layer optimization security and privacy cs 118 computer
play

Layer Optimization: Security and Privacy CS 118 Computer Network - PowerPoint PPT Presentation

Nov 18, 2023 •107 likes •708 views

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

  1. Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016

  2. Another type of layer deficiency • Some layers of protocol do not provide any security or privacy • What if we want to have better security and privacy? • What do we do to get them? Lecture 18 CS 118 Page 2 Winter 2016

  3. What do we mean by “security?” • Informally, providing some of three properties: – Confidentiality – Integrity – Availability • In the face of adversaries attempting to compromise those properties Lecture 18 CS 118 Page 3 Winter 2016

  4. Security on a single link • A relatively simple problem • If this picture is accurate • Nobody else can hear your messages • So confidentiality is good • Nobody else can alter your messages • So integrity is good • Nobody else can interfere with your messages • So availability is good Lecture 18 CS 118 Page 4 Winter 2016

  5. Security in a complex network AS AS 91 158 AS 47 AS 7 • No longer so simple AS 55 • Others might hear your messages • So confidentiality is bad • Others might alter your messages • So integrity is bad • Others might interfere with your messages • So availability is bad Lecture 18 CS 118 Page 5 Winter 2016

  6. Authentication • Proving that something was created by a particular party • E.g., a message was created by the user who appears to have sent it • Vital property to achieve many security goals • Since sometimes you will do things for some parties, but not others – Only works out if you can tell who is who Lecture 18 CS 118 Page 6 Winter 2016

  7. Security • Background • Information protection • Resource protection Lecture 18 CS 118 Page 7 Winter 2016

  8. Background • Basic mechanisms • Key management Lecture 18 CS 118 Page 8 Winter 2016

  9. Basic mechanisms • For networks, primarily based on data manipulations – Hashes – Ciphers and codes – Signatures • Also need to protect network resources – Need different mechanisms for that Lecture 18 CS 118 Page 9 Winter 2016

  10. Security by data manipulation • Put (or alter) data in packets to improve security • Hashing – Integrity (detect tampering) • Encryption – Confidentiality (obscure semantics/meaning) • Signature – Authentication (identify source) Lecture 18 CS 118 Page 10 Winter 2016

  11. Hash functions • Maps a variable-length message onto a fixed-length “digest” Lecture 18 CS 118 Page 11 Winter 2016

  12. Why hash? • Scramble – Nearby messages yield very different digests – Distributes / scatters load, usage – E.g., hash tables • Rapid lookup • Avoids bunch-up • Collisions OK Lecture 18 CS 118 Page 12 Winter 2016

  13. Cryptographic hash • A hash function useful for cryptography – Scrambles and spreads (like any hash) – Difficult to “game” • Anti-“game” properties – Unidirectional (non-invertible) • Difficult to generate another input for a given output – Rare collisions • Difficult to generate two inputs with the same output Lecture 18 CS 118 Page 13 Winter 2016

  14. Why not just use a checksum? • Checksums don’t protect against tampering – Easy to generate a new message with the same checksum – Easy to generate two messages with the same checksum • Cryptographic hashes do protect – Unidirectional and rare collisions make the above difficult Lecture 18 CS 118 Page 14 Winter 2016

  15. Example hash functions • Message Digest 5 (MD5) – The 5 th attempt at a message digest • MD, MD2, MD3, MD4, MD5, now MD6 – Weak – found a birthday attack • Secure Hash Algorithm (SHA) – SHA-1 is weak – SHA-2 and SHA-3 well regarded – US Government designed Lecture 18 CS 118 Page 15 Winter 2016

  16. What do you do with a hash? • Publish it as-is – A “fingerprint” to validate as “untampered” – Assumes the published hash wasn’t tampered • Use it in other algorithms – HMAC – Digital signatures Lecture 18 CS 118 Page 16 Winter 2016

