Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006."— Presentation transcript:

1 Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006

2 Disclaimer The images in this presentation are taken from http://williamstallings.com/NetSec2e.html Network Security Essentials, William Stallings

3 Security Attacks

4 Interruption: attack on availability Interruption: attack on availability Interception: attack on confidentiality Interception: attack on confidentiality Modification: attack on integrity Modification: attack on integrity Fabrication: attack on authenticity Fabrication: attack on authenticity

5 Threat Classifications

6 Passive Attacks - Release of message contents

7 Passive Attacks - Traffic analysis

8 Active Attacks - Masquerade

9 Active Attacks – Replay

10 Active Attacks – Modification of message

11 Active Attacks – Denial of service

12 Security Goals Integrity Authenticity Availability Confidentiality

13 Security Services Confidentiality (privacy) Confidentiality (privacy) Authentication (who created or sent the data) Authentication (who created or sent the data) Integrity (has not been altered) Integrity (has not been altered) Non-repudiation (the order is final) Non-repudiation (the order is final) Access control (prevent misuse of resources) Access control (prevent misuse of resources) Availability (permanence, non-erasure) Availability (permanence, non-erasure) Denial of Service Attacks Denial of Service Attacks Virus that deletes files Virus that deletes files

14 Model of Network Security

15 Methods of Defense Encryption Encryption Software Controls (access limitations in a data base, in operating system protect each user from other users) Software Controls (access limitations in a data base, in operating system protect each user from other users) Hardware Controls (smartcard) Hardware Controls (smartcard) Policies (frequent changes of passwords) Policies (frequent changes of passwords) Physical Controls Physical Controls

16 Conventional Encryption

17 Cryptography Classified along three independent dimensions: The type of operations used for transforming plaintext to cipher text The type of operations used for transforming plaintext to cipher text The number of keys used The number of keys used symmetric (single key) (DES, 3DES) symmetric (single key) (DES, 3DES) asymmetric (two-keys, or public-key) (RSA) asymmetric (two-keys, or public-key) (RSA) The way in which the plaintext is processed The way in which the plaintext is processed Block cipher vs. Stream cipher processing Block cipher vs. Stream cipher processing

18 Average time required for exhaustive key search Key Size (bits) Number of Alternative Keys Time required at 10 6 Decryption/µs 32 2 32 = 4.3 x 10 9 2.15 milliseconds 56 2 56 = 7.2 x 10 16 10 hours 128 2 128 = 3.4 x 10 38 5.4 x 10 18 years 168 2 168 = 3.7 x 10 50 5.9 x 10 30 years

19 Key Distribution A key could be selected by A and physically delivered to B. A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to A and B. A third party could select the key and physically deliver it to A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

20 Key Distribution Session key: Session key: Data encrypted with a one-time session key. At the conclusion of the session, the key is destroyed Data encrypted with a one-time session key. At the conclusion of the session, the key is destroyed Permanent key: Permanent key: Used between entities for the purpose of distributing session keys Used between entities for the purpose of distributing session keys

21 Key Distribution

22 Authentication Requirements - must be able to verify that: Requirements - must be able to verify that: 1. Message came from apparent source or author 2. Contents have not been altered, 3. Sometimes, it was sent at a certain time or sequence. Protection against active attack (falsification of data and transactions) Protection against active attack (falsification of data and transactions)

23 Authentication - MAC

24 Authentication – Encrypted MAC

25 Authentication – Secret Value

26 Public-Key Cryptography Use of two keys (public key, private key) Use of two keys (public key, private key) The scheme has six ingredients The scheme has six ingredients Public key Public key Private key Private key Plaintext Plaintext Encryption algorithm Encryption algorithm Ciphertext Ciphertext Decryption algorithm Decryption algorithm

27 Encryption using Public-Key

28 Authentication using Public-Key

29 Public-Key Cryptographic Algorithms RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. RSA is a block cipher RSA is a block cipher The most widely implemented The most widely implemented Diffie-Hellman Diffie-Hellman Echange a secret key securely Echange a secret key securely Compute discrete logarithms Compute discrete logarithms

30 Public-Key Infrastructure (PKI) Creating Certificate * CA = Certificate Authority

31 Public-Key Infrastructure (PKI) Obtaining a Certificate http://www.sdl.hitachi.co.jp/english/people/pki/index04.html

32 X.509 Authentication Service Distributed set of servers that maintains a database about users. Distributed set of servers that maintains a database about users. Each certificate contains the public key of a user and is signed with the private key of a CA*. Each certificate contains the public key of a user and is signed with the private key of a CA*. Is used in S/MIME, IP Security, SSL/TLS and SET. Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use. RSA is recommended to use. * CA = Certificate Authority

33 X.509 CA Hierarchy

34 Revocation of Certificates Reasons: Reasons: The users secret key is assumed to be compromised. The users secret key is assumed to be compromised. The user is no longer certified by this CA. The user is no longer certified by this CA. The CA’s certificate is assumed to be compromised. The CA’s certificate is assumed to be compromised.

35 E-Mail Security PGP – (Pretty Good Privacy) PGP – (Pretty Good Privacy) Philip R. Zimmerman is the creator Philip R. Zimmerman is the creator Provides a confidentiality and authentication service Provides a confidentiality and authentication service Can be used for email and file storage applications Can be used for email and file storage applications S/MIME - (Secure/Multipurpose Internet Mail Extension) S/MIME - (Secure/Multipurpose Internet Mail Extension) Enveloped Data: content and session keys encrypted for recipients. Enveloped Data: content and session keys encrypted for recipients. Signed Data: Message Digest encrypted with private key of “signer.” Signed Data: Message Digest encrypted with private key of “signer.” Clear-Signed Data: Signed but not encrypted. Clear-Signed Data: Signed but not encrypted. Signed and Enveloped Data Signed and Enveloped Data

36 PGP

37 Secure Sockets Layer - SSL Browser connects to a secure server https://..... Browser connects to a secure server https://..... The server sends it’s certificate The server sends it’s certificate The browser The browser verifies the certificate verifies the certificate creates a session key (shared secret) creates a session key (shared secret) encrypts the session key with server’s public key encrypts the session key with server’s public key sends it to the server. sends it to the server. The server decrypts the session key using it’s private key The server decrypts the session key using it’s private key The handshake is comlete! Now browser and server can talk using a shared secret key. The handshake is comlete! Now browser and server can talk using a shared secret key. The browser send sensitive info (credit card) over a secure channel. The browser send sensitive info (credit card) over a secure channel. http://www.ourshop.com/resources/ssl.html

38 Security and Java Platform Platform Security (Java Language, Sand Box) Platform Security (Java Language, Sand Box) Cryptography (JCA, JCE) Cryptography (JCA, JCE) Authentication and Access Control (JAAS) Authentication and Access Control (JAAS) Secure Communications (JSSE, JGSS) Secure Communications (JSSE, JGSS) Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) http://java.sun.com/security/

Download ppt "Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Blekinge Institute of Technology, Sweden

Blekinge Institute of Technology, Sweden
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Similar presentations

Ads by Google