communication networks ii
play

Communication Networks II www.kom.tu-darmstadt.de www.httc.de - PowerPoint PPT Presentation

Feb 09, 2024 •1.98k likes •2.54k views

Communication Networks II www.kom.tu-darmstadt.de www.httc.de Security Prof. Dr.-Ing. Ralf Steinmetz TU Darmstadt - Darmstadt University of Technology, Dept. of Electrical Engineering and Information Technology, Dept. of Computer Science KOM -

  1. Communication Networks II www.kom.tu-darmstadt.de www.httc.de Security Prof. Dr.-Ing. Ralf Steinmetz TU Darmstadt - Darmstadt University of Technology, Dept. of Electrical Engineering and Information Technology, Dept. of Computer Science KOM - Multimedia Communications Lab Merckstr. 25, D-64283 Darmstadt, Germany, Ralf.Steinmetz@KOM.tu-darmstadt.de Tel.+49 6151 166151, Fax. +49 6151 166152 httc - Hessian Telemedia Technology Competence-Center e.V Merckstr. 25, D-64283 Darmstadt, Ralf.Steinmetz@httc.de security_e.fm 1 17.January.05

  2. Scope www.kom.tu-darmstadt.de www.httc.de KN III (Mobile Networking), Distributed Multimedia Systems ( MM I and MM II ), Telecooperation II,III. ...; Embedded Systems Terminal Inst.-Msg. Applications IP-Tel. Peer-to- access access E-mail Peer Web File L5 Application Layer SIP & H.323 (Anwendung) Transport Layer Internet: Transport Netw. Transitions L4 UDP, TCP, SCTP QoS - RTP (Transport) Addressing Security Network Layer Internet: Network L3 IP QoS (Vermittlung) Data Link Layer LAN, MAN L2 High-Speed LAN (Sicherung) Physical Layer L1 Queueing Theory & Network Calculus (Bitübertragung) Introduction Legend: KN I KN II security_e.fm 2 17.January.05

  3. Overview www.kom.tu-darmstadt.de www.httc.de 1. Introduction 2. Cryptographical Methods/Implementations 3. Secure Communication 4. Network Access Control - Firewalls 5. Conclusion security_e.fm 3 17.January.05

  4. 1. Introduction www.kom.tu-darmstadt.de www.httc.de Service requirements for success • Functionality, economic efficiency, ... • Trust in • Availability, reliability, predictability, SECURITY , ... ⇒ Security is one necessary feature for a service to become successful Example: security requirements for a mail service Internet Clients Mailserver User Provider • User view: who is reading my mail? solution: ENCRYPTION of mails (e.g. PGP) • Provider view: who is using the mail service (billing)? solution: ACCESS CONTROL to the mail server ⇒ Users need privacy, provider needs billing ⇒ Different (maybe contradicting) SECURITY GOALS security_e.fm 4 17.January.05

  5. 1.1 Security Goals www.kom.tu-darmstadt.de www.httc.de Focus of the lecture is on communication networks ⇒ Security goals defined in the context of communication networks Goals: Only sender and receiver should be able to read a • CONFIDENTIALITY message. ⇒ prevent unauthorized data access It should be possible for the receiver of a • AUTHENTICATION message to ascertain its origin; an intruder should not be able to masquerade as someone else. ⇒ proof of the identity of the originator It should be possible for the receiver of a • INTEGRITY message to verify that it has not been modified in transit; an intruder should not be able to substitute a false message for a legitimate one. ⇒ proof that data is unchanged • NON - REPUDIATION A sender should not be able to falsely deny later that he sent a message. ⇒ guarantee communication liability security_e.fm 5 17.January.05

