CSC 8560 Computer Networks: Network Security
|
|
- Rodney Stevens
- 5 years ago
- Views:
Transcription
1 CSC 8560 Computer Networks: Network Security Professor Henry Carter Fall 2017
2 Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your drive down The Connector at 75 MPH? Core routers in the Internet could support mobility. Why don t we do this? What are the tradeoffs between direct and indirect routing schemes? What are the equivalents of HAs and FAs in a cellular network? 2
3 Chapter 8: Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key distribution security in practice: security in application, transport, network, link layers 3
4 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 Authentication 8.5 Securing 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 4
5 What is network security? Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users 5
6 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice want to communicate securely Trudy (intruder) may intercept, delete, add messages Alice channel data, control messages Bob data secure sender secure receiver data Trudy 6
7 Who might Bob, Alice be? well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples? 7
8 There are bad guys (and girls) out there! Q: What can a bad guy do? A: a lot! eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later 8
9 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 Authentication 8.5 Securing 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 9
10 Notes on Cryptography Cryptography in and of itself is not security. It is a tool that helps us achieve security. Think of this as the difference using a hammer and designing a building (an architect probably needs to be skilled in both). Do not, under any circumstances, attempt to roll your own crypto. In the last 40 years, cryptography has become a science. Most work before this time can be broken with ease. You must assume that your enemy knows the algorithm you are using. It must be secure anyhow. This is Kerchoffs Principle. 10
11 The language of cryptography K A Alice s encryption key K B Bob s decryption key plaintext encryption algorithm ciphertext decryption algorithm plaintext symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) 11
12 Caesar Cipher The earliest know encryption scheme, this cipher simply shifts all letters in the alphabet to the right by 3 places. abcdefghijklmnopqrstuvwxyz defghijklmnopqrstuvwxyzabc KRZ ZHOO GRHV WKLV ZRUN? This example belongs to a basic class of rotation substitution ciphers. e.g., ROT3, ROT13 12
13 Symmetric key cryptography substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another E.g.: plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq ciphertext: nkn. s gktc wky. mgsbc Plaintext: bob. i love you. alice Q: How hard to break this simple cipher?: brute force (how hard?) other? 13
14 Symmetric key cryptography K A-B K A-B plaintext message, m encryption algorithm ciphertext K A-B (m) decryption algorithm plaintext m = K ( ) A-B K A-B (m) symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? 14
15 Symmetric key crypto: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase ( Strong cryptography makes the world a safer place ) decrypted (brute force) in 4 months (1997) no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each block 15
16 Symmetric key crypto: DES DES operation initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation 16
17 AES: Advanced Encryption Standard newer (Nov. 2001) symmetric-key NIST standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES 17
18 Block Cipher Modes How do we encrypt messages longer than one block? First attempt: Electronic Codebook mode (ECB) Simple approach: Break message into blocks (padding the end out if not a full block) Encrypt each block Send message in pieces
19 Tux
20 Cipher Block Chaining Cipher block: if input block repeated, will produce same cipher text: Cipher block chaining: XOR i th input block, m(i), with previous block of ciphertext, c(i-1) c(o) transmitted to receiver in clear what happens in HTTP/1.1 scenario from above? 20
21 Public Key Cryptography symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never met )? public key cryptography radically different approach [Diffie- Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver 21
22 Public key cryptography K B + Bob s public key K B - Bob s private key plaintext message, m encryption algorithm ciphertext + K (m) B decryption algorithm plaintext message - + m = K (K (m)) B B 22
23 Public key encryption algorithms Requirements: need K ( ) and K ( ) such that B B 2 + given public key K B, it should be impossible to compute private key K B - RSA: Rivest, Shamir, Adelson algorithm 23
24 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are relatively prime ). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). + - K K B B 24
25 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m e mod n (i.e., remainder when m e is divided by n) 2. To decrypt received bit pattern, c, compute m = c d mod n (i.e., remainder when c d is divided by n) Magic happens! e m = (m mod n) c d mod n 25
26 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). letter m m e c = m e mod n encrypt: l c c d m = c dmod n letter decrypt: l 26
27 Now You Try Choosing Keys p = 7 and q = 11 n = pq =? ; z = (p-1)(q-1) =? Choose e (no common factors with z): 7 Choose d such that 7 x d = 1 mod z : 43 Our message is 9, what is the ciphertext? c = m e mod n m = c d mod n 27
28 RSA: another important property The following property will be very useful later: use public key first, followed by private key use private key first, followed by public key Result is the same! 28
29 Why is RSA secure? suppose you know Bob s public key (n,e). How hard is it to determine d? essentially need to find the factors of n (p and q) fact: factoring a big number is hard 29
