Comprehensive Laboratory Practice of Information Security Kai Bu Zhejiang University

Slides:



Advertisements
Similar presentations
Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
SDN Security Matt Bishop, Brian Perry University of California at Davis 1GEC 22, March 24th, 2015.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Computer Science Public Key Management Lecture 5.
1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Lecture 1: Welcome Computer Architecture Kai Bu
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Software-Defined Networks Jennifer Rexford Princeton University.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
VeriFlow: Verifying Network-Wide Invariants in Real Time
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
Lecture 01: Welcome Computer Architecture! Kai Bu
1 Bitcoin A Digital Currency. Functions of Money.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Comprehensive Laboratory Practice of Information Security Kai Bu Zhejiang University
Presented By: Mohammed Al-Mehdhar Presentation Outline Introduction Approaches Implementation Evaluation Conclusion Q & A.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN FastLane Kai Bu Zhejiang University.
Programming Assignment 2 Zilong Ye. Traditional router Control plane and data plane embed in a blackbox designed by the vendor high-seed switching fabric.
Security of the Internet of Things: perspectives and challenges
1 Example security systems n Kerberos n Secure shell.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Lecture 01: Welcome Computer Architecture! Kai Bu
AUTOMOBILE CYBER SECURITY David McPeak. EVOLUTION IN DESIGN/TECHNOLOGY.
SDN controllers App Network elements has two components: OpenFlow client, forwarding hardware with flow tables. The SDN controller must implement the network.
SDN and Security Security as a service in the cloud
Principles of Automotive cyber-security
Software defined networking: Experimental research on QoS
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Security Outline Encryption Algorithms Authentication Protocols
Programming Assignment
CSCE 715: Network Systems Security
Distributed Systems for Information Systems Management
Daily Update Cisco Questions Dumps4download.us
DNS security.
Advanced Security Architecture for System Engineers Cisco Dumps Get Full Exam Info From: /cisco-question-answers.html.
Using SSL – Secure Socket Layer
SOLUTION LAND TITLES.
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
MAC: Message Authentication Code
Message Security, User Authentication, and Key Management
Toward Taming Policy Enforcement for SDN_______ in the RIGHT way_
N-Guard: a Solution to Secure Access to NFC tags
Group 6-SDN Based Prioritized Information Dissemination
Is Every Flow on The Right Track? Inspect SDN Fwding with RuleScope
Campbell R. Harvey Duke University and NBER
Implementing an OpenFlow Switch on the NetFPGA platform
Protocol ap1.0: Alice says “I am Alice”
Randomized PRF Tree Walking Algorithm for Secure RFID
Kai Bu 04 Blockchain Kai Bu
Advanced Computer Networks
Computer Security Protection in general purpose Operating Systems
Faculty Seminar Series Blockchain Technology
Modern benefits administration and HR software, supported by us.
Presentation transcript:

Comprehensive Laboratory Practice of Information Security Kai Bu Zhejiang University

thanks & welcome

Instructor Kai Bu 卜凯 Assistant Professor, College of CS, ZJU Ph.D. from Hong Kong PolyU, 2013 Research Interests networking and security (RFID, Software-Defined Networking…)

What do u think of information security?

What did u think of this course?

Might be a bit different…

other than hacking tools and skills

Train Your Security Mindset

Hack to Secure

Group-Project Oriented

Group-Project Oriented traditional vs emerging theory vs engineering

What We’ve Done Hacking Taxi-hailing Services Reviving Android Malware with DroidRide: And How Not To Min Huang (now master at CMU), Reviving Android Malware with DroidRide: And How Not To Kai Bu, Hanlin Wang, and Kaiwen Zhu in Proc. of The Fourth Int’l Workshop on Cyber Security and Privacy (CSP) Chengdu, China, October 13-15, 2016.

Group-Project Oriented one project for entire term? boring… Theory vs Engineering

Group-Project Oriented one project for entire term? boring… optional: two small + one large

Tentative Projects Small: two compulsory, 2-3 weeks RFID Authentication DDoS & Moving Target Defense Large: choose one, 7 weeks Lightweight RFID PathChecker Detect Malicious SDN Forwarding Bitcoin & Double Spending ??

Projects Is Being Secret Enough?: Efficiency and Privacy for RFID Authentication Goal attack current designs; design/implement new ones with improved efficiency/privacy. #1s

Projects Is Being Secret Enough?: Efficiency and Privacy for RFID Authentication Reference Privacy and security in library RFID: issues, practices, and architectures, CCS 2004, [video: ] RFID Traceability: A Multilayer Problem, FC 2005 A Lightweight RFID Protocol to protect against Traceability and Cloning attacks, SecureComm 2005 An efficient forward private RFID protocol, CCS 2009 #1s

Catch Me If You Can: Meet the So Called Moving Target Defense Goal design/implement MTD against classic attack like DDoS Projects #2s

Catch Me If You Can: Meet the So Called Moving Target Defense Reference SDN - Moving Target Defense Controller (POX) [video: ] OpenFlow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking, HotSDN 2014 cn post: First ACM Workshop on Moving Target Defense (MTD 2014) Projects #2s

Open call How you want to WOW this class? Projects #?s

Schedule

Grading #1 20% Project #1 30% Project #2 50% Group Project 10%+ Research-oriented project 15%+ Research-paper—alike report

Grading #2 40% Demo 40% Report 20% Presentation 10%+ Research-oriented project 15%+ Research-paper—alike report

Who’s Who?

qq group:

Ready?

