network security where we are in the course
play

Network Security Where we are in the Course Security crosses all - PowerPoint PPT Presentation

Aug 25, 2022 •184 likes •1.12k views

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

  1. Network Security

  2. Where we are in the Course • Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2

  3. Security Threats • “Security” is like “performance” • Means many things to many people • Must defjne the propertjes we want • Key part of network security is clearly statjng the threat model • The dangers and atuacker’s abilitjes • Can’t assess risk otherwise Introductjon to Computer Networks 3

  4. Security Threats (2) • Some example threats • It’s not all about encryptjng messages Atuacker Ability Threat Eavesdropper Intercept messages Read contents of message Observer Inspect packet Collect conversatjons destjnatjons Intruder Compromised host Tamper with contents of message Impersonator Remote social engineering Trick party into giving informatjon Extortjonist Remote / botnet Disrupt network services Introductjon to Computer Networks 4

  5. Risk Management • Security is hard as a negatjve goal • Try to ensure security propertjes and don’t let anything bad happen! • End-to-end principle in actjon (can’t trust network!) • Only as secure as the weakest link • Could be design fmaw or bug in code • But ofuen the weak link is elsewhere … ? Introductjon to Computer Networks 5

  6. Risk Management (2) • 802.11 security … early on, WEP: • Cryptography was fmawed; can run cracking sofuware to read WiFi traffjc • Today, WPA2/802.11i security: • Computatjonally infeasible to break! • So that means 802.11 is secure against eavesdropping? Introductjon to Computer Networks 6

  7. Risk Management (3) • Many possible threats • We just made the fjrst one harder! • 802.11 is more secure against eavesdropping in that the risk of successful atuack is lower. But it is not “secure”. Threat Model Old WiFi (WEP) New WiFi (WPA2) Break encryptjon from outside Very easy Very diffjcult Guess WiFi password Ofuen possible Ofuen possible Get password from computer May be possible May be possible Physically break into home Diffjcult Diffjcult 7

  8. Cryptography

  9. Cryptology • Rich history, especially spies / military • From the Greek “hidden writjng” • Cryptography • Focus is encryptjng informatjon • Cryptanalysis • Focus is how to break codes • Modern emphasis is on codes that are “computatjonally infeasible” to break • Takes too long compute solutjon Introductjon to Computer Networks 9

  10. Uses of Cryptography • Encryptjng informatjon is useful for more than deterring eavesdroppers • Prove message came from real sender • Prove remote party is who they say • Prove message hasn’t been altered • Designing secure cryptographic scheme tricky! • Use approved design (library) in approved way Introductjon to Computer Networks 10

  11. Internet Reality • Most of the protocols were developed before the Internet grew popular • It was a smaller, more trusted world • So protocols lacked security … • We have strong security needs today • Clients talk with unverifjed servers • Servers talk with anonymous clients • Security has been retrofjtued • This is far from ideal! Introductjon to Computer Networks 11

  12. Goal and Threat Model • Goal is to send a private message from Alice to Bob • This is called confjdentjality • Threat is Eve will read the message • Eve is a passive adversary (observes) I  networks ?? Bob Alice Eve Introductjon to Computer Networks 12

  13. Encryption/Decryption Model • Alice encrypts private message (plaintext) using key • Eve sees ciphertext but not plaintext • Bob decrypts using key to get the private message Plaintext Plaintext I  networks Eve I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Key Key Network Introductjon to Computer Networks 13

  14. Encryption/Decryption (2) • Encryptjon is a reversible mapping • Ciphertext is encrypted plaintext • Assume atuacker knows algorithm • Security does not rely on its secrecy • Algorithm is parameterized by keys • Security does rely on key secrecy • Must be distributed (Achilles’ heel) Introductjon to Computer Networks 14

  15. Encryption/Decryption (3) Two main kinds of encryptjon: 1. Symmetric key encryptjon » , e.g., AES • Alice and Bob share secret key • Encryptjon is a bit mangling box 2. Public key encryptjon » , e.g., RSA • Alice and Bob each have a key in two parts: a public part (widely known), and a private part (only owner knows) • Encryptjon is based on mathematjcs (e.g., RSA is based on diffjculty of factoring) Introductjon to Computer Networks 15

  16. Symmetric (Secret Key) Encryption • Alice and Bob have the same secret key, K AB • Anyone with the secret key can encrypt/decrypt Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Secret key Secret key K AB K AB Introductjon to Computer Networks 16

  17. Public Key (Asymmetric) Encryption • Alice and Bob have public/private key pairs ( K B / K B -1 ) • Public keys are well-known, private keys are secret Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Bob’s Bob’s K B-1 K B private key public key Introductjon to Computer Networks 17

  18. Public Key Encryption (2) • Alice encrypts w/ Bob’s pubkey K B ; anyone can send • Bob decrypts w/ his private key K B-1 ; only he can Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Bob’s Bob’s K B-1 K B private key public key Introductjon to Computer Networks 18

  19. Key Distribution • This is a big problem on a network! • Ofuen want to talk to new partjes • Symmetric encryptjon problematjc • Have to fjrst set up shared secret • Public key idea has own diffjcultjes • Need trusted directory service • We’ll look at certjfjcates later Introductjon to Computer Networks 19

  20. Symmetric vs. Public Key • Have complementary propertjes • Want the best of both! Property Symmetric Public Key Key Hard – share Easier – publish Distributjon secret per pair of public key per users user Runtjme Fast – good for Slow – few, small, Performanc high data rate messages e Introductjon to Computer Networks 20

  21. Winning Combination • Alice uses public key encryptjon to send Bob a small private message • It’s a key! (Say 256 bits.) • Alice/Bob send messages with symmetric encryptjon • Using the key they now share • The key is called a session key • Generated for short-term use Introductjon to Computer Networks 21

