Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sri Lanka Institute of Information Technology
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Chapter 29 Internet Security
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Encryption Methods By: Michael A. Scott
Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Network Security David Lazăr.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Network Security Celia Li Computer Science and Engineering York University.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
K. Salah1 Security Protocols in the Internet IPSec.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Security Outline Encryption Algorithms Authentication Protocols
PART VII Security.
Presentation transcript:

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security

Dr. L. Christofi 2 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of intercepting and decoding message data during its transfer across a network has increased. An intruder in a network can identify and remove the protocol control information at the head of each message, leaving the message contents. The message contents, including passwords and other sensitive information, can then be interpreted. This is know as listening or eavesdropping. In addition, an intruder can use a recorded message sequence to generate a new sequence. This is known as masquerading. Therefore, encryption should be applied to all data transfers that involve a network. In the context of the ISO reference model, the most appropriate layer to perform such operations is the presentation layer.

Dr. L. Christofi 3 Terminology Data encryption involves the sending party in processing all data prior to transmission so that in case it is intercepted during transmission to be incomprehensible to the intercepting party. Data should only be interpreted (decrypted) only by the intended recipient. Most encryption methods involve the use of an encryption key, which is only known by the two correspondents. Before encryption, message data is called plaintext and after encryption, ciphertext. The aim is to chose an encryption method such as an intruder cannot decipher the recorded ciphertext in a realistic time period.

Dr. L. Christofi 4 Security Requirements Privacy (Confidentiality) —Data only be accessible by authorized parties Authenticity —A host or service be able to verity the identity of a user Integrity —Data can be modified only by authorized parties Availability —Data are available to authorized parties Non-repudiation —Receiver must be able to prove that a received message came from a specific sender

Dr. L. Christofi 5 Cryptography Original message — Plaintext Encryption —Transforms the plaintext to cipher text Decryption —Transforms the ciphertext back to plain text Ciphers —Different categories of algorithms in cryptography Key —Number (value) that the ciphers operate on

Dr. L. Christofi 6 Cryptography Components

Dr. L. Christofi 7 Encryption and Decryption In cryptography, the encryption/decryption algorithms are public; the keys are secret Two groups of algorithms —Symmetric-key algorithms —Public-key algorithms

Dr. L. Christofi 8 Symmetric-key cryptography Same key is used by the sender (for encryption) and receiver (for decryption). The key is shared In symmetric-key cryptography, the same key is used in both directions Often used for long messages Algorithm is public, key is secret

Dr. L. Christofi 9 Traditional Ciphers Substitution Ciphers Transposition Ciphers

Dr. L. Christofi 10 Substitution Ciphers One symbol is substitutes by another —e.g. Caesar Cipher (a->D, b->E, c->F,… z-C). Monoalphabetic substitution —The relationship between a character in the plaintext to the character in the ciphertext is always one-to-one Polyalphabetic substitution —The relationship between a character in the plaintext and a character in the ciphertext is one-to-many

Dr. L. Christofi 11 Transposition Ciphers The characters retain their plaintext form but change their positions Text is organized into a two-dimensional table and the columns are interchanged according to a key

Dr. L. Christofi 12 Block Cipher Plain text and ciphertext are block of bits Each block is a unit of encryption/decryption

Dr. L. Christofi 13 Block Cipher (Cont.) P-box S-box Product block Data Encryption Standard (DES) Triple DES

Dr. L. Christofi 14 Public-key cryptography Two keys are used —Private key Kept by receiver Used for decryption —Public key Announced to the public Used for encryption Disadvantages —Complexity of the algorithm Key is too large, calculation time is long —Need to verify the association between an entity and its public key Most common algorithm – RSA (Rivest, Shamir, and Adleman) More efficient for short messages

Dr. L. Christofi 15 Public-key cryptography (Cont.)

Dr. L. Christofi 16 Digital signature Digital signature is used to provide —Authentication —Integrity —Nonrepudiation

Dr. L. Christofi 17 Signing the whole document The sender uses private key to encrypt (sign) the message The receiver uses the public key of the sender to decrypt the message. Note: Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.

Dr. L. Christofi 18 Signing the document The sender creates a miniature version or digest of the document and signs it —Using hash function is used to creates a fixed-size digest from a variable-length message —Two common hash MD5: produce a 120-bit digest SHA-1: produce a 160-bit digest The receiver checks signature on miniature

Dr. L. Christofi 19 Sender and receiver site Sender Site Receiver site

Dr. L. Christofi 20 User authentication Message authentication —Identity of sender is verified for each single message User authentication User identity is verified once for the entire duration of system access With symmetric key With public key —Sender use private key to encrypt the message —Receiver uses sender’s public key to decrypt the message

Dr. L. Christofi 21 Using symmetric key only Simple approach — Sender sends his/her identity and password in an encrypted message, using symmetric key (Kab) —Can not prevent replay attack. —Replay attack: malicious intruders can resend the same message

Dr. L. Christofi 22 Using symmetric key only (Cont.) Using a nonce — Step 1: Sender sends his/her identity and password in an encrypted message, using symmetric key (Kab) —Step 2: Receiver challenges sender by sending a nonce, which is a large random number that is used only once (one-time number), to the receiver —Step 3: Receiver responds to the message by sending back the encrypted nonce using the symmetric key —Advantage: can prevent replay attack

Dr. L. Christofi 23 Public key authentication Sender encrypts the message with his/her private key Receiver uses sender’s public key to decrypt the message and authenticate the sender Problem —Cannot prevent man-in-the-middle attack Man-in-the-middle-attack: —Intruder announce his/her public key to the receiver in place of a sender

Dr. L. Christofi 24 Firewalls A device (usually a router or a computer) installed between the internal network of an organization and rest of the internet Help to protect an organization’s computers and networks from unwanted Internet traffic Designed to keep problems in the internet from spreading to an organizations’ computers Classes of firewalls —Packet-filter firewalls —Proxy-based firewalls

Dr. L. Christofi 25 Packet-filter firewall A filter that uses a filtering table to decide which packet must be discarded (not forwarded). Filters on network layer and transport layer Block packets based on —Source and destination IP addresses —Source and destination ports —Type of protocol (TCP or UDP)

Dr. L. Christofi 26 Packet-filter firewall

Dr. L. Christofi 27 Proxy firewall Focuses on application layer Filters messages based on information of the message at application layer Step 1: Runs as a proxy for destination process to receive the request Step 2: Opens the packet at the application level and finds out if the request is legitimate Step 3: If message is legitimate, act as sender process and sends the message to the real receiver. Otherwise drop the message and send an error message to the external sender

Dr. L. Christofi 28 Proxy firewall

Dr. L. Christofi 29 References F. Halsall, Data Communications, Computer Networks and Open Systems, 4 th edition, Addison Wesley, 1995 W. Stallings, Data and Computer Communications, 7 th edition, Prentice Hall, 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.