Presentation is loading. Please wait.

Presentation is loading. Please wait.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution."— Presentation transcript:

1 7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution and certification Security in practice: r application layer: secure e-mail r transport layer: Internet commerce, SSL, SET r network layer: IP security

2 7: Network Security2 Importance of Network Security? r Think about… m The most private, embarrassing or valuable piece of information you’ve ever stored on a computer m How much you rely on computer systems to be available when you need them m The degree to which you question whether a piece of email really came from the person listed in the From field m How convenient it is to be able to access private information online (e.g. buy without entering all data, look up your transcript without requesting a copy,…)

3 7: Network Security3 Importance of Network Security r Society is becoming increasingly reliant on the correct and secure functioning of computer systems m Medical records, financial transactions, etc. r It is our jobs as professional computer scientists: m To evaluate the systems we use to understand their weaknesses m To educate ourselves and others to be wise network consumers m To design networked systems that are secure

4 7: Network Security4 Overview of Attacks and responses r Probably from: r James Kurose & Keith Ross; Computer r Networking: A Top-Down Approach r Featuring the Internet, 3rd Edition, r Addison Wesley, 2005, ISBN: 0-321- r 22735-2. r Copyright 1996-2005 J.F Kurose and r K.W. Ross, All Rights Reserved r Acknowledgments

5 7: Network Security5 Taxonomy of Attacks (1)  Process based model to classify methods of attack  Passive:  Interception: attacks confidentiality. a.k.a., eavesdropping, “man-in-the-middle” attacks.  Traffic Analysis: attacks confidentiality, or anonymity. Can include traceback on a network, CRT radiation.  Active:  Interruption: attacks availability. (a.k.a., denial-of-service attacks  Modification: attacks integrity.  Fabrication: attacks authenticity.

6 7: Network Security6 Taxonomy of Attacks (2)  ‘Result of the attack’ taxonomy  Increased Access the quest for root  Disclosure of Information credit card numbers  Corruption of Information changing grades, etc  Denial of Service self explanatory  Theft of Resources stealing accounts, bandwidth

7 7: Network Security7 Fundamentals of Defense r Cryptography r Restricted Access m Restrict physical access, close network ports, isolate from the Internet, firewalls, NAT gateways, switched networks r Monitoring m Know what normal is and watch for deviations r Heterogeneity/Randomness m Variety of Implementations, Random sequence numbers, Random port numbers

8 7: Network Security8 Fundamentals of Defense r Cryptography: the study of mathematical techniques related to information security that have the following objectives: m Integrity m Non-repudiation m Confidentiality m Authentication

9 7: Network Security9 Objectives of Cryptography r Integrity : ensuring information has not been altered by unauthorized or unknown means m Integrity makes it difficult for a third party to substitute one message for another. m It allows the recipient of a message to verify it has not been modified in transit. r Nonrepudiation : preventing the denial of previous commitments or actions m makes it difficult for the originator of a message to falsely deny later that they were the party that sent the message. m E.g., your signature on a document.

10 7: Network Security10 Objectives of Cryptography r Secrecy/Confidentiality : ensuring information is accessible only by authorized persons m Traditionally, the primary objective of cryptography. m E.g. encrypting a message r Authentication : corroboration of the identity of an entity m allows receivers of a message to identify its origin m makes it difficult for third parties to masquerade as someone else m e.g., your driver’s license and photo authenticates your image to a name, address, and birth date.

11 7: Network Security11 Security Services r Authorization r Access Control r Availability r Anonymity r Privacy r Certification r Revocation

12 7: Network Security12 Security Services r Authorization: conveyance of official sanction to do or be something to another entity. m Allows only entities that have been authenticated and who appear on an access list to utilize a service. m E.g., your date of birth on your driver’s license authorizes you to drink as someone who is over 21. r Access Control: restricting access to resources to privileged entities. m ensures that specific entities may perform specific operations on a secure object. m E.g. Unix access control for files (read, write, execute for owner, group, world)

13 7: Network Security13 Security Services r Availability: ensuring a system is available to authorized entities when needed m ensures that a service or information is available to an (authorized) user upon demand and without delay. m Denial-of-service attacks seek to interrupt a service or make some information unavailable to legitimate users.

14 7: Network Security14 Security Services r Anonymity : concealing the identity of an entity involved in some process m Concealing the originator of a message within a set of possible entities. The degree of anonymity of an entity is the sum chance that everyone else in the set is the originator of the message. Anonymity is a technical means to privacy. r Privacy: concealing personal information, a form of confidentiality.

15 7: Network Security15 Security Services r Certification: endorsement of information by a trusted entity. r Revocation: retraction of certification or authorization r Certification and Revocation m Just as important as certifying an entity, we need to be able to take those rights away, in case the system is compromised, we change policy, or the safety that comes from a “refresh”.

16 7: Network Security16 Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice want to communicate “securely” r Trudy, the “intruder” may intercept, delete, add messages Figure 7.1 goes here

17 7: Network Security17 What is network security? Secrecy: only sender, intended receiver should “understand” msg contents m sender encrypts msg m receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

18 7: Network Security18 Internet security threats Packet sniffing: m broadcast media m promiscuous NIC reads all packets passing by m can read all unencrypted data (e.g. passwords) m e.g.: C sniffs B’s packets A B C src:B dest:A payload

19 7: Network Security19 Internet security threats IP Spoofing: m can generate “raw” IP packets directly from application, putting any value into IP source address field m receiver can’t tell if source is spoofed m e.g.: C pretends to be B A B C src:B dest:A payload

20 7: Network Security20 Internet security threats Denial of service (DOS): m flood of maliciously generated packets “swamp” receiver m Distributed DOS (DDOS): multiple coordinated sources swamp receiver m e.g., C and remote host SYN-attack A A B C SYN

21 7: Network Security21 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Figure 7.3 goes here plaintext ciphertext K A K B

Download ppt "7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CSE401n:Computer Networks

CSE401n:Computer Networks
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.

Similar presentations

Ads by Google