COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Size: px
Start display at page:

Download "COMPUTER SECURITY. Computer Security Secure Communication Channels (2)"

Transcription

1 COMPUTER SECURITY 7. Secure Communication Channels: 2 case studies (2) Technologies' case studies (2) WEP Wired Equivalent Privacy (3) IPsec Internet Protocol Security (11) SSL Secure Sockets Layer (25) SSH Secure Shell (32) PEM Privacy Enhanced Mail (39) S/MIME Secure Multipurpose Internet Mail Extensions (41) OpenPGP Open Pretty Good Privacy (42) Pointers... (47) 1 47

2 7. Secure Communication Channels: 2 case studies Technologies' case studies WEP Wired Equivalent Privacy IPsec Internet Protocol Security SSL Secure Sockets Layer SSH Secure SHell PEM Privacy Enhanced Mail S/MIME Secure/Multipurpose Internet Mail Extensions OpenPGP Open Pretty Good Privacy 2 47

3 WEP Wired Equivalent Privacy confidentiality protection at the data link level (OSI) designed for wireless networks, IEEE confidentiality protection similar to the wired IEEE 802 networks! TCP IP WEP/Data L.... considered weak right from the beginning (optional) entities authentication (by shared key!) App... mainly for its short (40 b) static keys (sensitive to brute force attacks) reinforced by 128b (and 256 b) key; per packet key system, Temporal Key Integrity Protocol (and later AES) replaced by WPA (Wi Fi Protected Access) and later by WPA2 with IEEE i 3 47

4 WEP: operation (Association!) contact Access Point to get net services Authentication Open System Mobile Station mere courtesy Shared Key Base Station (Access Point) proof of possession of shared key Conversation (option: w/ Confidentiality) exchange of packages (optionally ciphered with stream cipher) 4 47

5 ...WEP: operation (cont.) Association (ASS): M S ASS, MSaddr, SSid ASS, Aid A P Fig. Association of Mobile Station, MS, to base station, AP (Access Point), in IEEE 's protocol. SSid is the identifier of the group of services requested from AP. Aid is the association's identifier. 5 47

6 ...WEP: operation (cont.) Authentication (AUTH): Open System M S AUTH, OS, 1 AUTH, OS, 2 A P Shared Key AUTH, SK, 1 M S AUTH, SK, R, 2 AUTH, SK, RC4K(R), 3 A P AUTH, SK,

7 ...WEP: operation (cont.) Conversation (DATA): WEP option M S DATA, RC4K(data) DATA, RC4K(data)... A P RC4 stream cipher shared key K used in seed to RC4 engine 64 b seed = IV (24b) + K (40b) IV is visible (and does not change from packet to packet!) 7 47

8 Cipher process in WEP IV K Network Data CRC 32 Network Data ICV RC4 WEP packet data: IV Enciphered Network Data ICV enciphered Fig. Cipher process in WEP. (ICV Integrity Check Value; CRC Cyclic Redundancy Check) 8 47

9 IEEE 's packet format generic fields: protected data part of packet (if W bit active): WEP packet data: IV Enciphered Network Data ICV enciphered 9 47

10 WPA2 improvements (IEEE i 2004) types of usage: WPA Personal (domestic use): WPA2 w/ AES PreShared Key WPA Enterprise: WPA2 w/ EAP TLS and RADIUS server cryptography tricks: key mixing function, better than mere concatenation of secret root key with initialization vector sequence counter, to protect against replay attacks 64 bit Message Integrity Check (MIC) Curiosity: most attacks still are through supplementary system WPS, Wi Fi Protected Setup! Ref.: standards.ieee.org/about/get/802/ html 10 47

11 IPsec Internet Protocol Security multiple services confidentiality, integrity, protection against replay attacks symmetrical and asymmetrical cryptography multiple algorithms possible choice, possible future change multiple granularities TCP connection protection protection of connection between machine pairs protection of connection between routers connection oriented > security association SA 11 47

12 Security Association OSI level: network unidirectional connection identification: security parameter index SPI index for associations table, with all agreed information App... TCP IPsec/IP Data Link... stored info: IP destination address cryptographic algorithms and keys security protocol (AH or ESP) maximum traffic or duration of connection utilization mode (transport, tunnel...) 12 47

13 Security Policies table with instructions for packets' handling (Security Policy Database, SPD) info on sender and receiver receiver includes machine (IPsec on routers) and port typical options: discard packet, apply security services, reroute it table similar to gateways' and firewalls' Example: origin destination port discard reroute * apply IPsec * reroute * * * discard action 13 47

