introduction to the security area
play

Introduction to the Security Area (the one area to rule them all) - PowerPoint PPT Presentation

Dec 28, 2023 •217 likes •563 views

Introduction to the Security Area (the one area to rule them all) Alexey Melnikov & Sean Turner 2014-11-09 Purpose Provide a high level overview of the Security Area: Why you want security services and what they are What are

  1. Introduction to the Security Area (the one area to rule them all) Alexey Melnikov & Sean Turner 2014-11-09

  2. Purpose • Provide a high level overview of the 
 Security Area: – Why you want security services and what they are – What are some of IETF’s foundational 
 security-related RFCs – Summarize the active Security Area working groups as well as Security-related working groups in other Areas 2

  3. Security Quotes • The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. – Gene Spaffor 3

  4. Security Quotes • The design of security protocols is a subtle and difficult art. … Security protocols are very hard to design; rolling out a new one will require extensive theoretical and practical work to confirm its security properties and will incur both delay and uncertainty. – Steve Bellovin 4

  5. Who’s at fault? • Mallory and Eve – that’s who! • Mallory and Eve want: – Alice and Bob’s data, – Alice to think they’re Bob, – Bob to think they’re Alice, – Etc. • Need to ensure protocols continue to operate in a given threat environment. 5

  6. Security Services: Authentication • Data Origin Authentication: – The corroboration that the source of data received is as claimed. • Peer Entity Authentication: – The corroboration that a peer entity in an association is the one claimed. 6

  7. Security Services: Data Integrity • The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. 7

  8. Security Services: Data Confidentiality • The property that data is not disclosed (AM: not readable by unauthorized...???) to system entities unless they have been authorized to know the data. 8

  9. Security Services: Access Control • Protection of system resources against unauthorized access. 9

  10. Security Services: Non-Repudiation • A security service that provides protection against false denial of involvement in an association. 10

  11. Some Foundational Security-Related RFCs • IAB and IESG Statement on Cryptographic Technology and the Internet (RFC 1984) • Security Considerations Required (as per RFC 2223) • Strong Security Requirements for Internet Engineering Task Force Standard Protocols (RFC 3365) • IETF Policy on Wiretapping (RFC 2804) • Pervasive Monitoring Is an Attack (RFC 7258) • How to write Security & Privacy Considerations: • Guidelines for Writing RFC Text on Security Considerations (RFC 3552) • Privacy Considerations for Internet Protocols (RFC 6973) 11

  12. Some Building Blocks • IPSec (Internet Protocol • Kerberos Security): IKE (Internet Key • PKIX (Pubic Key Exchange), ESP (Encapsulating Infrastructure X.509) Security Payload, AH (Authentication Header) • DNSSEC (Domain Name • TLS (Transport Layer Security) Security Extensions) & DTLS (Datagram TLS) • Object (end-to-end) • SSH (Secure Shell) security: • Frameworks for application protocol authentication (and • S/MIME (Security more) Multi-purpose Internet • SASL (Simple Authentication, Security Mail Extensions) Layer) • PGP (Pretty-Good • GSSAPI (Generic Security Service Application Privacy) 12 Program Interface)

  13. DANE 
 DNS-based Authentication of Named Entities • Use DNSSEC (Domain Name System Security Extension) protected RRs (resource records) applications. • RFC 6698 - The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA • SMTP security via opportunistic DANE TLS: draft-ietf-dane-smtp- with-dane • Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records: draft-ietf-dane-srv-08 • Using Secure DNS to Associate Certificates with Domain Names For S/MIME: draft-ietf-dane-smime-07 • Using DANE to Associate OpenPGP public keys with email addresses: draft-ietf-dane-openpgpkey-01; Best Common Practise for using OPENPGPKEY records: draft-ietf-dane-openpgpkey- usage-01 • Authenticating Raw Public Keys with DANE TLSA: draft-ietf-dane- rawkeys-00 13

  14. HTTPAUTH 
 Hypertext Transfer Protocol Authentication • Update HTTP’s Basic and Digest Authentication mechanisms and work on additional user authentication schemes. • Password based: • The 'Basic' HTTP Authentication Scheme: draft-ietf- httpauth-basicauth-update-02 • HTTP Digest Access Authentication: draft-ietf-httpauth- digest-08 - WGLC finished • Salted Challenge Response (SCRAM) HTTP Authentication Mechanism: draft-ietf-httpauth-scram-auth-03 • Mutual Authentication Protocol for HTTP: draft-ietf- httpauth-mutual-03 • HTTP Origin-Bound Authentication (HOBA): draft-ietf- httpauth-hoba-05 - WGLC finished • Replaces password with a bare key 14

