Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Published byQuentin Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)"— Presentation transcript:

1 Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

2 Network Security7-2 Chapter 7 roadmap 7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers 7.8.1. Secure email 7.8.2. Secure sockets 7.8.3. IPsec 8.8.4. 802.11 WEP

3 Network Security7-3 IPsec: Network Layer Security r Network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments; ICMP and SNMP messages. r Network-layer authentication m destination host can authenticate source IP address r Two principle protocols: m authentication header (AH) protocol m encapsulation security payload (ESP) protocol r For both AH and ESP, source, destination handshake: m create network-layer logical channel called a security association (SA) r Each SA unidirectional. r Uniquely determined by: m security protocol (AH or ESP) m source IP address m 32-bit connection ID

4 Network Security7-4 Authentication Header (AH) Protocol r provides source authentication, data integrity, no confidentiality r AH header inserted between IP header, data field. r protocol field: 51 r intermediate routers process datagrams as usual AH header includes: r connection identifier r authentication data: source- signed message digest calculated over original IP datagram. r next header field: specifies type of data (e.g., TCP, UDP, ICMP) IP headerdata (e.g., TCP, UDP segment) AH header

5 Network Security7-5 ESP Protocol r provides secrecy, host authentication, data integrity. r data, ESP trailer encrypted. r next header field is in ESP trailer. r ESP authentication field is similar to AH authentication field. r Protocol = 50. IP header TCP/UDP segment ESP header ESP trailer ESP authent. encrypted authenticated

6 Network Security7-6 IEEE 802.11 security r War-driving: drive around Bay area, see what 802.11 networks available? m More than 9000 accessible from public roadways m 85% use no encryption/authentication m packet-sniffing and various attacks easy! r Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0 m host requests authentication from access point m access point sends 128 bit nonce m host encrypts nonce using shared symmetric key m access point decrypts nonce, authenticates host

7 Network Security7-7 IEEE 802.11 security r Wired Equivalent Privacy (WEP): data encryption m Host/AP share 40 bit symmetric key (semi- permanent) m Host appends 24-bit initialization vector (IV) to create 64-bit key m 64 bit key used to generate stream of keys, k i IV m k i IV used to encrypt ith byte, d i, in frame: c i = d i XOR k i IV m IV and encrypted bytes, c i sent in frame

8 Network Security7-8 802.11 WEP encryption Sender-side WEP encryption

9 Network Security7-9 Breaking 802.11 WEP encryption Security hole: r 24-bit IV, one IV per frame, -> IV’s eventually reused r IV transmitted in plaintext -> IV reuse detected r Attack: m Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 … m Trudy sees: c i = d i XOR k i IV m Trudy knows c i d i, so can compute k i IV m Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV … m Next time IV is used, Trudy can decrypt!

10 Network Security7-10 Network Security (summary) Basic techniques…... m cryptography (symmetric and public) m authentication m message integrity m key distribution …. used in many different security scenarios m secure email m secure transport (SSL) m IP sec m 802.11 WEP

Download ppt "Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)"

Similar presentations

IPSec.

IPSec.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.

Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Sharif University of Technology 1 Chapter 8 Network Security These power point slides have been adapted from slides prepared by book authors. Computer.

Sharif University of Technology 1 Chapter 8 Network Security These power point slides have been adapted from slides prepared by book authors. Computer.
Lecture 25 Secure Communications CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross and Dave Hollinger.

Lecture 25 Secure Communications CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross and Dave Hollinger.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 7: Network Security

Chapter 7: Network Security
1DT014/1TT821 Computer Networks I Chapter 8 Network Security

1DT014/1TT821 Computer Networks I Chapter 8 Network Security
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security and Hot topics in networking EECS 489 Computer Networks Z. Morley Mao Wednesday, April 11,

Network security and Hot topics in networking EECS 489 Computer Networks Z. Morley Mao Wednesday, April 11,
Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.

24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)

Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.

25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.

Similar presentations

Ads by Google