  17. Fingerprint checks • E.g., for GPG software d065be185f5bac8ea07b210ab7756e79b83b63d4 gnupg-2.0.27.tar.bz2 091e69ec1ce3f0032e6b135e4da561e8d46d20a7 gnupg-2.1.3.tar.bz2 fb541b8685b78541c9b2fadb026787f535863b4a gnupg-w32-2.1.1_20141216.exe 5503f7faa0a0e84450838706a67621546241ca50 gnupg-1.4.19.tar.bz2 d0cf40cc42ce057d7d747908ec21a973a423a508 gnupg-1.4.19.tar.gz dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8 gnupg-w32cli-1.4.19.exe 4997951ab058788de48b989013668eb3df1e6939 libgpg-error-1.19.tar.bz2 9456e7b64db9df8360a1407a38c8c958da80bbf1 libgcrypt-1.6.3.tar.bz2 86fe0436f3c8c394d32e142ee410a9f9560173fb libksba-1.3.3.tar.bz2 7cf0545955ce414044bb99b871d324753dd7b2e5 libassuan-2.2.0.tar.bz2 01e62c45435496ff0e011255fb0ac1879a3bc177 pinentry-0.9.1.tar.bz2 8dd7711a4de117994fe2d45879ef8a9900d50f6a gpgme-1.5.3.tar.bz2 9eb07bcceeb986c7b6dbce8a18b82a2c344b50ce gpa-0.9.7.tar.bz2 a7a7d1432db9edad2783ea1bce761a8106464165 dirmngr-1.1.0.tar.bz2 Lecture 18 CS 118 Page 17 Winter 2016

  18. Any alternatives to hashing? • Protect the path – Lock it down, seal it up, etc. • Detect tampering – Power loss, other physical changes • All are very hard to do Lecture 18 CS 118 Page 18 Winter 2016

  19. Encryption • Convert an easily readable bit pattern into a bit pattern that looks very different • Typically one that looks like random data • Usually in a reversible way – So those you want to use the data can – Requires that not everyone can reverse it • How to achieve that? Lecture 18 CS 118 Page 19 Winter 2016

  20. Keyed encryption • Use a secret to perform the conversion • If you know the secret, reversing it is easy • If you don’t know the secret, reversing it is hard – Preferably impossible • The secret is called the key • Leading to an obvious question: – How can I keep a secret by using another secret? Lecture 18 CS 118 Page 20 Winter 2016

  21. Symmetric and Asymmetric Encryption Systems • Symmetric systems use the same keys to encrypt and decrypt – Encrypt your data with key K – Decrypt and get the data back with K • Asymmetric systems use different keys to encrypt and decrypt – Encrypt your data with K E – Decrypt and get the data back with K D – K E != K D Lecture 18 CS 118 Page 21 Winter 2016

  22. Example codes • Symmetric – Data Encryption Standard (DES) – Advanced Encryption Standard (AES) • Asymmetric – Diffie-Hellman • They just won the Turing Award for inventing asymmetric crypto – RSA algorithm – Elliptic curve algorithms Lecture 18 CS 118 Page 22 Winter 2016

  23. Symmetric keys • Also known as “shared secret” – Both sides share the same key – Both sides can encrypt or decrypt • Generally faster than This turns out to be asymmetric crypto really important! Lecture 18 CS 118 Page 23 Winter 2016

  24. Using symmetric keys • Assume the data you want to encrypt is P • The encryption algorithm is E • The decryption algorithm is D • And the symmetric key is K • C = E(K, P) • P = D(K, C) • Expanding, P = D(K, E(K,P)) • You end up with what you started with • And you used the same key twice Lecture 18 CS 118 Page 24 Winter 2016

  25. Asymmetric keys • Public key cryptography – Two keys: public and private • To encrypt to a single recipient: – Anyone encrypts a message with your public key – Only you can decrypt with your private key – Only you can read it • To identify a source: – You encrypt a message with your private key – Anyone can decrypt with your public key – Only you could have written it Lecture 18 CS 118 Page 25 Winter 2016

  26. Symmetric vs. asymmetric • Symmetric: same key is used on both ends – Anyone who has the key can create the message – Anyone who has the key can read the message – Info is private to those who share the key – Info was created by someone who knew the key • Asymmetric: keys are used as pairs – Public key creates message only private key can decrypt • Confidentiality – only private key owner can read it – Private key creates message only public key can decrypt • Authenticity – only private key owner could create it • But anyone can check ownership • Again, symmetric is much cheaper than asymmetric Lecture 18 CS 118 Page 26 Winter 2016

  27. Using asymmetric keys • Applying both keys yields the original message – C = E(K E ,P) – P = D(K D ,C) • Or – C = E(K D ,P) – P = D(K E ,C) • Unlike symmetric keys, the intermediates are different – E(K D ,P) != E(K E ,P) Lecture 18 CS 118 Page 27 Winter 2016

