Verteilte Systeme (Distributed Systems)
|
|
- Oscar Neal
- 6 years ago
- Views:
Transcription
1 Verteilte Systeme (Distributed Systems) Lorenz Froihofer VerteilteSysteme/
2 Security Threats, mechanisms, design issues Cryptographic foundations Secure channels: authentication, integrity, confidentiality Key management and certificates Access control
3 Need for security Information is becoming a commodity its purchase and sale is central to the free enterprise system: e-banking e-commerce, online auctions e-government e-* Protection mechanisms are like putting a lock on the door of a merchant's warehouse 3
4 Security definition CIA properties: Confidentiality: information only disclosed to authorized parties. Integrity: modifications only possible by authorized entities. Availability: resource accessible whenever an authorized party needs access to it. 4
5 Security threats Interception Unauthorized party gained access to service or data: e.g., overhearing of communication between two parties or copying of data. Interruption Services become unavailable or unusable: e.g., Denial-of-Service (DoS) attacks where a service is made inaccessible to authorized parties through service or network overload. 5
6 Security threats Modification Unauthorized changing of data or service: e.g., in combination with interception a network message is modified before it is transmitted to the recipient. Fabrication Additional data or activity are generated that would normally not exist: e.g., adding an additional password entry in the password database. 6
7 Possible attacks Eavesdropping Masquerading (spoofing) Message tampering Replaying Infiltration Traffic analysis Denial of service Social engineering Man in the middle Client Server Fake client Fake server We need security mechanisms to prevent these attacks! 7
8 Security mechanisms Encryption Transform code or data into something an attacker cannot understand. Support for confidentiality and integrity Authentication Verify the claimed identity of an entity (user, client, server, etc.) Who is accessing an entity? Prerequisite for authorization. 8
9 Security mechanisms Authorization Specification of whether a certain entity is authorized to perform a specific action: e.g., library users can only query database entries while the library staff has the right to introduce new books etc. Who is allowed to access a specific entity? Auditing Trace which clients accessed what and in which way, e.g., by means of log files. But: Be careful! Attackers will try to hide their traces or try not to leave traces at all! 9
10 Focus of protection a) Protection against invalid operations, e.g., data integrity constraints. b) Protection against unauthorized invocations, e.g., permissions based on object methods. c) Protection against unauthorized users, e.g., based on user roles. 10
11 Layering of security mechanisms The logical organization of a distributed system into several layers. At which layer should we introduce security? 11
12 Layering of security mechanisms Alice Chuck Internet Decryption device Bob Several sites connected through a wide-area backbone service. 12
13 It s a matter of trust! Encrypt communication through Secure Sockets Layer (SSL) Trust in SSL implementation required. If using secure RMI Trust in RMI implementation required. If RMI uses SSL Trust in RMI+SSL req. Information must not be intercepted before being encrypted Trust in operating system required. In any way: Trust required in client and server application to do what they promise! 13
14 Security Threats, mechanisms, design issues Cryptographic foundations Secure channels: authentication, integrity, confidentiality Key management and certificates Access control
15 Cryptography (One) definition of cryptography Mathematical techniques related to aspects of information security such as Confidentiality Keep content of information from all but authorized entities. Integrity Protect information from unauthorized alteration. Authentication Identification of data or communicating entities. Non-repudiation Prevent entity from denying previous commitments or actions. 15
16 Cryptography Figure 9-6. Intruders and eavesdroppers in communication. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
17 Symmetric cryptography Only one key, called secret or shared key Both sender and receiver must have the key Normally used for session bulk encryption Examples: DES, Triple-DES, AES (Rijndael) plaintext Alice (sender) K A,B Encryption algorithm ciphertext K A,B Decryption algorithm plaintext Bob (receiver) 17
18 Public-key cryptography (Asymmetric cryptography) Each principal has public and private keys Public key of recipient is used by sender for encryption Recipient uses private key to decrypt public private plaintext Alice (sender) K pub Encryption algorithm ciphertext K priv Decryption algorithm plaintext Bob (receiver) 18
19 Public-Key Cryptosystems: RSA 1978 by Rivest, Shamir and Adleman Based on the prime factoring problem: no efficient methods known to find the prime factors of large numbers. p, q large primes private d exponent private modulus n=pq public e exponent public Encryption Decryption M e mod n = C C d mod n = M ed mod n = M 19
20 How fast is encryption? In hardware, RSA is about 1000 times slower than DES. In software, RSA is about 100 times slower than DES. Whenever safe, try to use secret key! 20
21 Cryptographical notation Figure 9-7. Notation used in Chapter 9. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
22 Security Threats, mechanisms, design issues Cryptographic foundations Secure channels: authentication, integrity, confidentiality Key management and certificates Access control
23 Possible attacks revisited Eavesdropping Masquerading (spoofing) Message tampering Replaying Infiltration Traffic analysis Denial of service Social engineering Man in the middle Client Server Fake client Fake server We need a secure channel where we are not affected by these attacks! 23
