Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practically Useful Network Security Chin-Tser Huang University of South Carolina.

Published byWesley Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "Practically Useful Network Security Chin-Tser Huang University of South Carolina."— Presentation transcript:

1

2 Practically Useful Network Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina

3 1/8/20102 Security Services Confidentiality Integrity Authentication Anti-replay … Availability Access control Non-repudiation Anonymity

4 1/8/20103 Network Security Always Good? What if security mechanism is not applied correctly?

5 1/8/20104 Network Security Always Good? What if security mechanism is not applied appropriately? xy AES k3 (3DES k1,k2 (m, ts)) 3DES k1,k2 (m, ts)m, ts

6 1/8/20105 Practically Useful Network Security To make network security practically useful, we need to Verify the correctness of security mechanism Consider the efficiency of security mechanism

7 1/8/20106 Protocol Design and Verification Correctness is essential for secure protocols Two steps to verify correctness of protocols First specify protocols using a formal and scalable notation Then verify correctness of protocol using state transition diagram

8 1/8/20107 Abstract Protocol Notation

9 1/8/20108 State Transition Diagram

10 1/8/20109 Botnet Detection and Mitigation Supported by NSF and AFRL Ongoing collaboration with Dr. Han at AFRL Botnet is a distributed network of a large number of bots, which are machines infected with malware and under the control of a botmaster

11 1/8/201010 Botnet Detection and Mitigation Aim to mitigate the problem of botnets by filtering their malicious packets and command and control (C&C) packets early Successful implementation on Quagga routing software Currently developing Tcl/Tk scripts for automated rule dissemination between routers With Prasanth Kalakota, Mohamed Sharaf and Dr. Matthews

12 1/8/201011 Early Filtering Testbed Four Cisco 2811 routers Dell PowerEdge R410 server

13 1/8/201012 Intrusion Detection Supported by a DARPA/AFRL grant Microscope View network as a collection of individual hosts Charge individual host for anomalous behavior With Jeff Janies A BC D

14 1/8/201013 Intrusion Detection Macroscope View network traffic as time-series signal Use wavelets to capture different types of anomalies With Sachin Thareja

15 1/8/201014 Authentication in Wireless Networks Design secure unicasting protocol to counter routing level attacks in ad hoc sensor networks Develop dual authentication protocol against rogue access points for 802.11 WLANs Discover and fix security problems in 802.16 WiMAX PKM protocols With Jeff Janies, Sen Xu, and Prof. Matthews

16 Privacy-Preserving Multi-Dimensional Credentialing Organizations often use common personal identifiers (PIs) to satisfy reporting obligations and uniquely identify the same individuals, thereby making it possible to cross-link and aggregate the transactions of the same person from multiple sources Introduce the veiled certificate (VC) which allows individuals to maintain control over their personal information while satisfying the regulatory and reporting needs of today’s security conscious environment With Prof. Gerdes 1/8/201015

17 1/8/201016 More Information Secure Protocol Implementation & Development (SPID) Group Website: http://spid.cse.sc.edu

Download ppt "Practically Useful Network Security Chin-Tser Huang University of South Carolina."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Network Support for Accountability Nick Feamster Georgia Tech Collaborative Response with David Andersen (CMU), Hari Balakrishnan (MIT), Scott Shenker.

Network Support for Accountability Nick Feamster Georgia Tech Collaborative Response with David Andersen (CMU), Hari Balakrishnan (MIT), Scott Shenker.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Secure Routing in Ad Hoc Wireless Networks 11.03.2005.

Secure Routing in Ad Hoc Wireless Networks
Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.

Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
NETWORK SECURITY.

NETWORK SECURITY.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google