Secure Teleconferences over PSTN
|
|
- Clyde Palmer
- 6 years ago
- Views:
Transcription
1 Secure Teleconferences over PSTN ECE646 Fall 2004 George Mason University
2 Talk outline Introduction Problem Background My ultimate goal Literature Survey Existing security service over PSTN Implementation Process Adding AES_CBC 128-bit encryption to OPNET 10.5 New circuit-switched packet format containing a security field Extension of the PBX process model Creating the KDC process model Building the simulation network Conclusions Contributions Future work
3 Problem SS7 protocol does not have any native encryption support Increased security requirements (confidentiality, authentication and nonrepudiation) in exchanging sensitive information over phone / teleconference calls Phone / teleconference calls are exposed to eavesdroppers The existing systems offer limited support and are not compatible with each other
4 Background Circuit-Switched Network Allocates a dedicated end-to end connection The resources are allocated no matter if they are used or not Used in telephone network Packet-Switched Network Messages are divided into small packets Each packet is separately routed to the destination Different packets can take different path and time Packets are reassembled into messages at destination
5 Signaling System NO. 7 Architecture SS7 Layer Layer 4 Layer 3 Layer 2 Layer 1 NSP MTP ASE TCAP OMAP SS7 Protocol Model SCCP ISDN User Part / Telephone User Part MTP 3 (Signaling Network) MTP 2 (Signaling Link) MTP 1 (Signaling Data Link) Private Branch Exchanges (PBXs) Service Switching Points (SSPs) Signaling Transfer Points (STPs) Service Control Points (SCPs) TCP/IP Model Application Transport Internet Network Access MTP 1 (signaling data link) physical signaling layer MTP 2 (signaling link) two way signaling messages over the signaling list MTP 3 (signaling network) traffic management, signaling link and routing management ISUP/TUP set up, manage and release circuit trunks SCCP offers connection and connectionless services TCAP used for queries between SSP and SCP using a connectionless SCCP OMAP, ASE intended to provide new services in the future
6 * 8 # * 8 # * 8 # * 8# * 8 # * 8# Security Over PSTN KDC CA AC CA AC SCP STP STP SCP SCP STP STP SCP PBX A STP STP Voice- Trunk User A PBX B Voice-Trunk PBX C PBX A STP STP User B User C Voice- Trunk PBX B Voice-Trunk PBX C User A User B User C
7 Ultimate Goal Implementation of the secure bridge protocol in software/hardware Secure protocol End to end privacy Reliability No significant degradation of the quality of service Strong encryption Automated key management Interoperability between different networks Teleconference support Basic group operations support Adding a conferee Dropping a conferee
8 Ultimate Goal Hardware Software Best-in-class System Algorithm
9 Implementation Process Implement an AES_CBC 128-bit encryption using OPNET 10.5 Create a secure circuit-switched packet format Enhance the PBX process model Create the KDC process model Set the network for secure teleconference
10 1 Implementation of the AES_CBC Algorithm
11 1 AES_CBC Algorithm Structure 128 bits block 128 bits block Field Length (4 bytes) Zero padding to 128 bits MD5 Digest IV 128-bit K G AES K G AES K G AES K G AES Ciphertext block Ciphertext block Ciphertext block Ciphertext block
12 1 AES Functions //Expand a user-supplied key material into a session key. // key - The 128/192/256-bit user-key to use. // chain - initialization vector for CBC and CFB modes. // keylength - 16, 24 or 32 bytes // blocksize - The block size in bytes of this Rijndael (16, 24 or 32 bytes). void MakeKey(char const* key, char const* chain, int keylength, int blocksize); // Encrypts a n byte string ( in ) into result using different modes // n must be multiple of the block size // Mode can be ECB, CBC or CFB void Encrypt(char const* in, char* result, size_t n, int imode); // Decrypts a n byte string ( in ) into result using different modes // n must be multiple of the block size // Mode can be ECB, CBC or CFB void Decrypt(char const* in, char* result, size_t n, int imode);
