Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Networked Applications: A First Course Chapter 13 by David G. Messerschmitt.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Understanding Networked Applications: A First Course Chapter 13 by David G. Messerschmitt."— Presentation transcript:

1 Understanding Networked Applications: A First Course Chapter 13 by David G. Messerschmitt

2 Understanding Networked Applications: A First Course Trustworthiness by David G. Messerschmitt

3 Understanding Networked Applications A First Course 3 Some objectives High availability –Expanding expectations, approaching 24x7 –Redundancy/replication, security, human factors Protect confidential information Limit services to legitimate users or customers Conduct secure commercial transactions

4 Understanding Networked Applications A First Course 4 Availability Application up and running correctly Some types of downtime: –Off-line upgrade and maintenance –Software crashes –Equipment failure –Successful denial-of-service attack

5 Understanding Networked Applications A First Course 5 Availability costs! On-line upgrade and maintenance More application testing, more rapid bug reports and fixes Equipment or application redundancy Data replication Operational vigilance

6 Understanding Networked Applications A First Course 6 Question What availability would you like to see in: –Consumer stock trading system? –Currency trading system? –Train control system? –Bank ATM? –Social application like email? –Telephone system?

7 Understanding Networked Applications A First Course 7 Different security environments Intranet and extranet –All users may be trusted Organization-to-organization –Users in other organizations are less trusted, have less access Citizenry –Determined adversaries must be assumed

8 Understanding Networked Applications A First Course 8 Access control First line of defense is to limit information and services to authorized users Requires: –Authorization policies –Databases with authorizations –Confidentiality of information and communication –Authentication of users who do gain access

9 Understanding Networked Applications A First Course 9 Non-repudiation The second line of defense is to maintain a provable audit of commitments –Requires non-repudiation: neither sender nor recipient can deny message –Non-repudiation requires message integrity

10 Understanding Networked Applications A First Course 10 Core technology Encryption –Depends on the existence of hard (not impossible) problems that are thought to be uncomputable by the fastest computers in reasonable time –“Size” of problem can be adjusted to future and anticipated computing technology –Symmetric and asymmetric versions

11 Understanding Networked Applications A First Course 11 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Virus

12 Understanding Networked Applications A First Course 12 Alice writes message on paper in permanent ink Alice adds her signature Alice seals message in envelope Only Bob breaks seal and opens envelope Bob verifies Alice’s signature Post office physical security Alice requests return acknowledgement from Bob

13 Understanding Networked Applications A First Course 13 Encryption Transform “plaintext” data to “ciphertext” data in a way that –plaintext cannot be recovered without knowledge of a key –at least not without extraordinary computing resources

14 Understanding Networked Applications A First Course 14 Locking key (Identical) unlocking key Plaintext Locking key (Different) unlocking key Symmetric lock and key Asymmetric lock and key Ciphertext

15 Understanding Networked Applications A First Course 15 Close and lock using sender’s locking key Recipient opens using unlocking key Put plaintext in lockbox Transport to recipient Symmetric case Asymmetric case Locking and unlocking keys are different Ciphertext

16 Understanding Networked Applications A First Course 16 EncryptionDecryption Plaintext P Original plaintext P Ciphertext C SK EncryptionDecryption P PC BPKBSK Symmetric Asymmetric Alice (sender)Bob (recipient) Secret key Public key Secret key Confidentiality protocol

17 Understanding Networked Applications A First Course 17 Confidentiality Bob must possess a secret not available to anyone else Alice (sender) Bob (recipient)

18 Understanding Networked Applications A First Course 18 Confidentiality (con’t) Bob must possess a secret not available to anyone else Alice (sender) Bob (recipient) Alice must be able to transform the message so that only the person possessing that secret can read it

19 Understanding Networked Applications A First Course 19 Confidentiality (con’t) Bob must possess a secret not available to anyone else Alice (sender) Bob (recipient) Alice must be able to transform the message so that only the person possessing that secret can read it or EncryptDecrypt

20 Understanding Networked Applications A First Course 20 Authentication Alice (sender) Bob (recipient) Goal: Before Bob can trust a message received from Alice, he needs to verify that Alice is who she claims she is Alice may want to verify Bob’s identity before sending him a message

21 Understanding Networked Applications A First Course 21 Authentication Alice (sender) Bob (recipient) Alice must possess a secret not available to anyone else (alternatively, physical characteristics like a finger print might be used)

22 Understanding Networked Applications A First Course 22 Authentication (con’t) Alice (sender) Bob (recipient) Alice must possess a secret not available to anyone else (alternatively, physical characteristics might be used) Bob must be able to verify that Alice possesses that secret without Alice revealing it on the network or to Bob

23 Understanding Networked Applications A First Course 23 Authentication (con’t) Alice (sender) Bob (recipient) Alice must possess a secret not available to anyone else (alternatively, physical characteristics might be used) or Bob must be able to verify that Alice possesses that secret without Alice revealing it on the network (and possibly not to Bob) Challenge Response

24 Understanding Networked Applications A First Course 24 EncryptionDecryption k APKASK Challenge Alice (being authenticated) Public keySecret key DecryptionEncryption APKASK Response Public keySecret key Bob k 1 k+1 Compare 1 Challenge-response protocol

25 Understanding Networked Applications A First Course 25 Question How does Bob obtain Alice’s public key? How does Bob authenticate that public key? Answer: Key must come from a trusted authority

26 Understanding Networked Applications A First Course 26 Authentication (con’t) Alice (sender) Bob (recipient) Alice must possess a secret not available to anyone else (alternatively, physical characteristics might be used) Bob also must have confirmation from a trusted authority of Alice’s public key Digital certificate

