DOC PREVIEW
Pitt IS 2150 - Network Security

This preview shows page 1-2-3-22-23-24-44-45-46 out of 46 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

IS 2150 / TEL 2810 Introduction to SecurityObjectivesISO/OSI ModelProtocolsElectronic MailSecurity at the Application Layer: Privacy-enhanced Electronic MailDesign Considerations/goals for PEMPEM Basic DesignProtocolsISO/OSI Model IPSec: Security at Network LayerIPSec ProtocolsCases where IPSec can be usedCases where IPSec can be used (2)Security Association (SA)Security Association (2)Security Association DatabasesIPSec ModesAuthentication Header (AH)Preventing replayTransport Mode AHTunnel Mode AHESP – Encapsulating Security PayloadDetails of ESPTransport mode ESPTunnel mode ESPPerimeter DefenseSlide 27FirewallsWhat Firewalls can’t doVirtual Private Networks What is it?What is a VPN? (2)Tunneling in VPNSlide 33What is Authentication?Authentication System: DefinitionAuthentication System: PasswordsPasswordsAuthentication SystemAttacks on PasswordsPassword SelectionSlide 41Slide 42Authentication Systems: Challenge-ResponseSlide 44Authentication Systems: BiometricsAttacks on Biometrics1IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssistant Professor, SISLecture 11Nov 15, 2007Network Security, Authentication, Identity2ObjectivesUnderstand/explain the issues related to, and utilize the techniques Security at different levels of OSI modelPrivacy Enhanced emailIPSecMisc.Authentication and identificationpassword3ISO/OSI ModelApplication LayerApplication LayerPresentation LayerPresentation LayerSession LayerSession LayerTransport LayerTransport LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerApplication LayerApplication LayerPresentation LayerPresentation LayerSession LayerSession LayerTransport LayerTransport LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerPeer-to-peerFlow of bits4ProtocolsEnd-to-end protocolCommunication protocol that involves end systems with one or more intermediate systemsIntermediate host play no part other than forwarding messagesExample: telnet Link protocolProtocol between every directly connected systemsExample: IP – guides messages from a host to one of its immediate hostLink encryptionEncipher messages between intermediate hostEach host share a cryptographic key with its neighborAttackers at the intermediate host will be able to read the messageEnd-to-end encryption Example: telnet with messages encrypted/decrypted at the client and serverAttackers on the intermediate hosts cannot read the message5Electronic Mail UA interacts with the senderUA hands it to a MTAMTAUAMTAUAMTAUAMessage TransferAgentsUser AgentAttacker can read email on any of the computer with MTAForgery possible6Security at the Application Layer:Privacy-enhanced Electronic MailStudy by Internet Research Task Force on Privacy or Privacy Research Group to develop protocols with following servicesConfidentiality, by making the message unreadable except to the sender and recipientsOrigin authentication, by identifying the sender preciselyData integrity, by ensuring that any changes In the message are easy to detectNon-repudiation of the origin (if possible)7Design Considerations/goalsfor PEMNot to redesign existing mail system protocolsTo be compatible with a range of MTAs, UAs and other computersTo make privacy enhancements available separately so they are not requiredTo enable parties to use the protocol to communicate without prearrangement8PEMBasic DesignDefines two keysData Encipherment Key (DEK) to encipher the message sentGenerated randomlyUsed only onceSent to the recipientInterchange key: to encipher DEKMust be obtained some other way than through the message9ProtocolsConfidential message (DEK: ks)Authenticated, integrity-checked messageEnciphered, authenticated, integrity checked messageAlice Bob{m}ks || {ks}kBobAlice Bobm || {h(m)}kAliceAlice Bob??10ISO/OSI Model IPSec: Security at Network LayerApplication LayerApplication LayerPresentation LayerPresentation LayerSession LayerSession LayerTransport LayerTransport LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerApplication LayerApplication LayerPresentation LayerPresentation LayerSession LayerSession LayerTransport LayerTransport LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerNetwork LayerNetwork LayerData Link LayerData Link LayerPhysical LayerPhysical LayerPeer-to-peerFlow of bits11IPSec ProtocolsAuthentication header (AH) protocolMessage integrityOrigin authenticationAnti-replay servicesEncapsulating security payload (ESP) protocolConfidentialityMessage integrityOrigin authenticationAnti-replay servicesInternet Key Exchange (IKE)Exchanging keys between entities that need to communicate over the InternetWhat authentication methods to use, how long to use the keys, etc.12Cases where IPSec can be usedInternet/IntranetEnd-to-end security between two hostsInternet/IntranetSG SGEnd-to-end security between two security gateways13Cases where IPSec can be used (2)InternetSG SGIntranetIntranetInternetSGIntranetEnd-to-end security between two hosts + two gatewaysEnd-to-end security between two hosts during dial-up14Security Association (SA)Unidirectional relationship between peersSpecifies the security services provided to the traffic carried on the SA Security enhancements to a channel along a pathIdentified by three parameters:IP Destination AddressSecurity Protocol IdentifierSpecifies whether AH or ESP is being usedSecurity Parameters Index (SPI)Specifies the security parameters associated with the SA15Security Association (2)Each SA uses AH or ESP (not both)If both required two SAs are createdMultiple security associations may be used to provide required security servicesA sequence of security associations is called SA bundleExample: We can have an AH protocol followed by ESP or vice versa16Security Association DatabasesIP needs to know the SAs that exist in order to provide security servicesSecurity Policy Database (SPD)IPSec uses SPD to handle messagesFor each IP packet, it decides whether an IPSec service is provided, bypassed, or if the packet is to be discardedSecurity Association Database (SAD)Keeps track of the sequence numberAH information (keys,


View Full Document

Pitt IS 2150 - Network Security

Documents in this Course
QUIZ

QUIZ

8 pages

Assurance

Assurance

40 pages

Load more
Download Network Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Network Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Network Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?