securing internet communication tls cont d network
play

Securing Internet Communication: TLS, contd Network security CS - PowerPoint PPT Presentation

Sep 02, 2022 •187 likes •1.75k views

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof. Raluca Ada Popa Feb 27, 2018 Some slides credit David Wagner Announcements Midterm grades released Regrades: Read the follow-ups on the

  1. Key Concept #2: Dumb Network • Original Internet design: interior nodes (“routers”) have no knowledge* of ongoing connections going through them • Not : how you picture the telephone system works – Which internally tracks all of the active voice calls • Instead: the postal system! – Each Internet message (“packet”) self-contained – Interior routers look at destination address to forward – If you want smarts, build it “ end-to-end ”, not “hop-by-hop” – Buys simplicity & robustness at the cost of shifting complexity into end systems * Today’s Internet is full of hacks that violate this 44

  2. Key Concept #3: Layering • Internet design is strongly partitioned into layers – Each layer relies on services provided by next layer below … – … and provides services to layer above it • Analogy: – Consider structure of an Code You Write application you’ve written Run-Time Library and the “services” each System Calls layer relies on / provides Magnetic Domains } Device Drivers Fully isolated Voltage Levels / from user programs 45

  3. Internet Layering ( “ Protocol Stack ” ) Note on a point of potential confusion: these diagrams are always drawn with lower layers below higher layers … 7 Application But diagrams showing the layouts of packets 4 Transport are often the opposite , with the lower layers at the top since their headers precede those 3 (Inter)Network for higher layers 2 Link 1 Physical 46

  4. Horizontal View of a Single Packet First bit transmitted (Inter)Network Transport Application Data: structure Link Layer Layer Header Layer depends on the application Header (IP) Header … 47

  5. Vertical View of a Single Packet Link Layer Header First bit transmitted (Inter)Network Layer Header (IP) Transport Layer Header Application Data: structure depends on the application . . . . . . 48 .

  6. Internet Layering ( “ Protocol Stack ” ) 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical 49

  7. Layer 1: Physical Layer 7 Application 4 Transport Encoding bits to send them over a single physical link 3 (Inter)Network e.g. patterns of 2 Link voltage levels / photon intensities / 1 Physical RF modulation 50

  8. Layer 2: Link Layer Framing and transmission of a collection of bits into individual messages sent across a single 7 Application “subnetwork” (one physical technology) 4 Transport 3 (Inter)Network Might involve multiple physical 2 Link links (e.g., modern Ethernet) 1 Physical Often technology supports broadcast transmission ( every “node” connected to subnet receives) 51

  9. Layer 3: (Inter)Network Layer (IP) Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes 7 Application • Provides global addressing 4 Transport Works across different link 3 (Inter)Network technologies } 2 Link Different for each Internet “hop” 1 Physical 52

  10. Layer 4: Transport Layer End-to-end communication between processes 7 Application Different services provided: TCP = reliable byte stream 4 Transport UDP = unreliable datagrams 3 (Inter)Network ( Datagram = single packet message) 2 Link 1 Physical 53

  11. Layer 7: Application Layer Communication of whatever you wish 7 Application Can use whatever transport(s) is convenient 4 Transport 3 (Inter)Network Freely structured 2 Link E.g.: 1 Physical Skype, SMTP (email), HTTP (Web), Halo, BitTorrent 54

  12. Internet Layering ( “ Protocol Stack ” ) } Implemented only at hosts, 7 Application not at interior routers 4 Transport (“dumb network”) 3 (Inter)Network 2 Link 1 Physical 55

  13. Internet Layering ( “ Protocol Stack ” ) 7 Application 4 Transport } 3 (Inter)Network 2 Link Implemented everywhere 1 Physical 56

  14. Internet Layering ( “ Protocol Stack ” ) 7 Application 4 Transport } 3 (Inter)Network ~Same for each Internet “hop” } 2 Link Different for each Internet “hop” 1 Physical 57

  15. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 Host B Host E Router 7 Router 6 Router 4 58

  16. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A E.g., Ethernet Router 1 Router 2 Router 3 E.g., Wi-Fi Router 5 Host B Host E Router 7 Router 6 Router 4 Different Physical & Link Layers (Layers 1 & 2) 59

  17. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 E.g., HTTP over TCP over IP Host B Host E Router 7 Router 6 Router 4 Same Network / Transport / Application Layers (3/4/7) (Routers ignore Transport & Application layers) 60

