Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

Slides:



Advertisements
Similar presentations
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Advertisements

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
OSI Model OSI MODEL.
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Applied Cryptography for Network Security
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Chapter 20: Network Security Business Data Communications, 4e.
Cryptography and Network Security Chapter 7
The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Cryptography and Network Security (CS435)
Symmetric and Asymmetric Ciphers. Symmetric Encryption  or conventional / private-key / single-key  sender and recipient share a common key  all classical.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.
Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Csci5233 Computer Security1 Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) ( )
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
©Brooks/Cole, 2003 Model and protocol  A model is the specification set by a standards organization as a guideline for designing networks.  A protocol.
Chapter 7 – Confidentiality Using Symmetric Encryption.
Chapter 7 Confidentiality Using Symmetric Encryption.
Cryptography and Network Security Key Distribution for Symmetric Encryption.
William Stallings Data and Computer Communications
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Network Security Lecture 18 Presented by: Dr. Munam Ali Shah.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Fall 2006CS 395: Computer Security1 Confidentiality Using Symmetric Encryption.
Protocol Suits and Layering Models OSI Model Dr. Abraham UTPA.
Chapter 7 – Confidentiality Using Symmetric Encryption.
CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key.
CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption.
Confidentiality using Conventional Encryption Chapter 5.
K. Salah1 Security Protocols in the Internet IPSec.
Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.
Securing Access to Data Using IPsec Josh Jones Cosc352.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Computer Engineering and Networks, College of Engineering, Majmaah University Protocols OSI reference MODEL TCp /ip model Mohammed Saleem Bhat
Network Security Confidentiality Using Symmetric Encryption Chapter 7.
OSI Model OSI MODEL. Communication Architecture Strategy for connecting host computers and other communicating equipment. Defines necessary elements for.
OSI Model OSI MODEL.
Computer and Network Security
Lecturer, Department of Computer Application
Cryptography and Network Security
OSI Model OSI MODEL.
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
New York Institute of Technology- Amman Campus
Presentation transcript:

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah

Summary of the Previous Lecture In previous lecture we talked about the random numbers and the random number generators We have also discussed random numbers and pseudorandom numbers. The design constraints were also discussed

Summary of the previous lecture Random number are the basis for many cryptographic applications. There is no reliable “independent” function to generate random numbers. Present day computers can only approximate random numbers, using pseudo-random numbers generated by Pseudo Random Number Generators (PRNG)s. Attacks on many cryptographic applications are possible by attacks on PRNGs. Computer applications are increasingly turning towards using physical data (external/internal) for getting truly random numbers.

Part – 2 (e): Incorporating security in other parts of the network

Outlines of today’s lecture We will talk about Confidentiality using symmetric encryption We will also explore Link vs. end to end encryption Key Distribution design constraints will be explored

Objectives You would be able to present an understanding of deploying security in other parts of the networks. You would understand the potential locations in the network through which attack could be launched

Potential locations for confidentiality attacks Insider: eavesdropping the LAN Outsider: from server or host with dial up facility Patch panel is vulnerable if intruder access it physically: (can use low power radio transmitter) Attack through transmission medium Wired (coaxial, twisted pair, fibre optic) Wireless(microwave, satellite)

Link vs. end to end encryption have two major placement alternatives link encryption vulnerable links are equipped with encryption device En/decryption occurs independently on every link requires many devices in a large network User has no control over security of these devices Many keys must be provided end-to-end encryption encryption occurs between original source and final destination need devices at each end with shared keys Authentication

Needs both when using end-to-end encryption must leave headers in clear so network can correctly route information hence although contents protected, traffic pattern flows are not ideally want both at once end-to-end protects data contents over entire path and provides authentication link protects traffic flows from monitoring

Placement of end to end Encryption can place encryption function at various layers in OSI Reference Model link encryption occurs at layers physical or link layer end-to-end can occur at layers network layer:  all user process and application within end system would employ the same encryption scheme with same key.

Cont. End to end encryption at network layer provides end to end security for traffic within integrated internetwork Such scheme cannot deliver necessary service for traffic that crosses internetwork boundaries e.g. , ftp Solution: End to end encryption at application layer Transport and network connection ends up at each mail gateway, which setups new setup new transport and network connection to the other end system

Encryption Coverage Implications of Store-and- Forward Communications

Drawback A network that support hundred of hosts may support thousands of users and processes. Many secret keys are need to be generated and distributed

Encryption vs. protocol Application level TCP level User data and TCP header are encrypted IP header need by the router At gateway: TCP connection is terminated and a new transport connection is open for next hop Link level Entire data unit except for the link (h & T) Entire data unit is cleared at each router and gateway 16

Traffic Analysis is monitoring of communications flows between parties useful both in military & commercial spheres Following information can be derived from traffic analysis Identities of partners Frequency of communication Message pattern, length and quantity that suggest important information of message Helpful for covert channel: is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy

Traffic Confidentiality link encryption obscure header details but overall traffic volumes in networks and at end-points is still visible traffic padding can further obscure flows End to end Encryption Application layer: communicating entities are visible Transport layer: network address and traffic patterns are visible Uniform Padding deny an opponent knowledge of data exchange between user and secure the traffic patterns

Key Distribution symmetric schemes require both parties to share a common secret key issue is how to securely distribute this key often secure system failure due to a break in the key distribution scheme

Key Distribution Given parties A and B have various key distribution alternatives: 1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B

Summary In today’s lecture we talked about Confidentiality using symmetric encryption We explored Link vs. end to end encryption The design constraints for Key Distribution was also explored

Next lecture topics We will talk about incorporating and ensuring network security through other aspects

The End