Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Slides:



Advertisements
Similar presentations
IPSec.
Advertisements

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
IPsec Internet Headquarters Branch Office SA R1 R2
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Sharif University of Technology 1 Chapter 8 Network Security These power point slides have been adapted from slides prepared by book authors. Computer.
Lecture 25 Secure Communications CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross and Dave Hollinger.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 7: Network Security
1DT014/1TT821 Computer Networks I Chapter 8 Network Security
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security and Hot topics in networking EECS 489 Computer Networks Z. Morley Mao Wednesday, April 11,
Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.
Secure connections.
8: Network Security8-1 Chapter 8: Network Security Chapter goals:  understand principles of network security: o cryptography and its many uses beyond.
1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Kurose and Ross Chapter 8: Network Security 8: Network Security8-1.
Ch 8. Security in computer networks Myungchul Kim
8: Network Security8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Prof. Younghee Lee 1 1 Computer Networks u Lecture 13: Network Security Prof. Younghee Lee * Some part of this teaching materials are prepared referencing.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 5: Mobile security,
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Network Security Understand principles of network security:
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Lecture Notes Thursday Sue B. Moon.
WLAN Security1 Security of WLAN Máté Szalay
8: Network Security8-1 Chapter 8 Network Security All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.
Last time Message Integrity Authentication
IPSec Detailed Description and VPN
Security in the layers 8: Network Security.
Firewalls firewall Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. administered network public.
Chapter 18 IP Security  IP Security (IPSec)
Slides have been taken from:
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
Virtual Private Networks (VPNs)
NET 536 Network Security Lecture 5: IPSec and VPN
Chapter 6 Network Security
Presentation transcript:

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Network Security7-2 Chapter 7 roadmap 7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Secure Secure sockets IPsec WEP

Network Security7-3 IPsec: Network Layer Security r Network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments; ICMP and SNMP messages. r Network-layer authentication m destination host can authenticate source IP address r Two principle protocols: m authentication header (AH) protocol m encapsulation security payload (ESP) protocol r For both AH and ESP, source, destination handshake: m create network-layer logical channel called a security association (SA) r Each SA unidirectional. r Uniquely determined by: m security protocol (AH or ESP) m source IP address m 32-bit connection ID

Network Security7-4 Authentication Header (AH) Protocol r provides source authentication, data integrity, no confidentiality r AH header inserted between IP header, data field. r protocol field: 51 r intermediate routers process datagrams as usual AH header includes: r connection identifier r authentication data: source- signed message digest calculated over original IP datagram. r next header field: specifies type of data (e.g., TCP, UDP, ICMP) IP headerdata (e.g., TCP, UDP segment) AH header

Network Security7-5 ESP Protocol r provides secrecy, host authentication, data integrity. r data, ESP trailer encrypted. r next header field is in ESP trailer. r ESP authentication field is similar to AH authentication field. r Protocol = 50. IP header TCP/UDP segment ESP header ESP trailer ESP authent. encrypted authenticated

Network Security7-6 IEEE security r War-driving: drive around Bay area, see what networks available? m More than 9000 accessible from public roadways m 85% use no encryption/authentication m packet-sniffing and various attacks easy! r Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0 m host requests authentication from access point m access point sends 128 bit nonce m host encrypts nonce using shared symmetric key m access point decrypts nonce, authenticates host

Network Security7-7 IEEE security r Wired Equivalent Privacy (WEP): data encryption m Host/AP share 40 bit symmetric key (semi- permanent) m Host appends 24-bit initialization vector (IV) to create 64-bit key m 64 bit key used to generate stream of keys, k i IV m k i IV used to encrypt ith byte, d i, in frame: c i = d i XOR k i IV m IV and encrypted bytes, c i sent in frame

Network Security WEP encryption Sender-side WEP encryption

Network Security7-9 Breaking WEP encryption Security hole: r 24-bit IV, one IV per frame, -> IV’s eventually reused r IV transmitted in plaintext -> IV reuse detected r Attack: m Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 … m Trudy sees: c i = d i XOR k i IV m Trudy knows c i d i, so can compute k i IV m Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV … m Next time IV is used, Trudy can decrypt!

Network Security7-10 Network Security (summary) Basic techniques…... m cryptography (symmetric and public) m authentication m message integrity m key distribution …. used in many different security scenarios m secure m secure transport (SSL) m IP sec m WEP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.