Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepared by Dr. Samia Chelloug

Published byStuart Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Prepared by Dr. Samia Chelloug"— Presentation transcript:

1 Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug

2 Content Basics of computer and network security.
Impact of network architecture on network security. Basics of network design. Firewalls and virtual private networks. Internet and wireless network security. Impact of operating systems models on network security. How to secure an application?

3 Textbooks Bahrouz A.Forouzan, ‘Data Commnications and Networking’, Fourth Edition, 2007. William Stallings, ‘Cryptography and Network Security: Principles and practice’, Fifth edition, 2011. Eric Cole, Ronald L.Kruz, James W.Conley, ‘Network Security Fundamentales’, Wiley 2007.

4 Part 1: Basics of computer and networks security
Computer and network security Security attacks Networks security services Security trinity Challenges of computer and network security Cryptography Symmetric encryption (DEA) Asymmetric encryption (RSA )

5 Basics of computer and network security
Computer security: involves implementing measures to secure a single computer (protecting the ressources stored on that computer). Network security: involves protecting all the ressources on a network. We must consider not only the computers on the network but other network devices and data transmitted across the network.

6 Basics of computer and network security
Security attack: any action that comprises the security of information owned by an organization.

7 Basics of computer and network security
Passive attack Active attack Attempts to learn or make use of information from the system but does not affect system ressources. The goal is to obtain information that is being transmitted. Telephone converstaion, electronic message… This type of attack is difficult to detect (it does not involve any alteration in data). Attempts to involve some modification of the data stream or the creation of a false stream. Based on scanning (using a search- google or any traditional method).

8 Basics of computer and network security
Why is computer and network security important? Protect company assests (hardware and software). Gain competitive advantage: developping and maintaing effective security measures can provide an organization with a competitive advantage. Your computer E-commerce-server Unauthorized access Data Intercept

9 Basics of computer and network security
Why is computer and network security important? 3. Keep your job: to secure one’s position within an organization and to ensure futur career, it is important to put into place measures that protect organizational assests.

10 Basics of computer and network security
Network security: can provide one of the five services: confidentiality, integrity, authentification, nonrepudiation. Confidentiality: the transmitted message must make sense to only the intended receiver. To the others, the message must be garbage. When a costumer communicates with her bank, she expects that her communication is totaly confidential.

11 Basics of computer and network security
2. Integrity: the data must arrive to the receiver exactly as they were sent. A request for transferring 100$ should not be changed to a request for 1000$. 3. Authentification: the receiver needs to be sure of the sender’s identity. 4.Nonrepudiation : a sender must not be able to deny sending a message that he or she , in fact, did send.

12 Basics of computer and network security
Security trinity: Network security is based on: prevention, detection, and response. Security trinity should be the foundation for all security policies. Security Detection Prevention Response

13 Basics of computer and network security
-Prevention: in developping network security schemes, any organization should emphasize preventive measures over detection and response. It is more efficient and much more cost effective to prevent a security attack than to detect or respond to one. -Detection: once the preventive measures fail, procedures need to be put in place to detect immediatly to detect the araised attack. -Response: we need to develop a plan that identifies the appropriate response to a security atatck (who is responsable to execute some actions, what is the appropriate action ?)

14 Basics of computer and network security
Challenges of computer and network security: Security is not simple as it might first appear to the novice: we need to consider potential attacks . Security mechanisms typically involve more than a paticular algorithm. Having designed various security mechanisms, it is necessary to decide where to use them (physical and logical sense). What points in a network are certain secured mechanisms needed? What layer or layers of our architecture should mechanisms be placed?

15 Basics of computer and network security
Cryptography: The concept of how to achieve message confidentiality or privacy has not changed for thounsand of years. Message confidentiality is mostly achieved through the use of cryptography. Cryptography is a word with Greek origins, means ‘Secret Writing’. Definition: Cryptography is the art of transforming messages to make them secure and immune to attacks.

16 Basics of computer and network security
Receiver Sender Plaintext Plaintext Decryption (Algorithm) Encryption (Algorithm, Key) Ciphertext Plaintext: original message before being transformed. Ciphertext: a message which has been transformed. Key: a piece of data.

17 Basics of computer and network security
Symmetric cryptography Secret key A single key is used to both encrypt and decrypt a message. The primary advantage is speed Can provide confidentiality but also integrity. The security offered by the encryption is limited by the security applied to the key.

18 Basics of computer and network security
Model for symmetric cryptography: Message source Encryption algorithm x Decryption x Y=E(k, x) k Secured channel Key source

19 Basics of computer and network security
1. Substitution techniques: A substitution technique is one in which the letters of a plaintext are replaced by other letters. Plaintext Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z Plaintext: cryptography Ciphertext: fubswrjudskb

20 Basics of computer and network security
1. Substitution techniques: Let’s assign a numerical number to each letter. a b c d e f g h i j k l m n 1 2 3 4 5 6 7 8 9 10 11 12 13 Algorithm for encryption: for each plaintext letter p, E(3, p) = (p+3) mod 26. Decryption algorithm: for each cyphertext c, D(3, c)= (c-k) mod 26 Problem: someone can try all the 25 possible keys.

