UMSSIA DAY VI: ARE WE THERE YET?
|
|
- Louise Heath
- 6 years ago
- Views:
Transcription
1 UMSSIA DAY VI: ARE WE THERE YET?
2 CRYPTO PROTOCOLS Good crypto algorithms are hard to design but easy to find on the web. Building robust security protocols, even from secure algorithms, is also hard. Subtle bugs can be found 10+ years after public scrutiny. Anderson and Needham compare crypto protocol design to Programming Satan s Computer.
3 WARMUP ACCT#, E K (PIN) M, N, EP, PIN $$ Ã Acct. N M If E K (PIN) = EP
4 WIDE-MOUTHED FROG 1. E Kas (T,B,K ab ) 2. E Kbs (T+!,A,K ab ) 4. E Kas (T+2!,B,K ab ) 3. E Kbs (T+!,A,K ab ) Share key K ab
5 WOO-LAM 1. Alice 2. N B, a Nonce. 3. C A = E Kas (N B ) 4. E Kbs (A,C A ) 5. E Kbs (N B )
6 ON THE WOO-LAM 1. Alice 3. N BA 5. C A = JUNK 2. Eve 4. N BE 6. C E = E Kes (N BA ) 7. E Kbs (A,C A ) 8. E Kbs (E,C B ) 9. E Kbs (N BA )
7 WOO-LAM FIX? 1. Alice 2. N B, a Nonce. 3. C A = E Kas (N B ) 4. E Kbs (A,C A ) 5. E Kbs (A,N B )
8 WOO-LAM FIX? 1. Alice 4. N B 5. C A = E Kas (N B ) 2. Alice 3. N B 6. C A 7. E Kbs (A,C A ) 8. E Kbs (A,N B )
9 WOO-LAM FIX II 1. Alice 2. N B 3. C A = E Kas (B,N B ) 4. E Kbs (A,C A ) 5. E Kbs (A,N B )
10 DENNING-SACCO 3. CA,CB,Enc B (TS, K AB, Sign A (TS,K AB )) 1. A,B 2. CA = VK a, Sign S (A,VK a ) CB = PK b, Sign S (B,PK b ) Published 1982.
11 DENNING-SACCO DISASTER 3. CA,CE,Enc E (TS, K AE, Sign A (TS,K AE )) 4. CA,CB, Enc B (TS, K AE, ") 1. A,E 2. CA = VK a, Sign S (A,VK a ) CE = PK e, Sign S (E,PK e ) Broken years later!
12 NEEDHAM-SCHROEDER Needham & Schroeder, Using encryption for authentication in large networks of computers, A,B,E B (N a ) A,B,E A (N a,n b ) A,B,E B (N b ) Shared Key: H(N a,n b )
13 NEEDHAM-SCHROEDER Lowe, 1995, Breaking and Fixing the Needham- Schroeder public key protocol A,M,E M (N a ) A,B,E B (N a ) A,B,E A (N a,n b ) A,M,E A (N a,n b ) A,M,E M (N b ) A,B,E B (N b ) It took 17 years to find this bug! Shared Key: H(N a,n b ) Bob thinks it is Alice, not Mallory!
14 TMN r A 3 mod N S r B 3 mod N S r A r B Shared key is r B.
15 TMN r B 3 r C 3 mod N S r D 3 mod N S M CD = r B r C r D r B = (r D M CD )/r C
16 OTHER BUGS Many cryptosystems fail due to poor key management practices: Using passwords or Hash(pw) as keys Choosing random numbers that aren t. (e.g. C rand(); java math.random ) Reuse of passwords and keys Unintentional leaking of plaintexts, keys
17 SIDE-CHANNEL ATTACKS Most crypto assumes computers are black boxes that compute functions instantaneously. Real computers take time to compute and interact with their environments. Simple example: TEMPEST equipment reads monitors from their EM radiation.
18 TIMING ATTACKS Time between keystrokes depends on keys. SSH clients send packets on keystrokes. Time to compute x y mod N depends on x,y. Given many (p,c) pairs and compute times, we can recover RSA private keys. The fastest implementations of AES use four 1024-byte tables. Cache misses leak key bits. cr.yp.to/antiforgery/cachetiming pdf
19 SSH OVERVIEW client server TCP connection setup SSH version string exchange SSH key exchange (includes algorithm negotiation) SSH Authentication SSH data exchange termination of TCP connection
20 SSH KEY EXCHANGE Client K = Y x, h = H(VK S X Y K ) use K if Verify(VK S,h,S) X=g x VK S, Y, S=Sign S (h) Server Y = g y K = X y = g xy h = H(VK S X Y K )
21 SSH AUTHENTICATION The server is authenticated by S and VK S Client has a local database (ssh_known_keys) that associates each server S with VK S. On 1 st exchange, VK S is added to ssh_known_keys. May also use PKI, certificates The client may be authenticated in several ways: Password: entered by user and sent over encrypted connection. Public Key: the user signs a challenge from the server to be verified using her public key Trusted Host: the user s host signs a challenge to be verified with its public key.