  6. 1.2 Attacker www.kom.tu-darmstadt.de www.httc.de Some possible attackers • (Defective) software • A software or system influences the behavior of an other system • Examples: mail server with a mail loop ( D O S attack), P2P software consuming all available bandwidth • (Stupid) user • User might attack a system without knowing it (accident) • User might be angry because he was fired 5 minutes ago • Examples: deleting files on the file server, P2P software scanning for network nodes • Hacker • A hacker tries to get control over a system or to destroy a system • Examples: get control over a file server to distribute hacked software kill the www server of an unloved company • Spies • People from an competing company/country • Examples: get a copy of the new marketing campaign, have a look at the new patent applications, read the mail of the president ⇒ Most attackers affect the systems, not the information (spies are rare) security_e.fm 6 17.January.05

  7. 1.3 Attacks www.kom.tu-darmstadt.de www.httc.de Attacker • External, internal Attacks • Passive attacks, active attacks, Denial of Service (DoS) attacks Different points of attack in distributed systems Internet Intranet external, internal, active passive external, DoS Attack Communication security_e.fm 7 17.January.05

  8. Passive Attacks www.kom.tu-darmstadt.de www.httc.de Passive attacks (examples) • Sniffing Alice 1. Read all packets 2. Select interesting packets using protocol information (IP address, Ports, ...) 3. Checking data part • Message traffic analysis 1. Who communicates with whom 2. What are the traffic parameters Bob (time, amount, size and frequency of messages, ...) Example: Ethernet 3. Conclusions regarding message contents Tools • Sniffer Pro • Sniffit • Tcpdump • dsniff security_e.fm 8 17.January.05

  9. Active Attacks www.kom.tu-darmstadt.de www.httc.de Active attacks (examples) • Interruption Alice • E.g. deleting messages • Modification of messages • E.g. man in the middle • Fabrication of messages • E.g. replay of old messages or generation of new messages (spoofing) • E.g. sending login requests to a server • ..... man in the middle Tools • ipspoof • mandax • dsniff Bob security_e.fm 9 17.January.05

  10. Denial of Service Attacks www.kom.tu-darmstadt.de www.httc.de Denial of service attacks (examples) • TCP SYNC Flooding • UDP Packet Storm • Ping Flooding • E-Mail Bombing • IP Fragmentation Distributed Denial of service attacks • Controlled combination of many attackers • Well known DDoS attacks • DNS • HTTP Tools Bob • "Stacheldraht" • Tribe Flood Network • Shaft • M Stream security_e.fm 10 17.January.05

  11. 1.4 Attack Example www.kom.tu-darmstadt.de www.httc.de Example: DNS spoofing "good case" 1 2 3 DNS server (bank.com) DNS server (home.com) 4 INTRANET INTERNET INTRANET www.bank.com host1.home.com / 192.168.128.73 / 192.168.1.11 5 1. Host1 sends a DNS request to its local DNS server and asks for the IP address of www.bank.com. 2. The DNS server can not resolve the request and forwards the request to the DNS server of bank.com. 3. The DNS server is capable to resolve the request and sends the IP address (192.168.128.73) back to the requesting DNS server. 4. The home.com DNS server sends the answer to host1. 5. Host1 is now able to communicate with www.bank.com. security_e.fm 11 17.January.05

  12. Attack Example www.kom.tu-darmstadt.de www.httc.de Example: DNS spoofing "bad case" 4 2 DNS server (bank.com) DNS server (home.com) 5 3 INTRANET INTERNET INTRANET www.bank.com 1 host1.home.com / 192.168.128.73 / 192.168.1.11 6 www.attack.com / 192.168.129.73 attack1.attack.com 1. Attack1 sends a DNS request to the home.com DNS server and asks for the IP address of www.bank.com. 2. The DNS server can not resolve the request and forwards the request to the DNS server of bank.com. 3. Attack1 creates a fake DNS packet. The UDP packet uses the source address of the DNS server of bank.com. The information contained in the packet is www.bank.com = 192.168.129.73 (www.attack.com). This information is accepted by the home.com DNS server. The information is cached! 4. Host1 sends a DNS request to its local DNS server and asks for the IP address of www.bank.com. 5. The home.com DNS server sends the answer to host1 (192.168.129.73!!). 6. Host1 now connects to www.attack.com and thinks it is www.bank.com. The user types in his password/pin/tan which can now be used by the attacker. security_e.fm 12 17.January.05