30 Diffie-Hellman Encrypting data with RSA is computationally expensive Much faster to use a symmetric cipher Later, we will see examples where a symmetric key is choosen by sender and encrypted by RSA... but, what about network communications? We want two hosts to agree on a symmetric key Public key crypto was really started by Diffie and Hellman Goal: negotiate a secret over an insecure (e.g., public) medium seems impossible 30
31 Diffie-Hellman Protocol We have two participants: Alice (A) and Bob (B) Setup: pick a prime number p and a base g (<p) This information is public, e.g., p=13, g=4 Step 1: Each principal picks a private value x (<p-1) Step 2: Each principle generates and communicates a new value: y = g x mod p Step 3: Each principle generates the secret shared key z z = y x mod p z is used as the symmetric key for communication 31
32 Diffie-Hellman: Exchange Public Info: p = 17, g = 5 Everyone choose an x Alice picks her x: SA TA=g SA mod p TB=g SB mod p Bob picks his x: SB Alice computes: K = TB SA mod p TB SA = (g SB ) SA = g SB SA = g SA SB = (g SA ) SB = TA SB mod p Encrypted communication with K Alice computes: K = TA SB mod p How does Alice know Bob sent TA? Stay tuned... 32
33 Diffie-Hellman - Class Exercise Select a partner. Setup: Pick a prime number p and a base g (<p) p=13, g=4 Each partner chose a private value x (<p-1) Generate the following value and exchange it. y = g x mod p Now generate the shared secret z: z = y x mod p You should have both calculated the same value for z. This is your key! 33
34 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 Authentication 8.5 Securing 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 34
35 Message Integrity Bob receives msg from Alice, wants to ensure: message originally came from Alice message not changed since sent by Alice Cryptographic Hash: takes input m, produces fixed length value, H(m) e.g., as in Internet checksum... but a bit different... computationally infeasible to find two different messages, x, y such that H(x) = H(y) equivalently: given m = H(x), (x unknown), can not determine x. note: Internet checksum fails this requirement! 35
36 Internet Checksum: Poor Crypto Hash Function Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of message is many-to-one But given a message with given hash value, it is easy to find another message with same hash value: Strong hashing algorithms like SHA-256 are designed to avoid this! 36
37 Message Authentication Code (MAC) (shared secret) s (message) m H(.) append H(m+s) m H(m+s) public Internet m H(m+s) H(.) H(m+s) compare s (shared secret) 37
38 MACs in Practice MD5 hash function widely used (RFC 1321) computes 128-bit MAC in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x Attacks on MD5 are well known! SHA-1 is also used US standard [NIST, FIPS PUB 180-1] 160-bit MAC Brute-force attacks on SHA now require 2 63 operations to find a collision. General consensus that we should move to SHA2, SHA3 38
39 Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document 39
40 Digital Signatures simple digital signature for message m: Bob signs m by encrypting with his private key KB, creating signed message, KB(m) Bob s message, m Dear Alice Oh, how I have missed you. I think of you all the time! (blah blah blah) Bob K B - public key encryption algorithm Bob s private key K B - (m) Bob s message, m, signed (encrypted) with his private key 40
41 Digital Signatures (more) Suppose Alice receives msg m, digital signature KB(m) Alice verifies m signed by Bob by applying Bob s public key KB to KB(m) then checks KB(KB(m) ) = m. + - If KB(KB(m) ) = m, whoever signed m must have used Bob s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m. non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. 41
42 Digital Signature = signed MAC 42
43 Public Key Certification Public Key Problem: When Alice obtains Bob s public key (from web site, , diskette), how does she know it is Bob s public key, not Trudy s? Solution: Trusted certification authority (CA) 43
44 Certificate Authorities Certificate Authority (CA): binds public key to particular entity, E. E registers its public key with CA. E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing E s public key digitally signed by CA: CA says This is E s public key. 44
45 Certificate Authority When Alice wants Bob s public key: gets Bob s certificate (Bob or elsewhere). apply CA s public key to Bob s certificate, get Bob s public key 45
46 A Certificate Contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer 46
47 Problems with PKI Why exactly do you trust a CA? Anyone have any idea how many you actually trust? If two CAs present you with a certificate for Microsoft, which one is right? What prevents a CA from making up a key for you? What happens when keys are compromised? 47
48 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 Authentication 8.5 Securing 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 48
49 Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap1.0: Alice says I am Alice I am Alice Failure scenario?? 49
50 Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap1.0: Alice says I am Alice I am in a network, Bob can not see Alice, so Trudy simply declares herself to be Alice Alice 50
51 Authentication: another try Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address Alice s IP address I am Alice Failure scenario?? 51
52 Authentication: another try Protocol ap2.0: Alice says I am Alice in an IP packet containing her source IP address Trudy can create a packet spoofing Alice s address Alice s IP address I am Alice 52
53 Authentication: another try Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it. Alice s IP addr Alice s password I m Alice Alice s IP addr OK Failure scenario?? 53
54 Authentication: another try Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it. Alice s IP addr Alice s password I m Alice Alice s IP addr OK replay attack: Trudy records Alice s packet and later plays it back to Bob Alice s IP addr Alice s password I m Alice 54
