Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system."— Presentation transcript:

1 Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system and network security –Relate security services to security attacks –Describe the basic operation of encryption through Feistel cypher structure –Compare different symmetric encryption algorithms: DES and AES –Design a simple encryption algorithm

2 Security Internet Management & Security 06 Introduction With the high availability of resources on the Internet, security has become a very relevant issue. The main aim is to protect the resources on the Internet so that they cannot: –Be accessed –Be changed –Be deleted by non-authorised or malicious users

3 Security Internet Management & Security 06 Vulnerability of systems and networks A B C D Malicious user Malicious user Malicious user Malicious user

4 Security Types of Security Attacks Attacks can be categorised as : – Passive Security Attacks – Active Security Attacks Internet Management & Security 06

5 Security Internet Management & Security 06 Passive security attacks A passive attack is an attack where an unauthorized attacker monitors or listens in on the communication between two parties.

6 Security Internet Management & Security 06 Passive security attacks Passive attacks –Obtain information being transmitted or stored in a system –Do not alter the contents of messages or files –Difficult to detect Solution: –Prevent the attack: data confidentiality –Encrypt information, strongly authenticate access

7 Security Internet Management & Security 06 Active security attacks Active attacks requires the attacker to be able to transmit data to one or both of the parties, or block the data stream in one or both directions. –Modify or delete data stored or being transmitted Masquerade Replay Modification Denial of service –Easier to detect –Harder to prevent

8 Security Internet Management & Security 06 Active security attacks –the attacker can stop all or parts of the data sent by the communicating parties. –This attacker can e.g. try to take the place of the client (or server) when the authentication procedure has been performed. –Without integrity checks of the received data, the server will not detect that the origin of the data is not the authenticated person. –A clever programmer can, with not to much effort, implement a system like this on a computer acting as a gateway (bridge) between two subnets.

9 Security Internet Management & Security 06 Active security attacks The following are examples of different attacks this person could impose. –Inserting his own data into the data stream. –Playback of data from another connection. –Playback of data that had previously been sent in the same and opposite direction on the same connection. –Deletion of data. –Man-in-the-middle attack. The man-in-the-middle-attack is an attack where the intruder sits in the middle of the communication link, intercepting messages and substituting them with his own messages. In this way, he tries to fool the parties to believe they are talking to each other directly, while they really are talking to the attacker him-selves.

10 Security Internet Management & Security 06 Active security attacks Solution: –Authentication –Access control –Data confidentiality –Data integrity –Non-repudiation –Availability

11 Security Internet Management & Security 06 Conclusions Security strategies are important because they: –help maintain good performance of resources on a network –guarantee users that their information is safe and private –deter potential attacks on resources

12 Security Internet Management & Security 06 Resources Stallings W., Network Security Essentials, 2 nd Edition, Prentice Hall, 2002 (Chapter 1) RFC 2828 Internet Security Glossary http://www.pvv.ntnu.no/~asgaut/crypto/thesis /node1.html

13 Security Internet Management & Security 06 Cryptography Cryptography modifies the content of a message according to a predetermined pattern only known by sender and receiver with the aim to prevent other parties from reading the content An encrypted message is: 1 Transformed 2 Transmitted 3 Unchanged The predetermined pattern or key needs to be transmitted separately

14 Security Internet Management & Security 06 Symmetric cryptography Process of cryptography: Message Encryption algorithm Secret key Cipher text Decryption algorithm (the success of the process relies on the secrecy of the key, but it must be known by the sender and the receiver)

15 Security Cryptography on the Internet Internet Management & Security 06 An iterated block cipher maybe be used to get a few rounds of security

16 Security Internet Management & Security 06 Triple DES What we all call Triple DES is EDE (encrypt, decrypt, encrypt). The way that it works is that you take three 56-bit keys, and encrypt with K1, decrypt with K2 and encrypt with K3. There are two-key and three-key versions. Think of the two-key version as merely one where K1=K3. Note that if K1=K2=K3, then Triple DES is really Single DES.

17 Security Internet Management & Security 06 Triple DES The same as DES but it uses three executions of the full DES algorithm with three different keys Used in financial applications C=E K 3 [D K 2 [E K 1 [P]]] C – cipher text P – plaintext E K [X] – encryption of X using key K D K [X] – decryption of X using key K Advantage – effective key of 128 bits Disadvantage – more processing power needed

18 Security Internet Management & Security 06 Advanced Encryption Standard (AES) AES – first thought of to replace 3DES with a lighter algorithm that provides the same security as 3DES Block length – 128 bits Supports keys of – 128, 192 and 256 bits (most common key is 128) NOT a Feistel structure

19 Security Internet Management & Security 06 AES

20 Security Internet Management & Security 06 AES

21 Security Internet Management & Security 06 AES

22 Security Internet Management & Security 06 AES

23 Security Internet Management & Security 06 Other symmetric algorithms IDEA Blowfish RC5

24 Security Internet Management & Security 06 Conclusions Encrypted information has more probabilities of remaining private Most common symmetrical encryption algorithms use Feistel’s cipher The length of the block and the key determine the efficiency of the cipher based algorithms AES solves the problem of processing power and key sizes The transmission of the key remains a problem

25 Security Internet Management & Security 06 Resources Stallings W., Network Security Essentials, 2 nd Edition, Prentice Hall, 2002 (Chapter 2) FIPS Advanced Encryption Standard, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS DES Data Encryption Standard, http://www.itl.nist.gov/fipspubs/fip46-2.htm http://www.itl.nist.gov/fipspubs/fip46-2.htm http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci96 8714,00.html

Download ppt "Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Chapter 11: Cryptography

Chapter 11: Cryptography
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google