IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Lecture 6: Web security: SSL
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin.
Chapter 8 Web Security.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Message Digest Can provide data integrity and non-repudation
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Chapter 21 Distributed System Security Copyright © 2008.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Network Security David Lazăr.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Cryptography and Network Security
Secure Sockets Layer (SSL)
Cryptography and Network Security Chapter 16
Cryptography and Network Security
امنیت شبکه علی فانیان
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Web Security (TRANSPORT-LEVEL SECURITY)
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University

IM NTU Distributed Information Systems 2004 Security -- 2 Introduction Security Needs –Secrecy, integrity, etc. –Arise from the desire to share resources Security Policies –Specify who are authorized to access what resources –Independent of the technology used Security Mechanisms –Enforce security policies Security Models –Help understand and analyze the above

IM NTU Distributed Information Systems 2004 Security -- 3 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Evolution of Security Needs

IM NTU Distributed Information Systems 2004 Security -- 4 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Components of a Security Model

IM NTU Distributed Information Systems 2004 Security -- 5 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Enemy in Network Security

IM NTU Distributed Information Systems 2004 Security -- 6 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Familiar Names in the Security Literature

IM NTU Distributed Information Systems 2004 Security -- 7 Classes of Security Threats Leakage –Acquisition of information by unauthorized parties Tampering (Modification) –Unauthorized alteration of information Vandalism –Interference with the proper operation without gain to the perpetrator

IM NTU Distributed Information Systems 2004 Security -- 8 Methods of Attack Eavesdropping –Release of message contents and traffic analysis Masquerading Message Tampering (Modification) –Man-in-the-middle attack Replaying Denial of Service Mobile Code

IM NTU Distributed Information Systems 2004 Security -- 9 Designing Secure Systems Use best standards available Informal analysis and checks Formal validation Security logs and auditing

IM NTU Distributed Information Systems 2004 Security Security Requirements Secrecy (Confidentiality) Data Integrity Authentication Non-repudiation Availability …

IM NTU Distributed Information Systems 2004 Security Source: W. Stallings, “Cryptography and Network Security” The Secret-Key Encryption Model

IM NTU Distributed Information Systems 2004 Security Source: W. Stallings, “Cryptography and Network Security” The Public-Key Encryption Model

IM NTU Distributed Information Systems 2004 Security Source: W. Stallings, “Cryptography and Network Security” The Public-Key Authentication Model

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Notational Conventions

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Performance of Cryptographic Algorithms

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Scheme of Cipher Block Chaining

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Stream Cipher

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Digital Signatures with Secret Keys

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Digital Signatures with Public Keys

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Alice’s Bank Account Certificate

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Public Key Certificate of Bob’s Bank

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Needham-Schroeder Authentication Protocol

IM NTU Distributed Information Systems 2004 Security Kerberos Developed at MIT For protecting networked services Based on the Needham-Schroeder protocol Current version: Kerberos Version 5 Source code available Also used in OSF DCE, Windows 2000,...

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Kerberos Architecture

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Kerberos Protocol

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. auth(C) contains C,t. ticket(C,S) contains C,S,t 1,t 2,K CS. The Kerberos Protocol (cont.)

IM NTU Distributed Information Systems 2004 Security The Secure Sockets Layer (SSL) Originated by Netscape, now a nonproprietary standard (SSLv3) Provides secure end-to-end communications Operates between TCP/IP (or any other reliable transport protocol) and the application Built into most browsers and servers

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Protocol Stack

IM NTU Distributed Information Systems 2004 Security How SSL Works Sessions between a client and a server are established by the Handshake Protocol A session defines a set of security parameters, including peer certificate, cipher spec, and master secret Multiple connections can be established within a session, each defining further security parameters such as keys for encryption and authentication Security parameters dictate how application data are processed by the SSL Record Protocol into TCP segments

IM NTU Distributed Information Systems 2004 Security Security Functions of SSL Confidentiality: using one of DES, Triple DES, IDEA, RC2, RC4, … Integrity: using MAC with MD5 or SHA-1 Authentication: using X.509v3 digital certificates

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Handshake Protocol

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Record Protocol

IM NTU Distributed Information Systems 2004 Security Micropayments The price of some goods may be lower than the standard transaction fees Micropayments offer a way for selling small- value products and services Technology providers: eCharge (via phone bills), Qpass (monthly bills), Millicent (prepay electronic cash),...

IM NTU Distributed Information Systems 2004 Security The Millicent Scrip Scheme Scrip is a form of digital cash valid only for a specific vender. Format: Scrip is generated and distributed by brokers.

IM NTU Distributed Information Systems 2004 Security Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Millicent Architecture

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.