  28. Digital signatures • Rely on asymmetric keys – Signer encrypts using their private key • Entire message? – That’s too costly • Remember asymmetric being expensive? – Less costly to sign a hash • Signature – A cryptographic hash signed with a private key – A.k.a. Message Authentication Code (MAC) Lecture 18 CS 118 Page 28 Winter 2016

  29. Signatures and integrity • Signature assures receiver of message integrity – Via the hash • Contents haven’t changed since the hash was computed – If they had, the hash wouldn’t match • Attacker can’t just generate a new hash – Since it must be signed by the private key – Which he doesn’t have • We hope . . . Lecture 18 CS 118 Page 29 Winter 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Physical Layer Security and Privacy with Ultra-wideband Prof. Wayne Burleson Department of

Physical Layer Security and Privacy with Ultra-wideband Prof. Wayne Burleson Department of

Physical Layer Security and Privacy with Ultra-wideband Prof. Wayne Burleson Department of Electrical and Computer Engineering University of Massachusetts Amherst burleson@ecs.umass.edu (visiting EPFL 2010-2011) Physical Layer

327 views • 29 slides
BLE Security Authentication Privacy Discussion EECS 582 -- Spring 2015 BLE: Quick/Simplified

BLE Security Authentication Privacy Discussion EECS 582 -- Spring 2015 BLE: Quick/Simplified

Overview BLE Refresher Attacks Improvements BLE Security Authentication Privacy Discussion EECS 582 -- Spring 2015 BLE: Quick/Simplified Refresh Link Layer State Machine Application Layer GATT ATT L2CAP Link Layer Physical Layer

783 views • 3 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 Lecture 12 Transport Layer Security/ Secure Socket Layer (TLS/SSL)

615 views • 23 slides
Robust Layer Assignment for Via Optimization in Multi-layer Global Routing Tsung-Hsien Lee

Robust Layer Assignment for Via Optimization in Multi-layer Global Routing Tsung-Hsien Lee

Robust Layer Assignment for Via Optimization in Multi-layer Global Routing Tsung-Hsien Lee Ting-Chi Wang Inst. of Information Science Dept. of Computer Science Academia Sinica National Tsing Hua University 1 Outline Introduction

462 views • 33 slides
CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter

531 views • 31 slides
CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter

708 views • 34 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

CSE 484 / CSE M 584: Computer Security and Privacy Web Privacy [finish] Mobile Platform Security [start] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

535 views • 29 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /spring2018/cs683/cs683_main.htm (https://goo.gl/t396Fw) 1 Lecture 12 Transport Layer Security/

555 views • 23 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Layer Optimization: Congestion Control CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Congestion Control CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Congestion Control CS 118 Computer Network Fundamentals Peter Reiher Lecture 17 CS 118 Page 1 Winter 2016 We can lose packets for many reasons Corruption Not delivered to receiver Poor flow control But

1.07k views • 65 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Message authentication and digital signatures " Message authentication verify that the

Message authentication and digital signatures " Message authentication verify that the

Message authentication and digital signatures " Message authentication verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non ! repudiation " Two

439 views • 23 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 12

Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 12

Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 12 Message Authentication Codes (MACs) Updated 12-4-17 These slides were prepared by Christof Paar and Jan Pelzl And modified by Sam Bowne

416 views • 18 slides
Cryptography and Network Codes Security At cats' green on the Sunday he took the message from

Cryptography and Network Codes Security At cats' green on the Sunday he took the message from

4/19/2010 Chapter 12 Message Authentication Cryptography and Network Codes Security At cats' green on the Sunday he took the message from the Chapter 12 inside of the pillar and added Peter Moran's name to the two names already printed

349 views • 6 slides
Crypto: Public-Key Cryptography Slides credit: Dan Boneh, Doug Tygar Dawn

Crypto: Public-Key Cryptography Slides credit: Dan Boneh, Doug Tygar Dawn

Computer Security Course. Dawn

564 views • 20 slides
Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

CSS441 Introduction Functions Auth. with Encryption Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

673 views • 21 slides
Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Understand the difference between symmetric and asymmetric cryptography

697 views • 28 slides
Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig - Maria Eichlseder Hash Functions A cryptographic hash function produces cryptographic checksums or fingerprints m Fast H Secure h Security

696 views • 42 slides

More recommend