Home> Schools> University at Buffalo, The State University of New York> Computer Science & Engineering (CSE) > CSE 620> Network Security
Unformatted text preview:

NETWORKContentsSecurity and its breaches…Security Goals and VulnerabilitiesThe people involved…Basic Encryption and DecryptionContd…EncryptionSlide 9Slide 10Encryption Protocols…Symmetric Key X-change W/out ServerSymmetric Key X-change With ServerAsymmetric Key X-change W/out ServerAsymmetric Key X-change With ServerAuthentication in Distributed SystemsContd..How Kerberos withstand Attacks?Why Kerberos is not the perfect Answer?NETWORK SECURITY ISSUESThreatsWire tappingNetwork Security ProtocolsContd...ComparisonsIntrusion DetectionDesirable Characteristic of IDLimitations of Existing IDIntrusion TypesARCHITECTURE TO GENERATE THE STD. FORMATSTANDARD AUDIT TRAIL FORMATSunOS MLS LogsTypical Anomaly Detection SystemAnomaly ID (Statistical Approach)Types of Measure.Typical Misuse Detection SystemMisuse IDSlide 38Model based Intrusion Detection A Pattern Matching approach… ContinuedInferenceA Trivial Bayesian Belief Network modeling Network Intrusion activityConditional ProbabilityWeb Security...Why worry about web security ?The Web Security Problem...Digital Identification TechniquesSlide 48Symmetric Key Digital Signatures with ArbiterAsymmetric Key Digital SignatureCertification Authorities(CA’s)Types of CADifferent kinds of certificatesSlide 54Cryptography and Web SecurityWhat cryptography can’t do ?Working Encryption SystemsContd…Network Layer Security Protocol (IPsec)Authentication Header Protocol (AH)Encapsulation Security Payload Protocol (ESP)What is SSL ?Secure Web ServerWeb server SecurityFirewallsTypes of FirewallsContd …Slide 68Slide 69Comparisons of Firewall typesEncrypting Gateway (Virtual Private Network)ConclusionsReferencesSlide 74NETWORKAuthorsHari ThiruvengadaVarun LalchandaniSECURITY...Contents•Introduction.•Encryption and Protocols.•Kerberos.•Network Security Issues and Protocols.•Intrusion Detection•Web Security.•Digital Identification Techniques.•Cryptography and web Security.•Firewalls.•References.Security and its breaches…Security •a system is secure if it is –Security goals are achieved.–Components behaves as expected on it.Breaches•Interruption - System asset lost , unavailable or unusable.•Interception - Unauthorized party gains access to asset.•Modification - Tampering with the asset.•Fabrication - counterfeit objects on computing system.Security Goals and VulnerabilitiesSecurity Goals•Confidentiality - assets of a computing system accessible only by authorized user.Read only type of access like viewing, printing helps in privacy.•Integrity - modification only by authorized parties.Precise, accurate, consistent assets. •Availability - assets are accessible to authorized parties.Timely response, fair allocation, fault tolerance, usability, controlled concurrency. (Denial of service attacks.)The people involved…•Amateurs - fresh players of the game , disgruntled over a -ve work situation.•Crackers - breaking into unauthorized territory without malicious intent.•Hackers - breaking into unauthorized territory with malicious intent.•Career Criminals - people in the game for money and have predefined targets.Basic Encryption and Decryption•Encryption - process of encoding a message so that its meaning is not obvious.•Decryption - process of decoding the encrypted message.•Cryptography - Hidden writing, which conceals meaningful text.•Cryptanalyst - studies encryption and finds hidden messages.•Cryptanalysis –attempt to break a single message.–Recognize patterns in encrypted messages to break into subproblems by straightforward decryption algorithm.–Find weakness in encryption algorithms.Contd…Encryption with KeysEncryptionEncryptionDecryptionDecryptionPlain TextCipher TextOriginal TextEncryption Key (Ke)(Asymmetric Cryptosystem)Decryption Key (Kd)Encryption with KeysEncryptionEncryptionDecryptionDecryptionPlain TextCipher TextOriginal TextKey(Symmetric Cryptosystem)EncryptionEncryptionDecryptionDecryptionPlain TextCipher TextOriginal TextEncryptionEncryption•Substitutions - one letter x-changed for other.–Monoalphabetic Ciphers.•Caesar CipherExample: Plaintext:ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher :DEFGHIJKLMNOPQRSTUVWXYZABC–Polyalphabetic Ciphers.•Frequency distribution reflects the underlying letters. Table for Odd PositionsA B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A D G J M P S V Y B E H K N Q T W Z C F I L O R U XA D G J M P S V Y B E H K N Q T W Z C F I L O R U XTable for Even Positions A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N S X C H M R W B G L Q V A F K P U Z E J O T Y D IN S X C H M R W B G L Q V A F K P U Z E J O T Y D IContd…Example:F1(x) = (3 * x)mod 26.F2(x) = ((5 * x) +13) mod 26.Encryption for :TREAT YIMPO SSIBL Ewould beFUMNF DYVTF CZYSH HContd…•Transposition - letters of message rearranged.–GOAL - DiffusionExample:C1 C2 C3C4 C5 C6 C7 C8 C9 C10C11 C12 etc.The resulting cipher text will beC1 C2 C3C4 C5 C6 C7 C8 C9 C10C11 C12 etc.Encryption Protocols…ArbiterAABBArbitrated ProtocolAdjudicated ProtocolSelf-Enforcing ProtocolAAAABBBBAdjudicatorYou are cheatingA acted fairlySymmetric Key X-change W/out Server•Small no. of messages.•Less risk of intrusion. •Each user have a copy of symmetric secret encryption key K.•For greater security one can generate a fresh key called KNEW.•Send E(KNEW,K).Symmetric Key X-change With ServerDISTRIBUTION CENTER(DC)ReneePablo1.Give me a key (P, R, Ip )2.Here is the key and E(Ip ,R,KPR,,E((KPR ,P), KR)), KP)3. DC gave me key for Private CommunicationE((KPR ,P), KR )2. E((KPR ,P), KR )Asymmetric Key X-change W/out Server1. EP(DR (K))Renee sends new key2. S (n,K)Pablo sends encrypted random number3. S (n+1,K)Renee returns successor of Random Number ReneePabloAsymmetric Key X-change With ServerDISTRIBUTION CENTER(DC)ReneePablo1.Give me a Renee’s key (P,R)2.Here is the Renee’sKey (DD(ER,R))3. I’ am Pablo, let’s Talk. ER(P, IP)6. Renee here , What’s up ? EP(R, IR )7. Reply with ER(M, IR)5. Here’s Pablo’sKey (DD(EP ,P))4. Please give me Pablo’s public key (R ,P)Authentication in Distributed Systems•KerberosUserUserUUKerberos Kerberos ServerServerTicket Granting Ticket Granting ServerServer1. U’s IdentitySession keySG Ticket TG2. Encrypted under PasswordSession key SG2. Encrypted underKS-TGS KeyInitiating a Kerberos SessionContd..Obtaining

