Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Published byMartina King Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key."— Presentation transcript:

1 Network Security

2 Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key Encryption and Digital Signatures IPv4 and IPv6 Security

3 Security Requirements Confidentiality Integrity Availability

4 Passive Attacks Release of message content (eavesdropping) –Prevented by encryption Traffic Analysis –Fixed by traffic padding Passive attacks are easier to prevent than to detect

5 Active Attacks Involve the modification of the data stream or creation of a false data stream Active Attacks are easier to detect than to prevent

6 Active Attacks (cont.) Masquerade Replay Modification of messages Denial of service

7 Conventional Encryption Plain text Encryption algorithm Decryption algorithm Plain text Transmitted ciphertext Shared secret key

8 Conventional Encryption Requirements Knowing the algorithm, the plain text and the ciphered text, it shouldn’t be feasible to determine the key. The key sharing must be done in a secure fashion.

9 Encryption Algorithms Data Encryption Standard (DES) –Plaintext: 64-bit blocks –Key: 56 bits –Has been broken in 1998 (brute force) Triple DES Advanced Encryption Standard (AES) –Plaintext: 128-bit blocks –Key: 128, 256 or 512 bits

10 Location of Encryption Devices PSN Packet Switching Node End-to-end encryption device Link encryption device

11 Key Distribution Manual –Selected by A, physically delivered to B –Selected by C, physically delivered to A and B Automatic –The new key is sent encrypted with an old key –Sent through a 3-rd party with which A and B have encrypted links

12 Message Authentication Authentic message means that: –it comes from the alleged source –it has not been modified

13 Message Authentication Approaches Authentication with conventional encryption Authentication without message encryption: –when confidentiality is not necessary –when encryption is unpractical

14 Message Authentication Code Uses a secret key to generate a small block of data MAC M = F (K AB, M)

15 One-way Hash Function Message digest – a “fingerprint” of the message Like MAC, but without the use of a secret key The message digest must be authenticated

16 Secure Hash Requirements H can be applied to a block of any size H produces a fixed-length output H( x ) is easy to compute Given h, it is infeasible to compute x s.t. H( x ) = h Given x, it is infeasible to find y s.t. H( x ) = H( y ) It is infeasible to find ( x, y ) such that H( x ) = H( y )

17 Secure Hash Functions Message Digest v5 (MD5) –128-bit message digest –has been found to have collision weakness Secure Hash Algorithm (SHA-1) –160-bit message digest

18 Public-Key Encryption Each user has a pair of keys: –public key –private key What is encrypted with one, can only be decrypted with the other

19 Encryption Plain text Transmitted ciphertext Bob’s public key AliceBob Bob’s private key

20 Authentication Plain text Transmitted ciphertext Alice’s public key AliceBob Alice’s private key

21 Digital Signature Like authentication, only performed on a message authenticator (SHA-1)

22 Public-Key Encryption Algorithms RSA (used by PGP) El Gamal (used by GnuPG)

23 Key Management Public-Key encryption can be used to distribute secret keys for conventional encryption Public-Key authentication: –signing authority –web of trust

24 IPv4 and IPv6 Security Provides encryption/authentication at the network (IP) layer IPSec applications: –Virtual Private Networking –E-commerce Optional for IPv4, mandatory for IPv6

25 IP Header with IPSec Information

26 Two Types of IPSec Security Protocols

27 Advantages of IPSec

28 How an AH is Generated in IPSec

29 AH Fields

30 The ESP Header Format E ncapsulated S ecurity P ayload

31 Tunnel Versus Transport Mode

32 AH Header Placement in Transport Mode

33 AH Header Placement in Tunnel Mode

34 ESP Header Placement in Transport Mode

35 ESP Header Placement in Tunnel Mode

36 Security Association One-way relationship between two hosts, providing security services for the payload Uniquely identified by: –Security Parameter Index (SPI) –IP destination address –Security Protocol Identifier (AH/ESP)

37 SA Security Parameters

38 IPSec Process Negotiation

39 Key Management Manual –used for small networks –easier to configure Automated –more scalable –more difficult to setup –ISAKMP/Oakley

40 IKE Use in an IPSec Environment

Download ppt "Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Introduction to Cryptography

Introduction to Cryptography
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 18: Network Security Business Data Communications, 5e.

Chapter 18: Network Security Business Data Communications, 5e.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google