  22. Message Authentication

  23. Goal and Threat Model • Goal is for Bob to verify the message is from Alice and unchanged • This is called integrity/authentjcity • Threat is Trudy will tamper with messages • Trudy is an actjve adversary (interferes) I  networks ???? Trudy Bob Alice Introductjon to Computer Networks 23

  24. Wait a Minute! • We’re already encryptjng messages to provide confjdentjality • Why isn’t this enough? Introductjon to Computer Networks 24

  25. Encryption Issues • What will happen if Trudy fmips some of Alice’s message bits? • Bob will decrypt it, and … Bob Trudy Introductjon to Computer Networks 25

  26. Encryption Issues (2) • What will happen if Trudy fmips some of Alice’s message bits? • Bob will receive an altered message Um?? yuiE#E3@ Bob Trudy Introductjon to Computer Networks 26

  27. Encryption Issues (3) • Typically encrypt blocks of data • What if Trudy reorders message? • Bob will decrypt, and … 4 5 2 3 1 Bob Trudy Introductjon to Computer Networks 27

  28. Encryption Issues (4) • What if Trudy reorders message? • Bob will receive altered message BUY NOW! DO NOT STOP OK! 4 5 2 1 3 Bob Trudy Introductjon to Computer Networks 28

  29. MAC (Message Authentication Code) • MAC is a small token to validate the integrity/authentjcity of a message • Conceptually ECCs again • Send the MAC along with message • Validate MAC, process the message • Example: HMAC scheme Message MAC Alice Bob Introductjon to Computer Networks 29

  30. MAC (2) • Sorta symmetric encryptjon operatjon – key shared • Lets Bob validate unaltered message came from Alice • Doesn’t let Bob convince Charlie that Alice sent the message Message I  networks I  networks Generate Validate Bob Alice MAC Secret key Secret key K AB K AB Introductjon to Computer Networks 30

  31. Digital Signature • Signature validates the integrity/authentjcity of message • Send it along with the message • Lets all partjes validate • Example: RSA signatures Message Signature Alice Introductjon to Computer Networks 31

  32. Digital Signature (2) • Kind of public key operatjon – pub/priv key parts • Alice signs w/ private key, K A 1 , Bob verifjes w/ public key, K A - • Does let Bob convince Charlie that Alice sent the message Message I  networks I  networks Sign Verify Bob Alice Signature Alice’s Alice’s K A-1 K A private key public key Introductjon to Computer Networks 32

  33. Speeding up Signatures • Same tension as for confjdentjality: • Public key has keying advantages • But it has slow performance! • Use a technique to speed it up • Message digest stands for message • Sign the digest instead of full message Introductjon to Computer Networks 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion

583 views • 7 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements

Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements

Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements Integrity/End-to-End verifiability Collected as cast: Each voter should be convinced that their vote was collected correctly Requirements

1.43k views • 129 slides
Enterprise Storage Architecture Fall 2019 Security Tyler Bletsch Duke University What this

Enterprise Storage Architecture Fall 2019 Security Tyler Bletsch Duke University What this

ECE590-03 Enterprise Storage Architecture Fall 2019 Security Tyler Bletsch Duke University What this lecture contains Included: Not included: Cryptography internals Basic definitions How to program using Fundamental

543 views • 51 slides
Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted Applications Learnings From Etesync Applications Learnings From Etesync stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2019 @TomHacohen

361 views • 32 slides
CSCE 2214 Lab 06 Pre-Knowledge In order to complete this lab you will need to understand the

CSCE 2214 Lab 06 Pre-Knowledge In order to complete this lab you will need to understand the

CSCE 2214 Lab 06 Pre-Knowledge In order to complete this lab you will need to understand the function of the CPU control block, and the sign extend block Pre-Lab The pre- lab for this week is shown at the end of last weeks lab. Objective In

81 views • 4 slides
FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto

FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto

FUTURE INTERNET ARCHITECTURE Marc Mosko Palo Alto Research Center ACM ICN Panel 2016, Kyoto Japan 1 FUTURE INTERNET ARCHITECTURE Protocol Feature 2 FUTURE INTERNET ARCHITECTURE* Protocol Feature IPv6 Large address space,

76 views • 4 slides
Sponsors Normalizing the Prac7ces of Privacy Jole Seroff Cas7lleja School Palo Alto, CA Day,

Sponsors Normalizing the Prac7ces of Privacy Jole Seroff Cas7lleja School Palo Alto, CA Day,

7/21/17 Big Data and You: Sponsors Normalizing the Prac7ces of Privacy Jole Seroff Cas7lleja School Palo Alto, CA Day, July 21, 2017, 1:15 2:15 pm Eastern A project of the University of Michigan School of Informa9on, U-M Library, and U-M

366 views • 19 slides
Rigorous computation of the endomorphism ring of a Jacobian Edgar Costa (MIT) Simons Collab. on

Rigorous computation of the endomorphism ring of a Jacobian Edgar Costa (MIT) Simons Collab. on

Rigorous computation of the endomorphism ring of a Jacobian Edgar Costa (MIT) Simons Collab. on Arithmetic Geometry, Number Theory, and Computation November 13th, 2019 University of New South Wales Slides available at edgarcosta.org under

1.23k views • 64 slides
Lecture 3 Elliptic curves over finite fields The group order Reminder from last lecture Points

Lecture 3 Elliptic curves over finite fields The group order Reminder from last lecture Points

Elliptic curves over F q F. Pappalardi Lecture 3 Elliptic curves over finite fields The group order Reminder from last lecture Points of finite order Algebraqic Structures, Cryptography, The group structure Weil Pairing Number Theory and

770 views • 25 slides

More recommend