o verview
play

O VERVIEW Applying security measure to the Internet Securing email - PDF document

Aug 30, 2023 •127 likes •268 views

4/16/18 S ECURING E MAIL WITH P RETTY G OOD P RIVACY C S C 2 4 9 A P R I L 1 7 , 2 0 1 8 O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy Secure sockets layer, SSL Firewalls and Intrusion

  1. 4/16/18 S ECURING E MAIL WITH P RETTY G OOD P RIVACY C S C 2 4 9 A P R I L 1 7 , 2 0 1 8 O VERVIEW Applying security measure to the Internet • Securing email – Pretty Good Privacy • Secure sockets layer, SSL • Firewalls and Intrusion Detection Systems 2 1

  2. 4/16/18 E MAIL : C ONFIDENTIAL S TEP 1 q Alice wants to send confidential e-mail, m, to Bob. m m Internet Alice: 1) Generate random symmetric private key, K S 2) 3) 4) E MAIL : M ESSAGE I NTEGRITY & A UTHENTICATION q Alice wants to provide sender authentication message integrity. … How? m Internet m 2

  3. 4/16/18 E MAIL : F ULLY S ECURE q Alice wants to provide secrecy, sender authentication & message integrity. … How? m m Internet P RETTY G OOD P RIVACY (PGP) • To Activity (to act out PGP)… • Internet e-mail encryption scheme, de-facto standard. • Uses • Symmetric key cryptography • Public key cryptography • Hash function • Digital signature • Provides • Secrecy • Sender authentication • Integrity 3

  4. 4/16/18 SSL: S ECURE S OCKETS L AYER • Provides • Confidentiality • Integrity • Authentication • Original goals: • Encryption (especially credit-card numbers) • Web-server authentication • Optional client authentication • Minimum effort doing business with new merchant • Available to all TCP applications • Secure socket interface R ECALL : S OCKET P ROGRAMMING Application layer communication via the transport layer goal: build client/server applications that communicate using sockets socket: door between application process and transport protocol application application socket controlled by process process app developer transport transport controlled network network by OS link link Internet physical physical 8 4

  5. 4/16/18 SERVER socket() CLIENT socket() bind() TCP bind() listen() F LOW connect accept() C HART send() recv() send() recv() 9 SSL: S ECURE S OCKETS L AYER • Provides transport layer security to any TCP-based application using SSL services. • Security services: • Server authentication • Data encryption • Client authentication 5

  6. 4/16/18 SSL: C OULD B E B ASED ON PGP - K A . . - - K A (H(m)) K A ( ) m H( ) K S . + K S ( ) + m Internet . + K B ( ) K S + K B (K S ) + K B Ø But want to send byte streams Ø Want certificate exchange to be part of protocol handshake phase B ASIC SSL: A S IMPLE S ECURE C HANNEL 1. Handshake: Alice and Bob use their certificates and private keys to authenticate each other and exchange shared secret 2. Key Derivation: Alice and Bob use shared secret to derive set of keys – master key 3. Data Transfer: Data to be transferred is broken up into a series of records 4. Connection Closure: Special messages to securely close connection à Section 8.5.2 for more details 6

  7. 4/16/18 R ECALL : TCP C ONNECTION M ANAGEMENT Connection Set Up: client server setup Step 1: client sends TCP SYN SYN segment SYNACK setup Step 2: server receives SYN and replies with SYNACK ACK Step 3: client receives SYNACK and replies with ACK Connection (1) SSL: H ANDSHAKE • Bob establishes TCP T C P S Y N connection to Alice TCP SYNACK • Authenticates Alice via T C P A C CA signed certificate K S S L h • Creates, encrypts (using e l l o Alice’s public key), & e t a c f i i r t e c sends master secret key to Alice create • nonce exchange not Master K (MS) + decrypt shown A Secret using K A – (MS) to get MS 7

  8. 4/16/18 (2) SSL: K EY D ERIVATION • Alice, Bob use shared secret (MS) to generate four keys: • E B : Bob à Alice data encryption key • E A : Alice à Bob data encryption key • M B : Bob à Alice MAC key (the secret ‘bit pattern’) • M A : Alice à Bob MAC key • Encryption and MAC algorithms negotiable between hosts • Why 4 keys? (3) SSL: D ATA R ECORDS • Encrypt data in a constant stream as we write it to TCP? … does not work because - • Where would we put the MAC? • Instead, break stream into series of records • Each record carries a MAC • Receiver can act on each record as it arrives length data MAC 8