13 1 Key Distribution protocol using KDC KDC Alice KDC Bob KA,KDC (Request, A, B) KA,KDC (K AB, K B,KDC (A, B, K AB ) KA,KDC (Request, A, B,C) KA,KDC (K G, K B,KDC (A, C, K G ) K C,KDC (A, B, K G )) K Alice B,KDC (A,B,K AB ) Bob K B,KDC (A,C,K G ) K G K G K C,KDC (A,B,K G ) Charlie K G
14 Initialization Phase of the Simulation (PBX side) /* initialize the RNG for password creation if not previously initialized */ if (my_rng == OPC_NIL) { my_rng = op_prg_random_gen_create (128); } /* create the password table, if not previously created */ if (pwd_table == OPC_NIL) { pwd_table = op_prg_list_create(); } KDC /* create the shared password with the KDC and insert the record in the password table */ tmp_table_entry_ptr = (Pwd_table_entry *) op_prg_mem_alloc(sizeof(pwd_table_entry)); tmp_table_entry_ptr->address = my_address; pwd_random_create(my_rng, my_pwd); op_prg_mem_copy(my_pwd, tmp_table_entry_ptr>pwd, 16); pwd_random_create(my_rng, my_iv); op_prg_mem_copy(my_iv, tmp_table_entry_ptr>iv,16); op_prg_list_insert_sorted(pwd_table, tmp_table_entry_ptr, pwd_entry_cmp); IV B, K B,KDC Alice IV B, K B,KDC Bob
15 Initialization Phase of the Simulation 1 (KDC side) typedef struct { int address; char pwd[16]; char iv[16]; } Pwd_table_entry; KDC Address 1 2 PWD K A,KDC K B,KDC IV IV A IV B /* the KDC password table */ List* pwd_table = OPC_NIL; /* the KDC RNG shared with PBXs */ PrgT_Random_Gen* my_rng = OPC_NIL; IV B, K B,KDC Alice (1) IV B, K B,KDC Bob
16 2 Creation of a Secure Circuitswitched Packet Format
17 2 Secure Packet Format 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Message Length Call ID # of Conferees (3) Address A Address B Address C
18 3 Enhance the PBX Process Model
19 3 Extended PBX Process Model
20 3 Extended PBX Process Model Alice (A) Loop Wait for a secure call interrupt If (teleconference call) Choose a random group (say D) Else Choose only one random destination D Send a key distribution request to KDC If (answer = NACK) Increase the number of blocked calls Continue Decrypt the response from KDC (if answer = ACK) If (successful decryption) Save the shared group key Forward the tickets to destinations using a Secure Call Setup Request (to B and C) (or Secure Teleconference Request) Else Increase the number of blocked calls Continue If (answer = NACK) (from B or C) Increase the number of blocked calls Continue (if answer = ACK) Send a teardown packet delayed with the call duration Start conversation using shared group key End Loop Bob (B), Charlie (C) Loop Wait for a Secure Call Setup Request or a Secure Teleconference Request If (successful decryption of the ticket) Send ACK to A Start conversation using the shared group key Else Send NACK to A End Loop
21 3 Key Distribution Request (A KDC) 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Message Length Call ID # of Conferees (3) Address A Address B Address C 128 bits Zero padding AES encryption CBC mode Key K A,KDC (128 bits) Key distribution request Call ID Source Security info Ciphertext KDC
22 4 Creation of the KDC process model
23 4 The KDC Process Model KDC Loop Wait for a secure call / teleconference request Get the packet source address If (decryption failed or address not in pwd table) Send NACK to A Else Generate the shared group key Encrypt the tickets with each party s secret key Send the response to A in an ACK packet (encrypted with A s secret key) End Loop
24 4 Key Distribution Response ACK (KDC A ) Key Distribution Response - ACK (KDC A) Ticket B Message Length Call ID Group Key K G # of Conferees (3) Address A Address C AES encryption CBC mode Key K B,KDC (128 bits) ACK Message Length Call ID Group Key K G # of Conferees (3) Ciphertext Ticket length Ticket B Ticket C AES encryption CBC mode Key K A,KDC (128 bits) Call ID Source Security info PBX A
25 5 The Network Topology
26 5 The Large Network (secure teleconference)
27 5 Performance (PBX 11) Call Type Call Setup Delay (ms) Calls connected (Calls/Hour) Basic Call Teleconference Secure Call Secure Teleconference
28 5 Simulation Results (PBX 11)
29 5 Simulation Results (SSP 1)
30 Check-List Possible questions Is this protocol secure? Is this protocol reliable? Is it a low-cost for implementation? Is it available for key management What are the potential security flaws of this protocol? How can the security flaws be addressed in this protocol? Answers y y y y??
