7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:

Slides:



Advertisements
Similar presentations
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Advertisements

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks
Network Security understand principles of network security:
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 Welcome Back Students Applications of Computers Lecture-3.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Network Security7-1 Network Security 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification.
1 Applications of Computers Lecture-4 2 Asymmetric or Public Keys 4 Asymmetric keys give a more robust performance 4 The RSA algorithm works as follows:
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
7: Network Security1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
8: Network Security8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts.
Network Security7-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
Computer and Internet Security. Introduction Both individuals and companies are vulnerable to data theft and hacker attacks that can compromise data,
Chapter 8, slide: 1 ECE/CS 372 – introduction to computer networks Lecture 18 Announcements: r Final exam will take place August 13 th,2012 r HW4 and Lab5.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
Prof. Younghee Lee 1 1 Computer Networks u Lecture 13: Network Security Prof. Younghee Lee * Some part of this teaching materials are prepared referencing.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Network Security. 2 Why Network Security?  Malicious people share your network  Problem made more severe the more the Internet became commercialized.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Last time Message Integrity Authentication
What is network security?
Chapter 7 Network Security
Network Security Basics
Chapter 7: Network security
1DT057 Distributed Information System Chapter 8 Network Security
Basic Network Encryption
Presentation transcript:

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice: r application layer: secure r transport layer: Internet commerce, SSL,

7: Network Security2 Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice want to communicate “securely” r Trudy, the “intruder” may intercept, delete, add messages Figure 7.1 goes here

7: Network Security3 What is network security? Secrecy: only sender, intended receiver should “understand” msg contents m sender encrypts msg m receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

7: Network Security4 Internet security threats Packet sniffing: m broadcast media m promiscuous NIC reads all packets passing by m can read all unencrypted data (e.g. passwords) m e.g.: C sniffs B’s packets A B C src:B dest:A payload

7: Network Security5 Internet security threats IP Spoofing: m can generate “raw” IP packets directly from application, putting any value into IP source address field m receiver can’t tell if source is spoofed m e.g.: C pretends to be B A B C src:B dest:A payload

7: Network Security6 Internet security threats Denial of service (DOS): m flood of maliciously generated packets “swamp” receiver m Distributed DOS (DDOS): multiple coordinated sources swamp receiver m e.g., C and remote host SYN-attack A A B C SYN

7: Network Security7 Encryption and Data Security r For successful e-commerce, we must ensure that the sensitive data has been encrypted and secured r Encryption transforms the data using a “key” into a value that is meaningless in its normal form r This encrypted value can only be decrypted by authorized agency or person

7: Network Security8 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Figure 7.3 goes here plaintext ciphertext K A K B

7: Network Security9 Symmetric key cryptography substitution cipher: substituting one thing for another m monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. Transfer money now ciphertext: nkn uomjikco hkjvw jkr E.g.: Q: How hard to break this simple cipher?: brute force (how hard?) other?

7: Network Security10 Symmetric Key Cryptography r XOR is the fundamental logical operation involved in encrypting a message r For example, consider a byte to be sent out: It is (Decimal 183) r Suppose that we select a secret 4-bit key key 1100 r We perform XOR of this key with the original data r Result is (totally different binary number) (Decimal 123)

7: Network Security11 Symmetric Key Cryptography r Now the recipient receives this message and decrypts it by using the same key r received data is r The key is 1100 r The result is: (original data) r Key delivery problem??

7: Network Security12 Encryption Keys r There are two types of encryption schemes in use r In symmetric or secret key ciphers, the encryption and decryption keys are symmetric and identical r As an example, consider this diagram then encrypt following message with your own encryption scheme r “Please transfer six million dollars into my checking account”

7: Network Security13 Symmetric Cipher Adapted for academic use from “Exploring The Digital Domain” by Abernethy Allen, ITP 1999

7: Network Security14 Symmetric Cipher r In symmetric secret key cipher, the key must be sent to recipient, otherwise the message cannot be decrypted r Sending the key on public network is like putting your house key in locksmith’s shop and allowing everyone to duplicate it r Alternatives are to restrict access to secret key to a few individuals

7: Network Security15 DES r DES (Data Encryption Standard) is one example of symmetric key encryption r DES uses a 56-bit key which can be doubled in length to 112 bits r Breaking messages encrypted with DES would require a considerable amount of computing time and effort