  15. Kitten • Kerberos Authorization Data Container Authenticated by Multiple MACs: draft-ietf-krb-wg-cammac-11 - submitted to IESG • A set of SASL Mechanisms for Oauth: draft-ietf-kitten-sasl- oauth-16 - in WGLC • SAML Enhanced Client SASL and GSS-API Mechanisms: draft-ietf- kitten-sasl-saml-ec-11 - currently expired • Namespace Considerations and Registries for GSS-API Extensions: draft-ietf-kitten-gssapi-extensions-iana-08 - currently expired • AES Encryption with HMAC-SHA2 for Kerberos 5: draft-ietf-kitten- aes-cts-hmac-sha2-05 • Structure of the GSS Negotiation Loop: draft-ietf-kitten-gss- loop-00- in WGLC • Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API (IAKERB): draft-ietf-kitten-iakerb-02 15

  16. MILE Managed Incident Lightweight Exchange • Develops IODEF (Incident Object Description Exchange Format) to support computer and network security incident management. • The Incident Object Description Exchange Format v2: draft-ietf-mile-rfc5070-bis-09 • IODEF Enumeration Reference Format: draft-ietf-mile-enum-reference-format-09 - in IESG review • IODEF Usage Guidance: draft-ietf-mile- iodef-guidance-03 16

  17. SACM Security Automation and Continuous Monitoring • Is tasked to produced standardized protocols to collect, verify, and update system security configurations in order to automate what is frequently done manually. • This work is related to MILE and a now complete NEA (Network Endpoint Assessment) WGs. • Documents: • draft-ietf-sacm-architecture-00 • draft-ietf-sacm-information-model-00 • draft-ietf-sacm-requirements-02 • draft-ietf-sacm-terminology-05 • Endpoint Security Posture Assessment - Enterprise 17 Use Cases (draft-ietf-sacm-use-cases-07)

  18. TRANS Public Notary Transparency • Certificate Transparency (draft-ietf-trans- rfc6962-bis-04) • Possible new work? • Gossiping in CT (draft-linus-trans- gossip-ct-00) - detecting malicious logs showing different views to different clients • CT for Binary Codes (draft-zhang-trans- ct-binary-codes-00) 18

  19. WebSec (APPS) Web Security • Public Key Pinning Extension for HTTP (draft- ietf-websec-key-pinning-21) - approved for publication • Defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time. • Helps to deal with compromised Certificate Authorities (CAs) • The WG will close after publication, rechartering looks unlikely 19

  20. TLS Transport Layer Security • Prohibiting RC4 Cipher Suites: draft-ietf-tls-prohibiting- rc4-01 – resolving WGLC comments • TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks: draft-ietf-tls- downgrade-scsv-00 – just about read for WGLC • TLS Session Hash and Extended Master Secret Extension: draft-ietf-tls-session-hash-02 – just about ready for WGLC • Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS: draft-ietf-tls-negotiated-ff-dhe-02 – probably ready for WGLC after this meeting • TLS 1.3: draft-ietf-tls-tls13-03 – lively discussions 20

  21. ACE 
 Authentication and Authorization for Constrained Environments • No WG drafts yet but they’re getting close • DTLS based proposal is being worked on initially 21

  22. DICE DTLS In Constrained Environments • Profiling DTLS for CoAP: – A Datagram Transport Layer Security (DTLS) 1.2 Profile for the Internet of Things: draft- ietf-dice-profile-05 • Use of DTLS with multicast is in scope, but no official WG document yet 22

  23. UTA (APPS) Using TLS in Applications • Summarizing Known Attacks on TLS and DTLS (draft-ietf- uta-tls-attacks-05) - should be approved by IESG shortly • Recommendations for Secure Use of TLS and DTLS (draft- ietf-uta-tls-bcp-06) - in WGLC • Updated TLS Server Identity Check Procedure for Email Related Protocols (draft-ietf-uta-email-tls-certs-00) • Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP) (draft-ietf-uta- xmpp-02) • A document describing use of TLS in IMAP/POP/SMTP submission is discussed, but not yet a WG document 23

