network security where we are in the course
play

Network Security Where we are in the Course Security crosses all - PowerPoint PPT Presentation

Jan 31, 2024 •364 likes •932 views

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

  1. Network Security

  2. Where we are in the Course • Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2

  3. Security Threats • “Security” is like “performance” • Means many things to many people • Must define the properties we want • Key part of network security is clearly stating the threat model • The dangers and attacker’s abilities • Can’t assess risk otherwise Introduction to Computer Networks 3

  4. Security Threats (2) • Some example threats • It’s not all about encrypting messages Attacker Ability Threat Read contents of message Eavesdropper Intercept messages Inspect packet destinations Collect conversations Observer Tamper with contents of message Intruder Compromised host Impersonator Remote social engineering Trick party into giving information Disrupt network services Extortionist Remote / botnet Introduction to Computer Networks 4

  5. Risk Management • Security is hard as a negative goal • Try to ensure security properties and don’t let anything bad happen! • End-to- end principle in action (can’t trust network!) • Only as secure as the weakest link • Could be design flaw or bug in code • But often the weak link is elsewhere … ? Introduction to Computer Networks 5

  6. Risk Management (2) • 802.11 security … early on, WEP: • Cryptography was flawed; can run cracking software to read WiFi traffic • Today, WPA2/802.11i security: • Computationally infeasible to break! • So that means 802.11 is secure against eavesdropping? Introduction to Computer Networks 6

  7. Risk Management (3) • Many possible threats • We just made the first one harder! • 802.11 is more secure against eavesdropping in that the risk of successful attack is lower. But it is not “secure”. Threat Model Old WiFi (WEP) New WiFi (WPA2) Break encryption from outside Very easy Very difficult Guess WiFi password Often possible Often possible Get password from computer May be possible May be possible Physically break into home Difficult Difficult 7

  8. Cryptography

  9. Cryptology • Rich history, especially spies / military • From the Greek “hidden writing” • Cryptography • Focus is encrypting information • Cryptanalysis • Focus is how to break codes • Modern emphasis is on codes that are “computationally infeasible” to break • Takes too long compute solution Introduction to Computer Networks 9

  10. Uses of Cryptography • Encrypting information is useful for more than deterring eavesdroppers • Prove message came from real sender • Prove remote party is who they say • Prove message hasn’t been altered • Designing secure cryptographic scheme tricky! • Use approved design (library) in approved way Introduction to Computer Networks 10

  11. Internet Reality • Most of the protocols were developed before the Internet grew popular • It was a smaller, more trusted world • So protocols lacked security … • We have strong security needs today • Clients talk with unverified servers • Servers talk with anonymous clients • Security has been retrofitted • This is far from ideal! Introduction to Computer Networks 11

  12. Goal and Threat Model • Goal is to send a private message from Alice to Bob • This is called confidentiality • Threat is Eve will read the message • Eve is a passive adversary (observes) I  networks ?? Bob Alice Eve Introduction to Computer Networks 12

  13. Encryption/Decryption Model • Alice encrypts private message (plaintext) using key • Eve sees ciphertext but not plaintext • Bob decrypts using key to get the private message Plaintext Plaintext I  networks I  networks Eve Encrypt Hi there Decrypt Bob Alice Ciphertext Key Key Network Introduction to Computer Networks 13

  14. Encryption/Decryption (2) • Encryption is a reversible mapping • Ciphertext is confused plaintext • Assume attacker knows algorithm • Security does not rely on its secrecy • Algorithm is parameterized by keys • Security does rely on key secrecy • Must be distributed (Achilles’ heel) Introduction to Computer Networks 14

  15. Encryption/Decryption (3) Two main kinds of encryption: 1. Symmetric key encryption » , e.g., AES • Alice and Bob share secret key • Encryption is a bit mangling box 2. Public key encryption » , e.g., RSA • Alice and Bob each have a key in two parts: a public part (widely known), and a private part (only owner knows) • Encryption is based on mathematics (e.g., RSA is based on difficulty of factoring) Introduction to Computer Networks 15

  16. Symmetric (Secret Key) Encryption • Alice and Bob have the same secret key, K AB • Anyone with the secret key can encrypt/decrypt Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Secret key Secret key K AB K AB Introduction to Computer Networks 16

  17. Public Key (Asymmetric) Encryption • Alice and Bob have public/private key pairs ( K B /K B -1 ) • Public keys are well-known, private keys are secret Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Bob’s Bob’s K B-1 K B private key public key Introduction to Computer Networks 17

  18. Public Key Encryption (2) • Alice encrypts w/ Bob’s pubkey K B ; anyone can send • Bob decrypts w/ his private key K B-1 ; only he can Plaintext Plaintext I  networks I  networks Encrypt Hi there Decrypt Bob Alice Ciphertext Bob’s Bob’s K B-1 K B private key public key Introduction to Computer Networks 18