31 Possible Attacks KDC Distributed AC Reliability No Yes Scalability No Yes Key Management Difficult Easy Call Setup Time Fast Slow Cross-certification between networks No Possible Denial of Service Attack Down Limited Success KDC/AC Symmetric/Private Keys Stolen Telephone symmetric/private key compromised Telephone set lost Totally compromised Compromised Compromised, unless a PIN/password system used Partially compromised Compromised Compromised, unless a PIN/password system used Replay attack Prevented with a timestamp Prevented with a timestamp
32 Conclusions Secure Phone Call and Secure Teleconference can be implemented over PSTN with the proposed algorithm Nosignificant degradation of the quality of the service Exception: Call setup time
33 Future Work Solve the security flaws using AC based on a public key infrastructure. Single point of failure (no communication) Slow (time synchronization) Poor scalability Easy to steal all keys when KDC is broken into Expand to implement additional protocols that I proposed Address the uniqueness of those protocols comparing others in market.
34 Questions? Thank you
35 OPNET Circuit-Switched Module Phone Terminals (PBX) Signaling Switching Points (SSPs) Attribute definer (conferences) Multi-Service Switch (interface with an IP or ATM network) Failure/recovery Subnetwork objects Entities
36 Software OPNET 10.5 OPNET components Network model Organized hierarchically in networks and subnetworks
37 Software OPNET 10.5 Node and link models Processors Queues Generators Receivers Transmitters
38 Software OPNET 10.5 Process model Implements behavior of the nodes Contains the Finite State Machine (FSM) that defines the protocol Can execute C/C++ code when entering or exiting in a state or during a transition Can execute conditional and unconditional transitions
Security Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationABSTRACT 1 INTRODUCTION
Providing Voice Privacy as a Service over the Public Telephone Network # Mohamad Sharif and Duminda Wijesekera Center for Secure Information Systems Department of Information and Software Engineering,
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSS7. Mercantec H2 2009
SS7 Mercantec H2 2009 Common Channel Signaling System No. 7 basic call setup, management, and tear down wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber
More informationSignaling System 7 (SS7) By : Ali Mustafa
Signaling System 7 (SS7) By : Ali Mustafa Contents Types of Signaling SS7 Signaling SS7 Protocol Architecture SS7 Network Architecture Basic Call Setup SS7 Applications SS7/IP Inter-working VoIP Network
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More information[1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing
Signaling System 1 Reference (1/2) [1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing Chapters 2 and 5. [2] 第七號共通信號系統概論, 湯鴻沼, 全華科技圖書股份有限公司 [3] Telephone
More informationTELECOMMUNICATION SYSTEMS
TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 Signaling System 7 Architecture Signaling System 7 Protocol Stacks Overview Level 1: Physical Connection SS7 Level 2:
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationChapter 4 Transmission Systems and the Telephone Network. School of Info. Sci. & Eng. Shandong Univ.
Chapter 4 Transmission Systems and the Telephone Network School of Info. Sci. & Eng. Shandong Univ. Skip in Chapter 3 Articles 3.8.7, 3.8.8 (polynomial math for CRC codes) Skip in Chapter 4 4.2.2 (SONET
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationSignallingSystems and Management
SignallingSystems and Management Introduction to SS7 Krzysztof Wajda AGH, Telecommunications Department October, 2016 Outline Common channel signalling SS7 structure and architecture Signalling points
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationSecure Communications on VoIP Networks
Mediatrix Multi-service Gateways v. 2.0.41.762 2017-12-21 Table of Contents Table of Contents Internet Telephony Network Security 4 Authentication 4 X-509 Certificates 4 Transport Layer Security (TLS)
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationCircuit-Switching Networks Traffic and Overload Control in Telephone Networks
6 Fall 2016, German University in Cairo Chapter 4 Circuit-Switching Networks Traffic and Overload Control in Telephone Networks 6 Fall 2016, German University in Cairo Traffic Management & Overload Control
More informationInterworking Switched Circuit and Voice-over IP Networks Tutorial
Interworking Switched Circuit and Voice-over IP Networks Tutorial Definition The term operations support systems (OSSs) generally refers to the systems that perform management, inventory, engineering,
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationCIS 6930/4930 Computer and Network Security. Final exam review
CIS 6930/4930 Computer and Network Security Final exam review About the Test This is an open book and open note exam. You are allowed to read your textbook and notes during the exam; You may bring your
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCourse Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18
Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key
More informationUnit-3 Wireless Data Services
Unit-3 Wireless Data Services CPDP(Cellular Digital Packet Data) CPDP technology is used by telecommunication carriers to transfer data to users via unused analog cellular networks. It uses the entire
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationABSTRACT. Zhou, Dong. Simulation of Transaction Capabilities Application Part (TCAP) over IP. (Under the direction of Dr. S. Felix Wu.