  9. 4/16/18 (3) SSL: D ATA TRANSFER b 1 b 2 b 3 … b n TCP byte stream M B d . block n bytes together compute H( ) MAC E B d H(d) . encrypted, H( ) SSL MAC, SSL seq. # H(d) d seq. # SSL record Type Ver Len d H(d) format unencrypted encrypted using E B C HAPTER 8 T OPICS 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS 9

  10. 4/16/18 N ETWORK S ECURITY ( SUMMARY ) Security Objectives…... • cryptography (symmetric and public) • message integrity • end-point authentication Used for numerous security scenarios • secure email (PGP) • secure transport (SSL) • Operational Security: firewalls and IDS F IREWALLS q Isolate an organization’s internal network from Internet, allowing some packets to pass, blocking others. q Which attacks are prevented? public administered network Internet firewall 10

  11. 4/16/18 S TATELESS P ACKET F ILTERING Should arriving packet be allowed in? Departing packet let out? • Internal network connected to Internet via router firewall • Router filters packet-by-packet, decision to forward/drop packet based on: • Source IP address, destination IP address • TCP/UDP source and destination port numbers • ICMP message type • TCP SYN and ACK bits S TATELESS P ACKET F ILTERING : M ORE E XAMPLES q Where is a firewall implemented? Policy Firewall Setting No outside Web access. Drop all outgoing packets to any IP address, port 80 No incoming TCP connections, except Drop all incoming TCP SYN packets to any IP except 130.207.244.203, port 80 those for institution’s public Web server only. Prevent Web-radios from eating up Drop all incoming UDP packets - except DNS and router broadcasts. the available bandwidth. Prevent your network from being used Drop all ICMP packets going to a for a smurf DoS attack. “broadcast” address (eg 130.207.255.255). Prevent your network from being Drop all outgoing ICMP TTL expired traffic tracerouted 11

  12. 4/16/18 L IMITATIONS OF F IREWALLS • IP spoofing: router can’t know if data “really” comes from claimed source • Filters often use all or nothing policy for UDP. • Tradeoff: degree of communication with outside world, level of security • Many highly protected sites still suffer from attacks. I NTRUSION D ETECTION S YSTEMS • Deep packet inspection: look at packet contents (e.g., check character strings in packet against database of known virus, attack strings) • Examine correlation among multiple packets • port scanning • network mapping • DoS attack 12

  13. 4/16/18 N ETWORK S ECURITY (S UMMARY ) Basic techniques… • cryptography (symmetric and public) • message integrity • end-point authentication … used in many different security scenarios • secure email • secure transport (SSL) Operational Security: firewalls and IDS 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

W HAT A RE F UTURES S TRATEGIES ? F UTURES S TRATEGIES / M ANAGED F UTURES / C TAS

W HAT A RE F UTURES S TRATEGIES ? F UTURES S TRATEGIES / M ANAGED F UTURES / C TAS

T ULIP T REND F UND L TD. M AY 2004 P RESENTATION O VERVIEW T RADING A DVISOR O VERVIEW H ISTORY - P EOPLE A PPROACH & S TRATEGY F UTURES S TRATEGIES A PPROACH F UND F ACTS S UMMARY 2 T RANSTREND B.V. - O VERVIEW B

349 views • 13 slides
H OW TO STUDY ARITHMETICAL FUNCTIONS ? O VERVIEW M AIN RESULTS F UTURE DIRECTION T HANK YOU ! I

H OW TO STUDY ARITHMETICAL FUNCTIONS ? O VERVIEW M AIN RESULTS F UTURE DIRECTION T HANK YOU ! I

O VERVIEW M AIN RESULTS F UTURE DIRECTION T HANK YOU ! V ARIANT OF A THEOREM OF E RD OS ON THE SUM - OF - PROPER - DIVISORS FUNCTION Hee-Sung Yang Joint work with Carl Pomerance Dartmouth College 11 January 2013 O VERVIEW M AIN RESULTS F

789 views • 53 slides
A LEXANDRIA T RANSIT C OMPANY (DASH) B US F LEET O VERVIEW AND G REEN T ECHNOLOGY D ISCUSSION June

A LEXANDRIA T RANSIT C OMPANY (DASH) B US F LEET O VERVIEW AND G REEN T ECHNOLOGY D ISCUSSION June

A LEXANDRIA T RANSIT C OMPANY (DASH) B US F LEET O VERVIEW AND G REEN T ECHNOLOGY D ISCUSSION June 19 th 2017 DASH S YSTEM O VERVIEW Services City of Alexandria and Surrounding Areas 10 Routes 4 Million Annual Passengers Estimated 9,000,000

101 views • 9 slides
O VERVIEW : A NNUAL AND S CAVENGER P ROPERTY T AX S ALES Office of Cook County Treasurer Maria

