Introduction and Overview. Why CSCI 454/554?

Transcription

1 Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1

2 Workload Five homework assignments Two exams (open book and notes) Term projects Research-oriented Survey-oriented Project Guideline Any topic related to computer and network security Proposal due on Oct. 5 th Final report due on Dec. 5 th 2

3 Project Topics DoS attacks Spam Phishing attacks Botnets DNS Security Honey-pot Covert Channel Malware analysis Security in Android Grading Policy A+: 95~100 A: 85~94 A-: 80~84 B+: 75~79 B: 70~74 B-: 65~69 C+: 60~64 C: 55~59 3

4 Why security is hard? Internet is an open system Buggy software Complexity of information management and system administration Highly-motivated attackers Security is hard to measure Weakest link Performance and usability vs security Lack awareness of threats and risks Security Architecture Security Attacks Security Services Security Mechanisms 4

5 Attacks Passive Eavesdropping Traffic Analysis Active Masquerade Modification Replay attacks DoS attacks Security Services Authentication Privacy (Access Control) Confidentiality Integrity Nonrepudiation 5

6 Security Mechanisms Cryptography Encryption/Decryption Symmetric Key Asymmetric Key (Public-key system) Entity or Message Authentication (verification) Public-key and Hash function Digital Signature Certificate (Authority) Symmetric Ciphers A single secret key is shared for both parties Classical encryption schemes Scramble (and restore later) Information Substitution and Transposition Steganography Block and Stream ciphers DES, AES, RC5 (block) RC4 (stream) 6

7 Problems with symmetric key How to distribute the secret key to Alice and Bob? Requirement: secure channel in advance Solution: have a private meeting in person or via Key Distribution Center (KDC) How to conduct digital signature? Public-key Encryption Everyone has a pair of keys (one private K-, one public K+) Public key is open to everyone Diffie and Hellman first proposed RSA is the most widely used public-key system Rivest, Shamir, and Adleman won ACM Turing Award in 2002 because of this work 7

8 Public-Key Applications Encryption/decryption Alice: KB+(M) Bob: KB- (KB+(M) ) Authentication and Digital Signature Alice: KA-(M) Bob: KA+ (KA-(M) ) Key Exchange (Distribution) Deriving session (symmetric) key Message Authentication MAC: a fingerprint of the whole body (message) with fixed-length Hash functions Produce the fingerprint of a message One-way property Collision resistance MD5 and SHA 8

9 Kerberos Authentication service used in distributed system (e.g. Local Area Network) Symmetric keys with a trusted key server (KDC) without needing to trust all workstations rather all trust the centralized key server Developed as part of Project Athena at MIT Two versions (4 and 5) PGP (Pretty Good Privacy) Widely used de facto secure Provides authentication and confidentiality via (RSA, SHA) and DES Originally free, now have commercial versions available too Largely developed by a single person: Phil Zimmermann 9

10 IPsec IP protocol is the running horse that carries the Internet (Forwarding and Routing) IPsec is transparent to applications IPsec provides: Encryption (ESP) Authentication (AH) Key management (IKE) Web Security (SSL/TLS) Transport layer security service Work as a shim between TCP and applications Originally developed by Netscape Subsequently became Internet standard known as TLS SSL has two layers of protocols Handshake protocol (entity authentication) Record protocol (data confidentiality & integrity) 10

11 Firewall A choke point of control and monitoring the incoming traffic to a LAN Un-trusted outside, trusted inside Imposes restrictions on network services Only authorized traffic is admitted Auditing and controlling access Detect abnormal behavior, and alarm As Greatwall, it provides perimeter defence Viruses and Worms Both are malicious programs that replicate and propagate to other hosts The spread behavior is different Viruses needs human involvement to spread Worms automatically spread themselves Viruses need host program, but worms are independent 11