© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts.

Slides:

Advertisements

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Advertisements

Chapter 11: Cryptography

Digital Signatures and Hash Functions. Digital Signatures.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Cryptography Basic (cont)

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Cryptographic Technologies

CSE401n:Computer Networks

J.W. Ryder Basic Internet Security Concepts J.W. Ryder

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Encryption Methods By: Michael A. Scott

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security David Lazăr.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.

Public Key Encryption.

Csci5233 computer security & integrity 1 Cryptography: an overview.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Network Security Celia Li Computer Science and Engineering York University.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Computer Communication & Networks

NET 311 Information Security

Network Security Basics

Unit 8 Network Security.

Chapter 8 roadmap 8.1 What is network security?

Presentation transcript:

© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts

© MMII JW RyderCS 428 Computer Networking2 Purpose Some ideas on Internet Security Classes of mischief on Internet, definitions Tools to fight mischief Combinations of these tools

© MMII JW RyderCS 428 Computer Networking3 Purpose continued  Very high level  Good starting point for further study about  General networking & strategies  Cryptography  Key Management  Algorithm Analysis

© MMII JW RyderCS 428 Computer Networking4 Introduction The Internet is a vast wilderness, an infinite world of opportunity Exploring, , free software, chat, video, e-business, information, games Explored by humans

© MMII JW RyderCS 428 Computer Networking5 Internet Security Concepts  Introduction of several basic security concepts  General mechanisms for protection

© MMII JW RyderCS 428 Computer Networking6 Sniffing and Spoofing  [1]  Sniffing  The ability to inspect IP Datagrams which are not destined for the current host.  Spoofing  After sniffing, create malicious havoc on the internet

© MMII JW RyderCS 428 Computer Networking7 Unprotected Internet node Private Network node Secure Gateway node A Guy Gabrielle Poirot (C) Sears Bank (I) A Guy’s Swiss Bank Wall Street (N) Steve Burns (C) Ramon Sanchez (A) 1

© MMII JW RyderCS 428 Computer Networking8 A Guy has no Integrity  Swiss Bank Scam  Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

© MMII JW RyderCS 428 Computer Networking9 Ramon springs for sound  Sears solid state stereos  Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

© MMII JW RyderCS 428 Computer Networking10 A guy sniffs success  Gabrielle and Steve almost strike it rich  Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

© MMII JW RyderCS 428 Computer Networking11 Wall Street Woes  A guy spots a hot stock tip  Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

© MMII JW RyderCS 428 Computer Networking12 A guy becomes desperate  Bring Wall St. to its knees  Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

© MMII JW RyderCS 428 Computer Networking13 Physical Adapter IP In Comm. Stack One Way Hash Functions (MD5,SHA1) Crypto Functions (DES, CDMF, 3DES) Key Mgmt. Functions Application 2

© MMII JW RyderCS 428 Computer Networking14 Protocol Flow  [2, 3]  Through layers, each layer has a collection of responsibilities  ISO OSI Reference Model - (Open Systems Interconnection)  IP Datagram

© MMII JW RyderCS 428 Computer Networking15 IP Hdr.Data IP Datagram DataMAC FnDigest MAC Function IP Hdr.DataDigest Integrity 3

© MMII JW RyderCS 428 Computer Networking16 Keys  Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication  The longer the better - 40, 48, 56, 128  Brute force attacks can win with small keys

© MMII JW RyderCS 428 Computer Networking17 Symmetric Keys  Have qualities such as life times, refresh rates, etc.  Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

© MMII JW RyderCS 428 Computer Networking18 Asymmetric  Public / Private key pairs  Public key lists kept on well known public key servers  Public key is no secret. If it is, the strategy will not work.  Public and Private keys inverse functional values  Private key is only known to you and must remain secret

© MMII JW RyderCS 428 Computer Networking19 Concept  Sender encrypts data with private key  Receiver decrypts data with public key  Receiver replies after encrypting with public key  Sender receives response and decrypts with private key

© MMII JW RyderCS 428 Computer Networking20 Data Encryption Function IP Hdr. Key Crypto Fn.Encrypted Data Encrypted Data Confidentiality 4

© MMII JW RyderCS 428 Computer Networking21 Decryption Function Data Key Crypto Fn. Encrypted Data Confidentiality Data 5

© MMII JW RyderCS 428 Computer Networking22 MACs  Message Authentication Codes, One Way Hashing Functions  A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that  h (M1) = h (M2)  MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST)  MD5 yields a 128 bit digest [3]

© MMII JW RyderCS 428 Computer Networking23 DES  Data Encryption Standard  U.S. Govt. Standard  56 bit key - originally 128 bits  Absolute elimination of exhaustive search of key space  U.S. Security Agency Request - Reduce to 56 bits  Export CDMF (40 bits)  Keys are secrets to algorithms, not algorithms themselves [4, 5]

© MMII JW RyderCS 428 Computer Networking24 IP Hdr. Encrypted Data Confidentiality, Integrity, & Authentication IP Hdr. Encrypted Data Digest Digital Signature (Encrypted Digest) Confidentiality & Integrity

© MMII JW RyderCS 428 Computer Networking25 Data EM KeyMAC CF DS Digest Keyed Digest MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest? Why not? What types of Security are provided with EM, DS, Digest, Keyed Digest?

© MMII JW RyderCS 428 Computer Networking26 Msg EM Msg MD DS KD No Security Integrity Confidentiality Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth.

© MMII JW RyderCS 428 Computer Networking27 Post Presentation Results  You should be familiar with concepts & terms such as  Integrity, Authentication, Non-repudiation, Confidentiality  Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram  High level understanding of some methods to combat some the above types of Internet mischief

© MMII JW RyderCS 428 Computer Networking28 One-Way Hashing Function Demo  Show MD5 example

© MMII JW RyderCS 428 Computer Networking29 Sniffers  Threads comment  Show Sniffer.java