Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting.

Slides:



Advertisements
Similar presentations
1 Password-based authenticated key exchange Ravi Sandhu.
Advertisements

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Internet Protocol Security (IP Sec)
Secure Mobile IP Communication
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
IEEE Wireless Local Area Networks (WLAN’s).
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Georgy Melamed Eran Stiller
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
Internet Security In the 21st Century Presented by Daniel Mills.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Strong Password Protocols
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Wireless and Security CSCI 5857: Encoding and Encryption.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.
CIS 450 – Network Security Chapter 8 – Password Security.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Session Initiation Protocol (SIP) 王承宇 張永霖.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Lecture 11: Strong Passwords
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
RADIUS Shared Secret Security Amplification A practical approach to improved security draft-funk-radiusext-shared-secret-amp-00.txt.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
1 Mail Saurus Reference:“Usable Encryption Enabled by AJAX” J.F. Ryan; B.L. Reid; Networking and Services, ICNS '06. Digital Object Identifier /ICNS
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Chapter 14 Network Encryption
King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
Introduction to Secure Shell Greg Porter Data Processing Manager USPFO For California.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Session Management Tyler Moore CS7403 University of Tulsa Slides adapted in part or whole from Dan Boneh, Stanford CS155 1.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Exploits Data Communications Benjamin W. Siegel VCU Information Systems.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Doc.: IEEE /0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: Authors:
CWNA Guide to Wireless LANs, Third Edition Chapter 9: Wireless LAN Security Vulnerabilities.
IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.
ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.
Re-evaluating the WPA2 Security Protocol
Using SSL – Secure Socket Layer
Security.
SAML assisted Diffie-Hellman MIKEY
Presentation transcript:

Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting

It takes less than 1 μs to compute an MD5 checksum on this presenter’s laptop

Dictionary attacks How many guesses before the observer can crack the challenge? –1,000,000 ? –10,000,000? Do you trust users to generate “good enough” passwords? ClientServer challenge Response = name + hash (challenge, password) Observer Dictionary +

A “zombie” PC is rumored to rent for $0.10 per week on the underground market

How much does a crack cost? bitsCost simple password24< $0.00 strong password32< $0.01 pass phrase40< $ random characters47< $ random characters54< $5, bits random64> $3,000,000

Are passwords obsolete? Basic rules: –If it is generated by the user, it can certainly be cracked –If it can be remembered by the user, it can probably be cracked Exception: –If the password is exchanged over a protected connection (SSL, TLS, IPSEC) –If the challenge/response mechanism is designed to resist dictionary attacks

The average user will happily connect to a “free Internet” hotspot

Man in the middle attacks Intercept DNS requests Insert a proxy Listen to the data –Names, –Addresses, –Passwords, –Challenges Hijack connections SPAM, Ads, Buffer overflows Client AP Mock DNS Server Proxy

The practice of “hiding the SSID” facilitates the “evil twin” attack against Wi-Fi

The “evil twin” attack “Rogue” APClient Beacon: No Name Probe: example.net ? Answer: yes indeed ! Let’s get connected For user convenience, systems try to automatically connect to the “hidden home network”

Evil twin reaps interesting rewards Exploit automatic connection –Upon a connectivity indication, many systems will automatically “fetch mail”, “empty the outbox”, “synchronize”… Automatic “man in the middle” attack –Register names, passwords –Store challenge for off-line crack Quick and silent –Disconnect after a few seconds –Hardly any notification to the user

Times have changed, old security practices must be revised

Recommendations Don’t rely on challenge-response –Hardly better than clear-text password! Identify the server –Prevent man-in-the-middle attacks –Beware of PKI tricks! Encrypt the session –Protect the identity exchange –Prevent session hijacking Use secure framework –IPSEC, SSL, secure RPC, Web Services…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.