O VERVIEW : A NNUAL AND S CAVENGER P ROPERTY T AX S ALES Office of Cook County Treasurer Maria

O VERVIEW : A NNUAL AND S CAVENGER P ROPERTY T AX S ALES Office of Cook County Treasurer Maria Pappas October 3, 2012 S UMMARY Property Tax Cycle Overview Annual Tax Sale Scavenger Tax Sale 2 P ROPERTY T AX C YCLE O VERVIEW

375 views • 19 slides
H OW TO STUDY ARITHMETICAL FUNCTIONS ? O VERVIEW E RD OS AND TE R IELE M AIN RESULTS F UTURE

H OW TO STUDY ARITHMETICAL FUNCTIONS ? O VERVIEW E RD OS AND TE R IELE M AIN RESULTS F UTURE

O VERVIEW E RD OS AND TE R IELE M AIN RESULTS F UTURE DIRECTION & R EFERENCES V ARIANT OF A THEOREM OF E RD OS ON THE SUM - OF - PROPER - DIVISORS FUNCTION Heesung Yang Joint work with Carl Pomerance Dalhousie University 25 November

810 views • 62 slides
Non-Operated Working Interest Assets in the Williston Basin March 2018 S ALES P ROCESS O VERVIEW |

Non-Operated Working Interest Assets in the Williston Basin March 2018 S ALES P ROCESS O VERVIEW |

Non-Operated Working Interest Assets in the Williston Basin March 2018 S ALES P ROCESS O VERVIEW | C ONTACT I NFORMATION P RESENTATION O UTLINE S ALES P ROCESS O VERVIEW Key Dates Preliminary Bid Instructions I. Executive Summary

403 views • 12 slides
Review Mining Automatically Assessing Review Helpfulness Sanae Sato Haotian He April 22, 2014 O

Review Mining Automatically Assessing Review Helpfulness Sanae Sato Haotian He April 22, 2014 O

O VERVIEW I NTRODUCTION M ETHODOLOGY R ESULTS Review Mining Automatically Assessing Review Helpfulness Sanae Sato Haotian He April 22, 2014 O VERVIEW I NTRODUCTION M ETHODOLOGY R ESULTS O VERVIEW O VERVIEW I NTRODUCTION The Issue Goals for

376 views • 22 slides
OVER VERVIEW VIEW 1. NDIS Principles 2. Yarning about the NDIS 3. Eligibility 4. What do I

OVER VERVIEW VIEW 1. NDIS Principles 2. Yarning about the NDIS 3. Eligibility 4. What do I

Yarning about ND NDIS in IS in WA WA Community Engagement for Aboriginal and Torres Strait Islander People Kaya : Acknowledging Nyoongar Peoples, Past and Present Elders, on the Land in which we work. OVER VERVIEW VIEW 1. NDIS Principles

477 views • 47 slides
30 ILCS 500/10-15 Background/ d/Ove verview PCM Role/Activities Examples Call for

30 ILCS 500/10-15 Background/ d/Ove verview PCM Role/Activities Examples Call for

30 ILCS 500/10-15 Background/ d/Ove verview PCM Role/Activities Examples Call for help 2 Created by SB51 (PA 96-795), effective 7/1/2010 Stemmed from ethics reform Independence Transparency Real-Time Auditors

1.09k views • 64 slides
O PERATION A NACONDA O VERVIEW What follows is a brief summary of the critical events that shaped

O PERATION A NACONDA O VERVIEW What follows is a brief summary of the critical events that shaped

O PERATION A NACONDA O VERVIEW What follows is a brief summary of the critical events that shaped the planning and conduct of Operation Anaconda, the final and largest battle in the initial invasion of Afghanistan after the attacks of September

830 views • 14 slides
A N O VERVIEW OF C ALIFORNIA O IL & G AS L AW Kevin L. Shaw Mayer, Brown & Platt 350

A N O VERVIEW OF C ALIFORNIA O IL & G AS L AW Kevin L. Shaw Mayer, Brown & Platt 350

A N O VERVIEW OF C ALIFORNIA O IL & G AS L AW Kevin L. Shaw Mayer, Brown & Platt 350 South Grand Avenue, 25th Floor Los Angeles, California 90071 Table of Contents Page Introduction

662 views • 27 slides
Sp Spin in tr treatme atment nt at t th the IL ILC: ove verview, rview, sta tatus, tus,

Sp Spin in tr treatme atment nt at t th the IL ILC: ove verview, rview, sta tatus, tus,