55 Authentication: yet another try Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it. Alice s IP addr encrypted password I m Alice Alice s IP addr OK Failure scenario?? 55
56 Authentication: another try Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it. Alice s IP addr encrypted password I m Alice record and Alice s IP addr OK playback still works! Alice s IP addr encrypted password I m Alice 56
57 Authentication: yet another try Goal: avoid playback attack Nonce: number (R) used only once in-a-lifetime ap4.0: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key I am Alice Failures, drawbacks? R K A-B (R) Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! 57
58 Authentication: ap5.0 ap4.0 requires shared symmetric key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography R I am Alice - K A (R) send me your public key K A + Bob computes - K (K (R)) = R A + A and knows only Alice could have the private key, that encrypted R such that K A + - (K (R)) = R A 58
59 ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) 59
60 ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well! 60
61 Remember Diffie-Hellman? How does Alice know Bob sent TA? Alice picks her x: SA TA=g SA mod p TB=g SB mod p Bob picks his x: SB Alice computes: K = TB SA mod p TB SA = (g SB ) SA = g SB SA = g SA SB = (g SA ) SB = TA SB mod p Encrypted communication with K Alice computes: K = TA SB mod p There is nothing to prevent a man-in-the-middle attack against this protocol. 61
62 Next Time... Textbook Chapter Remember, you need to read it BEFORE you come to class! Homework: HW 3 due after break! Continue working on project 4! 62
CS 332 Computer Networks Security
CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationThe Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall
The Network Security Model Bob and lice want to communicate securely. Trudy (the adversary) has access to the channel. Kai Shen lice data channel secure sender data, control s secure receiver Bob data
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity WHAT IS NETWORK SECURITY? Con dentiality: only
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationSECURITY IN NETWORKS 1
SECURITY IN NETWORKS 1 GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity 2. 1 WHAT IS NETWORK SECURITY? Con dentiality:
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationComputer Communication Networks Network Security
Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1 Network Security Goals: understand principles of network security: cryptography and its many uses beyond confidentiality
More informationNetwork Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.
Network Security Computer Networking: A Top Down Approach Featuring the Internet, 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationWelcome to CS 395/495 Internet Security: A Measurement-based Approach
Welcome to CS 395/495 Internet Security: A Measurement-based Approach Why Internet Security Internet attacks are increasing in frequency, severity and sophistication Denial of service (DoS) attacks Cost
More informationInternet and Intranet Protocols and Applications
Internet and Intranet Protocols and Applications Lecture 10: Internet and Network Security April 9, 2003 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu What is network
More informationChapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationChapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016
Chapter 8 Andrei Gurtov All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationCOSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same
Lecture 26 802.11: mobility within same subnet H1 remains in same IP subnet: IP address can remain same switch: which AP is associated with H1? self learning (Ch. 5): switch will see frame from H1 and
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationChapter 8 Security. Computer Networking: A Top Down Approach
Chapter 8 A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationChapter 8 Network Security
Advanced Computer Networking Graduate Course from Electrical Engineering School A. Beheshti Communication Group Iran University of Science and Technology Chapter 8 Text Book: Computer Networking: A Top
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationChapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 8: Network Security Chapter goals: understand principles of
More informationCRYPTOGRAPHY & DIGITAL SIGNATURE
UNIT V CRYPTOGRAPHY & DIGITAL SIGNATURE What happens in real life? We have universal electronic connectivity via networks of our computers so allowing viruses and hackers to do eavesdropping. So both the
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationChapter 8 Network Security
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationNetwork Security. Chapter 8. MYcsvtu Notes.
Network Security Chapter 8 Network Security Some people who cause security problems and why. Cryptography Introduction Substitution ciphers Transposition ciphers One-time pads Fundamental cryptographic
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationSymmetric Cryptography. CS4264 Fall 2016
Symmetric Cryptography CS4264 Fall 2016 Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2 Slides credit to Abdou Illia RECAP AND HIGH-LEVEL
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)
Outline ISA 662 Internet Security Protocols Some Math Essentials & History Asymmetric signatures and key exchange Asymmetric encryption Symmetric MACs Lecture 2 ISA 662 1 2 Beauty of Mathematics Demonstration
More informationGarantía y Seguridad en Sistemas y Redes
Garantía y Seguridad en Sistemas y Redes Tema 2. Cryptographic Tools Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationIntroduction to Cryptography
Introduction to Cryptography 1 2 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 23 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More information