ABSTRACT Zhou, Dong. Simulation of Transaction Capabilities Application Part (TCAP) over IP. (Under the direction of Dr. S. Felix Wu.) In order to internetwork with Public Switched Telephone Network (PSTN),
More informationTrends and Developments in Telecommunication Security
Trends and Developments in Telecommunication Security Duminda Wijesekera Department of Information and Software Engineering George Mason University, Fairfax VA 22030. 703-993-1578 dwijesek@gmu.edu Abstract
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationSecure Telephony Enabled Middle-box (STEM)
Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationITU-APT Workshop on NGN Planning March 2007, Bangkok, Thailand
ITU-APT Workshop on NGN Planning 16 17 March 2007, Bangkok, Thailand 1/2 Riccardo Passerini, ITU-BDT 1 Question 19-1/2: Strategy for migration from existing to next-generation networks (NGN) for developing
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2018 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel:
More informationThe Kerberos Authentication System Course Outline
The Kerberos Authentication System Course Outline Technical Underpinnings - authentication based on key sharing - Needham-Schroeder protocol - Denning and Sacco protocol Kerbeors V - Login and client-server
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz II All problems are open-ended questions. In order to receive credit you must answer
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationSystemy sygnalizacji
Systemy sygnalizacji i Zarządzania Sieciami System sygnalizacji nr 7-wprowadzenie Krzysztof Wajda Katedra Telekomunikacji AGH Październik, 2016 Goals of the course introduction of main problems and definitions
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationPretty Good Privacy (PGP)
Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationINSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1. Roch H. Glitho- Ericsson/Concordia University
INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1 1 Outline 1. Essentials of circuit switched telephony 2. Introduction to value added services 3. IN fundamental
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationKey distribution and certification
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification Authority
More information13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.
Key distribution and certification Kerberos In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification
More informationINSE 6110 Midterm LAST NAME FIRST NAME. Fall 2016 Duration: 80 minutes ID NUMBER. QUESTION Total GRADE. Notes:
A INSE 6110 Midterm Fall 2016 Duration: 80 minutes LAST NAME FIRST NAME ID NUMBER QUESTION 1 2 3 4 Total GRADE Notes: 1) Calculator (non-programming) allowed, nothing else permitted 2) Each page contains
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationSS#7. T Jouni Karvo, Timo Kiravuo
SS#7 T-110.300 Jouni Karvo, Timo Kiravuo Telephone exchanges Subscriber lines are connected to the telephone exchanges Originally each customer had a direct connection (electrical pair) to the exchange
More informationSignaling System No. 7 (Zeichengabesystem Nr. 7)
Signaling System No. 7 (Zeichengabesystem Nr. 7) SS#7, SS7,... Common Channel Signaling System No. 7, C7, CCS7,... (ZGS-Nr. 7) www.comnets.uni-bremen.de SS7-10 - 1 Terms (Begriffe) Communication Networks
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationDistributed Systems Principles and Paradigms. Chapter 09: Security
Distributed Systems Principles and Paradigms Christoph Dorn Distributed Systems Group, Vienna University of Technology c.dorn@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/staff/dorn Slides adapted
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationThe OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).
Network Models The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding and developing computer-to-computer communication
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationIP Security IK2218/EP2120
IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More information