22 SSH PACKET FORMAT packet length (4) padding length (1) payload random padding MAC encryption packet length: length of the packet not including the MAC and the packet length field payload: useful contents of the packet May be compressed max payload size is random padding: bytes total length of packet must be multiple of 16 MAC: computed over clear packet and sequence number
23 TLS PROTOCOL LAYER http ftp telnet Application nntp SSL/TLS Transport (TCP) Internet (IP) Network interface Physical layer
24 KEY SSL IDEAS Authentication is handled using certificate authorities (PKI) CAs have widely known verification keys, e.g. Verisign, AT&T, MCI, Keywitness Corp Canada CA supplies a signed certificate with site s public key Session integrity based on MAC of history e.g. Client & server communicate as follows: Client Hi Hello How are you? Server Client and server compare MACs of all messages Server computes MAC(hi,hello,howareyou?) locally Client sends MAC value under encryption If intervention is detected, the session is aborted.
25 IPSEC : IP-LEVEL SECURITY IPsec provides standards to encrypt and authenticate traffic at the IP level. It has three primary security functions: Authentication, via Authentication Headers (AH) Confidentiality, via Encapsulated Security Payloads (ESP) Key management via Internet Key Exchange. (IKE) As a network layer protocol IPsec offers several advantages over application layer protocols: IPsec is implemented at a gateway, not necessarily the desktop It is transparent to application programs and users (except when it s not!) IPsec is based on Security Associations, a pair of hosts plus algorithms, parameters, and keys.
26 IPSEC USAGE SCENARIOS
27 BGP REVIEW Org-X ISP-2 ISP-1 DSP-A ISP-3 NAP ISP-4 Org-Z DSP-C DSP-B Org-Y BGP Router non-bgp Router - BGP speakers advertise AS paths to address blocks. - UPDATEs are generated in response to loss of connectivity or receipt of an UPDATE from a peer router
28 BGP SECURITY REQUIREMENTS Address space ownership verification: Prove that I own IP Autonomous System (AS) authentication: Prove that I am AS 7. Router authentication and authorization: Prove that router belongs to AS 7 Route/address advertisement authorization: Prove that AS 7 has a path to 42.*.*.* Route withdrawal authorization Integrity and authenticity of BGP traffic
29 SBGP PKI Current (hierarchical) address allocation procedure: ICANN/IANA ISP-1 ARIN/RIPE/APNIC ORG-X DSP-A DSP-C ISP-2 ORG-Y DSP-B ORG-Z ORG-YY DSP-D ORG-XX ORG-ZZ Key idea: current organizations are already trusted: PKI based on this structure assumes no additional trust.
30 SBGP ATTESTATIONS SBGP uses special certificates called attestations to certify correctness of routes. Address Attestations are to prove that a destination address is being originated by an authorized AS. They are based on signatures and certificates from the PKI Route Attestations prove that an AS is authorized to use an AS Path. The basic idea is that a router signs the path over to the next hop. Each UPDATE includes one or more Address Attestations and a set of Route Attestations
31 SBGP UPDATE PROPAGATION # seq:4321 nlri:a,b % seq:321 nlri:a,b Hdr seq:4321 RA:r7 as5 # RA:r5 as4 % RA:r3 as3 $ RA:as1 as2 = AA:orga 1 a AA:orgb 1 b NLRI:a,b Hdr seq:321 RA:r5 as4 % RA:r3 as3 $ RA:as1 as2 = AA:orga 1 a AA:orgb 1 b NLRI: a,b $ seq:21 nlri:a,b Hdr seq:21 RA:r3 as3 $ RA:as1 as2 = AA:orga 1 a AA:orgb 1 b NLRI: a,b = seq:1 nlri:a,b Hdr seq:1 RA:as1 as2 = AA:orga 1 a AA:orgb 1 b NLRI: a,b r8 r7 r6 r5 r4 r3 r2 r1 a b AS 5 AS 4 AS 3 AS 2 AS 1
32 DNS RESOLUTION Client Local DNS recursive resolver NS umn.edu NS cs.umn.edu www=ipaddr root & edu DNS server umn.edu DNS server cs.umn.edu DNS server
33 DNS DATA FLOW Cache pollution by Data spoofing Cache impersonation Zone admin Master NS resolver Unauthorized updates Backup NS Impersonating master stub resolver
34 DNSSEC DNSSEC Attempts to address these issues cryptographically. In the Ideal DNSSEC Deployment : There is a public key for the root domain. This is used to sign certificates for the administrators of top-level domains These admins sign certificates for subdomains DNSSEC has three new kinds of records Signatures on results, uploaded by zone admins Certificates, to allow verification NSEC records, to prove negative results
35 Client DNSSEC RESOLUTION NS umn.edu NS cs.umn.edu Sig edu (UMN,VM UMN ) www=ipaddr, Sig CS (www=ipaddr) root & edu DNS server umn.edu DNS server Sig UMN (CS, VK CS ) cs.umn.edu DNS server
Lecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationIPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security
IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,
More informationCSE543 Computer and Network Security Module: Network Security
CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 2 Sept 4, 2013 Key Management Network Security 1 Objectives Understand/explain the issues related to, and
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationUMSSIA LECTURE II: NETWORKS?
