Download presentation
Presentation is loading. Please wait.
Published byBridget Lee Modified over 8 years ago
1
network security tkkwon@snu.ac.kr 1
2
Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security cryptography 2
3
Security dichotomy Computer (system) Security –automated tools and mechanisms to protect data in a computer, even if the computers are connected to a network against hackers (intrusion) against viruses against Denial of Service attacks –Access control, authorization, … Internet (network) Security –measures to prevent, detect, and correct security violations that involve the transmission of information in a network or interconnected network –Everything on the network can be a target –Every transmitted bit can be tapped 3
4
Friends and enemies: Alice, Bob, Trudy/Eve well-known in network security world Bob, Alice want to communicate “securely” Trudy (intruder) may tap, delete, add, modify messages secure sender secure receiver channel data, control messages data Alice Bob Trudy Source: Kurose at UMass 4
5
There are bad guys out there! Q: What can a “bad guy” do? A: A lot! –eavesdrop: intercept messages –Insert/modify/delete messages into connection –impersonation: can fake (spoof) source address in packet (or any field in packet) –hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place –denial of service: prevent service from being used by others (e.g., by overloading resources) Source: Kurose at UMass 5
6
many kinds of attacks! cryptographic attacks –find a key passive attacks active attacks 6
7
passive attacks wiretapping –cf. lawful interception port scanner idle scan –secretly scanning 7
8
active attacks Denial-of-service attack Spoofing Man in the middle poisoning –DNS, ARP,… Smurf attack –ICMP, src: spoofed address, dest: IP broadcast address system attacks –Buffer overflow, Heap overflow, SQL injection,… 8
9
Thwart the attacks! Basic Security services –C onfidentiality –I ntegrity Data (or message) integrity –A vailability –authentication –Non-repudiation 9
10
attacks against CIA 10 source: Forouzan, TCP/IP Protocol Suite
11
More Security services Access control –identification –authentication –authorization Anonymity Accountability Privacy forensics 11
12
Security mechanisms Encipherment –Encryption and decryption –Keys Message digest –Hash function characteristics it is easy to compute the hashed value for any given message, it is infeasible to find a message that has a given hash, it is infeasible to find two different messages with the same hash Digital Signatures –demonstrating the authenticity of a digital message or document 12
13
Meaning of Cryptography from Greek –Cryptos: secret, hidden –graphos: writing –cryptography: study of secret writing cf. cryptology 13
14
Basics of a cryptosystem Encryption (Encipherment) Message (plaintext, cleartext) Encryption key Ciphertext (cryptogram) Decryption (Decipherment) Decryption key plaintext cipher - algorithm for performing encryption or decryption key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/methods of deciphering ciphertext without knowing key 14
15
Classification of Cryptosystems The way in which keys are used –Symmetric cryptography Single key –Public key cryptography Two keys the way in which plaintext is processed –Block cipher –Stream cipher 15
16
Kerckhoffs’s Principle two choices for security of a cryptosystem –encryption/decryption algorithm can be hidden security by obscurity –key can be hidden A cryptosystem should be secure even if everything about the system, except the key, is public knowledge 16
17
information security source: Wikipedia#information security 17
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.