  13. 1.5 Summary www.kom.tu-darmstadt.de www.httc.de Security problem • It is not possible to proof that a system is secure • It is only possible to proof that a system is insecure Building secure systems • Usage of well known methods/components • Monitor the security of a system • Adapt the system to new threats (attackers learn!) ⇒ Security is an ongoing process Basic building blocks • Cryptographical methods/implementations • All other methods/implementations of KN I and KN II (protocols, devices, ...) Methods/Implementations • Secure communication: PPTP, IPSec, SSL, ... • Network access control: Firewalls, NAT • ... security_e.fm 13 17.January.05

  14. 2. Cryptographical Methods/Implementations www.kom.tu-darmstadt.de www.httc.de Cryptography • Science dealing with the encryption and decryption of messages Encryption • Transformation of plain text into coded / cipher text Decryption • Re-transformation of cipher text into plain text Basic elements • Hash functions • Cryptographical procedures (encryption/decryption) • Symmetric cryptographical procedures • Asymmetric cryptographical procedures • Digital signatures • Digital certificates security_e.fm 14 17.January.05

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

COMMUNICATION NETWORKS ECE 422 DATA COMMUNICATION & COMPUTER NETWORKS Wednesday, 12

COMMUNICATION NETWORKS ECE 422 DATA COMMUNICATION & COMPUTER NETWORKS Wednesday, 12

MULTIPLE ACCESS IN COMMUNICATION NETWORKS ECE 422 DATA COMMUNICATION & COMPUTER NETWORKS Wednesday, 12 February 2020 1 WHERE ARE WE IN THE SYLLABUS? Course Content: Introduction: Overview of Data Communications and Networking. Physical

922 views • 52 slides
3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

EPFL, Spring 2017 3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1 Field bus principles 3.2 Field bus operation 3.3 Standard field busses 3.4 Industrial wireless communication Industrial

1.26k views • 87 slides
Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication Networks i i i i N N k k Nicola Elia Joint work with Jing Wang D Dept. of Electrical and Computer Engineering t f El t i l d C t E i i

833 views • 42 slides
Information, Computation, and Communication Networks 1 ICC Module Systems Networks

Information, Computation, and Communication Networks 1 ICC Module Systems Networks

ICC Module Systems Networks Information, Computation, and Communication Networks 1 ICC Module Systems Networks Computer Networks 2 ICC Module Systems Networks Outline Communication protocols Packet switching Protocol

1.17k views • 82 slides
Networks Eric McCreath Networks A communication networks provides the means by which computers

Networks Eric McCreath Networks A communication networks provides the means by which computers

Networks Eric McCreath Networks A communication networks provides the means by which computers can transfer information to and from other computing devices. The Internet has become the most extensive network for computers to communicated

635 views • 6 slides
Communication Systems GSM University of Freiburg Computer Science Computer Networks and

Communication Systems GSM University of Freiburg Computer Science Computer Networks and

Communication Systems GSM University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

742 views • 35 slides
Communication Systems RTP-QoS University of Freiburg Computer Science Computer Networks and

Communication Systems RTP-QoS University of Freiburg Computer Science Computer Networks and

Communication Systems RTP-QoS University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

883 views • 41 slides
Communication Systems SIP University of Freiburg Computer Science Computer Networks and

Communication Systems SIP University of Freiburg Computer Science Computer Networks and

Communication Systems SIP University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

533 views • 28 slides
Communication Systems SSL University of Freiburg Computer Science Computer Networks and

Communication Systems SSL University of Freiburg Computer Science Computer Networks and

Communication Systems SSL University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

557 views • 24 slides
SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Millimeter Wave Communication in 5G Wireless Networks By: Niloofar Bahadori Advisors: Dr. J.C.

