cs 356 lecture 27 internet security protocols
play

CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review - PowerPoint PPT Presentation

Oct 25, 2022 •369 likes •685 views

CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

  1. CS 356 – Lecture 27 Internet Security Protocols Spring 2013

  2. Review • Chapter 1: Basic Concepts and Terminology • Chapter 2: Basic Cryptographic Tools • Chapter 3 – User Authentication • Chapter 4 – Access Control Lists • Chapter 5 – Database Security (skipped) • Chapter 6 – Malicious Software • Networking Basics (not in book) • Chapter 7 – Denial of Service • Chapter 8 – Intrusion Detection • Chapter 9 – Firewalls and Intrusion Prevention • Chapter 10 – Buffer Overflow • Chapter 11 – Software Security • Chapter 12 – OS Security • Chapter 22 – Internet Security Protocols

  3. Chapter 22 Internet Security Protocols and Standards

  4. MIME and S/MIME MIME S/MIME • extension to the old RFC • Secure/Multipurpose 822 specification of an Internet Mail Extension Internet mail format • security enhancement to – RFC 822 defines a simple the MIME Internet e-mail heading with To, From, format Subject – based on technology from – assumes ASCII text format RSA Data Security – provides a number of new – provides the ability to sign header fields that define and/or encrypt e-mail information about the body of messages the message

  5. MIME Content Types

  6. S/MIME Content Types

  7. Typical S/MIME Process Bob's private Alice's public One-time key key session key DhYz949avHVA t5UpjUXn8L79o ADnluV3vpuhE HMEcMBB1K9 This is an This is an Y8ZoJOYAmF2 S/MIME S/MIME BsIpLbjDkNJQR message from message from j98IklSSmju650 Bob to Alice. Bob to Alice. SoDlFkYYtTqw Bob will sign Bob will sign po9812KKlmHx and encrypt the and encrypt the cFGIU8700qQrR message before message before sdfgIUYTp0m8 sending it to sending it to H7G4FF32jkoN NNmj78uqwplH Plaintext message Digital signature Message with Encrypted copy Document converted (unisigned) added signature encrypted of session key to Radix-64 format (DSS/SHA) with one-time added session key (El Gamal) (Triple DES) Figure 22.1 Typical S/MIME Process

  8. S/MIME Cryptographic Algorithms • default algorithms used for signing messages are DSS and SHA-1 • RSA public-key encryption algorithm can be used with SHA-1 or the MD5 message digest algorithm for forming signatures • radix-64 or base64 mapping is used to map the signature and message into printable ASCII characters

  9. S/MIME Public Key Certificates • default algorithms used for encrypting S/ MIME messages are 3DES and EIGamal – EIGamal is based on the Diffie-Hellman public- key exchange algorithm • if encryption is used alone radix-64 is used to convert the ciphertext to ASCII format • basic tool that permits widespread use of S/MIME is the public-key certificate • S/MIME uses certificates that conform to the international standard X.509v3

  10. S/MIME Functions signed and enveloped clear- enveloped signed data data signed data data encrypted cleartext encoded nesting of content message + message + signed and and encoded signed encrypted associated signed digest entities keys digest

  11. DomainKeys Identified Mail (DKIM) • specification of cryptographically signing e-mail messages permitting a signing domain to claim responsibility for a message in the mail stream • proposed Internet Standard (RFC 4871: DomainKeys Identified Mail (DKIM) Signatures) • has been widely adopted by a range of e-mail providers

  12. Message transfer Message transfer Message transfer agent (MTA) agent (MTA) agent (MTA) SMTP SMTP (SMTP, SMTP local) Mail submission Mail delivery Message handling agent (MSA) agent (MDA) system (MHS) (SMTP, Internet SMTP local) Mail Message user Message store Message agent (MUA) (MS) Architecture author (IMAP, POP, local) Message Message user recipient agent (MUA) Figure 22.2 Function Modules and Standardized Protocols Used Between Them

  13. SMTP MTA MTA SMTP SMTP DNS Public key query/response MDA MSA DNS Example of Signer Verifier POP, IMAP SMTP DKIM Deployment MUA MUA Mail delivery Mail origination network network DNS = domain name system MDA = mail delivery agent MSA = mail submission agent MTA = message transfer agent MUA = message user agent Figure 22.3 Simple Example of DKIM Deployment

  14. Secure Sockets Layer (SSL) • one of the most widely used security services two implementation • general-purpose service choices: implemented as a set of protocols that rely on TCP provided as part • subsequently became of the underlying Internet standard protocol suite RFC2246: Transport Layer Security (TLS) embedded in specific packages

  15. SSL Protocol Stack SSL SSL Change SSL Alert HTTP Handshake Cipher Spec Protocol Protocol Protocol SSL Record Protocol TCP IP Figure 22.4 SSL Protocol Stack

  16. SSL Record Protocol Operation Application Data Fragment Compress Add MAC Encrypt Append SSL Record Header Figure 22.5 SSL Record Protocol Operation

  17. SSL Change Cipher Spec Protocol • one of three SSL specific protocols that use the SSL Record Protocol • is the simplest • consists of a single message which consists of a single byte with the value 1 • sole purpose of this message is to cause pending state to be copied into the current state • hence updating the cipher suite in use

  18. SSL Alert Protocol conveys SSL-related alerts alert messages are to peer entity compressed and encrypted if the level is fatal, SSL immediately terminates the connection first byte takes the value warning (1) or fatal (2) to convey the severity of the message other connections on the same session may continue, each message consists of but no new connections on two bytes: this session may be established second byte contains a code that indicates the specific alert

  19. SSL Handshake Protocol • most complex part of SSL • is used before any application data are transmitted • allows server and client to: negotiate negotiate authenticate encryption cryptographic each other and MAC keys to be algorithms used • comprises a series of messages exchanged by client and server • exchange has four phases

  20. Client Server c l i e n t _ h e l l o Phase 1 Establish security capabilities, including protocol version, session ID, cipher suite, SSL e ll o h _ e r compression method, and initial random v r s e numbers. c ate f i r t i c e Handshake e n g a h c e y_ex _ k e r e r v Phase 2 s Server may send certificate, key exchange, e st q u e e _ r a t c and request certificate. Server signals end i fi t r c e of hello message phase. Protocol se r v er _ h e llo_ d one Time c e r ti f i c a t e c li e nt_key_exc ha n g e Phase 3 Client sends certificate if requested. Client sends key exchange. Client may send c e r t i f i c a t e certificate verification. _ v e r i f y c h a n g e _ c i p h e r _ s p e c f in is hed Phase 4 Change cipher suite and finish c h a nge _c ip he r _s p e c handshake protocol. h ed i s n f i Note: Shaded transfers are optional or situation-dependent messages that are not always sent. Figure 22.6 Handshake Protocol Action

  21. HTTPS (HTTP over SSL) • combination of HTTP and SSL to implement secure communication between a Web browser and a Web server • built into all modern Web browsers – search engines do not support HTTPS – URL addresses begin with https:// – documented in RFC 2818, HTTP Over TLS – agent acting as the HTTP client also acts as the TLS client – closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection

  22. IP Security (IPsec) • various application security mechanisms – S/MIME, PGP, Kerberos, SSL/HTTPS • security concerns cross protocol layers • would like security implemented by the network for all applications • authentication and encryption security features included in next-generation IPv6 • also usable in existing IPv4

  23. IPsec • general IP • Provides: security mechanism s authentication confidentiality key management • assures that a • enables • provides the received packet communicating • concerned with was, in fact, nodes to encrypt capability to the secure transmitted by the messages to exchange of keys secure party identified as prevent • provided by the communications the source in the eavesdropping by Internet exchange packet header and third parties across a LAN, standard IKEv2 that the packet across private has not been and public altered in transit WANs, and across the Internet

  24. IPsec Uses

  25. Benefits of IPsec • when implemented in a firewall or router, it provides strong security to all traffic crossing the perimeter • in a firewall it is resistant to bypass • below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • secures routing architecture

  26. The Scope of IPsec provides two main functions: • a combined authentication/ VPNs want encryption function both called Encapsulating Security Payload authentication (ESP) and • key exchange encryption function also an authentication- specificatio only function, n is quite implemented using an complex Authentication Header • numerous (AH) RFC’s 2401/4302/430 • because message 3/4306 authentication is provided by ESP, the use of AH is included in IPsecv3 for backward compatibility but should not be used in new applications

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery cryptosystems Computer Security Designing secure protocols February 10, 2003 Basic protocols Key exchange Lecture 8 Lecture 8 Page 1 Page

148 views • 10 slides
Networking and the Internet Lecture 4 COMPSCI.111 Todays lecture u History of the

Networking and the Internet Lecture 4 COMPSCI.111 Todays lecture u History of the

Networking and the Internet Lecture 4 COMPSCI.111 Todays lecture u History of the Internet u How the Internet works u Network protocols The telephone u 1876: first successful bi-directional transmission of clear speech by Alexander Bell

534 views • 29 slides
CompSci 514: Computer Networks Lecture 3: The Design Philosophy of the DARPA Internet Protocols

CompSci 514: Computer Networks Lecture 3: The Design Philosophy of the DARPA Internet Protocols

CompSci 514: Computer Networks Lecture 3: The Design Philosophy of the DARPA Internet Protocols Xiaowei Yang xwy@cs.duke.edu Overview The Design Philosophy of the DARPA Internet Protocols What are the important goals How prioritizing

527 views • 37 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
1 Transport Layer Layer Protocols Protocols Transport Entire network seen as a pipe ...

1 Transport Layer Layer Protocols Protocols Transport Entire network seen as a pipe ...

Lecture 2 Lecture 2- -bis. bis. Internet Transport Internet Transport Protocols Protocols As seen by the application developer As seen by the application developer point of view point of view G. Bianchi, G. Neglia The primary primary

611 views • 18 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia:

CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia:

CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia: http://en.wikipedia.org/wiki/Internet a connection of computer networks using the Internet Protocol (IP) layers of communication protocols: IP TCP/UDP

218 views • 18 slides
CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia:

CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia:

CSE 154 LECTURE 1: BASIC HTML AND CSS The Internet Wikipedia: http://en.wikipedia.org/wiki/Internet a connection of computer networks using the Internet Protocol (IP) layers of communication protocols: IP TCP/UDP

384 views • 12 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Provable security of Internet cryptography protocols Douglas Stebila Based on joint works with

Provable security of Internet cryptography protocols Douglas Stebila Based on joint works with

Provable security of Internet cryptography protocols Douglas Stebila Based on joint works with Florian Bergsma, Katriel Cohn-Gordon, Cas Cremers, Ben Dowling, Marc Fischlin, Felix Gnther, Luke Garratt, Florian Kohlar, Jrg Schwenk Funding

899 views • 72 slides
Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols

Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols

Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols that form the rules for how communications should happen The Internet is a network of networks. There is no centralized point. There are no

763 views • 34 slides
Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239 Verifying security protocols Computer Security February 4, 2004 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004

297 views • 11 slides
COMP 431 Internet Services & Protocols Please sit in the front of the classroom (first

COMP 431 Internet Services & Protocols Please sit in the front of the classroom (first

COMP 431 Internet Services & Protocols Please sit in the front of the classroom (first couple of rows) There are 3 handouts for today: Course outline/syllabus Lecture 0 slides HW 1 description Please download a copy

424 views • 11 slides
Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Topics Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture 24 Phishing 13/11/2008 Firewall Censorship of the Internet 2 Examples Hacking or Cracking Virus Cracking = Subverting

462 views • 6 slides
Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2

Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2

October 18, 2016 Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2 Technical University of Madrid madrid institute for advanced studies in software development technologies www.software.imdea.org Goal:

401 views • 25 slides
A robust SNMP based Infrastructure for Intrusion Detection and Response in tactical MANETs

A robust SNMP based Infrastructure for Intrusion Detection and Response in tactical MANETs

A robust SNMP based Infrastructure for Intrusion Detection and Response in tactical MANETs Sascha Lettgen University of Bonn, Germany Inst. of Computer Science IV Marko Jahnke, Jens Tlle, Uwe Weddige, Michael Bussmann FGAN/FKIE, Wachtberg,

641 views • 15 slides
CS 730/830: Intro AI What is AI? This class Problems in AI Prof. Wheeler Ruml Search TA

CS 730/830: Intro AI What is AI? This class Problems in AI Prof. Wheeler Ruml Search TA

CS 730/830: Intro AI What is AI? This class Problems in AI Prof. Wheeler Ruml Search TA Tianyi Gu Thinking inside the box. 5 handouts: course info, project info, schedule, slides, asst 1 sign up sheet/laptop (grading email, piazza)

482 views • 35 slides
Apache Flume Getting data into Hadoop Problem Getting data into HDFS is not difficult: %

Apache Flume Getting data into Hadoop Problem Getting data into HDFS is not difficult: %

Apache Flume Getting data into Hadoop Problem Getting data into HDFS is not difficult: % hadoop fs --put data.csv . works great when data is neatly packaged and ready to upload Unfortunately, e.g. a webserver is creating data

495 views • 24 slides
Lectur ture e 12 Planni anning: ng: Intro and For Forward Planning, Slide 1 Announ

Lectur ture e 12 Planni anning: ng: Intro and For Forward Planning, Slide 1 Announ

Computer Science CPSC 322 Lectur ture e 12 Planni anning: ng: Intro and For Forward Planning, Slide 1 Announ nouncem emen ents Material for midterm available in Connect 1. List of Learning Goals 2. Short questions on material

651 views • 64 slides
Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large system is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

893 views • 12 slides
Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 20 PLANNED

Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 20 PLANNED

Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 20 PLANNED AGGREGATE EXPENDITURE AND OUTPUT April 9, 2020 I. O VERVIEW OF S HORT -R UN F LUCTUATIONS II. T HE K EY R OLE OF D EMAND A. Terminology B. Evidence C.

710 views • 43 slides
Information Visualization Aggregate & Filter Tamara Munzner Department of Computer Science

Information Visualization Aggregate & Filter Tamara Munzner Department of Computer Science

Information Visualization Aggregate & Filter Tamara Munzner Department of Computer Science University of British Columbia Lect 17, 10 Mar 2020 https://www.cs.ubc.ca/~tmm/courses/436V-20 Upcoming Foundations 5: out Thu Mar 12, due Wed

1.1k views • 70 slides

More recommend