Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.

Published byCornelius Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Security - Farkas1 CSCE 813 Midterm Topics Overview."— Presentation transcript:

1 Internet Security - Farkas1 CSCE 813 Midterm Topics Overview

2 Network Attacks Classifications – Passive vs. Active – Against security objectives What are the security objectives? – Attacker’s activities Give some examples Internet Security - Farkas2

3 Forward Secrecy Compromised key: permits the disclosure of the data encrypted by the compromised key. No additional keys can be generated from the compromised key. Perfect Forward Secrecy: compromise of a single key will permit access to only data protected by a single key Internet Security - Farkas3 Why PFS is important for security protocols?

4 Protection Protection at storage Protection during usage Protection during transmission Give an example attack and consequences for each What are the basic security technologies? Internet Security - Farkas4

5 5 Communication Security Security Protocols Cryptographic protocols Services: secrecy, integrity, authentication, key exchange, non-repudiation, etc. Components: communicating parties (nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.

6 Internet Security - Farkas6 Security Properties – Authentication of Origin Verify – Who sent the message? – Who sent the message to whom? – Who sent the message to whom and how many times?

7 Internet Security - Farkas7 Security Properties What is – Non-interference – Message confidentiality – Sender authentication – Message authentication – Message integrity – Replay protection – …? How can we support – Non-interference – Message confidentiality – Sender authentication – Message authentication – Message integrity – Replay protection – …? Why do we need protocol analysis?

8 Internet Security - Farkas8 Attacks Known attacks – Can be picked up by careful inspection Non-intuitive attacks – Not easily apparent – May not depend on flaws or weaknesses of cryptographic algs. – Use variety of methods, e.g., statistical analysis, subtle properties of crypto algs., etc.

9 Internet Security - Farkas9 TCP/IP Protocol Stack Application Layer Transport Layer Internetwork Layer Network Access Layer How does the TCP/IP stack compares to the ISO-OSI model? Why is layering a good idea? How does layering impact the security capabilities? What are the main protocols for each layer? How do these protocols support security?

10 What are the main security capabilities supported by the security protocols? Internet Security - Farkas10

11 Internet Security - Farkas11 Security -- At What Layer? Where to implement security? Basic services that need to be implemented: Key management Confidentiality Nonrepudiation Integrity/authentication Authorization What are the security technologies supporting these services?

12 Internet Security - Farkas12 Network Access Layer Responsible for packet transmission on the physical media Protocols: Ethernet, Token Ring, Asynchronous Transfer Mode (ATM) How does Ethernet support security? Application Layer Transport Layer Network Layer Network Access L

13 Virtual Private Network L2TP: combines Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP) What does tunneling mean? Who can create a tunnel? CSCE 813 - Farkas13

14 CSCE 813 - Farkas14 L2TP Protocol Tunnel components – Control channel (reliable): control sessions and tunnel – Data channel (unreliable): created for each call What is the level of protection between Client 1 & LAC? LAC & LNS? Control Session 1 (Call ID 1) Session 2 (Call ID 2) LACLNS Client 1 Client 2 Service 1 Service 2

15 CSCE 813 - Farkas15 L2TP and IPSec L2TP is NOT secure without the support of IPSec What are the attacks to consider?

16 CSCE813 - Farkas16 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer Packaging Addressing Routing What are the supported security protocols? What is the effect of standardization on security?

17 CSCE813 - Farkas17 Internet Engineering Task Force Standardization IPv6 development requirements: Strong security features 1992: IPSEC WG (IETF) – Define security architecture – Standardize IP Security Protocol and Internet Key Management Protocol 1998: revised version of IP Security Architecture – IPsec protocols (two sub-protocols AH and ESP) – Internet Key Exchange (IKE)

18 CSCE813 - Farkas18 IP Security Overview IPSec: method of protecting IP datagrams – Data origin authentication – Connectionless data integrity authentication – Data content confidentiality – Anti-replay protection – Limited traffic flow confidentiality

19 CSCE813 - Farkas19 IP Security Architecture IPsec module 1 IPsec module 2 SPD SAD SPD IKE IPsec SA

20 Internet Security - Farkas20 The Domain Name System Why is it needed? Is this secure? What are the security concerns? Good reading: SANS Institute: Security Issues with DNS, http://www.sans.org/reading- room/whitepapers/dns/security-issues-dns-1069http://www.sans.org/reading- room/whitepapers/dns/security-issues-dns-1069

21 Internet Security - Farkas21 Transport Layer Host-to-host transportation of packets Services: – Connection-oriented or connectionless – Reliable or unreliable TCP, UDP Application Layer Transport Layer Network Layer Data Link Layer What are the TL security protocols?