Millimeter Wave Communication in 5G Wireless Networks By: Niloofar Bahadori Advisors: Dr. J.C.

Millimeter Wave Communication in 5G Wireless Networks By: Niloofar Bahadori Advisors: Dr. J.C. Kelly, Dr. B Kelley Outline 5G communication Networks Why we need to move to higher frequencies? What are the characteristics of mmWave

449 views • 16 slides
Chapter 1 Communication Networks and Services Networks and Services Network Architecture and

Chapter 1 Communication Networks and Services Networks and Services Network Architecture and

Chapter 1 Communication Networks and Services Networks and Services Network Architecture and Services Telegraph Networks & Message Switching Telephone Networks and Circuit Switching Computer Networks & Packet Switching Future Network

357 views • 17 slides
Communication Systems IPSec University of Freiburg Computer Science Computer Networks and

Communication Systems IPSec University of Freiburg Computer Science Computer Networks and

Communication Systems IPSec University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

496 views • 20 slides
Communication Systems UMTS University of Freiburg Computer Science Computer Networks and

Communication Systems UMTS University of Freiburg Computer Science Computer Networks and

Communication Systems UMTS University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

761 views • 56 slides
Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

909 views • 39 slides
Communication Systems Cryptography University of Freiburg Computer Science Computer Networks

Communication Systems Cryptography University of Freiburg Computer Science Computer Networks

Communication Systems Cryptography University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in

479 views • 18 slides
MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One

MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One Year Later http://www.cs.stanford.edu/~iliano CS Department, UMBC

679 views • 29 slides
Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17, 2014 Recap & outline Security is hard Cryptography is not security No "security through obscurity" Today:

924 views • 39 slides
Practical Invalid Curve Attacks on TLS-ECDH Tibor Jager, Jrg Schwenk, Juraj Somorovsky Horst

Practical Invalid Curve Attacks on TLS-ECDH Tibor Jager, Jrg Schwenk, Juraj Somorovsky Horst

Practical Invalid Curve Attacks on TLS-ECDH Tibor Jager, Jrg Schwenk, Juraj Somorovsky Horst Grtz Institute for IT Security Ruhr University Bochum @jurajsomorovsky 1 Pract actical ical Inva valid d Ellip iptic Curve ve Attack acks

1.45k views • 32 slides
A Perfect Memory: Key Compromise in an Efficiency-centric World Britta Hale NTNU, Norwegian

A Perfect Memory: Key Compromise in an Efficiency-centric World Britta Hale NTNU, Norwegian

A Perfect Memory: Key Compromise in an Efficiency-centric World Britta Hale NTNU, Norwegian University of Science and Technology A Perfect Memory.... Britta Hale | Crypto vs. Mass Surveillance Workshop Facebook Google Lule, Sweden Britta

1.04k views • 18 slides
A Comparative Review of HTTP/1.1, HTTP/2 & HTTP/3 December 3, 2018 Nancy Mogire WHAT

A Comparative Review of HTTP/1.1, HTTP/2 & HTTP/3 December 3, 2018 Nancy Mogire WHAT

A Comparative Review of HTTP/1.1, HTTP/2 & HTTP/3 December 3, 2018 Nancy Mogire WHAT The Hypertext Transfer Protocol (HTTP) WHAT a stateless application-level protocol for distributed, collaborative, hypertext

749 views • 23 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides University of Patras Outline Sequential hypothesis testing The Sequential Probability Ratio Test (SPRT) for optimum hypothesis testing

393 views • 27 slides
Image-based change detection to reduce false alarms in the Vision1200 synthetic aperture sonar

Image-based change detection to reduce false alarms in the Vision1200 synthetic aperture sonar

Image-based change detection to reduce false alarms in the Vision1200 synthetic aperture sonar Dr. C. Erdmann and Dr. J. Groen a sound decision a sound decsion The ATLAS ELEKTRONIK Group/ 1 Image-based Change Detection Content

787 views • 36 slides

More recommend