14 IPsec's operation setting of keys: IKE Internet Key Exchange parameter negotiation and mutual authentication setting up of a security association (SA) IKEv1, was unnecessarily complex; current version is 2 (RFC 4306) setting of services (using accorded keys and algorithms) integrity, protection against replay attacks AH Authentication Header protocol confidentiality, integrity, protection against replay attacks ESP Encapsulating Security Payload protocol References: tools.ietf.org/html/rfc[ ] 14 47

15 IPsec: IKE Internet Key Exchange (v2) group of message pair's exchange (UDP, ports 500 or 4500) has 2 phases Phase 1 (IKE_SA): mutual authentication and base agreements IKE_SA_INIT + IKE_AUTH (4 messages is enough!): master key's generation by Diffie Hellman's algorithm mutual authentication (predefined keys or public keys via digital certificates) establishment of a security association (AH ou ESP) Phase 2 (CREATE_CHILD_SA, INFORMATIONAL): setting of additional SAs or exchange of control information message exchanges protected by session keys from Phase 1 multiple possibilities of negotiation and control 15 47

16 IPsec: AH ( Authentication Header) protocol integrity, protection against replay attacks Transport Data IPSec: IPh AH Transport Data authenticated* Fig. Protection by Authentication Header protocol. (* The mutable fields in IP header do not have integrity protection.) in transport mode, as explained below 16 47

17 ...IPsec: AH protocol (cont.) Fig. Utilization of AH protocol (picture enhancing header fields). in transport mode, as explained below 17 47

18 ... IPsec: AH protocol (cont.) Fields of AH: Next header: type of payload header. Examples: IP=4; AH=51; ESP=50; TCP=6; UDP=17. Payload len: length of AH protocol header (in 32b words) 2 Security parameters index: identifier of security association, SA Sequence number: (unique) identifier for all protected packets Authentication data: HMAC of payload (shared key!) Payload + padding: packet net data with padding 18 47

19 IPsec: ESP (Encapsulating Security Payload) protocol integrity, confidentiality, protection against replay attacks Transport Data IPSec: IPh ESPh Enciphered Transport Data ESPt authenticated* enciphered* Fig. Protection by Encapsulating Security Payload protocol. (* Only part of the ESP footer has integrity and confidentiality protection.) in transport mode, as explained below 19 47

20 ...IPsec: ESP protocol (cont.) Security Parameters Index (SPI) ^Auth Cov Sequence Number erage Payload Data* (variable) ^ ~ ~ Conf Cov Padding (0 255 bytes) erage* Pad Length Next Header v v Authentication Data (variable) ~ ~ Fig. Structure of packet protected with ESP protocol (in RFC 2406). (* if included in the Payload field, cryptographic synchronization data, e.g., an Initialization Vector, usually is not encrypted per se) in transport mode, as explained below 20 47

21 ...IPsec: ESP protocol (cont.) Fields of ESP packets: Security parameters index: identifier of SA Sequence number: (unique) identifier of all protected packets Payload + padding: packet net data with padding. With confidential service, includes the initialization vector (IV) for the cipher algorithm. Pad length: number bytes of padding Next header: type of payload header Authentication data: HHMAC of payload (shared key!) 21 47

22 IPsec: Modes of operation (AH and ESP) transport protection of data from Transport layer APP... IPsec needs change in system's Network layer good for endpoint to endpoint communication TCP IPSec... tunnel protection of data from normal Network layer IPsec adds a new (sub Network) layer to system usually is used for protection between gateways so, not between communication endpoints APP... TCP IP IPSec

23 IPsec: modes of operation with AH Transport mode: Transport Data IPSec: IPh AH Tunnel mode: Transport Data IP: IPSec: Transport Data IPh IPh AH Transport Data pre Network Data 23 47

24 IPsec: modes of operation with AH Transport mode: Transport Data IPSec: IPh ESPh Tunnel mode: ESPt Transport Data IP: IPSec: Enciphered Transport Data IPh IPh ESPh Transport Data Enciphered pre Network Data ESPt 24 47

25 SSL Secure Sockets Layer Services mutual authentication integrity protection of communication privacy protection of communication parameter negotiation between parties (client and server) data compression History protocol associated with WWWeb Netscape, 1995 HTTPS = HTTP + SSL SSL version 3, ~ TLS (Transport Layer Security) v.1, but not inter operable! IETF RFC

