Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture #22: Network Security. 2 A classic lesson The chain is only as strong as its weakest link!

Published byFlora Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Lecture #22: Network Security. 2 A classic lesson The chain is only as strong as its weakest link!"— Presentation transcript:

1 1 Lecture #22: Network Security

2 2 A classic lesson The chain is only as strong as its weakest link!

3 3 In the past... l The networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. l The sky was clear and the people were happy and carefree. But now... l But now, as billions are using networks for banking, shopping, and filing their tax returns, network security is looming on the horizon as a potentially massive problem.

4 4 Security problems sources

5 5 Security areas l Network security problems can be divided roughly into four closely intertwined areas: –secrecy –authentication –nonrepudiation –integrity control. l Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. l Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. l Nonrepudiation deals with signatures: How do you prove that your customer really placed EXACTLY THIS electronic order? l Integrity control – Is this message EXACTLY THE SAME as it was originally sent?

6 6 Security on the network layers l Physical layer security – hardware solutions. For example: EM-shielding. l All other layers use security methods mainly based on the cryptography. l (the name of this science comes from the Greek words for ''secret writing'' )

7 7Cryptography l Contributors to the modern Cryptography: military military diplomatic corps diplomatic corps diarists diarists lovers lovers

8 8 Cryptography (2) l Symmetric-key encryption model Kerckhoff's (1883) principle: All algorithms must be public; only the keys are secret!

9 9 Cryptography (3) l A simple substitution cipher l Each of the symbols in the plaintext, is mapped onto some other symbol. An example for 26 letters: plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

10 10 Cryptography (4) l A transposition cipher

11 11 Cryptography (5) An unbreakable symmetric-key method: one-time pad. It uses a very long key which is bit- XORed with the message. l Disadvantages: Impossible to remember and difficult to store the key. l Example: l The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the ciphertext by the use of some other pad.

12 12 Symmetric-Key Algorithms l DES – The Data Encryption Standard l AES – The Advanced Encryption Standard l Cipher Modes l Other Ciphers l Cryptanalysis

13 13 Data Encryption Standard l (a) General outline. (b) Detail of one iteration. The circled + means exclusive OR (XOR).

14 14 Triple DES l (a) Triple encryption using DES. (b) Decryption.

15 15 AES – The Advanced Encryption Standard l Rules for AES proposals: 1. The algorithm must be a symmetric block cipher. 2. The full design must be public. 3. Key lengths of 128, 192, and 256 bits supported. 4. Both software and hardware implementations required 5. The algorithm must be public or licensed on nondiscriminatory terms.

16 16Cryptanalysis l Some common symmetric-key cryptographic algorithms:

17 17 Public-Key Algorithms - RSA 1. Choose two large primes, p and q (typically 1024 bits). 2. Compute n = p x q and z = (p - 1) x (q - 1). 3. Choose a number relatively prime to z and call it d. 4. Find e such that e x d = 1 mod z. l An example of the RSA (Rivest, Shamir, Adleman) algorithm: l p = 3, q = 11, n = 33, z = 20, d= 7

18 18 Public-Key Digital Signatures l The goal: To verify the message’s integrity. l Example:

19 19 Message Digests l Another way to assure the message’s integrity. l Examples of message digest functions: MD5 (Rivest, 1992) and SHA-1 (NIST, 1993).

20 20 Problems with Public-Key Encryption l A way for Trudy to subvert public-key encryption. The intruder

21 21Certificates l A possible certificate and its signed hash. l CA = Certification Authority Example: Bulgarian Academic Certification Authority (http://ca.acad.bg)

22 22X.509 l The basic fields of an X.509 certificate:

23 23 Public-Key Infrastructures (PKI) l (a) A hierarchical PKI. (b) A chain of certificates.

24 24IPsec l The IPsec authentication header in transport mode for IPv4.

25 25 IPsec (2) l (a) ESP in transport mode. (b) ESP in tunnel mode. l ESP = Encapsulating Security Payload

26 26Firewalls l A firewall consisting of two packet filters and an application gateway.

27 27 Virtual Private Networks l (a) A leased-line private network. (b) A virtual private network.

28 28 802.11 Security l Packet encryption using WEP (Wired Equivalent Privacy).

29 29 Authentication Protocols l Authentication Based on a Shared Secret Key l Establishing a Shared Key: Diffie-Hellman l Authentication Using a Key Distribution Center l Authentication Using Kerberos l Authentication Using Public-Key Cryptography

30 30 Establishing a Shared Key: The Diffie-Hellman Key Exchange l The bucket brigade or man-in-the-middle attack.