  18. Layer 3: (Inter)Network Layer (IP) Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes 7 Application • Provides global addressing 4 Transport Works across different link 3 (Inter)Network technologies 2 Link 1 Physical 61

  19. IP Packet Structure 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags 8-bit Time to 8-bit Protocol 16-bit Header Checksum Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

  20. IP Packet Structure 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags Specifies the length of the entire 8-bit Time to IP packet: bytes in this header 8-bit Protocol 16-bit Header Checksum Live (TTL) plus bytes in the Payload 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

  21. IP Packet Structure 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags Specifies how to interpret the start of the Payload , which is 8-bit Time to 8-bit Protocol 16-bit Header Checksum the header of a Transport Live (TTL) Protocol such as TCP or UDP 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

  22. IP Packet Structure 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags 8-bit Time to 8-bit Protocol 16-bit Header Checksum Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

  23. IP Packet Header (Continued) •Two IP addresses – Source IP address (32 bits) – Destination IP address (32 bits) •Destination address – Unique identifier/locator for the receiving host – Allows each node to make forwarding decisions •Source address – Unique identifier/locator for the sending host – Recipient can decide whether to accept packet – Enables recipient to send a reply back to source 66

  24. Postal Envelopes: (Post office doesn’t look at the letter inside the envelope) 67

  25. Analogy of IP to Postal Envelopes: IP source address IP destination address (Routers don’t look at the payload beyond the IP header) 68

  26. IP: “ Best Effort ” Packet Delivery •Routers inspect destination address, locate “next hop” in forwarding table – Address = ~unique identifier/locator for the receiving host •Only provides a “ I’ll give it a try ” delivery service: – Packets may be lost – Packets may be corrupted – Packets may be delivered out of order source destination IP network 69

  27. “ Best Effort ” is Lame! What to do? •It’s the job of our Transport (layer 4) protocols to build services our apps need out of IP’s modest layer-3 service 70

  28. Layer 4: Transport Layer End-to-end communication between processes 7 Application Different services provided: TCP = reliable byte stream 4 Transport UDP = unreliable datagrams 3 (Inter)Network ( Datagram = single packet message) 2 Link 1 Physical 71

  29. “ Best Effort ” is Lame! What to do? •It’s the job of our Transport (layer 4) protocols to build services our apps need out of IP’s modest layer-3 service •#1 workhorse: TCP ( Transmission Control Protocol ) •Service provided by TCP: – Connection oriented (explicit set-up / tear-down) o End hosts (processes) can have multiple concurrent long-lived communication – Reliable , in-order, byte-stream delivery o Robust detection & retransmission of lost data 72

  30. TCP “ Bytestream ” Service Process A on host H1 Byte 0 Byte 1 Byte 2 Byte 3 Byte 80 Hosts don’t ever see packet boundaries, lost or corrupted packets, retransmissions, etc. Process B on host H2 Byte 0 Byte 1 Byte 2 Byte 3 Byte 80 73

  31. Bidirectional communication: Process B on host H2 Byte 0 Byte 1 Byte 2 Byte 3 Byte 73 There are two separate bytestreams , one in each direction Process A on host H1 Byte 0 Byte 1 Byte 2 Byte 3 Byte 73 74

  32. TCP Header Source port Destination port Sequence number Acknowledgment Advertised window HdrLen Flags 0 Checksum Urgent pointer Options (variable) Data 75

  33. TCP Header Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment Advertised window HdrLen Flags 0 Checksum Urgent pointer Options (variable) Data 76

  34. (Link Layer Header) TCP Header (IP Header) Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment IP source & destination Advertised window HdrLen Flags 0 addresses plus TCP source and destination Checksum Urgent pointer ports uniquely identifies a TCP connection Options (variable) Data 77

  35. TCP Header Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment IP source & destination Advertised window HdrLen Flags 0 addresses plus TCP source and destination Checksum Urgent pointer ports uniquely identifies a TCP connection Options (variable) Some port numbers are “well known” / reserved Data e.g. port 80 = HTTP 78

  36. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this Advertised window HdrLen Flags 0 packet Checksum Urgent pointer Options (variable) Data 79

  37. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this Advertised window HdrLen Flags 0 packet Checksum Urgent pointer Byte streams Options (variable) numbered independently in each direction Data 80

  38. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this Advertised window HdrLen Flags 0 packet Checksum Urgent pointer Byte stream Options (variable) numbered independently in each direction Data Sequence number assigned to start of byte stream is picked when connection begins; doesn’t start at 0 81