Project Intro

RFID Authentication ID, key a set of (ID, key) Tag Reader/ Server auth command Enc(ID, key) encrypt every ID compare with received auth if match

RFID PathChecker RFID-enabled supply chain Tagged products have specified paths Injected counterfeits detour Goal: lightweight PathChecker write path-related secrets to tags; readers can independently verify; readers require as fewer secrets as possible;

RFID PathChecker CHECKER: On-site Checking in RFID- based Supply Chains K. Elkhiyaoui, E. Blass, R. Molva Tagged products have specified paths Tag stores an ID and its signature Secret key to sign ID is an encoding of the path that the tag went through By verifying the signature in the tag, each reader thus validates the path taken that far, and by signing the ID the reader updates the path encoding

Malicious SDN Forwarding MiniNet: constructing network Controller: Floodlight, Ryu, etc. Switch: OVS Detect malicious forwarding/switch using same-path flow statistics variation SPHINX: Detecting Security Attacks in Software-Defined Networks M. Dhawan, R. Podda, K. Mahajan, V. Mann

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN Software-Defined Networking

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN Software-Defined Networking

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Software-Defined Networking

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN Forwarding App Controller Routing flow PacketIn

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod Forwarding

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod p1, src_ip= *.*, fwd(sw2) p2, src_ip= *.*, fwd(sw3) p3, src_ip= *.*, fwd(out) sw1sw2sw3 Forwarding flow table SwitchRule PriorityMatchingAction sw1p1src_ip=10.20.*.*fwd(sw2) sw2P2src_ip=10.20.*.*fwd(sw3) sw3p3src_ip=10.20.*.*fwd(out)

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod SwitchRule PriorityMatchingAction sw1p1src_ip=10.20.*.*fwd(sw2) sw2P2src_ip=10.20.*.*fwd(sw3) sw3p3src_ip=10.20.*.*fwd(out) p1, src_ip= *.*, fwd(sw2) p2, src_ip= *.*, fwd(sw3) p3, src_ip= *.*, fwd(out) sw1sw2sw3 Forwarding flow table rule

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod SwitchRule PriorityMatchingAction sw1p1src_ip=10.20.*.*fwd(sw2) sw2P2src_ip=10.20.*.*fwd(sw3) sw3p3src_ip=10.20.*.*fwd(out) p1, src_ip= *.*, fwd(sw2) p2, src_ip= *.*, fwd(sw3) p3, src_ip= *.*, fwd(out) sw1sw2sw3 Forwarding flow table rule wildcard

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod SwitchRule PriorityMatchingAction sw1p1src_ip=10.20.*.*fwd(sw2) sw2P2src_ip=10.20.*.*fwd(sw3) sw3p3src_ip=10.20.*.*fwd(out) p1, src_ip= *.*, fwd(sw2) p2, src_ip= *.*, fwd(sw3) p3, src_ip= *.*, fwd(out) sw1sw2sw3 Forwarding flow table rule wildcard priority

Gotta Tell You Switches Only Once Toward Bandwidth-Efficient Flow Setup for SDN App Controller Routing flow PacketIn FlowMod SwitchRule PriorityMatchingAction sw1p1src_ip=10.20.*.*fwd(sw2) sw2P2src_ip=10.20.*.*fwd(sw3) sw3p3src_ip=10.20.*.*fwd(out) p1, src_ip= *.*, fwd(sw2) p2, src_ip= *.*, fwd(sw3) p3, src_ip= *.*, fwd(out) sw1sw2sw3 Forwarding malicious inject/drop

Bitcoin & Double Spending Everyone using Bitcoin keeps a complete record of which bitcoin belongs to which person Block Chain = Record “I, Alice, am giving Bob one bitcoin, with serial number ” Bob can use his copy of the block chain to check that, indeed, the bitcoin is Alice’s. If that checks out then he broadcasts both Alice’s message and his acceptance of the transaction to the entire network, and everyone updates their copy of the block chain.

Bitcoin & Double Spending Double Spending “I, Alice, am giving Bob one bitcoin, with serial number ” “I, Alice, am giving Charlie one bitcoin, with serial number ” Bob and Charlie verifies and accepts the transaction nearly at the same time How others update block chains? How the Bitcoin protocol actually works The rise and fall of Bitcoin

again, the proj of your own!

thanks & enjoy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.