21 Basics of computer and network security
Transposition techniques: Perform some sort of permutation on the plaintext. -Rail fence technique: plaintext is written as a sequence of diagonals and then read off as a sequence of rows. Message: ‘ meet me after the toga party’ Encrypted message: mematrhtgpryetefeteoaat M E A T R H G P Y F O

22 Basics of computer and network security
Cryptography is best understood by breaking it into four main areas or primitives: random number generation, symmetric encryption, asymmetric encryption, and Hash functions. Random number generation: a computer algorithm can never generate completly random numbers. There are algorithms to create pseudorandom numbers (numbers that appear to be random). At some point, the algorithm will cycle and will start seeing the same numbers in the same order (it is very dangerous because the repeated bit stream makes it easier to break encryption).

23 Basics of computer and network security
XOR: instead of rotating characters, a more modern approach to cryptography uses the XOR (exclusive or) function. XOR is a binary operation performed on two strings of bits. A B A XOR B 1

24 Basics of computer and network security
If we use the addition instead of XOR, the resulting number could be larger than the character set. XOR has a very nice inverse property: A XOR B = C A XOR C = B B XOR C = A If A is the plaintext, B the key then C is the resulting ciphertext. Decryption can be performed by applying XOR to C and B

25 Basics of computer and network security
Sharing the keys: The key is shared before communication begins. If Alice wants to communicate with Bob, but she has never met Bob before. How can Alice and Bob communicate securely? They could create keys and encrypt them so no one knows the keys. Solution 1: Use a trusted third party.

26 Basics of computer and network security
Sharing the keys: Alice create a key to be used to communicate with Bob. She will encrypt this key using a pre-shared key that she has with Trent. Trent will decrypt and encrypt again with a shared key with Bob. Problem: what if Trent is not really Trent but another person? E(K1, k2) E(K1, k3)

27 Basics of computer and network security
Sharing the keys: Solution 2: key agreement protocol Alice and Bob agree to use a specific prime number (p) and a base number (g). Alice and Bob each choose a secret integer. Suppose that the secrete integer choosen by Alice is a is the secrete integer choosen by Bob is b. Alice sends : g a mod p Bob sends: g b mod p Alice calculates the key = (Message bob) a mod p Bob calculates the key = (Message Alice) b mod p

28 Basics of computer and network security
Data encryption algorithm (DEA): Inputs: the plaintext must be 64 bits in the lenght and the key is 56 bits (8 bits can be used as parity bits). 1. The bits of m are permuted by a fixed initial permutation to obtain m0= IP(m). M0 = L0 R0 32 bits 32 bits 2. For i=1:16 Do Li= Ri-1 Ri= Li-1 XOR f(Ri-1, ki) Ki: string of 48 bits obtained from the key k 3. Switch left and right then apply the inverse of the initial permutation.

29 Basics of computer and network security
Initial permutation IP(M)

30 Basics of computer and network security
Example: Find the output of the initial permutation if the input is: The input has only two 1s (bit 25 and 23). According to the previous table, bit 25 will becomes bit 37 of the permutation and bit 63 becomes bit 57 of permutation. The result of the permutation is:

31 Basics of computer and network security
R is expanded to E (R) by the following table: This means that the first bit of E(R) is the 32nd bit of R

32 Basics of computer and network security
Compute E ( R ) XOR Ki and write the result as B1B2B3B4B5B6B7B8 Write Bj as b1b2b3b4b5b6 The row of the sbox is given by b1b6 and b2b3b4b5 determines the column.

33 Basics of computer and network security
If b3 = then we check table S3 (row 01, column 0100). The output of S3 is 0011. The string C1C2C3C4C5C6C7C8 is permuted according to the following table: Deriving the subkeys: Recall that we start with a 64-bit k.

34 Basics of computer and network security
Key permutation can be performed according to this table: For i = 1:16 Ci = LSi (Ci-1) LSi: shift one or more places to the left Di = LSi (Di -1)

35 Basics of computer and network security
48 bits are chosen from the 56-bit string CiDi according to the following table:

36 Basics of computer and network security
Asymmetric encryption: Each user generates a pair of keys to be used for the encryption and decryption of messages. Each user places one of the two keys in a public register or any accessible file. This is the public key. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. When Alice receives the message, she decrypts it using her private key.

37 Basics of computer and network security
RSA algorithm: Public key= { e, n} Private key = {d ,n }; Key generation: M: plaintext M < n Select p , q both prime, p  q Calculate n = p * q Calculate (n) = (p -1 ) * (q -1) Select integer e gcd ( (n) , e) = < e > (n)

38 Basics of computer and network security
Calculate d = e -1 (mod ( (n)) Ciphertext C = Me mod n Plaintext M = Cd mod n Example: p = 17 , q = 11 n = 178 = 160 e = 7 D = 23 PU = { 7 , 187 } ; PR = { 23 , 187 } M= 88; C =88 7 mod 187 = 11 C = 1123 mod 187 = 88

Download ppt "Prepared by Dr. Samia Chelloug"

Similar presentations

IPSec.

IPSec.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Similar presentations

Ads by Google