  24. IPSECME 
 Internet Protocol Security Maintenance and Extensions • Currently re-chartering (normal for them) • The NULL Authentication Method in IKEv2 Protocol: draft-ietf-ipsecme-ikev2-null- auth-01 – recently adopted • Protecting Internet Key Exchange (IKE) Implementations from Distributed Denial of Service Attacks: draft-ietf-ipsecme- ddos-protection-00 – recently adopted 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Today Computer Security Embedded system security This is a huge area General

Today Computer Security Embedded system security This is a huge area General

Today Computer Security Embedded system security This is a huge area General principles Prof Kasera teaches a good course on it Examples Today we are not talking about Protocol design (another huge area) Password

403 views • 4 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to

Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to

Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to movie plots and fear. There are real threats our there, but staying safe is not that hard. Computer -- The Castle The computer is like a

416 views • 37 slides
Mutual Trust in the Area of Freedom, Security and Justice Geet a nj a li Sh a rm a , PhD C a ndid

Mutual Trust in the Area of Freedom, Security and Justice Geet a nj a li Sh a rm a , PhD C a ndid

Mutual Trust in the Area of Freedom, Security and Justice Geet a nj a li Sh a rm a , PhD C a ndid a te, Freie Universit t Berlin, 26 August, 2020 Contents 1. Introduction, research question and methodology 2. Mutual trust in multilevel

1.01k views • 20 slides
5/18/2017 Security Governance, Standards & Frameworks Integrated Security Destination Area

5/18/2017 Security Governance, Standards & Frameworks Integrated Security Destination Area

5/18/2017 Security Governance, Standards & Frameworks Integrated Security Destination Area Agenda Brief Overview Lightning Talks Discussion 2 Security Governance, Standards & Frameworks Guide decision making and

276 views • 4 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Today Embedded system security General principles Examples Computer Security This

Today Embedded system security General principles Examples Computer Security This

Today Embedded system security General principles Examples Computer Security This is a huge area Prof Kasera teaches a good course on it Today we are not talking about Protocol design (another huge area) Password

447 views • 24 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German

Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German

Introduction to Mobile Security Testing Approaches and Examples using OWASP MSTG OWASP German Day 20.11.2018 Carlos Holguera $ whoami Carlos Holguera [olera] Security Engineer working at ESCRYPT GmbH since 2012 Area of expertise:

790 views • 56 slides
CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security About me Instructor: Mathias Payer Research area: system/software security Memory/type safety Mitigating control-flow

460 views • 25 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Widget security model based on MIDP and Web Application based on a security model with TLS/SSL

Widget security model based on MIDP and Web Application based on a security model with TLS/SSL

Widget security model based on MIDP and Web Application based on a security model with TLS/SSL and XMLDsig Claes Nilsson Technology Area Group Leader Web Browsing Marcus Liwell Technology Area Group Leader Security and DRM Rev 1

576 views • 12 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server says: WWW-Authenticate: Basic realm=" insert realm User prompted for their password Client says: Authorization: Basic

1.49k views • 70 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l08,

680 views • 35 slides
We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

872 views • 42 slides
2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule

2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule

2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule | Haute ecole sp ecialis ee bernoise | Berne University of Applied Sciences 1 Table of Contents HyperText Transfer Protocol - HTTP

985 views • 41 slides
W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific Audio Tips Todays audio is streaming to your computers speakers or headphones. Too loud or soft? Adjust volume level in the Audio broadcast

821 views • 42 slides
Art in Our Servers Jean-Frederic Clere Jean-Frederic Clere What I will cover What I will cover

Art in Our Servers Jean-Frederic Clere Jean-Frederic Clere What I will cover What I will cover

SSL/TLS and HTTP/2 State of the SSL/TLS and HTTP/2 State of the Art in Our Servers Art in Our Servers Jean-Frederic Clere Jean-Frederic Clere What I will cover What I will cover HTTP/2 HTTP/2 and ALPN Servers Apache HTTPD

394 views • 28 slides
LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned

LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned

LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned Hackers take advantage of any opening provided But most also lazy (talk to struggling 115/116 student) Any easy success in breaking code encourages

835 views • 58 slides
Module 3: Architecture In the sense of information systems Web architectures Enterprise

Module 3: Architecture In the sense of information systems Web architectures Enterprise

Module 3: Architecture In the sense of information systems Web architectures Enterprise architectures Interoperation architectures Message-oriented middleware Munindar P. Singh, CSC 513, Spring 2008 c p.57 Architecture Conceptually How

501 views • 49 slides

More recommend