  39. TCP Header Source port Destination port Sequence number Acknowledgment gives seq # just Acknowledgment beyond highest Advertised window seq. received in HdrLen Flags 0 order . Checksum Urgent pointer If sender sends Options (variable) N bytestream bytes starting at Data seq S then “ack” for it will be S+N . 82

  40. Sequence Numbers Host A ISN (initial sequence number) Sequence ACK sequence TCP TCP Data HDR number from A number from B = 1 st byte of = next expected data byte TCP TCP Data HDR Host B 83

  41. TCP Header Source port Destination port Sequence number Uses include: Acknowledgment acknowledging Advertised window data (“ ACK ”) HdrLen Flags 0 Checksum Urgent pointer setting up (“ SYN ”) and closing Options (variable) connections (“ FIN ” and “ RST ”) Data 84

  42. Establishing a TCP Connection B A SYN Each host tells its Initial Sequence SYN+ACK Number (ISN) to the other host. ACK D a (Spec says to pick based t a D on local clock) a t a •Three-way handshake to establish connection – Host A sends a SYN (open; “synchronize sequence numbers”) to host B – Host B returns a SYN acknowledgment ( SYN + ACK ) – Host A sends an ACK to acknowledge the SYN + ACK 85

  43. Timing Diagram: 3-Way Handshaking Passive Different starting Open initial sequence Active numbers (ISNs) in Server Open each direction listen() Client (initiator) connect() SYN, SeqNum = x SYN + ACK, SeqNum = y, Ack = x + 1 ACK, Ack = y + 1 accept() 86

  44. Layer 7: Application Layer Communication of whatever you wish 7 Application Can use whatever transport(s) is convenient 4 Transport 3 (Inter)Network Freely structured 2 Link E.g.: 1 Physical Skype, SMTP (email), HTTP (Web), Halo, BitTorrent 87

  45. Web (HTTP) Request Method Resource HTTP version Headers GET /index.html HTTP/1.1 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en Connection: Keep-Alive User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Host: www.example.com Referer: http://www.google.com?q=dingbats Blank line Data (if POST; none for GET) GET: download data. POST: upload data.

  46. Web (HTTP) Response HTTP version Status code Reason phrase Headers HTTP/1.0 200 OK Date: Sun, 19 Apr 2009 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Data Content-Type: text/html Last-Modified: Sat, 18 Apr 2009 17:39:05 GMT Set-Cookie: session=44eb; path=/servlets Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML>

  47. Host Names vs. IP addresses •Host names – Examples: www.cnn.com and bbc.co.uk – Mnemonic name appreciated by humans – Variable length, full alphabet of characters – Provide little (if any) information about location •IP addresses – Examples: 64.236.16.20 and 212.58.224.131 – Numerical address appreciated by routers – Fixed length, binary number – Hierarchical, related to host location 90

  48. Networking Attacks: Link-, IP-, and TCP-layer attacks

  49. General Communication Security Goals: CIA •Confidentiality: – No one can read our data / communication unless we want them to •Integrity – No one can manipulate our data / processing / communication unless we want them to •Availability – We can access our data / conduct our processing / use our communication capabilities when we want to 92

  50. No security built in at the network level •Everything you have seen in this lecture is just plaintext, to integrity attached to it so an attacker can easily spoof packets at multiple levels •TLS will give application level security 93

  51. Link-layer threats • Confidentiality: eavesdropping (aka sniffing) • Integrity: injection of spoofed packets • Availability: delete legit packets (e.g., jamming) 94

  52. Layers 1 & 2: General Threats? Framing and transmission of a collection of bits into individual messages sent across a single 7 Application “subnetwork” (one physical technology) 4 Transport 3 (Inter)Network 2 Link Encoding bits to send them over a single physical link 1 Physical e.g. patterns of voltage levels / photon intensities / RF modulation 95

  53. Eavesdropping • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), eavesdropping comes for “free” – Each attached system’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump / windump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols) 96

  54. TCPDUMP: Packet Capture & ASCII Dumper 97

  55. Wireshark: GUI for Packet Capture/Exam. 98

  56. Wireshark: GUI for Packet Capture/Exam. 99

  57. Wireshark: GUI for Packet Capture/Exam. 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network connecting computers all over the world Data is sent in packets between machines Communication between computers is routed using the Internet

464 views • 7 slides
Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 31, 2011 Todays Lecture Applying crypto technology in

695 views • 51 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted

Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted

Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted from Prof. David Wagner 2018 Todays Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