  19. Key Distribution • This is a big problem on a network! • Often want to talk to new parties • Symmetric encryption problematic • Have to first set up shared secret • Public key idea has own difficulties • Need trusted directory service • We’ll look at certificates later Introduction to Computer Networks 19

  20. Symmetric vs. Public Key • Have complementary properties • Want the best of both! Property Symmetric Public Key Key Hard – share Easier – publish Distribution secret per pair of public key per user users Runtime Fast – good for Slow – few, small, Performance high data rate messages Introduction to Computer Networks 20

  21. Winning Combination • Alice uses public key encryption to send Bob a small private message • It’s a key! (Say 256 bits.) • Alice/Bob send messages with symmetric encryption • Using the key they now share • The key is called a session key • Generated for short-term use Introduction to Computer Networks 21

  22. Message Authentication

  23. Goal and Threat Model • Goal is for Bob to verify the message is from Alice and unchanged • This is called integrity/authenticity • Threat is Trudy will tamper with messages • Trudy is an active adversary (interferes) I  networks ???? Bob Trudy Alice Introduction to Computer Networks 23

  24. Wait a Minute! • We’re already encrypting messages to provide confidentiality • Why isn’t this enough? Introduction to Computer Networks 24

  25. Encryption Issues • What will happen if Trudy flips some of Alice’s message bits? • Bob will decrypt it, and … Bob Trudy Introduction to Computer Networks 25

  26. Encryption Issues (2) • What will happen if Trudy flips some of Alice’s message bits? • Bob will receive an altered message Um?? yuiE#E3@ Bob Trudy Introduction to Computer Networks 26

  27. Encryption Issues (3) • Typically encrypt blocks of data • What if Trudy reorders message? • Bob will decrypt, and … 4 5 2 3 1 Bob Trudy Introduction to Computer Networks 27

  28. Encryption Issues (4) • What if Trudy reorders message? • Bob will receive altered message BUY NOW! DO NOT STOP OK! 2 1 4 5 3 Bob Trudy Introduction to Computer Networks 28

  29. MAC (Message Authentication Code) • MAC is a small token to validate the integrity/authenticity of a message • Conceptually ECCs again • Send the MAC along with message • Validate MAC, process the message • Example: HMAC scheme Message MAC Alice Bob Introduction to Computer Networks 29

  30. MAC (2) • Sorta symmetric encryption operation – key shared • Lets Bob validate unaltered message came from Alice • Doesn’t let Bob convince Charlie that Alice sent the message Message I  networks I  networks Generate Validate Bob Alice MAC Secret key Secret key K AB K AB Introduction to Computer Networks 30

  31. Digital Signature • Signature validates the integrity/authenticity of message • Send it along with the message • Lets all parties validate • Example: RSA signatures Message Signature Alice Introduction to Computer Networks 31

  32. Digital Signature (2) • Kind of public key operation – pub/priv key parts • Alice signs w/ private key, K A -1 , Bob verifies w/ public key, K A • Does let Bob convince Charlie that Alice sent the message I  networks Message I  networks Sign Verify Bob Alice Signature Alice’s Alice’s K A-1 K A private key public key Introduction to Computer Networks 32

  33. Speeding up Signatures • Same tension as for confidentiality: • Public key has keying advantages • But it has slow performance! • Use a technique to speed it up • Message digest stands for message • Sign the digest instead of full message Introduction to Computer Networks 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion

583 views • 7 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David Pointcheval Ecole Normale Sup erieure INRIA June 6, 2019 Table of Contents Background Functional Encryption ABDP Applications of Inner

970 views • 51 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
General Council Meeting July 12, 2017 Sarah Goodman Lisa Guay Orpheus Chatzivasileiou Krithika

General Council Meeting July 12, 2017 Sarah Goodman Lisa Guay Orpheus Chatzivasileiou Krithika

General Council Meeting July 12, 2017 Sarah Goodman Lisa Guay Orpheus Chatzivasileiou Krithika Ramchander New Faces Welcome to General Council! Quorum check Approve June Minutes Found on GSC website and GCM announcement email 70

465 views • 44 slides
Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh,

Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh,

Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh, Mike Hamburg Spatial Encryption Traditional Public-Key Infrastructure CA Alice Bob Adam Barth, Dan Boneh, Mike Hamburg Spatial Encryption

371 views • 24 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction

Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction

Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction Innovations Way Forward F... Bhoomi e-Conveyancing System? l Not a Paperless System l Electronic execution of Mutation l Online investigation

729 views • 20 slides
Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from

Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from

Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from HotNets09 Problem Security and privacy are only as good as the user's ability to identify with whom they wish to communicate Consequences of

1.14k views • 23 slides

More recommend