Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Published byJaden Neaves Modified over 9 years ago

Similar presentations

Presentation on theme: "Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of."— Presentation transcript:

1 Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of Computer Science and CERIAS Purdue University

2 Jeffrey SeibertSERC Fall 2009 Showcase3 Security Goals for Network Protocols  Confidentiality  Authentication  Integrity  Non-repudiation  Access control  Availability  Replay protection A network protocol defines rules: - Syntax (how) - Semantics (what) - Synchronization (when)

3 Jeffrey SeibertSERC Fall 2009 Showcase4 Communication Patterns  Point-to-point  One-to-many  Many-to-one  Many-to-many  Reliable communication  Unreliable communication

4 Jeffrey SeibertSERC Fall 2009 Showcase5 Menu of Secure Protocols  Authentication+integrity+ confidentiality IPSEC: IP routing layer SSL/TLS: transport for reliable communication DTLS: transport for unreliable communication  Kerberos: access control for network services

5 Jeffrey SeibertSERC Fall 2009 Showcase6 The Problem  The available set of secure protocols and the services they provide do not match the security and performance requirements of various applications ``One solution fits all’’ is not good enough

6 Jeffrey SeibertSERC Fall 2009 Showcase7 The Goals of This Project  Identify specific security goals for Double -Take Software protocols  Customize to meet performance and management requirements  Integrate the protocol with their product

7 Jeffrey SeibertSERC Fall 2009 Showcase8 Customizable Features  Key management  Authentication + integrity  Authentication + integrity + confidentiality

8 Jeffrey SeibertSERC Fall 2009 Showcase9  End-to-end secure channel, providing: confidentiality, integrity, authentication, replay protection  Defines how the characteristics of the channel are negotiated: key establishment, encryption cipher, authentication mechanism  Requires reliable end-to-end protocol, so it runs on top of TCP  Several popular open source implementations (www.openssl.org) Overview of TLS

9 Jeffrey SeibertSERC Fall 2009 Showcase10 TLS: Protocol Architecture Authentication, Confidentiality Integrity come as a package

10 Jeffrey SeibertSERC Fall 2009 Showcase11 Our Approach  Leverage TLS to provide a wider menu choice of services and cryptographic algorithms: Integrity only Integrity + authentication Integrity + authentication + confidentiality  Evaluation of cost of each service for all protocol choices

11 Jeffrey SeibertSERC Fall 2009 Showcase12 Why OpenSSL  Long development history  Good performance  Allows immediate support of all cryptographic protocols supported by OpenSSL  For example: Hash: MD5, SHA1, SHA256 Digital signatures: RSA, DSA, ECC Symmetric encryption: 3DES, Blowfish, RC4, AES

12 Jeffrey SeibertSERC Fall 2009 Showcase13  We implemented a new interface based on OpenSSL  Platform: Intel(R) Pentium(R) 4 CPU 3.4 GHz GenuineIntel GNU/Linux  Two computers in a 1Gbps LAN  Evaluate: Throughput Handshake latency Experimental Evaluation Platform

13 Jeffrey SeibertSERC Fall 2009 Showcase14 Integrity-Only

14 Jeffrey SeibertSERC Fall 2009 Showcase15 Confidentiality and Data Integrity:RC4

15 Jeffrey SeibertSERC Fall 2009 Showcase16 Confidentiality and Data Integrity: AES128

16 Jeffrey SeibertSERC Fall 2009 Showcase17 Confidentiality and Data Integrity:AES256

17 Jeffrey SeibertSERC Fall 2009 Showcase18 Confidentiality and Data Integrity: Blowfish

18 Wide Area Network Experiments  Transfer data between hosts at Purdue University and Washington University Purdue University: Intel(R) Pentium(R) 4 CPU 3.4 GHz GenuineIntel GNU/Linux Washington University: Intel(R) Pentium(R) 4 CPU 3.2 GHz GenuineIntel GNU/Linux  Attempt to push as much data as possible over Internet  Evaluate: Throughput Handshake latency Jeffrey SeibertSERC Fall 2009 Showcase19

19 Jeffrey SeibertSERC Fall 2009 Showcase20 Integrity-Only (WAN)

20 Jeffrey SeibertSERC Fall 2009 Showcase21 Confidentiality and Data Integrity:RC4 (WAN)

21 Jeffrey SeibertSERC Fall 2009 Showcase22 Confidentiality and Data Integrity: AES128 (WAN)

22 Jeffrey SeibertSERC Fall 2009 Showcase23 Confidentiality and Data Integrity:AES256 (WAN)

23 Jeffrey SeibertSERC Fall 2009 Showcase24 Confidentiality and Data Integrity: Blowfish (WAN)

24 Jeffrey SeibertSERC Fall 2009 Showcase25 Handshake Protocol

25 Jeffrey SeibertSERC Fall 2009 Showcase26 Handshake Configurations  RSA (1024) Key exchange and message signing are done with RSA  ECDH-ECDSA (161) Key exchange is done with ECDH Message signing is done with ECDSA  ADH (1024) Key exchange is done with DH No message signing is done  DH-DSA (1024) Key exchange is done with DH Message signing is done with DSA

26 Jeffrey SeibertSERC Fall 2009 Showcase27 TLS Handshake

27 Jeffrey SeibertSERC Fall 2009 Showcase28 TLS Handshake (WAN)

28 Jeffrey SeibertSERC Fall 2009 Showcase29 Summary  Security comes at a cost: Complexity Communication cost Computation cost  Trade-offs between performance, security goals, and manageability  Customized secure protocols Leveraging existing protocols Meet performance and management requirements

29 Jeffrey SeibertSERC Fall 2009 Showcase30  We are looking forward to other practical projects where we can contribute our expertise in secure messaging systems (resilient to outsiders and insiders) Replication systems Unicast and multicast routing in wireless networks Group communication systems P2P streaming and multicast overlays

Download ppt "Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
Kapitel 7: Securing Site-to-Site Connectivity

Kapitel 7: Securing Site-to-Site Connectivity
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google