623 views • 49 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar,

873 views • 56 slides
Securing Internet Communication: TLS &amp; DNSSEC CS 161: Computer Security Prof. Vern Paxson

Securing Internet Communication: TLS &amp; DNSSEC CS 161: Computer Security Prof. Vern Paxson

Securing Internet Communication: TLS &amp; DNSSEC CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic,

1.51k views • 92 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet

Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet

Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet Communication: TLS CS 161: Computer Security Prof. Raluca Ada Popa Feb 22, 2018 Some slides credit David Wagner Todays Lecture Applying crypto

869 views • 53 slides
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen, Andrei Gurtov

Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen, Andrei Gurtov

Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Network communication Who are you talking to?

636 views • 35 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu Network Security Reading Assignment: chapters 16, 19 Network Security SSL TLS 1 Some Issues with Real-time Communication Session key establishment

312 views • 8 slides
57% 51% Wireless Hacker Tools Simple Wireless Attack Securing a Wireless Network

57% 51% Wireless Hacker Tools Simple Wireless Attack Securing a Wireless Network

Wireless Internet Users Growth Wireless Internet Users Growth Securing Your Wireless Network Dr. Fadi Aloul American University of Sharjah - UAE faloul@aus.edu PAKCON 2007 Dr. Fadi Aloul, American University of Sharjah PAKCON 2007

380 views • 9 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Extended Future Internet: an IP Pervasive Network Including Interplanetary Communication Mario

Extended Future Internet: an IP Pervasive Network Including Interplanetary Communication Mario

Extended Future Internet: an IP Pervasive Network Including Interplanetary Communication Mario Marchese DITEN Department of Telecommunications, Electronic, Electrical, and Naval Engineering University of Genoa Via Opera Pia 13, 16145,

750 views • 48 slides
Securing the last mile of DNS with CGA-TSIG Marc Buijsman Master System &amp; Network Engineering

Securing the last mile of DNS with CGA-TSIG Marc Buijsman Master System &amp; Network Engineering

Securing the last mile of DNS with CGA-TSIG Marc Buijsman Master System &amp; Network Engineering 19 December 2013 Problem statement last mile not secured internet authoritative name server client recursive authoritative last

608 views • 40 slides
Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the

Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the

Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the Internet S-BGP, so-BGP, PG-BGP, StopIt, Listen &amp; Whisper Fundamental Problem No Accountability Use CRYPTO!!! source spoofing

441 views • 12 slides
Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Lecture 17 CS 134 Spring 2019 Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) local network collection of IP networks under control of a

643 views • 25 slides
Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal Autonomous System (AS) NTT 2914 Internet at the highest level Routing within an AS is completely autonomous

713 views • 29 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
When Match Fields Do Not Need to Match: Buffered Packet Hijacking in SDN Jiahao Cao, Renjie Xie,

When Match Fields Do Not Need to Match: Buffered Packet Hijacking in SDN Jiahao Cao, Renjie Xie,

When Match Fields Do Not Need to Match: Buffered Packet Hijacking in SDN Jiahao Cao, Renjie Xie, Kun Sun , Qi Li, Guofei Gu, and Mingwei Xu Outline SDN Overview Background on SDN Rule Installation A New Vulnerability: Buffered Packet

443 views • 33 slides
CS449/649: Human-Computer Interaction Spring 2017 Lecture III Anastasia Kuzminykh Understand

CS449/649: Human-Computer Interaction Spring 2017 Lecture III Anastasia Kuzminykh Understand

CS449/649: Human-Computer Interaction Spring 2017 Lecture III Anastasia Kuzminykh Understand Your Users User study Observe Register Features Ask Questions Quantitative Qualitative Behavioral Fixed &amp; measurable Dynamic

735 views • 36 slides
The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near

The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near

The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth Asteroids Asteroids Asteroids Asteroids Judit Judit Gy Ries Ries Ries Judit Judit rgyey Ries Gy Gy rgyey rgyey Gy rgyey

465 views • 24 slides
Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell

Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell

CSE343/443 Lehigh University Fall 2015 Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell Reported Web Vulnerabilities &quot;In the Wild&quot; 1200 1000 800 Input Validation CSRF 600 XSS SQLi

1.27k views • 105 slides
DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief history of user Popular identity identities protocols SAML Single sign-on OpenID InfoCard and CardSpace Federated identity

786 views • 66 slides
CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up malicious site visited by victim; no control of network Alice Network Security Network Attacker Intercepts and controls network communication

907 views • 44 slides

More recommend