View Full Document

UB CSE 620 - Network Security

School: University at Buffalo, The State University of New York
Course: Cse 620- Advanced Network Concepts
Pages: 74
Documents in this Course
On Finding Disjoint Paths in Single and Dual Link Cost Networks

On Finding Disjoint Paths in Single and Dual Link Cost Networks

19 pages

Optical Wireless

Optical Wireless

39 pages

Gossip

Gossip

53 pages

Wireless TCP Introduction

Wireless TCP Introduction

79 pages

Security in Wireless Sensor Networks

Security in Wireless Sensor Networks

109 pages

Optical Switching Networks

Optical Switching Networks

47 pages

The Dawn of A New Era in Optical Networking

The Dawn of A New Era in Optical Networking

58 pages

Resource Reservation Protocol

Resource Reservation Protocol

29 pages

Study Notes

Study Notes

58 pages

Incentive Based Routing Protocols In Ad Hoc Networks

Incentive Based Routing Protocols In Ad Hoc Networks

41 pages

On the Road to UMTS

On the Road to UMTS

56 pages

Scalable Location Management for Large Mobile Ad hoc Networks

Scalable Location Management for Large Mobile Ad hoc Networks

34 pages

Inter Planetary Network

Inter Planetary Network

11 pages

MPLS Part II - Recovery

MPLS Part II - Recovery

54 pages

Basic principles, Algorithms and Networking Applications

Basic principles, Algorithms and Networking Applications

34 pages

Internet Congestion Control with Active Queue Management (AQM)

Internet Congestion Control with Active Queue Management (AQM)

69 pages

Introduction to Protection and Restoration for OBS

Introduction to Protection and Restoration for OBS

66 pages

Unicast Routitng in Mobile Ad Hoc Networks

Unicast Routitng in Mobile Ad Hoc Networks

65 pages

QoS ( Intserv and Diffserv)

QoS ( Intserv and Diffserv)

59 pages

Generalized Multiprotocol Label Switching(GMPLS)

Generalized Multiprotocol Label Switching(GMPLS)

15 pages

Wavelength Band Switching in Multi- granular Optical WDM Networks

Wavelength Band Switching in Multi- granular Optical WDM Networks

34 pages

Smart antennas and MAC protocols in MANET

Smart antennas and MAC protocols in MANET

51 pages

Study Notes

Study Notes

17 pages

Internet Security & Worms

Internet Security & Worms

57 pages

Labeled Optical Burst Switching

Labeled Optical Burst Switching

76 pages

Load more
Download Network Security
Our administrator received your request to download this document. We will send you the file to your email shortly.

Please select your school

Login

Join to view Network Security and access 3M+ class-specific study document.

Continue Continue
or
We will never post anything without your permission.
Don't have an account?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.

Sign Up

Join to view Network Security 2 2 and access 3M+ class-specific study document.

Continue Continue
or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.