24 Secure channels Secure channels can be implemented by encryption Encrypt the communication so that it cannot be read by eavesdroppers. Two classes of encryption techniques Secret-key encryption Public-key encryption 24
25 Message authentication and integrity Message authentication: who sent the message? Alice Bob: I want to buy 10 widgets. Bob Alice: Here are your 10 widgets. Alice Bob: I did not order widgets! Who sent the order message? Message integrity: messages are only modified by authorized parties. Alice Bob: I want to buy 10 widgets. Bob Alice: Here are your 100 widgets. Alice Bob: I ordered 10! Bob Alice: I received an order for 100! Who has modified the message? We want to be sure about the identity of the sender and that the message has not been modified! 25
26 Mutual public key authentication Figure Mutual authentication in a public-key cryptosystem. 26
27 Authentication Based on a Shared Secret Key (1) Figure Authentication based on a shared secret key. Challenge-response protocol Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
28 Authentication Based on a Shared Secret Key (2) Security problem! Figure Authentication based on a shared secret key, but using three instead of five messages. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
29 Authentication Based on a Shared Secret Key (3) Figure The reflection attack. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
30 Authentication achieved, but key management quite complex! N-1 keys per host N*(N-1)/2 keys in total 30
31 Security Threats, mechanisms, design issues Cryptographic foundations Secure channels: authentication, integrity, confidentiality Key management and certificates Access control
32 Key Distribution Centre (KDC) KDC Reduction from N*(N-1)/2 keys to N keys. 32
33 Authentication Using a Key Distribution Center (1) Figure The principle of using a KDC. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
34 Authentication Using a Key Distribution Center (2) Figure Using a ticket and letting Alice set up a connection to Bob. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
35 Authentication with Kerberos Kerberos server AS TGS Client TGS ticket Authentication Service Service ticket Ticket Granting Service Server Login session Service Service function First deployed at MIT, Sept
36 Message authentication and integrity Message authentication: who sent the message? Alice Bob: I want to buy 10 widgets. Bob Alice: Here are your 10 widgets. Alice Bob: I did not order widgets! Who sent the order message? Message integrity: messages are only modified by authorized parties. Alice Bob: I want to buy 10 widgets. Bob Alice: Here are your 100 widgets. Alice Bob: I ordered 10! Bob Alice: I received an order for 100! Who has modified the message? We want to be sure about the identity of the sender and that the message has not been modified! 36
37 Digital signatures (1) Figure Digital signing a message using public-key cryptography. Problem solved, but not efficient! Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
38 Hash Functions A hash function takes a message m and produces a fixed-length message digest, known as hash (bit string) h h=h(m); Hash functions are one-way functions It is computationally infeasible to find the input m that corresponds to a known output h. Weak collision resistance: for a given x, it is hard to find a y!= x such that H(x) = H(y). Strong collision resistance: it is hard to find any x and y such that H(x) = H(y). Example hash function: MD5 128bits E.g., UNIX command md5sum Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
39 Digital signatures (2) Figure Digitally signing a message using a message digest. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
40 Public key cryptography Ensures: Message authentication and integrity. Can provide: Message confidentiality through encryption Limitations: Who guarantees the binding (key, owner)? Public key cryptography is much slower than shared key cryptography. The more often a key is used, the easier it becomes to reveal it. 40
41 Session keys After authentication phase, participants often share a unique session key for confidentiality. Benefits: Session keys only used for single session limits amount of data gathered for compromising key. Worst case: if session key is compromised, only a single session is affected if private key was compromised, old sessions would become readable. Protection against replay attacks key expires after session. 41
42 Digital signature and certification authority (CA) CA Step 0: Submit A s public key (done once, earlier) Step 4: A s public key Step 3: Request A s public key A Step 2: Send the signed message B Step 1: Generate signature (sign a message with a TS) Step 5: Verify signature Certificate: public key together with data about its owner digitally signed by certificate authority, e.g., VeriSign, Thawte, A-Trust 42
43 Lifetime of certificates Lifelong certificates would be nice, but: If private key is compromised, certificate has to be revoked. Ways to revoke certificates: Certificate Revocation List (CRL) published regularly by CA. Issue certificates with limited lifetime only (certificate invalid after expiration time) extreme case: reduce lifetime to nearly zero. In practise: Certificates are issued with limited lifetime allows removing expired certificates from CRL. Clients hardly ever consult CRL! However, some software installers (new software and updates) automatically check CRL. 43
44 Key distribution (1) Figure (a) Secret-key distribution. [see also Menezes et al. (1996)]. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
45 Key distribution (2) Figure (b) Public-key distribution [see also Menezes et al. (1996)]. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
46 Security Threats, mechanisms, design issues Cryptographic foundations Secure channels: authentication, integrity, confidentiality Key management and certificates Access control
