Cryptography And Network Security: Overview
2y ago
53 Views
1 Downloads
403.32 KB
19 Pages
Report/dmca
Download PDF

Transcription

Cryptography andNetwork Security: OverviewRaj JainWashington University in Saint LouisSaint Louis, MO 63130Jain@cse.wustl.eduAudio/Video recordings of this lecture are available at:http://www.cse.wustl.edu/ jain/cse571-11/Washington University in St. LouisCSE571S1-1 2011 Raj Jain

Overview1.2.3.4.5.Computer Security ConceptsOSI Security ArchitectureSecurity AttacksSecurity ServicesSecurity MechanismsThese slides are based on Lawrie Brown’s slides supplied with William Stalling’sbook “Cryptography and Network Security: Principles and Practice,” 5th Ed, 2011.Washington University in St. LouisCSE571S1-2 2011 Raj Jain

Standards OrganizationsNational Institute of Standards & Technology (NIST)http://csrc.nist.gov/ Internet Society (ISOC):Internet Engineering Task Force (IETF), ietf.orgInternet Architecture Board (IAB) International Telecommunication UnionTelecommunication Standardization Sector (ITU-T)http://www.itu.int International Organization for Standardization (ISO)http://www.iso.org Washington University in St. LouisCSE571S1-3 2011 Raj Jain

Security ComponentsConfidentiality: Need access control, Cryptography,Existence of data Integrity: No change, content, source, preventionmechanisms, detection mechanisms Availability: Denial of service attacks, Confidentiality, Integrity and Availability (CIA) Washington University in St. LouisCSE571S1-4 2011 Raj Jain

OSI Security ArchitectureITU-T X.800 “Security Architecture for OSI” Defines a systematic way of defining and providingsecurity requirements Provides a useful, if abstract, overview of concepts Washington University in St. LouisCSE571S1-5 2011 Raj Jain

Aspects of SecurityAspects of information security: Security attack Security mechanism Security service Note: Threat – a potential for violation of security Attack – an assault on system security, a deliberateattempt to evade security services Washington University in St. LouisCSE571S1-6 2011 Raj Jain

Passive AttacksWashington University in St. LouisCSE571S1-7 2011 Raj Jain

Active AttacksWashington University in St. LouisCSE571S1-8 2011 Raj Jain

Security Services (X.800) Authentication - assurance that communicating entity is theone claimed have both peer-entity & data origin authenticationAccess Control - prevention of the unauthorized use of aresourceData Confidentiality –protection of data from unauthorizeddisclosureData Integrity - assurance that data received is as sent by anauthorized entityNon-Repudiation - protection against denial by one of theparties in a communicationAvailability – resource accessible/usableWashington University in St. LouisCSE571S1-9 2011 Raj Jain

Security MechanismFeature designed to detect, prevent, or recover from asecurity attack However one particular element underlies many of thesecurity mechanisms in use: cryptographic techniques Washington University in St. LouisCSE571S1-10 2011 Raj Jain

Security Mechanisms (X.800) Specific security mechanisms: Encipherment, digital signatures, access controls,data integrity, authentication exchange, trafficpadding, routing control, notarization Pervasive security mechanisms: Trusted functionality, security labels, eventdetection, security audit trails, security recoveryWashington University in St. LouisCSE571S1-11 2011 Raj Jain

Services and Mechanisms RelationshipWashington University in St. LouisCSE571S1-12 2011 Raj Jain

Model for Network Security1.2.3.4.Algorithm for Security transformationSecret key generationDistributed and share secret informationProtocol for sharing secret informationWashington University in St. LouisCSE571S1-13 2011 Raj Jain

Model for Network Access Security1.2.Select appropriate gatekeeper functions to identifyusersImplement security controls to ensure only authorisedusers access designated information or resourcesWashington University in St. LouisCSE571S1-14 2011 Raj Jain

Summary NIST, IETF, ITU-T, ISO develop standards for networksecurityCIA represents the 3 key components of securityISO X.800 security architecture specifies security attacks,services, mechanismsActive attacks may modify the transmitted information.Security services include authentication, access control, Washington University in St. LouisCSE571S1-15 2011 Raj Jain

1.2.3.4.Lab Homework 2Read about the following toolsa. Wireshark, network protocol analyzer,http://www.wireshark.org/download.htmlUse ftp client to download in binary mode (do not use browser)b. Advanced Port Scanner, network port scanner,http://www.scanwith.com/Advanced Port Scanner download.htmc. LAN Surveyor, network mapping shareware with 30 day or/Use advanced port scanner to scan one to three hosts on your local net(e.g., CSE571XPS and CSE571XPC2 in the security lab) to find theiropen ports.Use network surveyor to show the map of all hosts on your local netPing www.google.com to find its address. Start Wireshark. Set capturefilter option “IP Address” to capture all traffic to/from this address. Opena browser window and Open www.google.com . Stop Wireshark. Submita screen capture showing the packets seen.Washington University in St. LouisCSE571S1-16 2011 Raj Jain

Security URLs Center for Education and Research in Information Assuranceand y/coast/archive/IETF Security area, sec.ietf.orgComputer and Network Security Reference y.htmlThe Cryptography FAQ,http://www.faqs.org/faqs/cryptography-faq/Tom Dunigan's Security tmlIEEE Technical Committee on Security and puter Security Resource Center, http://csrc.nist.gov/Washington University in St. LouisCSE571S1-17 2011 Raj Jain

Security URLs (Cont)Security Focus, http://www.securityfocus.com/ SANS Institute, http://sans.org/ Data Protection resource aphyanddatasecurity/ Helger Lipmaa's Cryptology rypto/ Washington University in St. LouisCSE571S1-18 2011 Raj Jain

Newsgroups and Forums sci.crypt.research, sci.crypt, misc, .riskscomp.virusSecurity and Cryptography ography-17/Cryptography phySecurity Forum, http://www.windowsecurity.com/Google groups, http://groups.google.comLinkedIn Groups, http://www.linkedin.comWashington University in St. LouisCSE571S1-19 2011 Raj Jain

1-9 Washington University in St. Louis CSE571S 2011 Raj Jain Security Services (X.800) Authentication - assurance that communicating entity is the one claimed have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data

Related Books

Introduction to Cryptography and Cryptocurrencies

Introduction to Cryptography and Cryptocurrencies

Position Based Cryptography

Position Based Cryptography

CSE 291-E: Applied Cryptography

CSE 291-E: Applied Cryptography

Loads of Codes – Cryptography Activities for the Classroom

Loads of Codes – Cryptography Activities for the Classroom

Introduction to Cryptography - ITU

Introduction to Cryptography - ITU

Cryptography: An Introduction (3rd Edition)

Cryptography: An Introduction (3rd Edition)

CompTIA Security Guide to Network Security Fundamentals .

CompTIA Security Guide to Network Security Fundamentals .

Network Routing and Network Protocols

Network Routing and Network Protocols

System and Network Security Acronyms and Abbreviations

System and Network Security Acronyms and Abbreviations

Simplify Your Network Infrastructure with Network .

Simplify Your Network Infrastructure with Network .

CSE543 - Introduction to Computer and Network Security .

CSE543 - Introduction to Computer and Network Security .

Network and Security

Network and Security

PopularTags

Recent Views