Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 20: Network Security Business Data Communications, 4e.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Secure Socket Layer (SSL)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Linux Networking and Security Chapter 8 Making Data Secure.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
1 Firewalls. 2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Potential vulnerabilities of IPsec-based VPN
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Public Key Encryption, Secure WWW Transactions & Digital Signatures.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
UNIT-VIII Syllabus Application Layer – Network Security, Domain name system, SNMP, Electronic Mail; the World WEB, Multi Media.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
K. Salah1 Security Protocols in the Internet IPSec.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
IPSecurity.
Firewalls Routers, Switches, Hubs VPNs
Public-Key, Digital Signatures, Management, Security
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Secure communications Week 10 – Lecture 2

To summarise yesterday Security is a system issue Technology and security specialists are part of the system Users from inside the organisation are usually the biggest risk – they have the motivation As systems architect – you are responsible The system has to be designed to protect itself – user profiles, database views etc.

Are Networks a risk? Yes Two main areas where an intruder can listen passively Within a collision zone on the LAN – a “sniffer” can look at all datagrams passing the NIC not just datagrams addressed to it At a router – much more difficult Internet More difficult to read – sniff Easier to write – spoof - pretend to be someone else

Firewalls Routers as packet filters Application level firewalls - proxy Internal Network Outside world Router Application Firewalls But there may be other connections to the outside world

Routers as Firewalls A Router is usually the connection to the outside world Routers can check all packets Source & destination addresses Protocol – eg TCP UDP Port number – application eg Telnet Little intelligence – work quickly Use NAT to hide topology of the internal network

Application firewalls Mail servers & Internet proxy servers are examples Higher level of intelligence Can implement most security policies e.g. could limit WEB requests from Purchasing to between 8:00am and 6:00pm Has logging & auditing capabilities Slows throughput but as a caching device can also speed up WEB access Application specific

Secure communications Secrecy – only the two parties should understand the messages Authentication – each party should know the messages are from the right person Message integrity – the messages must not be able to be changed

Secrecy - encryption Encryption has been around for centuries It used to be reliant on keeping the algorithm secret But computers make it easier to encrypt and to break the code Early computer development was made by code breakers during WW2 – Enigma - Turing at Bletchley Park

Four elements to encryption The Original or plain text An Encryption method – the algorithm is common and normally well known – a transformation method The Key – many locks are the same but the key is different. The key must be secret to the parties. The Encrypted text

So keeping the key secret is the requirement Secret Secure So how do you share keys?

Attacks on algorithms Brute force is too difficult Plain text attacks is more useful if you know –The algorithm –The encrypted text and the –Plain text (remember Enigma)

Common security protocols IPsec for IP traffic across the Internet – VPNs SSL – Secure Socket Layer – secures WWW connections PGP – Pretty Good Privacy and S/MIME secure SET secures Internet financial transactions These protocols may use different algorithms for encryption and Digital signatures

Protocols use 6 basic tools Symmetric encryption Public key encryption One way hash codes Message authentication schemes Digital signature schemes Random number generators

Two types of key Symmetric key – each party has the same key and thus must be kept secret Asymmetric or public keys – the writer uses a public key to encrypt, but this cannot decrypt, thus it can be public knowledge The reader has a private key to decrypt. This must be kept secret

Bob generates two keys - he gives the public key to any one who wants it - Bob keeps the private key Alice et al Alice sends Bob a message Encrypted with HIS public key No one can decrypt the Message with the public key Bob however is the only Person to have the private Key, and thus only he can Decrypt the message Bob

DES – Data Encryption Standard Symmetric key Developed by US National Bureau of Standards Uses a 56 bit key (triple DES 112 bits) In 2000 it took a network of computers 22 hours to break the key Good enough for most of us.

RSA Algorithm Asymmetric key method Recommends a key length of 768 bits or greater Asymmetric encryption takes 1000 more CPU time Usually used in combination with DES Alice wants to talk to Bob Alice sends a DES key for the session to Bob, encrypted using his public RSA key Only Bob can decrypt the session key It is then used for the session Kurose page 571 for details on these methods

Using the hybrid approach is usual It is normal in all security protocols –PGP –S/MIME –Etc The protocol generates a session key using a random number generator This is encrypted using the receiver’s public key and sent to the other party The symmetric key is then used to encrypt the session

Authentication If Alice sends a message to Bob, how does he know it is Alice? Alice’s IP address – but can be spoofed Use a special password – but even if encrypted it can be used in playback mode Use of a random number or nonce

Authentication by Nonce Alice sends Hi to Bob Bob sends back a “nonce” in plain text Alice encrypts the nonce with their symmetric key Bob decrypts and compares it to the number he sent

Message integrity The digital world need some way of knowing that a message came from the specified person, has not been changed, and that the writer cannot repudiate the message One characteristic of the RSA method is that it also works in reverse. If Bob encrypts a message using his private key, then it can be decrypted by a person having the public key Thus one knows It came from Bob It has not been changed

Message Digest Use of the RSA key might be overkill for large documents Can calculate a fingerprint (like a hash total) that will prove the message has not been changed This fingerprint is then encrypted with the author’s private key Holders of the author’s public key can then know that the message came from the author and has not been changed

Key Distribution Centres Trusted intermediary - Verisign Can be authorised to distribute shared private keys, or a person’s public key

VPN – Virtual Private Network Over a shared network infrastructure, usually the Internet Through an encrypted connection –Tunneling – set of predetermined router hops –Encryption of the packet contents –Packet and user authentication Most private WANs will soon be VPNs – 30 to 0% cheaper