47 Access Control A request from a client generally involves invoking a method of a specified object Operation is carried out if access rights are sufficient Formally verifying access rights is referred to as access control Authorization is about granting access rights 47
48 General access control model General model of controlling access to objects. 48
49 Access Control Matrix Common approach to modeling access rights. Subjects represented by row, objects by columns. Cell lists operations a specific subject request on the respective object. The matrix is distributed column-wise across all objects, empty entries are left out This type of implementation is called an Access Control List (ACL) Another approach is to distribute the matrix row-wise Each subject receives a list of capabilities for each object Capability is comparable to a ticket 49
50 Protection Domains One general way of reducing ACLs A set of (object, access rights) pairs When a request comes, reference monitor checks domain One approach is to construct groups of users One can also make use of certificates to prove to which group one belongs to. Similar to groups: role-based access control E.g., a function within the organization. Depending on the role one takes when logging in, different permissions may be assigned. 50
51 Firewalls Figure A common implementation of a firewall. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved
52 Filtering routers Specify the filtering that is used Each rules specifies action (allow, deny) source address/port pattern destination address/port pattern presence or absence of flags When a packet is received the rules are applied in an ordered sequence if a rule matches the corresponding action is taken if no rule matches, a default action is taken 52
53 Application-level gateway Inspection of the content of incoming/outgoing messages. Interpretation and actions based on application semantics. Mail example: Drop attachments that potentially contain a virus. Web example: Filter out scripts or applets to prevent execution behind the firewall. 53
54 Further courses on security Internet Security VU, Summer Semester TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks) Web security (e.g., SQL Injections) Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps) Operating system security and vulnerabilities Advanced Internet Security (optional), Winter Semester Practical programming assignments where you break applications Stack/Heap overflows Viruses Application cracking UNIX/Windows vulnerabilities See 54
55 Summary Demand for security (unfortunately) obvious: e- banking, e-government, online auctions, etc. Security services are necessary to protect communications and transactions in open networks Security can be provided by secure channels and authorization services Authorization requires authentication and access control Encryption is used for secure communication Public key and secret key cryptography can be used for authentication (e.g. digital signatures) Distribution of encryption keys must be managed by a trusted third party or out-of-band communication. 55
Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2018 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationSecurity. Alessandro Margara Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri
Security Alessandro Margara alessandro.margara@polimi.it Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri Why security in a DS course? Sharing of resources is the motivating factor
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationDistributed Systems Principles and Paradigms. Chapter 09: Security
Distributed Systems Principles and Paradigms Christoph Dorn Distributed Systems Group, Vienna University of Technology c.dorn@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/staff/dorn Slides adapted
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel:
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationNetwork Security. Chapter 8. MYcsvtu Notes.
Network Security Chapter 8 Network Security Some people who cause security problems and why. Cryptography Introduction Substitution ciphers Transposition ciphers One-time pads Fundamental cryptographic
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationCSC 8560 Computer Networks: Network Security
CSC 8560 Computer Networks: Network Security Professor Henry Carter Fall 2017 Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationPotential Security Violations CSE 513: Distributed Systems (Security)
Potential Security Violations CSE 513: Distributed Systems (Security) Guohong Cao Department of Computer Science& Engineering 310 Pond Lab gcao@cse.psu.edu Unauthorized information releases An unauthorized
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationNetwork Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.
Network Security Computer Networking: A Top Down Approach Featuring the Internet, 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationChapter 15: Security. Operating System Concepts 8 th Edition,
Chapter 15: Security, Silberschatz, Galvin and Gagne 2009 Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationCSC 482/582: Computer Security. Security Protocols
Security Protocols Topics 1. Basic Concepts of Cryptography 2. Security Protocols 3. Authentication Protocols 4. Key Exchange Protocols 5. Kerberos 6. Public Key Infrastructure Encryption and Decryption
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationComputer Communication Networks Network Security
Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1 Network Security Goals: understand principles of network security: cryptography and its many uses beyond confidentiality
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators
Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators Belfast, 11-Nov-2010 Innovative Software Solutions. Thomas Bahn - graduated in mathematics, University of Hannover - developing
More information