27 Understanding Networked Applications A First Course 27 Non-repudiation Alice (sender) Bob (recipient) Alice can transform the message using a secret only she possesses

28 Understanding Networked Applications A First Course 28 Non-repudiation Alice (sender) Bob (recipient) Alice must sign the message using a secret not revealed to anybody else Bob must be able to verify the signature using public information confirmed by a trusted authority Digital certificate

29 Understanding Networked Applications A First Course 29 EncryptionDecryption P S ASKAPK Signature (Alice) senderBob (recipient) Plaintext Compare Secret keyPublic key Digital signature

30 Understanding Networked Applications A First Course 30 Summary A message can be sent from Alice to Bob, such that: –It is confidential –Alice’s identity is authenticated –Provably the message was not modified after Alice generated it, and she cannot repudiate it All this requires a system for distribution and certification of secrets

31 Understanding Networked Applications A First Course 31 Distribution of secrets Users choose their own secrets and inform sites (password) In a closed administrative environment, secrets can be distributed by administrative fiat –Authentication servers avoid the “n 2 secret problem” For the citizenry, infrastructure required

32 Understanding Networked Applications A First Course 32 BobAlice CA  Alice convinces CA of her identity  Alice provides Bob with a replica of her digital certificate, which provides and certifies Alice’s public key  CA gives digital certificate and secret key to Alice  Bob verifies CA signature using CA public key Digital certificate protocol

33 Understanding Networked Applications A First Course 33 Certificate authority Bank’s certificate issued by CA Merchant’s certificate issued by bank Verify signature Authority’s known public key Bank’s public key Verify signature Merchant’s public key Chain of trust

34 Understanding Networked Applications A First Course 34 CA Seller (server) Customer (client) Trusting CA public key, client can obtain authenticated public key of a seller Consumer electronic commerce

35 Understanding Networked Applications A First Course 35 Seller (server) Customer (client) Client can generate a random, secret “session key” and send confidentially to server Client can authenticate server using challenge response protocol

36 Understanding Networked Applications A First Course 36 Seller (server) Customer (client) Client and server can communicate confidentially

37 Understanding Networked Applications A First Course 37 Seller (server) Customer (client) This is what “secure socket layer (SSL)” provides today. What is missing? CA

38 Understanding Networked Applications A First Course 38 Certificate infrastructure Certificate authorities Individual and corporate certificates Benefits: –Authentication of sellers and buyers Avoid sales to minors etc. –Non-repudiation of transactions

39 Understanding Networked Applications A First Course 39 Privacy concerns On-line transactions can be tracked Traditional opposition to “identity card” for this reason Safeguards are possible –Example: Secure Electronic Transactions (SET)

40 Understanding Networked Applications: A First Course Slides for Supplements by David G. Messerschmitt

41 Understanding Networked Applications A First Course 41 Information Data Block: plaintext EncryptDecrypt Information Data Block: plaintext Representation by data (defined by application) FragmentationAssembly Interpretation assumed by encryption algorithm Ciphertext Encryption obscures data representation

42 Understanding Networked Applications A First Course 42 Block substitution table Plaintext (n bits) 0000000000000 0000000000001 0000000000010 …. 1111111111111 Ciphertext (n bits) 0100001011001 0111010011000 1000101101011 …. 1110100000110

43 Understanding Networked Applications A First Course 43 Block substitution table Plaintext (n bits) For each of the 2 n possible plaintext blocks Ciphertext (n bits) The substitute ciphertext block of n bits The table has n2 n bits total

44 Understanding Networked Applications A First Course 44 Confidentiality based on the block substitution cipher EncryptionDecryption Plaintext Original plaintext P Ciphertext Block subsitution table Block subsitution table This is a symmetric encryption/decryption algorithm The key is the table, which has n2 n bits

45 Understanding Networked Applications A First Course 45 Practicality For small block size n, statistical techniques can easily infer the table For large block size n, the table is too large to be practical –e.g. n=64, n2 n = 10 21, far greater than the total storage in a computer

46 Understanding Networked Applications A First Course 46 Practicality (con’t) Keys need not be as large for an exhaustive key trial attack –e.g. 10 9 trials/sec, 10 years = 3x10 8 sec –3x10 17 trials in 10 years –2 59 = 6x10 17 –59 bit key will do it! Conclusion: need an encryption algorithm! –Key with 64 or 128 bits may be enough

47 Understanding Networked Applications A First Course 47 ffff... 32 bits Bit-by bit addition (base-two) 16 rounds k 15 k 16 k2k2 k1k1 Plaintext block Ciphertext block Confusion Diffusion DES symmetric algorithm 64 bit plaintext 56 bit key

48 Understanding Networked Applications A First Course 48 0 n-1 P = plaintext C = ciphertext Encrypt Decrypt RSA asymmetric algorithm C = P s mod n P = C t mod n t cannot be computed from (n,s) in reasonable time

49 Understanding Networked Applications A First Course 49 Notice the asymmetry Encrypt Decrypt The two keys can be applied in either order, and we still return to where we started

50 Understanding Networked Applications A First Course 50 BA ID_A,ID_B E ASK [k,ABSK,ID_B] E BSK [k,ABSK,ID_A] E ABSK [k,ID_A] E ABSK [k+1] E BSK [k,ABSK,ID_A] Authentication server Kerberos

Download ppt "Understanding Networked Applications: A First Course Chapter 13 by David G. Messerschmitt."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Similar presentations

Ads by Google