TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
TCP/IP Protocol Suite 1 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Security Credit: most slides from Forouzan, TCP/IP protocol suit
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Chapter 10 Network Security.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Ch 8. Security in computer networks Myungchul Kim
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Network Security Understand principles of network security:
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Computer Communication & Networks
Chapter 8 Network Security.
Message Security, User Authentication, and Key Management
Chapter 8 Network Security.
Security Protocols in the Internet
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
The University of Adelaide, School of Computer Science
Advanced Computer Networks
Presentation transcript:

TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit

TCP/IP Protocol Suite 2 Criminal Expoits and Attacks Phishing: Masquerading as a well-known site to obtain a user’ personal info. Denial of Service: Intentionally blocking a site to prevent business activities. Loss of control: an intruder gains control of a system. Loss of data: Steal or delete.

TCP/IP Protocol Suite 3 Techniques used Wiretapping Replay – sending packets captured from previous session such as username and password. Buffer overflow: sending more data than receiver expects, thereby storing values in memory buffer. Address spoofing. Faking IP source address Name spoofing. Misspelling of a well-known name or poisoning name server. SYN flood – sending stream of TCP SYN Key breaking – guessing password Port Scanning – to find vulnerability Packet Interception – man in the middle attack.

TCP/IP Protocol Suite 4 Security Techniques Encryption Digital Signatures Firewall Intrusion detection systems Packet inspection and content scanning VPN

TCP/IP Protocol Suite CRYPTOGRAPHY The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them secure and immune to attacks. The topics discussed in this section include: Symmetric-Key Cryptography Asymmetric-Key Cryptography Comparison

TCP/IP Protocol Suite 6 Figure 28.1 Cryptography components

TCP/IP Protocol Suite 7 In cryptography, the encryption/decryption algorithms are public; the keys are secret. Note:

TCP/IP Protocol Suite 8 In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Note:

TCP/IP Protocol Suite 9 Figure 28.2 Symmetric-key cryptography

TCP/IP Protocol Suite 10 In symmetric-key cryptography, the same key is used in both directions. Note:

TCP/IP Protocol Suite 11 Figure 28.3 Caesar cipher

TCP/IP Protocol Suite 12 Figure 28.4 Transpositional cipher

TCP/IP Protocol Suite 13 Data encryption Standard (DES) Is a block cipher Takes 64-bit plaintext and creates a 64-bit ciphertext. The cipher key is a 56-bit key. It uses 16 rounds, each round mixes and swapps (left half with right half)

TCP/IP Protocol Suite 14 Figure 28.5 DES (Data Encryption Standard)

TCP/IP Protocol Suite 15 The DES cipher uses the same concept as the Caesar cipher, but the encryption/ decryption algorithm is much more complex. Note:

TCP/IP Protocol Suite 16 Asymmetric-key ciphers The secret key is personal and unshared. Symmetric key scheme would require n(n-1)/2 keys, for a million people it would require half a billion shared secret keys. Whereas, in asymmetric scheme we would only require a million secret keys. Asymmetric ciphers use two keys, private and public. Asymmetric is much slower. Both symmetric and asymmetric can be used if need to be. Think: if you want to send a secret symmetric key, you can use asymmetric.

Protocols IPSec (internet Security Protocol) operates in the network layer. Used in VPN. IP sec supports Authentication Header (AH) protocol and Encapsulation Security Payload (ESP) protocol The SSL (Secure Socket Layer) protocol serves as a security for transferring encrypted data. WEP (Wired Equivalent Privacy) standard. Data stream is encrypted with RC4 algorithm. RC4 is simple, it is not very secure. WPA (Wi-Fi Protected Access) specification and AES (Advanced Encryption standard) more secure for encrypting wireless data. TCP/IP Protocol Suite 17

TCP/IP Protocol Suite 18 Figure 28.8 Public-key cryptography

TCP/IP Protocol Suite 19 Symmetric-key cryptography is often used for long messages. Note:

TCP/IP Protocol Suite 20 Asymmetric-key algorithms are more efficient for short messages. Note:

TCP/IP Protocol Suite 21 Digital signature can provide authentication, integrity, and nonrepudiation for a message. Note:

TCP/IP Protocol Suite DIGITAL SIGNATURE Digital signature can provide authentication, integrity, and nonrepudiation for a message. The topics discussed in this section include: Signing the Whole Document Signing the Digest

TCP/IP Protocol Suite 23 Figure Signing the whole document

TCP/IP Protocol Suite 24 Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Note:

TCP/IP Protocol Suite 25 Figure Hash function

TCP/IP Protocol Suite 26 Figure Sender site

TCP/IP Protocol Suite 27 Figure Receiver site The digest is much shorter than the message. The message itself may not lend itself to asymmetric cryptography because it is too long.

