Presentation is loading. Please wait.

Presentation is loading. Please wait.

22-1 Last time □ SMTP (email) □ DNS. 22-2 This time □ P2P □ Security.

Published byArnold Tyler Modified over 9 years ago

Similar presentations

Presentation on theme: "22-1 Last time □ SMTP (email) □ DNS. 22-2 This time □ P2P □ Security."— Presentation transcript:

1 22-1 Last time □ SMTP (email) □ DNS

2 22-2 This time □ P2P □ Security

3 22-3 Chapter 2: Application layer □ 2.1 Principles of network applications ♦ app architectures ♦ app requirements □ 2.2 Web and HTTP □ 2.4 Electronic Mail ♦ SMTP, POP3, IMAP □ 2.5 DNS □ 2.6 P2P file sharing □ 2.7 Socket programming with TCP □ 2.8 Socket programming with UDP □ 2.9 Building a Web server

4 22-4 P2P file sharing Example □ Alice runs P2P client application on her notebook computer □ Intermittently connects to Internet; gets new IP address for each connection □ Asks for “Hey Jude” □ Application displays other peers that have copy of Hey Jude. □ Alice chooses one of the peers, Bob. □ File is copied from Bob’s PC to Alice’s notebook: HTTP □ While Alice downloads, other users uploading from Alice. □ Alice’s peer is both a Web client and a transient Web server. All peers are servers = highly scalable!

5 22-5 P2P: centralized directory original “Napster” design 1) when peer connects, it informs central server: ♦ IP address ♦ content 2) Alice queries for “Hey Jude” 3) Alice requests file from Bob centralized directory server peers Alice Bob 1 1 1 1 2 3

6 22-6 P2P: problems with centralized directory □ Single point of failure □ Performance bottleneck □ Copyright infringement file transfer is decentralized, but locating content is highly centralized

7 22-7 Query flooding: Gnutella □ Fully distributed ♦ no central server □ Public domain protocol □ Many Gnutella clients implementing protocol Overlay network: graph □ Edge between peer X and Y if there’s a TCP connection □ All active peers and edges is overlay net □ Edge is not a physical link □ Given peer will typically be connected with < 10 overlay neighbors

8 22-8 Gnutella: protocol Query QueryHit Query QueryHit Query QueryHit File transfer: HTTP □ Query message sent over existing TCP connections □ Peers forward Query message □ QueryHit sent over reverse path Scalability: limited scope flooding

9 22-9 Gnutella: Peer joining 1. Joining peer X must find some other peer in Gnutella network: use list of candidate peers 2. X sequentially attempts to make TCP with peers on list until connection setup with Y 3. X sends Ping message to Y; Y forwards Ping message. 4. All peers receiving Ping message respond with Pong message 5. X receives many Pong messages. It can then setup additional TCP connections

10 22-10 Exploiting heterogeneity: KaZaA □ Each peer is either a group leader or assigned to a group leader. ♦ TCP connection between peer and its group leader. ♦ TCP connections between some pairs of group leaders. □ Group leader tracks the content in all its children.

11 22-11 KaZaA: Querying □ Each file has a hash and a descriptor □ Client sends keyword query to its group leader □ Group leader responds with matches: ♦ For each match: metadata, hash, IP address □ If group leader forwards query to other group leaders, they respond with matches □ Client then selects files for downloading ♦ HTTP requests using hash as identifier sent to peers holding desired file

12 22-12 KaZaA tricks □ Limitations on simultaneous uploads ♦ Request queuing □ Incentive priorities □ Parallel downloading

13 22-13 BitTorrent □ Peers in P2P leave often ♦ bad if Alice leaves while Bob is downloading a (huge) file from her □ BitTorrent breaks files into segments (256 KB) and shares segments instead ♦ peers request segments that are rare early on to increase their availability □ BitTorrent does not provide mechanism for locating content ♦ assumes that clients have a “.torrent” file, listing name of “tracker server”, which keeps track of peers having segments

