1. 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010

2. 2 Syllabus Instructor: Steve Lai Office: DL 581 Office hours: MWF 2:30-3:30 Email: lai@cse.ohio-state.edulai@cse.ohio-state.edu Home page: www.cse.ohio- state.edu/~laiwww.cse.ohio- state.edu/~lai

3. 3 Text (required) William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010. http://www.amazon.com/Cryptography- Network-Security-Principles- Practice/dp/0136097049http://www.amazon.com/Cryptography- Network-Security-Principles- Practice/dp/0136097049

4. 4 Prerequisite CSE 677 Some maturity in mathematical reasoning

5. Content of Course Will cover the first 17 chapters of Stallings with many sections skipped. 5

6. 6 Topics Introduction (Ch. 1) Symmetric-key encryption –Classical encryption techniques (Ch. 2) –Block ciphers and data encryption standard (Ch. 3) –Advanced encryption standard (Ch. 5) –Block cipher operation (Ch. 6) –Stream ciphers (Ch. 7) Public-key cryptography and RSA (Ch. 9)

7. 7 Topics (cont.) Cryptographic hash functions (Ch. 11) Message Authentication (Ch. 12) Digital Signatures (Ch. 13) Key management and distribution (Ch. 14) User authentication protocols (Ch. 15) Web Security: SSL (Ch 16) IEEE 802.11 Wireless LAN Security (Ch. 17)

8. 8 Grading plan Assignments: 20% Midterm exam I: 25% (Monday, April 26) Midterm exam II: 25% (Monday, May 17) Final exam: 30% (Wed, June 9, 9:30) Late homework will NOT be accepted.

9. Three related courses CSE 551: Introduction to Information SecurityCSE 551 CSE 652: Applied Information Security Project CSE 794Q: Introduction to Cryptography 9

10. Introduction CSE 651: Introduction to Network Security

11. What is Network Security? Network Security – measures to protect data during their transmission over a network or internet. Internet Security 11

12. Aspects of Network Security ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects: –security attack –security service –security mechanism 12

13. Security Attack Attack: any action that compromises the security of information Many different types of attacks Can be generally classified as –Passive attacks –Active attacks 13

14. Passive Attacks Reading contents of messages Also called eavesdropping Difficult to detect passive attacks Defense: to prevent their success 14

15. 15 Active Attacks Modification or creation of messages (by attackers) Four categories: modification of messages, replay, masquerade, denial of service Easy to detect but difficult to prevent Defense: detect attacks and recover from damages

16. 16

17. 17

18. 18

19. 19 Security Services (Goals) Data Confidentiality: protecting data from unauthorized disclosure. Data Integrity: –assuring that data received is as sent (w/o modification) –or detecting its non-integrity.

20. 20 Authentication: –(from dictionary: the action of confirming someone or something as authentic.) –(Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed. –Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.

21. 21 Message Authentication –Data origin authentication –Data integrity Entity Identification –Entity authentication

22. 22 Non-Repudiation: –Origin non-repudiation: preventing sender from denying that he has sent a message –Destination non-repudiation: preventing receiver from denying that she has received a message

23. 23 Access Control: preventing unauthorized use of a resource. Availability: making systems or resources available upon demand by legitimate users.

24. 24 Security Mechanisms Means to implement security services: –Encryption Symmetric-key encryption Public-key encryption Key management –Hash functions –Message authentication codes –Digital signatures –Entity authentication protocols