CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

Slides:



Advertisements
Similar presentations
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.
Technology Overview. Confidential & Proprietary Information System Unit Server Two-way Satellite network System includes units and server Units have built.
Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA.
Wireless and Security CSCI 5857: Encoding and Encryption.
Web Server Administration Chapter 10 Securing the Web Environment.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Common Devices Used In Computer Networks
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Network Services Networking for Home & Small Business.
DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Information Flow Across the Internet. What is the Internet? A large group of computers that link together to form the Worldwide Area Network (WAN)
IP BROS Presentation by: Amen Ahmed. Mario and Luigi are here to help us find our way through the internet. Mario will act as our browser and Luigi will.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Wireless Network Design Principles Mobility Addressing Capacity Security.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Presented by Rebecca Meinhold But How Does the Internet Work?
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
CSI 3125, Preliminaries, page 1 Networking. CSI 3125, Preliminaries, page 2 Networking A network represents interconnection of computers that is capable.
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Chapter 13. Identity.
Chap 13. Representing Identity
Chapter 14: Representing Identity
Cengage Learning: Computer Networking from LANs to WANs
Unit 8 Network Security.
Advanced Computer Networks
Presentation transcript:

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz

Trust  How much to trust a particular certificate?  Based on: –CA authentication policy –Rigor with which policy is followed –Assumptions inherent in the policy

Example…  Certificate issued based on a passport  Assumptions: –Passport not forged –Passport issued to the right person –Person presenting passport is the right person –CA actually checked the passport when issuing the certificate

Anonymity vs. pseudonymity  Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs)  Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person

Levels of anonymity  There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is tangential to this…

Anonymizers  Proxies that clients can connect to, and use to forward their communication –Primarily used for , http  Can also provide pseudonymity –This may lead to potential security flaws if mapping is compromised  Must trust the anonymizer… –Can limit this by using multiple anonymizers

Traffic analysis  If messages sent to r ers are not encrypted, it is easy to trace the sender  Even if encrypted, may be possible to perform traffic analysis –Timing –Message sizes –Replay attacks

Http anonymizers  Two approaches –Centralized proxy/proxies –“Crowds…”

Implications of anonymity?  Is anonymity good or bad? –Unclear… –Can pseudonymity help?

Identity on the Web  Certificates are not (yet?) ubiquitous for individuals  Other means for assigning identities?

Host identity  E.g., in the context of the OSI model –Potentially different “names” at each layer MAC address (data link layer) IP address (network layer) hostname (application layer)  In general, it is easy to spoof these identities

Static/dynamic identifiers  E.g., Domain Name Service (DNS) –Associates hostnames and IP addresses (static)  E.g., DHCP servers –When laptop connects to network, the network assigns the laptop an unused IP address –Local identifier = identifier used between client and server –Global identifier = identifier used by client in other contexts

E.g., address translation  Company with more computers than IP addresses –Each computer has a fixed local address used internally –When a computer sends a packet to the Internet, those packets are assigned a valid IP address by a gateway –The gateway keeps track of the correspondence

“Cookies”  Cookies are tokens containing state information about a transaction  May contain (for example): –Name/value; expiration time –Intended domain (cookie is sent to any server in that domain) No requirement that cookie is sent by that domain

Security violations?  Cookies potentially violate privacy –E.g., connecting to one server results in a cookie that will be transmitted to another  Storing authentication information in a cookie is also potentially dangerous (unless cookie is kept confidential, or other methods are used)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.