26 SSL: location in OSI layers HTTP between Application and Transport layer SSL/TLS Session and Presentation TCP Problem: TCP ignores SSL! IP denial of service attack:... insertion of phony SSL packet, although TCP correct, in comm. flow: TCP accepts phony packet, but later rejects the real one SSL will signal error condition and secure channel will have to be restarted! 26 47

27 SSL: protocol structure in time: initial connection (handshake protocol) parameter negotiation and server authentication utilization (record protocol) protected conversation in space : connection control (handshake protocol!) Presentation layer! initial negotiation, alert messages, etc. message exchange support (record protocol!) Session layer! data packaging, ciphering, compression, etc

28 SSL: connection establishment protocol Fig. SSLv3: possible (simplified!) steps of connection establishment protocol

29 ...SSL: connection establishment protocol (cont.) Steps: 1: A sends to server (B) cryptographic proposals and nonce RA. 2: B chooses cryptographic methods and sends A its own nonce RB. 3: B sends its digital certificates (its public key for the chosen authentication algorithm). At this point, B could ask A for a similar identification. But this is seldom done: client authentication is usually done later by the application (and over SSL). 4: B is satisfied, for now... 5: Ciphered with B's public key, A sends a random number (premaster key). A and B can now generate a session key: K = f(premaster key, RA, RB) 6 9: A and B signal each other the starting of ciphering of messages with K 29 47

30 SSL: Connection usage protocol Fig. SSLv3: Protocol for connection usage. The steps are taken by both entities

31 ...SSL (cont.) Exercise: Using the features of program openssl, connect to Web servers with SSL and study the protocol message exchanges. References:

32 SSH Secure Shell Services Authentication, confidentiality and integrity of sessions of remote terminal file transfer port rerouting History SSH, 1995: Tatu Ylönen, TKK Helsinki University of Technology SSH 2, 1996: modularization, protocol negotiation, channel multiplexing, DH... proposed IETF standard, 2006: IETF RFC OpenSSH, free version! (

33 SSH: location in OSI layers OSI between Application and Transport layer Session and Presentation (just like SSL) APP... SSH TCP IP... SSH: protocol stack (~ in space!) Connection: user level services Authentication: of client towards server Transport: basic security services 33 47

34 SSH: connection protocol user level services: point to point security remote terminal file transfer tunneling port forwarding in client and in server forwarding of X11 protocol 34 47

35 SSH: transport protocol basic security services: server authentication (beware of 1st connection!) (Fig) confidentiality (negotiable algorithm) data integrity (negotiable algorithm) session identification (useful to upper layers) perfect forward secrecy ( random temporary session keys!) compression (optional!) Phase 1: Local (Lm) Remote (Rm) n1 has old KRm? accept new KRm? KRm (n1) ; KRm cont. Phase2 / break! SSL authentication protocol for server (practical work)

36 ...SSH: transport protocol (cont.) Important problem does Client know that Server is the real one? + Yes, if he has access to genuine KS! But, does he normally has?

37 SSH: authentication protocol of client towards server: by public key (preferred!) (Fig) by password (most used!) (Fig) by machine (dangerous!) other... Phase 2: Local (Lm) Remote (Rm) ruser1! Authentication protocol for client by password and by public key (practical work). ruser1: pass1 pass1! Phase 2 (alt): ruser1: luser2: Klu2 ; Klu2 ruser1: pass1 pass1? Local (Lm) Remote (Rm) luser2 ; ruser1! n2 Klu2 (n2)! ruser1: luser2: Klu

38 ...SSH (cont.): Exercise: Using the debugging features of ssh, connect to servers and study the protocol message exchanges. References: tools.ietf.org/html/rfc[4250 4] archive.org/getrfc.php?rfc=

39 PEM Privacy Enhanced Mail History has seen better days... (~1990; IETF RFC ) but even then, was never a success would use a centralized PKI (Public Key Infrastructure) > main cause of success failure? Compatibility operates with normal servers is located at the application OSI level does not need OS substitution PEM TCP IP

40 PEM: features confidentiality, authentication and message integrity does not protect headers! (Subject:, To:, From:,...) types of message normal (ignoring PEM) with integrity protection (MIC CLEAR) with Base 64 coding and integrity protection (MIC ONLY) enciphered and with integrity protection (ENCRYPTED) asymmetrical and symmetrical cryptography symmetrical cipher, with session key session key is passed symmetrically or asymmetrically asymmetrical cryptography, with keys from digital certificates digital certificates are passed in messages independence from public key directory service! 40 47