31 31 Authentication Using a Key Distribution Center l A first attempt at an authentication protocol using a KDC.

32 32 Authentication Using Kerberos l The operation of Kerberos V4.

33 33 Authentication Using Public-Key Cryptography l Mutual authentication using public-key cryptography.

34 34 Unsecured network protocols: Unsecured network protocols: Ethernet DLL protocols Ethernet DLL protocols IPv4 IPv4 Telnet, FTP, DNS, SMTP, POP3/IMAP, HTTP, NNTP, SNMP v1,2 etc. Telnet, FTP, DNS, SMTP, POP3/IMAP, HTTP, NNTP, SNMP v1,2 etc. Secured network protocols: IPsec, IPv6 IPsec, IPv6 HTTPS, DNSsec, TLS/SSL, SSH, S/MIME. HTTPS, DNSsec, TLS/SSL, SSH, S/MIME.

35 35 E-Mail Security l PGP – Pretty Good Privacy l PEM – Privacy Enhanced Mail l S/MIME

36 36 E-mail security: PGP – Pretty Good Privacy l PGP in operation for sending a message.

37 37 PGP – Pretty Good Privacy (2) l A PGP message.

38 38 Web Security l Threats l Secure Naming l SSL – The Secure Sockets Layer l Mobile Code Security

39 39 Secure Naming (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.

40 40 Secure Naming (2) l How Trudy spoofs Alice's ISP.

41 41 Secure DNS (DNSsec) Proof of where the data originated. Public key distribution. Transaction and request authentication. Example of DNSsec RRSet for bob.com : The KEY record is Bob's public key. The SIG record is the top- level com server's signed has of the A and KEY records to verify their authenticity.

42 42 Self-Certifying Names l A self-certifying URL containing a hash of server's name and public key.

43 43 SSL—The Secure Sockets Layer l Layers (and protocols) for a home user browsing with SSL.

44 44 SSL (2) l A simplified version of the SSL connection establishment subprotocol.

45 45 SSL (3) l Data transmission using SSL.

46 46 Java Applet Security l Applets inserted into a Java Virtual Machine interpreter inside the browser.

47 47 Social Issues l Privacy l Freedom of Speech l Copyright

48 48 Anonymous Remailers l Users who wish anonymity chain requests through multiple anonymous remailers.

49 49 Freedom of Speech l Possibly banned material: 1. Material inappropriate for children or teenagers. 2. Hate aimed at various ethnic, religious, sexual, or other groups. 3. Information about democracy and democratic values. 4. Accounts of historical events contradicting the government's version. 5. Manuals for picking locks, building weapons, encrypting messages, etc.

50 50 Steganography - hiding messages (a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare.

51 51Copyright l The granting to the creators of IP (Intellectual Property), including writers, artists, composers, musicians, photographers, cinematographers, choreographers, and others, the exclusive right to exploit their IP for some period of time, typically the life of the author plus 50 years (or 75 years in the case of corporate ownership). l After the copyright of a work expires, it passes into the public domain and anyone can use or sell it as they wish.

52 52 Copyright (2) l Examples: l Napster, torrents, eMule and other P2P- like networks violate the copyright! (Because they hold some kind of centralized databases which help the people to find the desired IP-material for free downloading.)

53 53 End-user security rules Don’t write your password on paper! Don’t write your password on paper! Don’t tell your password to anybody! (even to your sysadmin). Don’t tell your password to anybody! (even to your sysadmin). Don’t use short or easy to guess passwords! Don’t use short or easy to guess passwords! examples of good passwords: The g1rL fr Θ m !panemA Macro$oft L!nuX ;-) Change your password frequently! Change your password frequently! Don’t loose your private key! Don’t loose your private key! Never leave your computer unattended while logged in! Never leave your computer unattended while logged in! Beware of viruses, trojan horses, worms etc. fauna! Beware of viruses, trojan horses, worms etc. fauna! Apply the recent security updates and patches to your OS and software! Apply the recent security updates and patches to your OS and software! Always remember that there is no 100% Security!

Download ppt "1 Lecture #22: Network Security. 2 A classic lesson The chain is only as strong as its weakest link!"

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Introduction to Cryptography

Introduction to Cryptography
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.

Similar presentations

Ads by Google