بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
8: Network Security – Integrity, Firewalls.
Network Security understand principles of network security:
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
CSCI 6962: Server-side Design and Programming
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Ch 8. Security in computer networks Myungchul Kim
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Network Security Celia Li Computer Science and Engineering York University.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Outline Encryption Algorithms Authentication Protocols
Secure Sockets Layer (SSL)
What is network security?
1DT057 Distributed Information System Chapter 8 Network Security
Review and Announcement
Lecture 10: Network Security.
Advanced Computer Networks
Presentation transcript:

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006

Network Security Goals Confidentiality or Privacy: Only sender, intended receiver should ”understand” message contents o Sender encrypts message o Receiver decrypts message Authentication: Sender, receiver want to confirm identity of each other Integrity: Sender, receiver want to ensure messages are not altered during transmission without detection Access and Availability: Services must be accessible and available to users

People want to communicate securely Eve (intruder/eavesdropper): may intercept, delete, add messages

There are Eavesdroppers out there! Q: what can an eavesdropper do? A: a lot! o Observing and recording information o Unauthorized access to a server o Denial of service: prevent service from being used by others (e.g. by Flooding a server with requests) o Impersonating a legitimate server o Hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place

Network Security: Agenda o Main weapon: cryptography Confidentiality (encryption) Message authentication Signatures and Certificates o Internet Threats, Attacks and Defenses Secure request/ response protocols Secure connection ‘tunnels’ Denial of Service attacks Firewalls

Encryption Protects Confidentiality Secret Key crypto: Shared secret key (K E,B =K D,B ) Public key crypto: A user has a public encryption key K E,B and a matching private decryption key K D,B

Secret Key Crypto Two operations (“encrypt”, “decrypt”) which are inverses of each other. Like multiplication/division One parameter (“the key”) Even the person who designed the algorithm can’t break it without the key Ideally, a different key for each pair of users

Secret key crypto encrypt= f(K, plaintext)=ciphertext decrypt= f(K, ciphertext)=plaintext authentication: send f(K, challenge) integrity check: f(K, msg)=X verify integrity check: f(K, X, msg)

Public Key Crypto Two keys per user, keys are inverses of each other Public key “BPub” you tell to the world Private key “BPriv” you keep private Yes it’s magic. Why can’t you derive “BPriv” from “BPub”? And if it’s hard, where did (BPub, BPriv) come from?

Encryption and Integrity  Encryption hides the message from eavesdropper  Question: can eavesdropper change message? o Or: dose encryption ensure message integrity?  With Public Key Encryption: o Eve can replace E BPub (m) with fake: E BPub (m’)  With Secret (shared) Key Encryption: o This seems harder to do o But given c=m  k, attacker can send c  mask, to invert any bit in decrypted message (use mask)  Encryption does not ensure integrity!

Public Key VS. Secret Key In terms of capabilities public key is more powerful. Public key provides digital signature. Secret key is much faster than public key

Public Key Digital Signatures: concept One of the best features of public key An integrity check calculated as f(priv key, data) verified as f(public key, data, signature) Verifiers don’t need to know secret key RSA can be used for digital signature scheme

Popular Secret Key Algorithms DES: old standard, 56-bit key, slow 3DES: fix key size but 3 times as slow RC4: variable length key, “stream cipher” (generate stream from key, XOR with data) AES: replacement for DES, will probably take over

Popular Public Key Algorithms RSA: public key operations can be made very fast, but private key operations will be slow. ECC (elliptic curve crypto): smaller keys, so faster than RSA (but not for public key ops).

Key Distribution Problem Secret Key Problem:  How do two entities establish shared secret key over the network? Solution:  Trusted key distribution (KDC) acting as intermediary between entities  KDC needs shared key with each entity. Public Key Problem:  When Saad obtains Saeed’s public key (from web site, , diskette), how does he know it is Saeed’s public key, not eavesdropper’s? Solution:  Trusted certification authority (CA)

Key Distribution - Secret Keys Could configure n 2 keys Makes the systems unfeasible for large-scale use Instead use Key Distribution Center (KDC) Every user has a secret key shared with KDC The KDC knows all the users The KDC assigns a key to any pair who need to talk

Key Distribution - Public Keys Certification Authority (CA) signs “Certificates” Certificate = a signed message saying “I, the CA, vouch that is Saad’s public key” If everyone has a certificate, a private key, and the CA’s public key, they can authenticate

Key Distribution - Public Keys Saad Saeed [“Saad”, key=342872]CA Auth, encryption, etc. [“Saeed”, key= ]CA

Denial Of Service Attack  Attacker tries to exhaust resources of host/ server/ router/ user  Resources include:  Computation (CPU time)  Storage (e.g. for state of requests/connections)  Open TCP connections  Limited (10s to several thousand connections – depending on hardware, operating system)  SYN flooding DOS attack: attacker sends ‘SYN’ flow (open connection); server waits

SYN flooding DOS attack  Attacker sends many SYN requests (using different spoofed client IP address), no ACK  Uses up server’s capacity for open connections

Firewalls  Firewall: A secure machine (or program), isolating organization’s internal net from larger Internet (or another net), allowing some packets to pass, blocking others

Packet Filtering  Internal network connected to Internet via Router Firewall (packet filtering)  Router filters packet-by-packet, decision to forward/ drop packet based on: o Source IP address, destination IP address o TCP/UDP source and destination port numbers o TCP SYN and ACK bit (identify client vs. server)

References Our textbook