41 S/MIME Secure Multipurpose Internet Mail Extensions consistent way to send and receive secure MIME data provides the cryptographic security services for electronic messaging: authentication message integrity non repudiation of origin (using digital signatures) privacy and data security (using encryption) can be used with traditional mail user agents and any transport mechanism that transports MIME data, such as HTTP...to be continued

42 OpenPGP Open Pretty Good Privacy History original author (PGP): Philip Zimmermann, 1991 private electronic mail for everyone! «If privacy is outlawed, only outlaws will have privacy!» conflict with the government of the United States went on for years ( ) Compatibility identical to PEM's operates with normal servers is located at the application OSI level does not need OS substitution OpenPGP TCP IP

43 OpenPGP: features standard IETF version (RFC 4880) of PGP 's original idea and system goals and operation similar to PEM's: confidentiality, authentication and message integrity (except headers!) asymmetrical and symmetrical cryptography symmetrical cipher, with session key main differences: always used stronger algorithms (RSA, IDEA) also compacts messages the validation of public keys uses an interesting decentralized technique (ring of trust) competitor of S/MIME important free implementation: GPG Gnu Privacy Guard 43 47

44 OpenPGP: public key management the ring of trust each user assigns a certain degree of trust to another user (in the sense that finds he/she to be a reliable key signer!): unknown, none, marginal, total the system calculates the validity of a public key (of an user) based on the assigned trust to the users that have signed unknown, doubtful, valid classically, a key was valid if it was signed by: an user with total trust two users with marginal trust GnuPG allows the fine tuning of the algorithm by considering a key as valid if: a number of users with total trust signed it (default, 1!) a number of users with marginal trust signed it (default, 3) but only if the signature path (number of signed signatures) is limited (less than 5) 44 47

45 (in: The PGP Web of Trust, William Stallings, BYTE, Feb.1995) 45 47

46 Short comparison between OpenPGP, PEM and S/MIME OpenPGP certification of public keys validation of certificates PEM S/MIME directly or through digital certificates through digital certificates through digital certificates up to the user single hierarchy of multiple parallel Certification Authorities* hierarchies hard because relies easy, once the easy, based on PKIX's certification's procedure only on the user (web of hierarchy is established model, with X.509 trust) certificates up to the user complete (a single hierarchy) user chooses the hierarchy to trust security's potential great low great character encoding scheme Radix 64** ~ Base 64 + CRC Base 64 (RFC 1421) ~ Base 64 trust on system * top entity: IPRA Internet Policy Registration Authority ** also known as ASCII Armor 46 47

47 Pointers... The IEEE standards, 2012 IEEE Standards Association The IPsec' IETF RFC, R. Atkinson and others tools.ietf.org/html/rfc1421 The S/MIME's IETF RFC, S. Dusse and others tools.ietf.org/html/rfc4251 The PEM's IETF RFC, John Linn tools.ietf.org/html/rfc4346 The SSH's IETF RFC, 2006 T. Ylonen et al. tools.ietf.org/html/rfc4301 The TLS' IETF RFC, T. Dierks and others standards.ieee.org/about/get/802/ html tools.ietf.org/html/rfc5751 The OpenPGP's IETF RFC, P. Zimmermann and others tools.ietf.org/html/rfc

Virtual Private Network

Virtual Private Network VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Virtual Private Networks

Virtual Private Networks EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,

More information

CSC 6575: Internet Security Fall 2017

CSC 6575: Internet Security Fall 2017 CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture

More information

COSC4377. Chapter 8 roadmap

COSC4377. Chapter 8 roadmap Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7

More information

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality

More information

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries

More information

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security - ISA 656 IPsec IPsec Key Management (IKE) Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

Internet security and privacy

Internet security and privacy Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create

More information

IP Security IK2218/EP2120

IP Security IK2218/EP2120 IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

CS 356 Internet Security Protocols. Fall 2013

CS 356 Internet Security Protocols. Fall 2013 CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5

More information

The EN-4000 in Virtual Private Networks

The EN-4000 in Virtual Private Networks EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission

More information

Network Security: IPsec. Tuomas Aura

Network Security: IPsec. Tuomas Aura Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to

More information

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,

More information

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

More information

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, 1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets

More information

Information Security & Privacy

Information Security & Privacy IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 2 Sept 4, 2013 Key Management Network Security 1 Objectives Understand/explain the issues related to, and

More information

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL

More information

IP Security. Cunsheng Ding HKUST, Kong Kong, China

IP Security. Cunsheng Ding HKUST, Kong Kong, China IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security

More information

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43 0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link

More information

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical

More information

IP Security. Have a range of application specific security mechanisms

IP Security. Have a range of application specific security mechanisms IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security

More information

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved.  Worldwide Education Services Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same

More information

8. Network Layer Contents

8. Network Layer Contents Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular

More information

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1 VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)

More information

IPSec. Overview. Overview. Levente Buttyán

IPSec. Overview. Overview. Levente Buttyán IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

The IPsec protocols. Overview

The IPsec protocols. Overview The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?