Sp Spin in tr treatme atment nt at t th the IL ILC: ove verview, rview, sta tatus, tus, needs ds and d ope pen n qu quest estions ions G. Moortgat-Pick (Uni Hamburg/DESY) 1 World ld-wide wide Even ent On June 12 th

609 views • 38 slides
01/10/2018 Dont Wish it Were Easier, Wish you were better. Jim Rohn Overv verview

01/10/2018 Dont Wish it Were Easier, Wish you were better. Jim Rohn Overv verview

01/10/2018 Dont Wish it Were Easier, Wish you were better. Jim Rohn Overv verview iew Organize your Life for Success Personal Development Time Management A day in the life of ME Consistency Discipline

486 views • 6 slides
1. Introduction Nikolas Wageneder O VERVIEW 18.04.2007 Preliminaries Distributed

1. Introduction Nikolas Wageneder O VERVIEW 18.04.2007 Preliminaries Distributed

N ETWORK E MBEDDED S YSTEMS 1. Introduction Nikolas Wageneder O VERVIEW 18.04.2007 Preliminaries Distributed Computation Processes Communication Timing Assumptions Time 2 P RELIMINARIES 18.04.2007 Main abstractions

711 views • 32 slides
AN INTRODUCTION TO COM OMPANY ANY OVE VERVIEW VIEW Founded in 1986 Leading manufacturer

AN INTRODUCTION TO COM OMPANY ANY OVE VERVIEW VIEW Founded in 1986 Leading manufacturer

AN INTRODUCTION TO COM OMPANY ANY OVE VERVIEW VIEW Founded in 1986 Leading manufacturer of both portable and central dust and fume extraction systems Head office located in North York, ON Second facility based in Cleveland,

622 views • 46 slides
AN O AN OVER VERVIEW OF VIEW OF BUSINESS SER USINESS SERVICES VICES Our Mission

AN O AN OVER VERVIEW OF VIEW OF BUSINESS SER USINESS SERVICES VICES Our Mission

AN O AN OVER VERVIEW OF VIEW OF BUSINESS SER USINESS SERVICES VICES Our Mission CareerSource Pinellas connects employers with qualified, skilled talent and also connects Hillsborough County residents with employment and career development

198 views • 19 slides
Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J. Garcia, F . Autrel, J. Borrell, S. Castillo, F . Cuppens, G. Navarro { jgarcia,jborrell,scastillo,gnavarro } @ccd.uab.es, {

291 views • 17 slides
In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers Maciej Korczyski*, Yevheniya Nosyk*, Qasim Lone , Marcin Skwarek*, Baptiste Jonglez*, and Andrzej Duda* *Universit Grenoble Alpes, CNRS, Grenoble

546 views • 16 slides
The Problem IP Spoofing CS 239 Existing Internet protocols and Advanced Topics in Network

The Problem IP Spoofing CS 239 Existing Internet protocols and Advanced Topics in Network

The Problem IP Spoofing CS 239 Existing Internet protocols and Advanced Topics in Network infrastructure allow forgery of some IP Security packet header fields Peter Reiher In particular, the source address field can often be

400 views • 3 slides
DDoS Jeff Chase Duke University Flood Attacks Direct a stream of packets toward a victim.

DDoS Jeff Chase Duke University Flood Attacks Direct a stream of packets toward a victim.

DDoS Jeff Chase Duke University Flood Attacks Direct a stream of packets toward a victim. Require the victim to do work per packet. Classic: TCP SYN floods (2000pps sufficient) ICMP floods Victim has insufficient

382 views • 6 slides
IP Telephony Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office Number: 417

IP Telephony Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office Number: 417

IP Telephony Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office Number: 417 Textbook Carrier Grade Voice over IP, D. Collins, McGraw-Hill, Second Edition, 2003. Requirements Homework x 3 30% One mid-term

346 views • 22 slides
IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF

IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF

IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF and addressed to the IETF are subject to all provisions of Section 10 of RFC 2026, which grants to the IETF and its participants certain licenses

198 views • 9 slides
NHS HE N3 update 9 th November 2006 London N3 The Story So Far N3 Background N3 Goals

NHS HE N3 update 9 th November 2006 London N3 The Story So Far N3 Background N3 Goals

NHS HE N3 update 9 th November 2006 London N3 The Story So Far N3 Background N3 Goals (the New NHS National broadband network) Broadband network linking 18,000 sites in England, up to 3,000 in Scotland and 10,000 non-NHS Enabling key

938 views • 28 slides
Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada

Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada

Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada Hitachi Ltd., Central Research Laboratory Japan Background History of voice communication media (VCM) Telephone has been used for about 130

436 views • 9 slides

More recommend