7: Network Security16 Symmetric key crypto: DES DES: Data Encryption Standard r US encryption standard [NIST 1993] r 56-bit symmetric key, 64 bit plaintext input r How secure is DES? m DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months m no known “backdoor” decryption approach r making DES more secure m use three keys sequentially (3-DES) on each datum m use cipher-block chaining

7: Network Security17 Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation

7: Network Security18 Asymmetric or Public Keys r Asymmetric keys solve the key distribution problem r The RSA algorithm works as follows: m Sender gets the public key of recipient (available to everyone)and uses it to encrypt the message m Receiver uses private key (only known to receiver) to decrypt the message

7: Network Security19 Asymmetric Keys r In some apartment complexes, the laundry room is locked r Every tenant gets a key to the laundry room. This is like a “public” key r If the management wants to enforce operating hours (for example, 8am to 10pm), they would install an additional lock r The key of this lock is not duplicated. It stays with the management

7: Network Security20 Asymmetric Keys r In a similar way, a site creates its own public and private key pair, related to each other in “strange” ways r It lets everyone download the public key but it will keep the private key secret r Suppose that John wants to send a secret message to Citibank r John will go to the Citibank website and obtain their public key

7: Network Security21 Asymmetric Keys r John will encrypt the message using the public key of Citibank r The message will be transmitted over the Internet r Anyone who gets this message and tries to open it using the public key of Citibank will fail (why? Remember laundry room after 10pm?)

7: Network Security22 Public key cryptography Figure 7.7 goes here

7: Network Security23 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d).

7: Network Security24 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens!

7: Network Security25 Digital Signatures r Authentication is a core issue in e- commerce r Authentication is to verify the source of a document r Authentication of paper documents is done with watermarks, stamps, signatures and seals r How to authenticate the electronic documents?

7: Network Security26 Authentication r With little effort, the public-private keys can be applied in reverse to perform verification of e-documents r For example, consider this e-conversation between two persons on the internet

7: Network Security27 Authentication r Bob--> ChuckHi, Bob here r Chuck-->BobProve you are Bob r Bob-->ChuckSend me a random message, I will return a digital signature (message digest encrypted using my private key) r Chuck-->BobRandom message r Bob-->Chuckdigital signature r Chuck decrypts the message using Bob’s public key and matches it to message digest

7: Network Security28 Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixed-length,easy to compute digital signature, “fingerprint” r apply hash function H to m, get fixed size message digest, H(m). Hash function properties: r Many-to-1 r Produces fixed-size msg digest (fingerprint) r Given message digest x, computationally infeasible to find m such that x = H(m) r computationally infeasible to find any two messages m and m’ such that H(m) = H(m’).

7: Network Security29 Digital signature = Signed message digest Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message:

7: Network Security30 Pretty good privacy (PGP) r Internet encryption scheme, a de-facto standard. r Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. r Provides secrecy, sender authentication, integrity. r Inventor, Phil Zimmerman, was target of 3-year federal investigation. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:The money that I requested has not arrived yet. Check with the bank ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- A PGP signed message:

7: Network Security31 Secure sockets layer (SSL) r PGP provides security for a specific network app. r SSL works above transport layer & below app layer. Provides security to any TCP-based app using SSL services. r SSL: used between WWW browsers, servers for E- commerce (https). r SSL security services: m server authentication m data encryption m client authentication (optional) r Server authentication: m SSL-enabled browser includes public keys for trusted CAs. m Browser requests server certificate, issued by trusted CA. m Browser uses CA’s public key to extract server’s public key from certificate. r Visit your browser’s security menu to see its trusted CAs.

7: Network Security32 SSL (continued) Encrypted SSL session: r Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. r Using its private key, server decrypts session key. r Browser, server agree that future msgs will be encrypted. r All data sent into TCP socket (by client or server) i encrypted with session key. r SSL: basis of IETF Transport Layer Security (TLS). r SSL can be used for non- Web applications, e.g., IMAP. r Client authentication can be done with client certificates.

7: Network Security33 Network Security (summary) Basic techniques…... r cryptography (symmetric and public) r authentication r message integrity …. used in many different security scenarios r secure r secure transport (SSL) See also: firewalls, in network management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.