Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security David Lazăr.

Published byAsher Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security David Lazăr."— Presentation transcript:

1 Network Security David Lazăr

2 Contents Security Requirements and Attacks
Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key Encryption and Digital Signatures IPv4 and IPv6 Security

3 Security Requirements
Confidentiality Integrity Availability

4 Passive Attacks Release of message content (eavesdropping)
Prevented by encryption Traffic Analysis Fixed by traffic padding Passive attacks are easier to prevent than to detect

5 Active Attacks Involve the modification of the data stream or creation of a false data stream Active Attacks are easier to detect than to prevent

6 Active Attacks (cont.) Masquerade Replay Modification of messages
Denial of service

7 Conventional Encryption
Encryption algorithm Decryption algorithm Transmitted ciphertext Plain text Plain text Shared secret key

8 Conventional Encryption Requirements
Knowing the algorithm, the plain text and the ciphered text, it shouldn’t be feasible to determine the key. The key sharing must be done in a secure fashion.

9 Encryption Algorithms
Data Encryption Standard (DES) Plaintext: 64-bit blocks Key: 56 bits Has been broken in 1998 (brute force) Triple DES Advanced Encryption Standard (AES) Plaintext: 128-bit blocks Key: 128, 256 or 512 bits

10 Location of Encryption Devices
PSN PSN PSN PSN End-to-end encryption device PSN Packet Switching Node Link encryption device

11 Key Distribution Manual Automatic
Selected by A, physically delivered to B Selected by C, physically delivered to A and B Automatic The new key is sent encrypted with an old key Sent through a 3-rd party with which A and B have encrypted links

12 Message Authentication
Authentic message means that: it comes from the alleged source it has not been modified

13 Message Authentication Approaches
Authentication with conventional encryption Authentication without message encryption: when confidentiality is not necessary when encryption is unpractical

14 Message Authentication Code
Uses a secret key to generate a small block of data MACM = F (KAB, M)

15 One-way Hash Function Message digest – a “fingerprint” of the message
Like MAC, but without the use of a secret key The message digest must be authenticated

16 Secure Hash Requirements
H can be applied to a block of any size H produces a fixed-length output H(x) is easy to compute Given h, it is infeasible to compute x s.t. H(x) = h Given x, it is infeasible to find y s.t. H(x) = H(y) It is infeasible to find (x,y) such that H(x) = H(y)

17 Secure Hash Functions Message Digest v5 (MD5)
128-bit message digest has been found to have collision weakness Secure Hash Algorithm (SHA-1) 160-bit message digest

18 Public-Key Encryption
Each user has a pair of keys: public key private key What is encrypted with one, can only be decrypted with the other

19 Transmitted ciphertext
Encryption Bob’s private key Bob’s public key Transmitted ciphertext Plain text Plain text Alice Bob

20 Transmitted ciphertext
Authentication Alice’s private key Alice’s public key Transmitted ciphertext Plain text Plain text Alice Bob

21 Digital Signature Like authentication, only performed on a message authenticator (SHA-1)

22 Public-Key Encryption Algorithms
RSA (used by PGP) El Gamal (used by GnuPG)

23 Key Management Public-Key encryption can be used to distribute secret keys for conventional encryption Public-Key authentication: signing authority web of trust

24 IPv4 and IPv6 Security Provides encryption/authentication at the network (IP) layer IPSec applications: Virtual Private Networking E-commerce

25 The Scope of IPSec Authentication Header (AH)
provides authentication only Encapsulation Security Payload (ESP) provides encryption and authentication Key exchange function

26 Security Association One-way relationship between two hosts, providing security services for the payload Uniquely identified by: Security Parameter Index (SPI) IP destination address Security Protocol Identifier (AH/ESP)

27 IPSec Operation Modes Transport mode:
provides protection to the upper layers ESP: encrypts the payload and, optionally, authenticates parts of the IP header AH: authenticates the payload and parts of the IP header

28 IPSec Operation Modes Tunnel mode:
used when one/both of the ends is a security gateway the entire IP packet is encrypted (ESP) / authenticated (AH) and encapsulated in an outer IP packet

29 Key Management Manual Automated used for small networks
easier to configure Automated more scalable more difficult to setup ISAKMP/Oakley

Download ppt "Network Security David Lazăr."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Introduction to Cryptography

Introduction to Cryptography
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 18: Network Security Business Data Communications, 5e.

Chapter 18: Network Security Business Data Communications, 5e.
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google