking7 Unprotected Internet node Private Network node Secure Gateway node A Guy Gabrielle Poirot (C) Sears Bank (I) A Guy’s Swiss Bank Wall Street (N) Steve Burns (C) Ramon Sanchez (A) 1

8 © MMII JW RyderCS 428 Computer Networking8 A Guy has no Integrity  Swiss Bank Scam  Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

9 © MMII JW RyderCS 428 Computer Networking9 Ramon springs for sound  Sears solid state stereos  Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

10 © MMII JW RyderCS 428 Computer Networking10 A guy sniffs success  Gabrielle and Steve almost strike it rich  Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

11 © MMII JW RyderCS 428 Computer Networking11 Wall Street Woes  A guy spots a hot stock tip  Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

12 © MMII JW RyderCS 428 Computer Networking12 A guy becomes desperate  Bring Wall St. to its knees  Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

13 © MMII JW RyderCS 428 Computer Networking13 Physical Adapter IP In Comm. Stack One Way Hash Functions (MD5,SHA1) Crypto Functions (DES, CDMF, 3DES) Key Mgmt. Functions Application 2

14 © MMII JW RyderCS 428 Computer Networking14 Protocol Flow  [2, 3]  Through layers, each layer has a collection of responsibilities  ISO OSI Reference Model - (Open Systems Interconnection)  IP Datagram

15 © MMII JW RyderCS 428 Computer Networking15 IP Hdr.Data IP Datagram DataMAC FnDigest MAC Function IP Hdr.DataDigest Integrity 3

16 © MMII JW RyderCS 428 Computer Networking16 Keys  Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication  The longer the better - 40, 48, 56, 128  Brute force attacks can win with small keys

17 © MMII JW RyderCS 428 Computer Networking17 Symmetric Keys  Have qualities such as life times, refresh rates, etc.  Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

18 © MMII JW RyderCS 428 Computer Networking18 Asymmetric  Public / Private key pairs  Public key lists kept on well known public key servers  Public key is no secret. If it is, the strategy will not work.  Public and Private keys inverse functional values  Private key is only known to you and must remain secret

19 © MMII JW RyderCS 428 Computer Networking19 Concept  Sender encrypts data with private key  Receiver decrypts data with public key  Receiver replies after encrypting with public key  Sender receives response and decrypts with private key

20 © MMII JW RyderCS 428 Computer Networking20 Data Encryption Function IP Hdr. Key Crypto Fn.Encrypted Data Encrypted Data Confidentiality 4

21 © MMII JW RyderCS 428 Computer Networking21 Decryption Function Data Key Crypto Fn. Encrypted Data Confidentiality Data 5

22 © MMII JW RyderCS 428 Computer Networking22 MACs  Message Authentication Codes, One Way Hashing Functions  A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that  h (M1) = h (M2)  MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST)  MD5 yields a 128 bit digest [3]

23 © MMII JW RyderCS 428 Computer Networking23 DES  Data Encryption Standard  U.S. Govt. Standard  56 bit key - originally 128 bits  Absolute elimination of exhaustive search of key space  U.S. Security Agency Request - Reduce to 56 bits  Export CDMF (40 bits)  Keys are secrets to algorithms, not algorithms themselves [4, 5]

24 © MMII JW RyderCS 428 Computer Networking24 IP Hdr. Encrypted Data Confidentiality, Integrity, & Authentication IP Hdr. Encrypted Data Digest Digital Signature (Encrypted Digest) Confidentiality & Integrity

25 © MMII JW RyderCS 428 Computer Networking25 Data EM KeyMAC CF DS Digest Keyed Digest MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest? Why not? What types of Security are provided with EM, DS, Digest, Keyed Digest?

26 © MMII JW RyderCS 428 Computer Networking26 Msg EM Msg MD DS KD No Security Integrity Confidentiality Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth.

27 © MMII JW RyderCS 428 Computer Networking27 Post Presentation Results  You should be familiar with concepts & terms such as  Integrity, Authentication, Non-repudiation, Confidentiality  Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram  High level understanding of some methods to combat some the above types of Internet mischief

28 © MMII JW RyderCS 428 Computer Networking28 One-Way Hashing Function Demo  Show MD5 example

29 © MMII JW RyderCS 428 Computer Networking29 Sniffers  Threads comment  Show Sniffer.java

Download ppt "© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 11: Cryptography

Chapter 11: Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
CSE401n:Computer Networks

CSE401n:Computer Networks
04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder

J.W. Ryder Basic Internet Security Concepts J.W. Ryder
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Similar presentations

Ads by Google