Presentation is loading. Please wait.

Presentation is loading. Please wait.

EEC4113 Data Communication & Multimedia System Chapter 9: Session Layer – Network Security by Muhazam Mustapha, November 2011.

Published byMariah Anne O’Connor’ Modified over 9 years ago

Similar presentations

Presentation on theme: "EEC4113 Data Communication & Multimedia System Chapter 9: Session Layer – Network Security by Muhazam Mustapha, November 2011."— Presentation transcript:

1 EEC4113 Data Communication & Multimedia System Chapter 9: Session Layer – Network Security by Muhazam Mustapha, November 2011

2 Learning Outcome By the end of this chapter, students are expected to be able to explain issues related to network security

3 Chapter Content Network Security Issues Security Key, Cryptography and Authentication Techniques Firewall Steganography

4 Network Security Issues CO1

5 Security Requirements Confidentiality –Requires that data only be accessible by authorized party Integrity –Requires that data can be modified only by authorized party –Modification includes writing, changing, deleting and creating CO1

6 Security Requirements Availability –Requires that data are available to authorized parties Authenticity –Requires that a host or service be able to verify the identity of a user CO1

7 Types of Attacks A useful means of classifying security attacks is in terms of passive attacks and active attacks The purpose of attacks are not necessarily to obtain information, but might be just to cause some kind of problem at the target 2 types of attacks: –Passive attacks –Active attacks CO1

8 Passive Attacks Eavesdropping on transmissions to obtain information –Secretly listening to people’s conversation Two types: –Release of message contents Outsider learns content of transmission –Traffic analysis By monitoring frequency and length of messages, even encrypted, nature of communication can be guessed CO1

9 Passive Attacks Difficult to detect because do not involve any alteration of the data Can be prevented, usually by means of encryption CO1

10 Active Attacks Involve some modification of the data stream or the creation of a false stream 4 types: –Masquerade –Replay –Modification of messages –Denial of service (DoS) Easy to detect but hard to prevent Goal: Detect and recover from any disruption or delays caused by them CO1

11 Active Attacks Masquerade –Pretending to be a different entity Replay –Passive capture of data unit and its subsequent retransmission to produce an unauthorized effect capture a password during an eavesdropping and reusing it to dishonestly access a system CO1

12 Active Attacks Modification of Messages –Portion of legitimate message is altered into a content wanted by the attacker Denial of Services (DoS) –Disruption of entire network or a server, either by disabling the network server or by overloading it with messages so as to degrade performance CO1

13 Security Key, Cryptography and Authentication CO1

14 Maintaining Confidentiality The universal technique for providing confidentiality for transmitted data is symmetric encryption Also referred to as conventional encryption or single-key encryption CO1

15 Symmetric Encryption Performs various substitutions & transformations on the plaintext Scrambled message, produced as output. Depends on plaintext & secret key. Different keys will produce different ciphertext Input to the encryption algorithm. Exact substitutions & transformation performed by the algorithm depend on the key Takes ciphertext & secret key as input to produce the original plaintext Original message or data that is fed into the algorithm as input CO1

16 Encryption Requirements Strong encryption algorithm –Even if known, should not be able to decrypt or work out key –Even if a number of cipher texts are available together with plain texts of them Sender and receiver must obtain secret key securely –Once key is known, all communication using this key is readable CO1

17 Attacking Encryption There are 2 general approaches to attacking symmetric scheme: –Cryptanalysis Rely on nature of algorithm plus some knowledge of general characteristics of plain text Attempt to deduce plain text or key CO1

18 Attacking Encryption –Brute force Try every possible key until plain text is achieved CO1

19 Encryption Algorithms The most commonly used symmetric encryption algorithm are block ciphers Block cipher processes plaintext in fixed block sizes producing block of ciphertext of equal size CO1

20 Encryption Algorithms Two most important block cipher algorithms: –Data Encryption Standard (DES) – 56-bit key Extension of DES - 3DES – 112 / 168-bit key –Advanced Encryption Standard (AES) – up to 256-bit key CO1

21 Location of Encryption Devices CO1

22 Link Encryption All traffic secure High level of security Requires lots of encryption devices Message must be decrypted at each switch to read address (virtual circuit number) Security vulnerable at switches –Particularly on public switched network CO1

23 End-to-End Encryption Encryption done at ends of system Data in encrypted form crosses network unaltered Destination shares key with source to decrypt Host can only encrypt user data –Otherwise switching nodes could not read header or route packet Traffic pattern not secure CO1

24 Secure Hash Functions Hash function must have following properties: –Can be applied to any size data block –Produce fixed length output –Easy to compute –Not feasible to reverse –Not feasible to find two message that give the same hash CO1

25 SHA-1 Secure Hash Algorithm 1 Input message less than 2 64 bits –Processed in 512 bit blocks Output 160 bit digest CO1

26 SHA-1 Example CO1

27 Public Key Cryptography Based on mathematical algorithms Asymmetric –Use two separate keys Ingredients –Plain text –Encryption algorithm –Public and private key –Cipher text –Decryption algorithm CO1

28 Public Key Cryptography: Encryption CO1

29 Public Key Cryptography: Authentication CO1

30 Public Key Cryptography: Encryption Operation User generates pair of keys User places one key in public domain Infeasible to determine decryption key given encryption key and algorithm To send a message to user, encrypt using the user’s public key User decrypts using his private key His own public key could NOT decrypt it CO1

31 Public Key Cryptography: Authentication Operation To send an authentication certification to a receiver, encrypt the certification using the sender’s private key Receiver authenticates the certification using the sender’s public key CO1

