Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Similar documents
Security in Distributed Systems. Network Security

Security: Focus of Control. Authentication

Security: Focus of Control

Recovery. Independent Checkpointing

14. Internet Security (J. Kurose)

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Encryption. INST 346, Section 0201 April 3, 2018

Distributed Systems. Lecture 14: Security. 5 March,

Internet and Intranet Protocols and Applications

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Computer Communication Networks Network Security

CS 332 Computer Networks Security

WAP Security. Helsinki University of Technology S Security of Communication Protocols

(2½ hours) Total Marks: 75

Transport Level Security

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CSC 8560 Computer Networks: Network Security

Overview. SSL Cryptography Overview CHAPTER 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

L13. Reviews. Rocky K. C. Chang, April 10, 2015

E-commerce security: SSL/TLS, SET and others. 4.1

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Configuring SSL Security

Verteilte Systeme (Distributed Systems)

Computer Networks. Wenzhong Li. Nanjing University

2.1 Basic Cryptography Concepts

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Chapter 4: Securing TCP connections

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Information Security CS 526

Ref:

Security: Cryptography

Chapter 8 Network Security

UNIT - IV Cryptographic Hash Function 31.1

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

CSC 474/574 Information Systems Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

AIT 682: Network and Systems Security

Authentication Part IV NOTE: Part IV includes all of Part III!

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Introduction to Cryptography. Ramki Thurimella

Auth. Key Exchange. Dan Boneh

Security in ECE Systems

CPSC 467: Cryptography and Computer Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

COSC4377. Chapter 8 roadmap

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

David Wetherall, with some slides from Radia Perlman s security lectures.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

CSC 774 Network Security

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CSC/ECE 774 Advanced Network Security

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

SECURITY IN NETWORKS

Introduction and Overview. Why CSCI 454/554?

First Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Cryptography and Network Security

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Most Common Security Threats (cont.)

Potential Security Violations CSE 513: Distributed Systems (Security)

Grenzen der Kryptographie

CIS 6930/4930 Computer and Network Security. Final exam review

CS Computer Networks 1: Authentication

Systems and Network Security (NETW-1002)

Computer Security Fall 2006 Joseph/Tygar MT 1 Solutions

SSL/TLS. How to send your credit card number securely over the internet

CPSC 467b: Cryptography and Computer Security

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Cryptography (Overview)

SECURITY IN NETWORKS 1

Information Security & Privacy

Chapter 6: Security of higher layers. (network security)

Cryptography. Intercepting Information Scenario 1. Tuesday, December 9, December 9, Wireless broadcasts information using radio signals

Chapter 8 Web Security

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

KALASALINGAM UNIVERSITY

CS November 2018

Chapter 9. Public Key Cryptography, RSA And Key Management

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Lecture 1 Applied Cryptography (Part 1)

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Transcription:

Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2

1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed systems based on local networks The Internet, widearea services The Internet + mobile devices Shared resources Memory, files Local services (e.g. Email, web sites, NFS), local networks Internet commerce Distributed objects, mobile code Security requirements User identification and Protection of services Strong security for authentication commercial transactions Access control for individual objects, secure mobile code Security management environment Single authority, single authorization database (e.g. /etc/ passwd) Single authority, delegation, replicated authorization databases (e.g. NIS) Many authorities, no network-wide authorities Per-activity authorities, groups with shared responsibilities Lecture 15 Page 3

Copy of m Process p m The enemy m Communication channel Process q Attacks On applications that handle financial transactions or other information whose secrecy or integrity is crucial Enemy (or adversary) Threats To processes, to communication channels, denial of service Lecture 15 Page 4

Eavesdropping: Obtain private or secret information Masquerading Assume the identity of another user Message tampering Alter the content of messages in transit Replaying Man-in-the-middle attack Store secure msgs and send them at a later data Denial of service Flood a channel or other resources, denying access to others Lecture 15 Page 5

Principal A The enemy Cryptography Principal B Process p Secure channel Process q Properties: Each proc is sure of the identity of the other Data is private and protected against tampering Protection against repetition and reordering of data Important issues: Cryptography Authentication Lecture 15 Page 6

plaintext: unencrypted message ciphertext: encrypted form of message Intruder may intercept ciphertext transmission intercept plaintext/ciphertext pairs obtain encryption decryption algorithms Lecture 15 Page 7

Substitution cipher: abcdefghijklmnopqrstuvwxyz poiuytrewqasdfghjklmnbvczx replace each plaintext character in message with matching ciphertext character: plaintext: Charlotte, my love ciphertext: iepksgmmy, dz sgby Lecture 15 Page 8

key is pairing between plaintext characters and ciphertext characters 26! (approx 10^26) different possible keys: unlikely to be broken by random trials substitution cipher subject to decryption using observed frequency of letters 'e' most common letter, 'the' most common word Lecture 15 Page 9

Separate encryption/decryption keys Receiver makes known (!) its encryption key Receiver keeps its decryption key secret To send to receiver B: To decrypt: Lecture 15 Page 17

Knowing encryption key does not help with decryption; decryption is a non-trivial inverse of encryption Only receiver can decrypt message Question: good encryption/decryption algorithms Lecture 15 Page 18

RSA: a public key algorithm for encrypting/decrypting Entity wanting to receive encrypted messages: to break RSA: need to know p, q, given pq=n, n known factoring 200 digit n into primes takes 4 billion years using known methods Lecture 15 Page 19

Question: how does a receiver know that remote communicating entity is who it is claimed to be? Lecture 16 Page 27

Ap 1.0 Alice to Bob: I am Alice Problem:? Ap 2.0 Authenticate source IP address is from Alice s machine Problem:? Ap 3.0: use a secret password Alice to Bob: I am Alice, here is my password (e.g., telnet) Problem:? Lecture 16 Page 28

Lecture 16 Page 42

Firewall: network components (host/router+software) sitting between inside ("us") and outside ("them) Packet filtering firewalls: drop packets on basis of source or destination address (i.e., IP address, port) Application gateways: application specific code intercepts, processes and/or relays application specific packets e.g., email of telnet gateways application gateway code can be security hardened can log all activity Lecture 16 Page 43

SSL: Developed by Netscape Provides data encryption and authentication between web server and client SSL lies above the transport layer Features: SSL server authentication Encrypted SSL session SSL client authentication Lecture 16 Page 46

changes the secure channel to a new spec SSL negotiates cipher Handshake suite, exchanges protocol certificates and key masters implements the secure channel SSL Change Cipher Spec SSL Alert Protocol SSL Record Protocol HTTP Telnet Transport layer (usually TCP) Network layer (usually IP) SSL protocols: Other protocols: Lecture 16 Page 47 *

Protocol: https instead of http Steps? Browser -> Server: B s SSL version and preferences S->B: S s SSL version, preferences, and certificate Certificate: server s RSA public key encrypted by CA s private key B: uses its list of CAs and public keys to decrypt S s public key B->S: generate K, encrypt K with with E S B->S: future messages will be encrypted, and K(m) S->B: future messages will be encrypted, and K(m) SSL session begins Lecture 16 Page 48

key concerns: encryption authentication key exchange also: increasingly an important area as network connectivity increases digital signatures, digital cash, authentication, increasingly important an important social concern further reading: Crypto Policy Perspectives: S. Landau et al., Aug 1994 CACM Internet Security, R. Oppliger, CACM May 1997 www.eff.org Lecture 16 Page 55

Advanced Operating Systems 56

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback