internet security
play

Internet Security Summary ITS335: IT Security Sirindhorn - PowerPoint PPT Presentation

Sep 02, 2023 •183 likes •450 views

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

  1. ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10, Steve/Courses/2015/s2/its335/lectures/internet.tex, r4287 1/25

  2. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 2/25

  3. ITS335 Internet Security Internet Security ◮ Many Internet protocols were designed assuming Internet Security trustworthy links, networks and devices Secure Email ◮ No security mechanisms built in to: IP, TCP, UDP, Summary HTTP, SMTP, . . . ◮ As networks/devices became less trustworthy, extensions were developed to add security to existing protocols and applications: IPsec, TLS, PGP, . . . ◮ Securing communications across the Internet can be performed at different layers: ◮ Application, transport, network, link 3/25

  4. Internet Topology and Stack Example

  5. Application Level Security: Application-Specific

  6. ITS335 Application Level Security Internet Security Application (protocol) implements its own security Internet Security mechanisms Secure Email Examples Summary ◮ SSH, Email (OpenPGP, S/MIME), DNSSEC, . . . Advantages ◮ Host-to-host encryption ◮ Independent of operating system security features Disadvantages ◮ Each application must implement common security mechanisms 6/25

  7. Transport Level Security: TLS/SSL

  8. ITS335 Transport Level Security Internet Security Application uses OS provided library for security Internet Security Examples Secure Email Summary ◮ TLS/SSL for TCP-based applications, e.g. HTTPS, IMAPS, FTPS, SMTPS ◮ DTLS, SRTP for other transport protocols Advantages ◮ Host-to-host encryption ◮ Simpler applications; no need to implement complex security mechanisms Disadvantages ◮ Only applies for specific transport protocols ◮ Applications must be implemented to use OS API 8/25

  9. Network Level Security: IPsec End-to-End

  10. ITS335 Network Level Security Internet Security Computer configured to apply security mechanisms to IP Internet Security packets Secure Email Examples Summary ◮ IPsec Advantages ◮ Supports all applications and transport protocols ◮ Can be host-to-host encryption Disadvantages ◮ Requires support and configuration in OS Commonly used in tunnelling mode 10/25

  11. Network Level Security: IPsec Host-to-Router

  12. Network Level Security: IPsec Router-to-Router

  13. ITS335 Network Level Security: Tunnelling Internet Security ◮ Tunnelling: packets at one layer are encapsulated into Internet Security packets at the same layer Secure Email ◮ Network layer: IP-in-IP, IP-in-IPsec Summary ◮ Application layer: SSH ◮ Data link layer: PPTP, L2TP ◮ Create a Virtual Private Network ◮ Support and configuration of security mechanisms can be provided on routers, rather than hosts ◮ Does not provide end-to-end encryption 13/25

  14. Link Level Security: WPA

  15. ITS335 Link Level Security Internet Security Examples Internet Security Secure Email ◮ WEP/WPA in wireless LANs, Bluetooth, ZigBee Summary encryption, GSM A3/A5/A8, . . . Advantages ◮ Applies to all data sent across link, independent of application, transport, network protocols Disadvantages ◮ Encryption only across the link ◮ Requires configuration of both link end-points 15/25

  16. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 16/25

  17. ITS335 Secure Email Internet Security ◮ Email messages originally only text with pre-defined Internet Security headers (To, From Subject, CC, . . . ) Secure Email ◮ Multipurpose Internet Mail Extensions (MIME) allows Summary for different message and header formats: different character sets, attachments, new headers ◮ Secure email requirements: 1. Authentication: receiver can confirm the actual sender, and that content is not modified 2. Confidentiality: only sender/receiver can read the contents ◮ Two common ways to implement secure email: 1. S/MIME 2. OpenPGP ◮ Both use similar approach: sender signs message with private key, encrypts message with symmetric key encryption using a secret key, and encrypts the secret key using recipients public key 17/25

  18. ITS335 OpenPGP Internet Security ◮ Pretty Good Privacy (PGP) developed by Phil Internet Security Zimmerman in 1991 Secure Email ◮ IETF standardised as OpenPGP Summary ◮ One of first and most widely used applications of public-key cryptography ◮ Implementations: ◮ Original by Zimmerman: Symantec ◮ GNU Privacy Guard (GPG) ◮ Many email clients (either direct or through plugins, e.g. Enigmail, GPG4Win) ◮ OpenPGP vs S/MIME: ◮ OpenPGP: public keys distributed informally: phone, websites, email ◮ S/MIME: public keys distrubuted as X.509 digital certificates 18/25

  19. ITS335 PGP Operation: Concept Internet Security Internet Security Secure Email Summary Credit:xaedes & jfreax & Acdx, Wikimedia Commons, CC Attribution-Share Alike 3.0 19/25

  20. ITS335 PGP Operation: Message Generation at A Internet Security Internet Security Secure Email Summary Credit: Figure 18.5 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 20/25

  21. ITS335 PGP Operation: Message Reception at B Internet Security Internet Security Secure Email Summary Credit: Figure 18.6 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 21/25

  22. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 22/25

  23. ITS335 Key Points Internet Security ◮ Many Internet protocols have extensions to support Internet Security secure communications Secure Email ◮ Can apply security mechanisms at different layers: Summary application, transport, network, link ◮ Trade-offs between: complexity of applications, host-to-host encryption, required support in devices ◮ VPNs allow for connecting to networks and offering services as if you were physically attached to that network ◮ HTTPS used for web security ◮ OpenPGP and S/MIME common for email security 23/25

  24. ITS335 Security Issues Internet Security ◮ Key distribution: must be sure public key is correct Internet Security ◮ Man-in-the-middle attacks are possible if public keys are Secure Email not authentic Summary ◮ Different support of algorithms/protocols by devices, operating systems and applications ◮ Bugs in implementations create security vulnerabilities 24/25

  25. ITS335 Areas To Explore Internet Security ◮ Application level security: DNSSEC, OpenPGP and Internet Security S/MIME Secure Email ◮ Virtual private networks with IPsec, L2TP, PPTP and Summary others ◮ Trust levels with public key distrubtion 25/25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

294 views • 10 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

433 views • 29 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org 703-907-7028 202-236-0001 Cyber Security and the Economy The state of Internet security is eroding quickly. Trust in online transactions is evaporating,

321 views • 18 slides
CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Security Basics Trent Jaeger Systems and Internet

397 views • 28 slides
Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet

Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet

Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1 Connecting Things Product

553 views • 33 slides
MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press B. Davie and Y. Rekhter, MPLS Technology and Applications , Morgan Kaufmann MPLS VPN Agenda Introduction to VPNs Where do Layer

854 views • 61 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT Security and open source fan Works for the french Civil Service since 2003 romain.bourgue@gmail.com Summary VPN solutions : multiple choices

576 views • 38 slides
CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember

CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember

CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember this picture? CS519 How did the switch know to forward some packets to B and some to D? From the address in the packet header CS519 A

602 views • 36 slides
Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation To secure communication

83 views • 6 slides
Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst 2007/01/15 Introduction Vehicle communication Intelligent Transportation System (ITS) Solution for traffic control Car position

421 views • 14 slides
Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be Francois.Fredricx@alcatel.be MUSE Winter School Network architecture Definitions (2): Nodes RGW BRAS Terminals Ethernet aggregation network

297 views • 16 slides
IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides

More recommend