Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Slides:

Advertisements

Similar presentations

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Advertisements

Sri Lanka Institute of Information Technology

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Authentication & Kerberos

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Jonathan Calazan December 12, 2005.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Chapter 10: Authentication Guide to Computer Network Security.

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

Electronic mail security. Outline Pretty good privacy S/MIME.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Chapter 15: Electronic Mail Security

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.

NETWORK SECURITY.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

Chapter 11 Message Authentication and Hash Functions.

Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Cryptography and Network Security (CS435) Part Nine (Message Authentication)

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

CSCE 201 Identification and Authentication Fall 2015.

My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.

Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Security is one of the most widely used and regarded network services

Presentation transcript:

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan

Secure is one of the most widely used and regarded network services currently message contents are not secure  may be inspected either in transit  or by suitably priviledged users on destination system Privacy Enhancement Services  confidentiality (protection from disclosure)  authentication (of originator)  message integrity (protection from modification)  non-repudiation of origin  (protection from denial by sender) can't assume real-time access to a trusted key server often implement using Encapsulation

PEM Privacy Enhanced Mail Internet standard for security enhancements to Internet (RFC822)  developed by a Working group of the IETF  specified in RFC1421, RFC1422, RFC1423, RFC1424 uses message encapsulation to add features confidentiality - DES encryption in CBC mode integrity - DES encrypted MIC (MD2/MD5) authentication - DES/RSA encrypted MIC non-repudiation - RSA encrypted MIC

PEM - Key Management central key server (private-key)  requires access to on-line server public-key certificates  uses X.509 Directory Service Strong Authentication to protect key certificates  signed by a Certification Authority (CA)  CAs form a hierarchy to permit cross-validation of certificates  CAs must be licenced by RSA Data Inc.  currently only licenced in US/Canada

User Authentication user authentication (identity verification)  convince system of your identity  before it can act on your behalf sometimes also require that the computer verify its identity with the user user authentication is based on three methods  what you know  what you have  what you are all then involve some validation of information supplied against a table of possible values based on users claimed identity

What you Know Passwords or Pass-phrases prompt user for a login name and password verify identity by checking that password is correct on some (older) systems, password was stored in the clear (this is now regarded as insecure, since breakin compromises all users of the system) more often use a one-way function, whose output cannot easily be used to find the input value  either takes a fixed sized input (eg 8 chars)  or based on a hash function to accept a variable sized input to create the value important that passwords are selected with care to reduce risk of exhaustive search

What you Know One-shot Passwords one problem with traditional passwords is caused by eavesdropping theit transfer over an insecure network one possible solution is to use one-shot (one-time) passwords these are passwords used once only future values cannot be predicted from older values either generate a printed list, and keep matching list on system to be accessed (cf home banking) or use an algorithm based on a one-way function f (eg MD5) to generate previous values in series (eg SKey) start with a secret password s, and number N  p_(0) = fN(s) next password in series is  p_(1) = fN-1(s) must reset password after N uses generally good only for infrequent access

What you Have here verify identity based on possession of some object, often also combined with a password Magnetic Card, Magnetic Key possess item with required code value encoded in it (eg access control cards) Smart Card or Calculator may interact with system may require information from user could be used to actively calculate:  a time dependent password  a one-shot password  a challenge-response verification  public-key based verification

What you Are here verify identity based on your physical characteristics or involuntary reponse patterns known as biometrics characteristics used include:  signature (usually dynamic)  fingerprint  hand geometry  face or body profile  speech  retina pattern always have tradeoff between  false rejection (type I error)  false acceptance (type II error)