14 22-14 Chapter 8: Network Security Chapter goals: □ Understand principles of network security: ♦ cryptography and its many uses beyond “confidentiality” ♦ authentication ♦ message integrity ♦ key distribution □ Security in practice: ♦ firewalls ♦ security in application, transport, network, link layers

15 22-15 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers

16 22-16 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents ♦ sender encrypts message ♦ receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users

17 22-17 Friends and enemies: Alice, Bob, Trudy □ Well-known in network security world □ Bob, Alice (lovers?) want to communicate “securely” □ Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Alice Bob Trudy

18 22-18 Who might Bob, Alice be? □ … well, real-life Bobs and Alices! □ Web browser/server for electronic transactions (e.g., on-line purchases) □ On-line banking client/server □ DNS servers □ Routers exchanging routing table updates □ Other examples?

19 22-19 There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: a lot! ♦ eavesdrop: intercept messages ♦ actively insert messages into connection ♦ impersonation: can fake (spoof) source address in packet (or any field in packet) ♦ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place ♦ denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later ……

20 22-20 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers

21 22-21 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B

22 22-22 Symmetric key cryptography substitution cipher: substituting one thing for another ♦ monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How hard to break this simple cipher?: □ brute force (how hard?) □ other?

23 22-23 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K □ e.g., key is knowing substitution pattern in mono alphabetic substitution cipher □ Q: how do Bob and Alice agree on key value? plaintext ciphertext K A-B encryption algorithm decryption algorithm A-B K plaintext message, m E (m) A-B (m) A-B m = D ( E ) A-B

24 22-24 Symmetric key crypto: DES DES: Data Encryption Standard □ US encryption standard [NIST 1993] □ 56-bit symmetric key, 64-bit plaintext input □ How secure is DES? ♦ DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in 22 hours 15 minutes ♦ no known “backdoor” decryption approach □ Making DES more secure: ♦ use three keys sequentially (3-DES) on each datum

25 22-25 AES: Advanced Encryption Standard □ Newer (Nov. 2001) symmetric-key NIST standard, replacing DES □ Processes data in 128 bit blocks □ 128, 192, or 256 bit keys □ Brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES-128

26 22-26 Public Key Cryptography Symmetric key crypto □ Requires sender, receiver know shared secret key □ Q: how to agree on key in first place (particularly if never “met”)? Public key cryptography □ Radically different approach [Diffie- Hellman76, RSA78] □ Sender, receiver do not share secret key □ Public encryption key known to all □ Private decryption key known only to receiver

27 22-27 Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public encryption key plaintext message E (m) B E B Bob’s private decryption key D B m = D (E (m) ) B B

28 22-28 Public key encryption algorithms need E ( ) and D ( ) such that B B.. given public key E, it should be “impossible” to compute private key D B B Requirements: 1 2 RSA: Rivest, Shamir, Adleman algorithm D (E (m)) = m B B

29 22-29 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). E B D B

30 22-30 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c

31 22-31 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. letter m m e c = m mod n e L 12 1524832 17 c m = c mod n d 17 481968572106750915091411825223071697 12 c d letter L encrypt: decrypt:

32 22-32 Recap □ P2P □ Security ♦ Intro ♦ Principles of cryptography

33 22-33 Next time □ Message Integrity □ Authentication □ Key distribution and certification

Download ppt "22-1 Last time □ SMTP (email) □ DNS. 22-2 This time □ P2P □ Security."

Similar presentations

Chapter 8 Network Security

Chapter 8 Network Security
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
Welcome to CS 395/495 Internet Security: A Measurement-based Approach.

Welcome to CS 395/495 Internet Security: A Measurement-based Approach.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.

1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
1DT014/1TT821 Computer Networks I Chapter 8 Network Security

1DT014/1TT821 Computer Networks I Chapter 8 Network Security
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google