Security Chapter 8.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Cryptography and Network Security Chapter 17
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Chapter 9 Security.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017
Chapter 8 Web Security.
Security Strategies for securing Distributed Systems
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Computer Science Public Key Management Lecture 5.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Supporting Technologies III: Security 11/16 Lecture Notes.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Computer and Network Security - Message Digests, Kerberos, PKI –
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
Message Security, User Authentication, and Key Management
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Presentation transcript:

Security Chapter 8

Types of Threats Interception Interruption Modification Fabrication

Security Mechanisms Encryption Authentication Authorization Auditing

Example: Globus Security Architecture Diagram of Globus security architecture.

Focus of Control Three approaches for protection against security threats Protection against invalid operations Protection against unauthorized invocations Protection against unauthorized users

Layering of Security Mechanisms (1) The logical organization of a distributed system into several layers.

Layering of Security Mechanisms (2) Several sites connected through a wide-area backbone service.

Distribution of Security Mechanisms The principle of RISSC as applied to secure distributed systems.

Intruders and eavesdroppers in communication. Cryptography (1) Intruders and eavesdroppers in communication.

Notation used in this chapter. Cryptography (2) Notation Description KA, B Secret key shared by A and B Public key of A Private key of A Notation used in this chapter.

Symmetric Cryptosystems: DES (1) The principle of DES Outline of one encryption round

Symmetric Cryptosystems: DES (2) Details of per-round key generation in DES.

Public-Key Cryptosystems: RSA Generating the private and public key requires four steps: Choose two very large prime numbers, p and q Compute n = p x q and z = (p – 1) x (q – 1) Choose a number d that is relatively prime to z Compute the number e such that e x d = 1 mod z

Hash Functions : MD5 (1) The structure of MD5

The 16 iterations during the first round in a phase in MD5. Hash Functions : MD5 (2) The 16 iterations during the first round in a phase in MD5.

Authentication based on a shared secret key.

Authentication (2) Authentication based on a shared secret key, but using three instead of five messages.

Authentication (3) The reflection attack.

Authentication Using a Key Distribution Center (1) The principle of using a KDC.

Authentication Using a Key Distribution Center (2) Using a ticket and letting Alice set up a connection to Bob.

Authentication Using a Key Distribution Center (3) The Needham-Schroeder authentication protocol.

Authentication Using a Key Distribution Center (4) Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.

Authentication Using Public-Key Cryptography Mutual authentication in a public-key cryptosystem.

Digital signing a message using public-key cryptography. Digital Signatures (1) Digital signing a message using public-key cryptography.

Digitally signing a message using a message digest. Digital Signatures (2) Digitally signing a message using a message digest.

Secure Replicated Services Sharing a secret signature in a group of replicated servers.

General Issues in Access Control General model of controlling access to objects.

Access Control Matrix Comparison between ACLs and capabilities for protecting objects. Using an ACL Using capabilities.

Protection Domains The hierarchical organization of protection domains as groups of users.

A common implementation of a firewall. Firewalls A common implementation of a firewall.

Protecting the Target (1) 8-27 The organization of a Java sandbox.

Protecting the Target (2) 8-28 A sandbox A playground

Protecting the Target (3) 8-29 The principle of using Java object references as capabilities.

Protecting the Target (4) The principle of stack introspection.

The principle of Diffie-Hellman key exchange. Key Establishment The principle of Diffie-Hellman key exchange.

Secret-key distribution

Public-key distribution (see also [menezes.a96]).

Secure Group Management Securely admitting a new group member.

Capabilities and Attribute Certificates (1) 48 bits 24 bits 8 bits Server port Object Rights Check A capability in Amoeba.

Capabilities and Attribute Certificates (2) Generation of a restricted capability from an owner capability.

The general structure of a proxy as used for delegation.

Using a proxy to delegate and prove ownership of access rights. Delegation (2) Using a proxy to delegate and prove ownership of access rights.

Authentication in Kerberos. Example: Kerberos (1) Authentication in Kerberos.

Setting up a secure channel in Kerberos. Example: Kerberos (2) Setting up a secure channel in Kerberos.

Overview of components in SESAME. SESAME Components Overview of components in SESAME.

Privilege Attribute Certificates (PACs) Field Description Issuer domain Name the security domain of the issuer Issuer identity Name the PAS in the issuer's domain Serial number A unique number for this PAC, generated by the PAS Creation time UTC time when this PAC was created Validity Time interval when this PAC is valid Time periods Additional time periods outside which the PAC is invalid Algorithm ID Identifier of the algorithm used to sign this PAC Signature value The signature placed on the PAC Privileges A list of (attribute, value)-pairs describing privileges Certificate information Additional information to be used by the PVF Miscellaneous Currently used for auditing purposes only Protection methods Fields to control how the PAC i s used The organization of a SESAME Privilege Attribute Certificate.

Electronic Payment Systems (1) Payment systems based on direct payment between customer and merchant. Paying in cash. Using a check. Using a credit card.

Electronic Payment Systems (2) Payment systems based on money transfer between banks. Payment by money order. Payment through debit order.

Information hiding in a traditional cash payment. Privacy (1) Merchant Customer Date Amount Item Full Partial Bank None Observer Information hiding in a traditional cash payment.

Privacy (2) Information Merchant Customer Date Amount Item Full Bank None Observer Partial Party Information hiding in a traditional credit-card system (see also [camp.lj96a])

The principle of anonymous electronic cash using blind signatures. E-cash The principle of anonymous electronic cash using blind signatures.

Secure Electronic Transactions (SET) The different steps in SET.