32 RSA (Rivest, Shamir, Adleman) Algorithm CO1

33 RSA (Rivest, Shamir, Adleman) Algorithm CO1

34 RSA Example CO1

35 SSL Transport Layer Security Security services for TCP/IP Transport Layer Security defined in RFC 2246 SSL (secure socket layer) general- purpose service –Set of protocols that rely on TCP Two implementation options –Part of underlying protocol suite Transparent to applications –Embedded in specific packages E.g. Netscape and Microsoft Explorer and most Web servers CO1

36 SSL Architecture SSL uses TCP to provide reliable end-to- end secure service SSL two layers of protocols Record Protocol provides basic security services to various higher-layer protocols –In particular, HTTP can operate on top of SSL Three higher-layer protocols –Handshake Protocol –Change Cipher Spec Protocol –Alert Protocol CO1

37 SSL Protocol Stack CO1

38 SSL Record Protocol The SSL record protocol defines the format used to transmit data The SSL record protocols provides two services for SSL connections: –Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads –Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC) CO1

39 SSL Record Protocol CO1

40 SSL Header Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment. Major Version (8 bits): Indicates the major version of SSL in use. E.g. 3 Minor Version (8 bits): e.g. 0 Compressed length (16 bits): The length in bytes of the plain text fragment. The maximum value is 2^14 + 2048 CO1

41 SSL Handshake Protocol The SSL handshake protocol involves using the SSL record protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled client when they first establish an SSL connection. This exchange of messages is designed to facilitate the following actions: –Authenticate the server to the client. –Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support. –Optionally authenticate the client to the server. –Use public-key encryption techniques to generate shared secrets. –Establish an encrypted SSL connection. CO1

42 SSL Handshake Protocol CO1

43 SSL Change Cipher Spec Protocol Used to change the keying material in encryption between the client and server Keying material is raw data that is used to create keys for cryptographic use The CCS sub-protocol consists of a single message to tell other party in the SSL/TLS session, who is also known is the peer, that the sender wants to change to a new set of keys CO1

44 SSL Alert Protocol Alert messages are used to indicate a change in status or an error condition to the peer There are a wide variety of alerts to notify the peer of both normal and error conditions defined in RFC 2246: –closure notify –unexpected message –bad record MAC –decompression failure –handshake failure CO1

45 Firewall CO1, CO3

46 Firewalls A firewall is a piece of hardware or software program which protects a computer or network from attacks from intruders and hackers Today’s firewalls also include virus scanning, URL screening, and keyword scanners – or the other way around CO1, CO3

47 Firewalls CO1, CO3

48 Need for Firewalls To protect for following: Loss and Manipulation of Data Business Secrets and Confidential Data Hijacked Networks Loss of Reputation CO1, CO3

49 Firewall Operation Authorize a connection (allow) Block a connection (deny) –Based on incoming source –Based on content –Based on outgoing source Reject a connection request without informing the issuer (drop) Logging of any traffic CO1, CO3

50 Level of Operation Filtration (exceptions) can be done at various levels User/Destination level –certain users or IP address given certain privileges or can be blocked Application level –certain applications given certain privileges Service level –certain services (FTP, HTTP, SMTP) on certain port numbers may or may not be allowed CO1, CO3

51 Hardware vs Software Firewall Advantage of software firewall –Free or cheap to install –Easy to install –Specialist skills not needed for configuration –Levels of access can be set Disadvantage of software firewall –May be heavy and slow down applications –Can be difficult to remove –Requires regular patching to all hosts –No centralized management CO1, CO3

52 Hardware vs Software Firewall Advantage of hardware firewall –Centralized management possible –Secure –Fast –Less interference Disadvantage of hardware firewall –Expensive to purchase –Needs specialist knowledge –Takes up physical space –Hard to upgrade CO1, CO3

53 Steganography CO1

54 Steganography Art and science of communicating in a way that hides the existence of a message –Hidden in plain sight Signal or pattern imposed on content Not encryption – data is sent in plain text Not copy protecting – the copy of data is hardly visible CO1

55 Classic Techniques Invisible ink (1st century AD - WW II) Overwrite select characters in printed type in pencil –look for the gloss Pin punctures in type Microdots –e.g. microdots to protect against car theft CO1

56 Modern Motivation Steganography received little attention in modern computing Renewed interest because of industry desire to protect copyrighted digital work –audio, images, video, text Detect counterfeiter (plagiarism), unauthorized presentation, embed key, embed author ID CO1

57 Some Modern Techniques Null cipher Message hidden in plain sight and plain text Big rumble in New Guinea. The war on celebrity acts should end soon. Over four big ecstatic elephants replicated. Bring two cases of beer. CO1

58 Some Modern Techniques Image watermarking Involves bit dropping, flipping, color separation, etc From image of a tree, removing all but the two least significant bits of each color component produces an almost completely black image. Making that image 85 times brighter produces the cat image. CO1

59 Some Modern Techniques UV Watermarking CO1

60 Some Modern Techniques Machine ID Codes in Laser Printers CO1

61 Some Modern Techniques Machine ID Codes in Laser Printers CO1

62 Some Modern Techniques Machine ID Codes in Laser Printers CO1

63 Some Modern Techniques Machine ID Codes in Laser Printers CO1

64 Some Modern Techniques Typography Text lines shifted up/down (40 lines text ⇒ 2 40 codes) word space coding character encoding - minor changes to shapes of characters CO1

Download ppt "EEC4113 Data Communication & Multimedia System Chapter 9: Session Layer – Network Security by Muhazam Mustapha, November 2011."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google