Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS 69995 – Dr. RothsteinSummer 2013.

Published byDarcy Jackson Modified over 9 years ago

Similar presentations

Presentation on theme: "INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS 69995 – Dr. RothsteinSummer 2013."— Presentation transcript:

1 INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS 69995 – Dr. RothsteinSummer 2013

2 Content  Introduction  Problems with the current implementation  Third part libraries  Proposed solution  Operating system integration  Network layer exploitation  TCP/UDP enhancement  More details.  Advantages  Disadvantages  Conclusion

3 Introduction  Cryptography is essential in today’s network communications.  Most of OS’s today are “natively” lacking (development wise).  Currently deployed cryptography implementations are often not secure.  General-purpose network cryptography library is needed.

4 The current approach  Third-party libraries:  SSL  Kerberos  PGP  Many others.

5 The current approach: problems  Inflexibility:  Non-intuitive.  Difficult to use (Steep learning curve.)  Diverse implementation  Compatibility:  Servers and clients have to match  Security:  Many security flaws  Design flaws: “4 a.m. design decisions.”

6 The current approach: problems  As a result, developers tend to  Incorrectly implement them, or  Avoid them. “In either case, security is compromised.”

7 Proposed solution  The authors introduce and define: A new general-purpose network cryptography library that integrates directly with the Operating System.  They argue that the best place for cryptography to be implemented is at the Operating System level rather than the current application-layer approach.

8 Proposed solution: OS Integration I  Currently developers must directly link their application to a cryptography library to enable secure communication.

9 Proposed solution: OS Integration II  The proposed solution is the general-purpose network cryptography that integrates with the OS’s kernel.

10 Proposed solution: Network stack exploitation I  Both transport and internet layers are utilized.  From the Internet Layer: Host info found in IP header is utilized to lookup cryptography keys. From host info, only “Destination Address” is need. No changes needed to Internet Layer. IP Host Info TCP/UDP Port Info

11 Proposed solution: Network stack exploitation II  From the Transport Layer: Port info found in TCP header is utilized to lookup cryptography keys. From Port info, only “Destination Port” is need. So both “Destination Address + Destination Port” are needed for cryptography keys lookup. Transport layer needs to be changed to natively support cryptography.

12 Proposed solution: TCP/UDP Enhancements I  Transport Layer (TCP/UDP) needs to be evolved:  Appending cryptography in the TCP header. The new fields to be added (Taken from PGP header) :

13 Proposed solution: TCP/UDP Enhancements II  TCP will also require an additional modification to streamline the key transfer process. The three-way handshake TCP uses can be enhanced to also transmit cryptography primitives. OriginatorDestination

14 Proposed solution: More details  The system described in this paper works with the Encryption Key System (EKS).  This system creates a chain of trust with a priori knowledge that is used to securely lookup keys.  The system leverages two distinct IDs to enable more security (DNS and EKS lookup).  This system also leverages a novel technique they called: “port-based sandboxing.”  enables the use of separate key pairs for individual services and users.

15 Advantages 1. Shifts community focus.  More security  More flexibility. 2. Offers smaller number of implementations which means fewer potential issues. 3. Easier for developers to use w/ existing socket API 4. Port-aware library supporting existing protocols. 5. Always up-to-date – same way w/ network sockets. 6. Available out of the box.

16 Disadvantages 1. Each host on the network requires a priori information, i.e., the EKS servers IP address and public key. How to securely transfer the server’s public key? 2. Certain types of protocols, like components of email, will need to be updated. 3. Some applications would require small changes while other would require larger changes.

17 Conclusion  A general-purpose cryptography library has been proposed.  It is the only way to resolve the security and flexibility problems currently being experienced on the Internet.  It provides a unified library that is easier to adopt by developers.  It complements the existing transmission protocols; it does not replace them.

18 Thank you

Download ppt "INTEGRATING NETWORK CRYPTOGRAPHY INTO THE OPERATING SYSTEM BY ANTHONY GABRIELSON HAIM LEVKOWITZ Mohammed Alali | CS 69995 – Dr. RothsteinSummer 2013."

Similar presentations

Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Lecture 7 Transport Layer

Lecture 7 Transport Layer
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.

10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.
Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.

Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Similar presentations

Ads by Google