TCP/IP Protocol Suite 28 Hash functions Message of arbitrary length is made into a fixed length message. MD2, MD4, MD5 SHA (Secure Hash Algorithm) developed by NIST.

TCP/IP Protocol Suite 29 Non-repudiation If alice signs a message then denies it, the message can be verified. That means we have to keep the messages. A trusted center can be created. Alice send the digitally signed message to the trusted center who verifies it, saves a copy of the message, recreates the message with its own signature and send to bob. Bob can verify the trusted center’s public key.

TCP/IP Protocol Suite KEY MANAGEMENT In this section we explain how symmetric keys are distributed and how public keys are certified. The topics discussed in this section include: Symmetric-Key Distribution Public-Key Certification Kerberos

TCP/IP Protocol Suite 31 A symmetric key between two parties is useful if it is used only once; it must be created for one session and destroyed when the session is over. Note:

TCP/IP Protocol Suite 32 Figure Diffie-Hellman method

TCP/IP Protocol Suite 33 The symmetric (shared) key in the Diffie-Hellman protocol is K = G xy mod N. Note:

TCP/IP Protocol Suite 34 Let us give an example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume G = 7 and N = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 7 3 mod 23 = Alice sends the number 21 to Bob. 3. Bob chooses y = 6 and calculates R2 = 7 6 mod 23 = Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 4 3 mod 23 = Bob calculates the symmetric key K = 21 6 mod 23 = 18. The value of K is the same for both Alice and Bob; G xy mod N = 7 18 mod 23 = 18. Example 1

TCP/IP Protocol Suite 35 Figure Man-in-the-middle attack

TCP/IP Protocol Suite 36 Figure First approach using KDC

TCP/IP Protocol Suite 37 Figure Needham-Schroeder protocol

TCP/IP Protocol Suite 38 Figure Otway-Rees protocol

TCP/IP Protocol Suite 39 In public-key cryptography, everyone has access to everyone’s public key. Note:

TCP/IP Protocol Suite 40 Table 28.1 X.509 fields

TCP/IP Protocol Suite 41 Figure PKI hierarchy

TCP/IP Protocol Suite 42 Figure Kerberos servers

TCP/IP Protocol Suite 43 Figure Kerberos example

TCP/IP Protocol Suite SECURITY IN THE INTERNET In this section we discuss a security method for each of the top 3 layers of the Internet model. At the IP level we discuss a protocol called IPSec; at the transport layer we discuss a protocol that “glues” a new layer to the transport layer; at the application layer we discuss a security method called PGP. The topics discussed in this section include: IP Level Security: IPSec Transport Layer Security Application Layer Security: PGP

TCP/IP Protocol Suite 45 Figure Transport mode

TCP/IP Protocol Suite 46 Figure Tunnel mode

TCP/IP Protocol Suite 47 Figure AH

TCP/IP Protocol Suite 48 The AH protocol provides message authentication and integrity, but not privacy. Note:

TCP/IP Protocol Suite 49 Figure ESP

TCP/IP Protocol Suite 50 ESP provides message authentication, integrity, and privacy. Note:

TCP/IP Protocol Suite 51 Figure Position of TLS

TCP/IP Protocol Suite 52 Figure TLS layers

TCP/IP Protocol Suite 53 Figure Handshake protocol

TCP/IP Protocol Suite 54 Figure Record Protocol

TCP/IP Protocol Suite 55 Figure PGP at the sender site

TCP/IP Protocol Suite 56 Figure PGP at the receiver site

TCP/IP Protocol Suite FIREWALLS A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. The topics discussed in this section include: Packet-Filter Firewall Proxy Firewall

TCP/IP Protocol Suite 58 Figure Firewall

TCP/IP Protocol Suite 59 Figure Packet-filter firewall

TCP/IP Protocol Suite 60 A packet-filter firewall filters at the network or transport layer. Note:

TCP/IP Protocol Suite 61 Figure Proxy firewall

TCP/IP Protocol Suite 62 A proxy firewall filters at the application layer. Note:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.