More information

Security in IEEE Networks

Security in IEEE Networks Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set

More information

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010 Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction

More information

Introduction to IPsec. Charlie Kaufman

Introduction to IPsec. Charlie Kaufman Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine

More information

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher

More information

Chapter 5: Network Layer Security

Chapter 5: Network Layer Security Managing and Securing Computer Networks Guy Leduc Mainly based on Network Security - PRIVATE Communication in a PUBLIC World C. Kaufman, R. Pearlman, M. Speciner Pearson Education, 2002. (chapters 17 and

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

Network Encryption Methods

Network Encryption Methods Network Encryption Network Encryption Methods CSC362, Information Security Objectives understanding the impact of employing encryption at different protocol layers application layer encryption transport

More information

Lecture 12 Page 1. Lecture 12 Page 3

Lecture 12 Page 1. Lecture 12 Page 3 IPsec Network Security: IPsec CS 239 Computer Software February 26, 2003 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided

More information

Lecture 9: Network Level Security IPSec

Lecture 9: Network Level Security IPSec Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will

More information

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols

More information

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality

More information

EEC-682/782 Computer Networks I

EEC-682/782 Computer Networks I EEC-682/782 Computer Networks I Lecture 25 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB

More information

Lecture 13 Page 1. Lecture 13 Page 3

Lecture 13 Page 1. Lecture 13 Page 3 IPsec Network Security: IPsec CS 239 Computer Software March 2, 2005 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided

More information

The Secure Shell (SSH) Protocol

The Secure Shell (SSH) Protocol The Secure Shell (SSH) Protocol Mario Čagalj University of Split, FESB Introduction What is SSH? SSH is a protocol for secure remote login and other secure network services over an insecure network (RFC

More information

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet

More information

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples ACSC424 NETWORK APPLICATION PROGRAMMING Kyriacou E. Frederick University Cyprus communication examples The OSI reference model (proposed by ISO) Application A Application B 2 Application Application Presentation

More information

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48 I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction

More information

IPSec Transform Set Configuration Mode Commands

IPSec Transform Set Configuration Mode Commands IPSec Transform Set Configuration Mode Commands The IPSec Transform Set Configuration Mode is used to configure IPSec security parameters. There are two core protocols, the Authentication Header (AH) and

More information

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014 Network Security: IPsec Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 2 IPsec: Architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects

More information

Internet security and privacy

Internet security and privacy Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution

More information

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University Chapter 6 IP Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. IP Security Overview 2. IP Security Architecture 3.

More information

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009 VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A

More information

14. Internet Security (J. Kurose)

14. Internet Security (J. Kurose) 14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

IPSec Transform Set Configuration Mode Commands

IPSec Transform Set Configuration Mode Commands IPSec Transform Set Configuration Mode Commands The IPSec Transform Set Configuration Mode is used to configure IPSec security parameters. There are two core protocols, the Authentication Header (AH) and

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 9 Encryption and Firewalls By Whitman, Mattord & Austin 2008 Course Technology Learning Objectives Describe the role encryption

More information

Introduction and Overview. Why CSCI 454/554?

Introduction and Overview. Why CSCI 454/554? Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book

More information

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4

More information

IPSec Network Applications

IPSec Network Applications This chapter describes several methods for implementing IPSec within various network applications. Topics discussed in this chapter include: Implementing IPSec for PDN Access Applications, page 1 Implementing

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 19 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources

More information

BCA III Network security and Cryptography Examination-2016 Model Paper 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1 Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct

More information

Chapter 6: Security of higher layers. (network security)

Chapter 6: Security of higher layers. (network security) Chapter 6: Security of higher layers (network security) Outline TLS SET 1. TLS History of TLS SSL = Secure Socket Layer defined by Netscape normalized as TLS TLS = Transport Layer Security between TCP

More information

EEC-682/782 Computer Networks I

EEC-682/782 Computer Networks I EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below.

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below. IKEv2 and Smart Objects (Tero Kivinen ) 1.0 Introduction This document tells what minimal IKEv2 implementation could look like. Minimal IKEv2 implementation only supports initiator end

More information

Lecture 10: Communications Security

Lecture 10: Communications Security INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Introduction Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The

More information