Presentation is loading. Please wait.

Presentation is loading. Please wait.

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.

Published byJanice Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University."— Presentation transcript:

1 IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University

2 IM NTU Distributed Information Systems 2004 Security -- 2 Introduction Security Needs –Secrecy, integrity, etc. –Arise from the desire to share resources Security Policies –Specify who are authorized to access what resources –Independent of the technology used Security Mechanisms –Enforce security policies Security Models –Help understand and analyze the above

3 IM NTU Distributed Information Systems 2004 Security -- 3 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Evolution of Security Needs

4 IM NTU Distributed Information Systems 2004 Security -- 4 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Components of a Security Model

5 IM NTU Distributed Information Systems 2004 Security -- 5 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Enemy in Network Security

6 IM NTU Distributed Information Systems 2004 Security -- 6 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Familiar Names in the Security Literature

7 IM NTU Distributed Information Systems 2004 Security -- 7 Classes of Security Threats Leakage –Acquisition of information by unauthorized parties Tampering (Modification) –Unauthorized alteration of information Vandalism –Interference with the proper operation without gain to the perpetrator

8 IM NTU Distributed Information Systems 2004 Security -- 8 Methods of Attack Eavesdropping –Release of message contents and traffic analysis Masquerading Message Tampering (Modification) –Man-in-the-middle attack Replaying Denial of Service Mobile Code

9 IM NTU Distributed Information Systems 2004 Security -- 9 Designing Secure Systems Use best standards available Informal analysis and checks Formal validation Security logs and auditing

10 IM NTU Distributed Information Systems 2004 Security -- 10 Security Requirements Secrecy (Confidentiality) Data Integrity Authentication Non-repudiation Availability …

11 IM NTU Distributed Information Systems 2004 Security -- 11 Source: W. Stallings, “Cryptography and Network Security” The Secret-Key Encryption Model

12 IM NTU Distributed Information Systems 2004 Security -- 12 Source: W. Stallings, “Cryptography and Network Security” The Public-Key Encryption Model

13 IM NTU Distributed Information Systems 2004 Security -- 13 Source: W. Stallings, “Cryptography and Network Security” The Public-Key Authentication Model

14 IM NTU Distributed Information Systems 2004 Security -- 14 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Notational Conventions

15 IM NTU Distributed Information Systems 2004 Security -- 15 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Performance of Cryptographic Algorithms

16 IM NTU Distributed Information Systems 2004 Security -- 16 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Scheme of Cipher Block Chaining

17 IM NTU Distributed Information Systems 2004 Security -- 17 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Stream Cipher

18 IM NTU Distributed Information Systems 2004 Security -- 18 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Digital Signatures with Secret Keys

19 IM NTU Distributed Information Systems 2004 Security -- 19 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Digital Signatures with Public Keys

20 IM NTU Distributed Information Systems 2004 Security -- 20 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Alice’s Bank Account Certificate

21 IM NTU Distributed Information Systems 2004 Security -- 21 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. A Public Key Certificate of Bob’s Bank

22 IM NTU Distributed Information Systems 2004 Security -- 22 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Needham-Schroeder Authentication Protocol

23 IM NTU Distributed Information Systems 2004 Security -- 23 Kerberos Developed at MIT For protecting networked services Based on the Needham-Schroeder protocol Current version: Kerberos Version 5 Source code available Also used in OSF DCE, Windows 2000,...

24 IM NTU Distributed Information Systems 2004 Security -- 24 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Kerberos Architecture

25 IM NTU Distributed Information Systems 2004 Security -- 25 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The Kerberos Protocol

26 IM NTU Distributed Information Systems 2004 Security -- 26 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. auth(C) contains C,t. ticket(C,S) contains C,S,t 1,t 2,K CS. The Kerberos Protocol (cont.)

27 IM NTU Distributed Information Systems 2004 Security -- 27 The Secure Sockets Layer (SSL) Originated by Netscape, now a nonproprietary standard (SSLv3) Provides secure end-to-end communications Operates between TCP/IP (or any other reliable transport protocol) and the application Built into most browsers and servers

28 IM NTU Distributed Information Systems 2004 Security -- 28 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Protocol Stack

29 IM NTU Distributed Information Systems 2004 Security -- 29 How SSL Works Sessions between a client and a server are established by the Handshake Protocol A session defines a set of security parameters, including peer certificate, cipher spec, and master secret Multiple connections can be established within a session, each defining further security parameters such as keys for encryption and authentication Security parameters dictate how application data are processed by the SSL Record Protocol into TCP segments

30 IM NTU Distributed Information Systems 2004 Security -- 30 Security Functions of SSL Confidentiality: using one of DES, Triple DES, IDEA, RC2, RC4, … Integrity: using MAC with MD5 or SHA-1 Authentication: using X.509v3 digital certificates

31 IM NTU Distributed Information Systems 2004 Security -- 31 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Handshake Protocol

32 IM NTU Distributed Information Systems 2004 Security -- 32 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. The SSL Record Protocol

33 IM NTU Distributed Information Systems 2004 Security -- 33 Micropayments The price of some goods may be lower than the standard transaction fees Micropayments offer a way for selling small- value products and services Technology providers: eCharge (via phone bills), Qpass (monthly bills), Millicent (prepay electronic cash),...

34 IM NTU Distributed Information Systems 2004 Security -- 34 The Millicent Scrip Scheme Scrip is a form of digital cash valid only for a specific vender. Format: Scrip is generated and distributed by brokers.

35 IM NTU Distributed Information Systems 2004 Security -- 35 Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition. Millicent Architecture

Download ppt "IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin.

Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan Security Processor: A Review Chih-Pin.
Chapter 8 Web Security.

Chapter 8 Web Security.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Similar presentations

Ads by Google