INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS 69995 – Dr. RothsteinSummer 2013.

Slides:



Advertisements
Similar presentations
Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
Advertisements

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7: Transport Layer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Lecture 7 Transport Layer
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
SCSC 455 Computer Security Virtual Private Network (VPN)
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
BA Telecommunications and Networking Dr. V.T. Raja Oregon State University
Internet Protocol Security (IPSec)
Host Identity Protocol
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.
Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
Transport Layer Layer #4 (OSI-RM). Transport Layer Main function of OSI Transport layer: Accept data from the Application layer and prepare it for addressing.
Chapter 5 Transport layer With special emphasis on Transmission Control Protocol (TCP)
1 Version 3.0 Module 11 TCP Application and Transport.
Othman Othman M.M., Koji Okamura Kyushu University 1.
11 TRANSPORT LAYER PROTOCOLS Chapter 6 TCP and UDP SPX and NCP.
1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.
Building Security into Your System Bill Major Gregory Ponto.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Prepared by: Azara Prakash L.. Contents:-  Data Transmission  Introduction  Socket Description  Data Flow Diagram  Module Design Specification.
Presented by Rebecca Meinhold But How Does the Internet Work?
CMSC Presentation An End-to-End Approach to Host Mobility An End-to-End Approach to Host Mobility Alex C. Snoeren and Hari Balakrishnan Alex C. Snoeren.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
Submitted To: Submitted By: Seminar On Parasitic Computing.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
The Transport Layer Implementation Services Functions Protocols
A quick intro to networking
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Unit 8 Network Security.
Advanced Computer Networks
Presentation transcript:

INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS – Dr. RothsteinSummer 2013

Content  Introduction  Problems with the current implementation  Third part libraries  Proposed solution  Operating system integration  Network layer exploitation  TCP/UDP enhancement  More details.  Advantages  Disadvantages  Conclusion

Introduction  Cryptography is essential in today’s network communications.  Most of OS’s today are “natively” lacking (development wise).  Currently deployed cryptography implementations are often not secure.  General-purpose network cryptography library is needed.

The current approach  Third-party libraries:  SSL  Kerberos  PGP  Many others.

The current approach: problems  Inflexibility:  Non-intuitive.  Difficult to use (Steep learning curve.)  Diverse implementation  Compatibility:  Servers and clients have to match  Security:  Many security flaws  Design flaws: “4 a.m. design decisions.”

The current approach: problems  As a result, developers tend to  Incorrectly implement them, or  Avoid them. “In either case, security is compromised.”

Proposed solution  The authors introduce and define: A new general-purpose network cryptography library that integrates directly with the Operating System.  They argue that the best place for cryptography to be implemented is at the Operating System level rather than the current application-layer approach.

Proposed solution: OS Integration I  Currently developers must directly link their application to a cryptography library to enable secure communication.

Proposed solution: OS Integration II  The proposed solution is the general-purpose network cryptography that integrates with the OS’s kernel.

Proposed solution: Network stack exploitation I  Both transport and internet layers are utilized.  From the Internet Layer: Host info found in IP header is utilized to lookup cryptography keys. From host info, only “Destination Address” is need. No changes needed to Internet Layer. IP Host Info TCP/UDP Port Info

Proposed solution: Network stack exploitation II  From the Transport Layer: Port info found in TCP header is utilized to lookup cryptography keys. From Port info, only “Destination Port” is need. So both “Destination Address + Destination Port” are needed for cryptography keys lookup. Transport layer needs to be changed to natively support cryptography.

Proposed solution: TCP/UDP Enhancements I  Transport Layer (TCP/UDP) needs to be evolved:  Appending cryptography in the TCP header. The new fields to be added (Taken from PGP header) :

Proposed solution: TCP/UDP Enhancements II  TCP will also require an additional modification to streamline the key transfer process. The three-way handshake TCP uses can be enhanced to also transmit cryptography primitives. OriginatorDestination

Proposed solution: More details  The system described in this paper works with the Encryption Key System (EKS).  This system creates a chain of trust with a priori knowledge that is used to securely lookup keys.  The system leverages two distinct IDs to enable more security (DNS and EKS lookup).  This system also leverages a novel technique they called: “port-based sandboxing.”  enables the use of separate key pairs for individual services and users.

Advantages 1. Shifts community focus.  More security  More flexibility. 2. Offers smaller number of implementations which means fewer potential issues. 3. Easier for developers to use w/ existing socket API 4. Port-aware library supporting existing protocols. 5. Always up-to-date – same way w/ network sockets. 6. Available out of the box.

Disadvantages 1. Each host on the network requires a priori information, i.e., the EKS servers IP address and public key. How to securely transfer the server’s public key? 2. Certain types of protocols, like components of , will need to be updated. 3. Some applications would require small changes while other would require larger changes.

Conclusion  A general-purpose cryptography library has been proposed.  It is the only way to resolve the security and flexibility problems currently being experienced on the Internet.  It provides a unified library that is easier to adopt by developers.  It complements the existing transmission protocols; it does not replace them.

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.