UMSSIA LECTURE II: NETWORKS? THE INTERNET ISP Backbone ISP The internet consists of end system networks connected to other networks by ISPs or Autonomous Systems (AS). ASes run routing protocols (BGP,
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationIntroduction to IPsec. Charlie Kaufman
Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationLecture 15 Public Key Distribution (certification)
0 < i < 2 n = N X i,y i random secret keys index i = random (secret) value Merkle s Puzzles (1974) Puzzle P i = {index i,x i,s} Y i S fixed string, e.g., " Alice to Bob" { P 0 < i < 2 i n } Pick random
More informationSecure Border Gateway Protocol (S-BGP)
NDSS 99 Network and Distributed Systems Security Symposium Securing the Internet s Exterior Routing Infrastructure Secure Border Gateway Protocol (S-BGP) Dr. Charles Lynn BBN Technologies CLynn@BBN.Com
More informationChapter 8 Network Security
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationRouting Security Security Solutions
Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 Page 1 Solving BGP Security Reality: most attempts at securing BGP have been at the local level
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationEE 418 Network Security and Cryptography Lecture #18
EE 418 Network Security and Cryptography Lecture #18 December 6, 2016 Public Key Infrastructure. Authentication. Internet Security Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa B 7. [N b ] PKb Here,
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationApplication Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer
ISO/OSI Model SSL: Security at Transport Layer Application Layer Peer-to-peer Application Layer Network Security Assurance Presentation Layer Session Layer Transport Layer Presentation Layer Session Layer
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationUser Authentication Protocols Week 7
User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationLecture 9: Network Level Security IPSec
Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will
More informationPROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples
ACSC424 NETWORK APPLICATION PROGRAMMING Kyriacou E. Frederick University Cyprus communication examples The OSI reference model (proposed by ISO) Application A Application B 2 Application Application Presentation
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationSecuring BGP. Geoff Huston November 2007
Securing BGP Geoff Huston November 2007 Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions An Introduction to BGP Background to Internet Routing The routing architecture
More informationSecuring Internet Communication
Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationDatasäkerhetsmetoder föreläsning 7
Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management
More informationCS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued
CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued FIREWALL A barrier between an internal network & the Internet Protects the internal network from outside attacks Executes administrator-defined
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationCMSC 414 S09 Exam 2 Page 1 of 6 Name:
CMSC 414 S09 Exam 2 Page 1 of 6 Name: Total points: 100. Total time: 115 minutes. 6 problems over 6 pages. No book, notes, or calculator Unless stated otherwise, the following conventions are used: K{X}
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationVPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist
VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationVPNs and VPN Technologies
C H A P T E R 1 VPNs and VPN Technologies This chapter defines virtual private networks (VPNs) and explores fundamental Internet Protocol Security (IPSec) technologies. This chapter covers the following
More informationComputer security Lecture 11
Computer security Lecture 11 Communications and network security Jan-Åke Larsson Communication and network security: Threat model Passive attacks: Eavesdropping, Wiretapping, Sniffing, and Traffic analysis
More informationTransport Layer Security
Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure
More informationSystem i. Version 5 Release 4
System i Universal Connection Version 5 Release 4 System i Universal Connection Version 5 Release 4 ii System i: Universal Connection Universal Connection Universal Connection allows you to control how
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationINFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP
INFS 766 Internet Security Protocols Lectures 7 and 8 IPSEC Prof. Ravi Sandhu IPSEC ROADMAP Security Association IP AH (Authentication Header) Protocol IP ESP (Encapsulating Security Protocol) Authentication
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationChapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads
Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 642-504 Title : Securing Networks with Cisco Routers and Switches Vendors
More informationLehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationIP Security IK2218/EP2120
IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous
More informationConfiguring L2TP over IPsec
CHAPTER 62 This chapter describes how to configure L2TP over IPsec on the ASA. This chapter includes the following topics: Information About L2TP over IPsec, page 62-1 Licensing Requirements for L2TP over
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationFirst Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS
More informationCONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements
CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4
More information