22 CSCE 813 - Farkas22 Security Requirements – Key management – Confidentiality – Repudiation – Integrity/authentication – Authorization What are the advantages supporting security at this layer? Which are the most popular transport layer security protocols?

23 CSCE 813 - Farkas23 Transport Layer Security Protocols Connectionless and connection-oriented transport layer service: Security Protocol 4 (SP4) – NSA, NIST, Transport Layer Security Protocol (TLSP) – ISO Connection-oriented transport layer service: – Encrypted Session Manager (ESM) – AT&T Bell Labs. – Secure Socket Layer (SSL) – Netscape Communications – Transport Layer Security (TLS) – IETF TLS WG Most popular transport layer security protocols

24 Internet Security - Farkas24 Application Layer Provides applications that can access services at the other layers, e.g., telnet (port 23), mail (port 25), finger (port 79) New services and protocols are always being developed Application Layer Transport Layer Network Layer Data Link Layer

25 CSCE 813 - Farkas25 Approaches Provide security system that can be used by different applications – Develop authentication and key distribution models Enhance application protocol with security features – Need to enhance each application

26 CSCE 813 - Farkas26 Third Party Authentication 1.Request ticket- granting ticket 2. Ticket + session key 3. Request service- granting ticket 4. Ticket + session key Client KDC TGS Server 5. Request service 6. Provide server authentication Once per user logon session Once per service session Once per type of service Kerberos Cerberus

27 CSCE 813 - Farkas27 Security-Enhanced Application Protocol Applications: – Terminal access – File transfer – Electronic mail – WWW transactions – DNS – Distributed file system

28 CSCE 813 - Farkas28 SSH Use generic transport layer security protocol over TCP/IP Support for – Host and user authentication – Data compression – Data confidentiality – Integrity protection Server listens for TCP connection on port 22, assigned to SSH

29 CSCE 813 - Farkas29 PGP: Confidentiality and Authentication E D M HE K A private c K A private [H(M)] M E KsKs K B public c K B public (K s ) K s [M+H(M)] D K B private D KsKs K A public Compare H Sender A Receiver B

30 Summary of Advantages and Disadvantages of Supporting Security at Different Layers Internet Security - Farkas30

31 Internet Security - Farkas31 Network Access Layer Security Dedicated link between hosts/routers  hardware devices for encryption Advantages: – Speed Disadvantages: – Not scaleable – Works well only on dedicates links – Two hardware devices need to be physically connected

32 Internet Security - Farkas32 Internetwork Layer Security IP Security (IPSec) Advantages: – Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure – Ability to build VPN and intranet Disadvantages: – Difficult to handle low granularity security, e.g., nonrepudation, user-based security,

33 Internet Security - Farkas33 Transport Layer Security Advantages: – Does not require enhancement to each application Disadvantages: – Difficult to obtain user context – Implemented on an end system – Protocol specific  implemented for each protocol

34 Internet Security - Farkas34 Application Layer Security Advantages: – Executing in the context of the user --> easy access to user’s credentials – Complete access to data --> easier to ensure nonrepudation – Application can be extended to provide security (do not depend on the operating system) – Application understand data --> fine tune security Disadvantages: – Implemented in end hosts – Security mechanisms have to be implemented for each application --> –expensive –greated probability of making mistake

35 Internet Security - Farkas35 Next Class: Web Application Security

Download ppt "Internet Security - Farkas1 CSCE 813 Midterm Topics Overview."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Security CSCE 813 Network Access Layer Security Protocols.

Internet Security CSCE 813 Network Access Layer Security Protocols.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Similar presentations

Ads by Google