04-01-98 J.W. Ryder Basic Internet Security Concepts J.W. Ryder

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Chapter 11: Cryptography

Digital Signatures and Hash Functions. Digital Signatures.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Cryptography Basic (cont)

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

© MMII JW RyderCS 428 Computer Networking1 Basic Internet Security Concepts.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Cryptographic Technologies

CSE401n:Computer Networks

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Encryption Methods By: Michael A. Scott

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security David Lazăr.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.

Public Key Encryption.

Csci5233 computer security & integrity 1 Cryptography: an overview.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Network Security Celia Li Computer Science and Engineering York University.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Cryptography: an overview

Basics of Cryptography

Computer Communication & Networks

NET 311 Information Security

Network Security Basics

Cryptography: an overview

Chapter 8 roadmap 8.1 What is network security?

Presentation transcript:

J.W. Ryder Basic Internet Security Concepts J.W. Ryder

J.W. Ryder Introduction The internet is a vast wilderness, an infinite world of opportunity Exploring, , free software, chat, video, e- business, information, games Explored by humans

J.W. Ryder Internet Security Concepts Introduction of several basic security concepts General mechanisms for protection

J.W. Ryder Sniffing and Spoofing [1] Sniffing –The ability to inspect IP Datagrams which are not destined for the current host. Spoofing –After sniffing, create malicious havoc on the internet

J.W. Ryder Unprotected Internet node Private Network node Secure Gateway node A Guy Gabrielle Poirot (C) Sears Bank (I) A Guy’s Swiss Bank Wall Street (N) Steve Burns (C) Ramon Sanchez (A) 1

J.W. Ryder A Guy has no integrity Swiss Bank Scam Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

J.W. Ryder Ramon springs for sound Sears solid state stereos Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

J.W. Ryder A guy sniffs success Gabrielle and Steve almost strike it rich Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

J.W. Ryder Wall Street Woes A guy spots a hot stock tip Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

J.W. Ryder A guy becomes desperate Bring Wall St. to its knees Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

J.W. Ryder Physical Adapter IP In Comm. Stack One Way Hash Functions (MD5, SHA1) Crypto Functions (DES, CDMF, 3DES) Key Mgmt. Functions Application 2

J.W. Ryder Protocol Flow [2, 3] Through layers, each layer has a collection of responsibilities ISO OSI Reference Model - (Open Systems Interconnection) IP Datagram

J.W. Ryder IP Hdr.Data IP Datagram DataMAC FnDigest MAC Function IP Hdr.DataDigest Integrity 3

J.W. Ryder Keys Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication The longer the better - 40, 48, 56, 128 Brute force attacks can win with small keys

J.W. Ryder Symmetric Keys Have qualities such as life times, refresh rates, etc. Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

J.W. Ryder Asymmetric Public / Private key pairs Public key lists kept on well known public key servers Public key is no secret. If it is, the strategy will not work. Public and Private keys inverse functional values Private key is only known to you and must remain secret

J.W. Ryder Concept Sender encrypts data with private key Receiver decrypts data with public key Receiver replies after encrypting with public key Sender receives response and decrypts with private key

J.W. Ryder Data Encryption Function IP Hdr. Key Crypto Fn.Encrypted Data Encrypted Data Confidentiality 4

J.W. Ryder Decryption Function Data Key Crypto Fn. Encrypted Data Confidentiality Data 5

J.W. Ryder MACs Message Authentication Codes, One Way Hashing Functions A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that – h (M1) = h (M2) MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST) MD5 yields a 128 bit digest [3]

J.W. Ryder DES Data Encryption Standard U.S. Govt. Standard 56 bit key - originally 128 bits Absolute elimination of exhaustive search of key space U.S. Security Agency Request - Reduce to 56 bits Export CDMF (40 bits) Keys are secrets to algorithms, not algorithms themselves [4, 5]

J.W. Ryder IP Hdr. Encrypted Data Confidentiality, Integrity, & Authentication IP Hdr. Encrypted Data Digest Digital Signature (Enc. Digest) Confidentiality & Integrity

J.W. Ryder DataEM Key MAC CF DS Digest Keyed Digest MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest ? Why not? What types of Security are provided with EM, DS, Digest, Keyed Digest?

J.W. Ryder Msg EM Msg MD DS KD No Security Integrity Confidentiality Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth.

J.W. Ryder Purpose Some ideas on Internet Security Classes of mischief on Internet, definitions Tools to fight mischief Combinations of these tools

J.W. Ryder Purpose continued Very high level Good starting point for further study about General networking & strategies Cryptography Key Management Algorithm Analysis

J.W. Ryder Post Presentation Results Should be familiar with concepts & terms such as –Integrity, Authentication, Non- repudiation, Confidentiality –Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram –High level understanding of some methods to combat some the above types of Internet mischief