Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 4905 Network Security Overview

Published byFranklin Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "CSE 4905 Network Security Overview"— Presentation transcript:

1 CSE 4905 Network Security Overview

2 Internet: “nuts and bolts” view
mobile network global ISP regional ISP home network institutional Internet: “network of networks” Interconnected ISPs protocols control sending, receiving of msgs e.g., TCP, IP, HTTP, Skype, Internet standards RFC: Request for comments IETF: Internet Engineering Task Force

3 Computer networks Support communication among computers
Hosts (computers), routers, network links, protocols Each machine has multiple addresses MAC address, IP address Each message from the sender to receiver may stop at many intermediate hops till it reaches its destination (routing) Possible attacks to computer networks? How addresses are obtained? Is it private? Universally known? Possible to fake? All these questions have important implications on security; will come to later on.

4 Many possible attacks! eavesdrop: intercept messages
actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)

5 Eavesdropping: one example
BEN: remind what FTP is, the protocol isn’t popularly known anymore

6 Security goals of computer networks
Counter various attacks Confidentiality, Integrity, Availability Network security at different layers Security measures at different layers Many approaches rely heavily on crypto See examples of what to do and what not to do… It is not easy… BEN: would make the point that we’ll see examples of what to do and what not to do. It is not easy to compose the building blocks we covered in the first couple of weeks.

7 Internet protocol stack
application: supporting network applications FTP, SMTP, HTTP transport: process data transfer TCP, UDP network: routing of datagrams from source to destination IP, routing protocols link: data transfer between neighboring network elements Ethernet, (WiFi), PPP physical: bits “on the wire” application transport network link physical

8 ISO/OSI reference model
presentation: allow applications to interpret meaning of data, e.g., encryption, compression, machine-specific conventions session: synchronization, checkpointing, recovery of data exchange Internet stack “missing” these layers! these services, if needed, must be implemented in application needed? application presentation session transport network link physical BEN: can you give a little bit of background on why these are not present in the internet?

9 Encapsulation source destination application transport network link
message M application transport network link physical segment Ht M Ht datagram Ht Hn M Hn frame Ht Hn Hl M link physical switch destination network link physical Ht Hn M Ht Hn Hl M M application transport network link physical Ht Hn M Ht M Ht Hn M router Ht Hn Hl M

10 Exercise: security at link layer
Incentives? What does an encrypted frame look like? What is being encrypted and what is not? Suppose use symmetric-key encryption Who need to agree on the key? How to agree on the key? How to ensure integrity? Is authentication needed? If you have perfect security at link layer, do you still need security measures at other layers? If you have perfect security at other layers, do you still need security measures at link layers?

11 Exercise: security at link layer
Attackers’ incentives Interference, eavesdrop, insert messages, know volume of traffic, … What does an encrypted frame look like? Link layer header not encrypted, other headers (IP, transport layers) and payload encrypted If you have perfect security at link layer, do you still need security measures at other layers? Link-layer security only deals with the link between two adjacent hosts If you have perfect security at other layers, do you still need security measures at link layers? Yes, e.g., if you want to hide the sender IP, or hide link-layer management traffic

12 Exercise: security at network (IP) layer
Incentives? What does an encrypted datagram look like? What is being encrypted and what is not? Suppose use symmetric-key encryption Who need to agree on the key? How to agree on the key? How to ensure integrity? Is authentication needed? If you have perfect security at IP layer, do you still need security at other layers? If you have perfect security at other layers, do you still need security at IP layer?

13 Exercise: security at network (IP) layer
What does an encrypted datagram look like? Transport layer header and payload are encrypted; others are not If you have perfect security at IP layer, do you still need security at other layers? You may still want to have link-layer security; you may not want to use IP layer security (from some traffic)… If you have perfect security at other layers, do you still need security at IP layer? Yes, e.g., you want to provide a logic isolation of all data from your computer (you’ll have to do this for each individual session if you use transport-layer security; link-layer security only deals a hop)…

14 Why need security at different layers?
Different layers have different functionalities, security at different layers serve different purposes Selectively choose what to use If one layer not secure, you still have some safeguard from some other layers e.g., security measures for WiFi network does not work initially

15 Physical layer security
Many open problems Particularly for wireless networks Require knowledge in digital communication Not covered in this class

16 Link layer security Link layer basic services: move a frame from one node to an adjacent node over a communication link Wireless networks particularly vulnerable Why? Case study: securing WiFi networks ( wireless LANs)

17 Sniffing wireless traffic

18 Securing WiFi networks
WiFi basics Security protocols WEP (first attempt, severe security flaws) 802.11i, WPA and WPA2 (current protocols)

19 IEEE Wireless LAN 802.11a 5 GHz range up to 54 Mbps 802.11g 2.4 GHz range 802.11n: multiple antennae 2.4 and/or 5 GHz range up to 200 Mbps 802.11b 2.4 GHz unlicensed spectrum up to 11 Mbps direct sequence spread spectrum (DSSS) in physical layer all use CSMA/CA for multiple access all have base-station and ad-hoc network versions

20 802.11 LAN architecture wireless host communicates with base station
Internet wireless host communicates with base station base station = access point (AP) Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base station AP hub, switch or router AP BSS 1 BSS 2

21 802.11: association host: must associate with an AP Security issues
scans channels, listening for beacon frames containing AP’s name (SSID, service set ID) & MAC address selects AP to associate with (use different schemes) will typically run DHCP to get IP address in AP’s subnet Security issues which SSID to select? Automatically select AP? host authenticate to AP?

22 802.11: passive/active scanning
BBS 1 BBS 1 BBS 2 BBS 2 AP 1 AP 2 AP 1 1 AP 2 1 1 2 2 2 3 3 4 H1 H1 Passive Scanning: beacon frames sent from APs association Request frame sent: H1 to selected AP association Response frame sent: selected AP to H1 Active Scanning: Probe Request frame broadcast from H1 Probes response frame sent from APs Association Request frame sent: H1 to selected AP Association Response frame sent: selected AP to H1

Download ppt "CSE 4905 Network Security Overview"

Similar presentations

Summer Workshop on Cyber Security Computer Networks Security (Part 1) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Summer Workshop on Cyber Security Computer Networks Security (Part 1) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
IEEE 802.11 Overview and Meshed Networking ELEC6076 Computer Networks Alan Ford

IEEE Overview and Meshed Networking ELEC6076 Computer Networks Alan Ford
20 – Collision Avoidance, 802.11 6: Wireless and Mobile Networks6-1.

20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
Lecture 3 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.

Lecture 3 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.
6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.

6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.
1-1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching, packet.

1-1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching, packet.
6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: 802.11 wireless LANs  6.5: mobility management:

6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: wireless LANs  6.5: mobility management:
Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.

Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.

8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.

6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.
Computer networks 6: Wireless and Mobile Networks.

Computer networks 6: Wireless and Mobile Networks.
CS 372 – introduction to computer networks* Announcements: r Final exam on Friday  The materials after chapters 1,2  Emphasis on the material covered.

CS 372 – introduction to computer networks* Announcements: r Final exam on Friday  The materials after chapters 1,2  Emphasis on the material covered.

Similar presentations

Ads by Google