Home> Schools> Carnegie Mellon University> (15441) > 15441 Computer Networking> Lecture
DOC PREVIEW
CMU 15441 Computer Networking - Lecture
School name Carnegie Mellon University
Course 15441 Computer Networking-
Pages 46

This preview shows page 1-2-3-22-23-24-44-45-46 out of 46 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
Premium Document
Do you want full access? Go Premium and unlock all 46 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access

Unformatted text preview:

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Steenkiste & Eckhardt, SCS, CMU1Lecture 23Security - ApplicationsPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 NetworkingMutilated by Dave Eckhardt, Fall 2004Steenkiste & Eckhardt, SCS, CMU1OutlineKey management examples»Kerberos»SSL»PGPBreaking into hostsDOSFirewallsSteenkiste & Eckhardt, SCS, CMU1Web SecurityWeb SecuritySteenkiste & Eckhardt, SCS, CMU1KerberosUses symmetric cryptosystem (DES).»Key derived by one-way function from user’s password.Kerberos 5 is an Internet Standard.»Export restrictions applyKerberos is an example of a centralized key distribution center.»Performance of private key cryptography without need to maintain N2 key pairs»Every user shares a private key with a key distribution center–Called a Kerberos Authentication Server (AS)»When Bob and Alice want to communicate securely, Bob requests a one time (shared) session key from the KDC»The session key is distributed only to Bob and AliceSteenkiste & Eckhardt, SCS, CMU1Kerberos OverviewKerberos OverviewSteenkiste & Eckhardt, SCS, CMU1All Those Tickets...?Credentials cache: FILE:/tkt/4435-0000-419b6602.krb5 Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 krbtgt/[email protected] 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:16 Nov 18 11:20:18 krbtgt/[email protected] 17 09:54:16 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 11:20:18 host/[email protected] 17 13:22:42 Nov 18 11:20:18 imap/[email protected] file: /tkt/4435-0000-419b6602Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 09:42:03 [email protected] 17 09:55:46 Nov 18 09:43:24 [email protected] 17 13:22:37 Nov 18 10:11:34 [email protected] 17 13:23:30 Nov 18 10:12:27 [email protected] & Eckhardt, SCS, CMU1Kerberos ProtocolBob tells AS that he wants to talk to Alice.»Encrypted using Bob’s private keyAS authenticates Bob, checks he has access privileges for Alice, and generates a session key for communication between Bob and Alice.AS generates a ticket intended for Alice.»Bob’s name, the session key, and a timestamp»The ticket is encrypted using Alice’s private keyAS sends Bob the ticket plus session key.»Encrypted using Bob’s keyBob then contacts Alice with the ticket plus an encrypted timestamp.»Alice decrypts the ticket, plus timestamp and sends back the timestamp plus one (nonce)BobASAliceSteenkiste & Eckhardt, SCS, CMU1Secure Socket LayerSSLGoal»Establish secure channel between two parties who do not share a secret (e.g., a private key).Further challenge (just for fun)»Assume there is no globally-believed directory of public keys (good assumption)»Assume further that new trusted servers are added to the network every hour (also good)How would you get this to work?Steenkiste & Eckhardt, SCS, CMU1SSL PlanKey concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”Plan (conceptual)»Contact a server you suspect is www.FJALJFDSL.org»It will send you a certificate containing its public key»You will generate a random symmetric-cipher session key and encrypt it with the server's public key»Only www.FJALJFDSL.org can decrypt the message and obtain the session keyDone!»?Steenkiste & Eckhardt, SCS, CMU1Trusting Certificates?Key concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”Key problem: how do you trust the certificate?»No global directory (and it would be out of date if you had one)Solution»Certificates are signed (by “very trustworthy” organizations)Steenkiste & Eckhardt, SCS, CMU1Signed CertificatesKey concept: signed certificate»To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.»--Sincerely, Baltimore Cybertrust»Hash: 469341329473a6755e5f5675a65b»Signature: 5fe65765865ca765b58675e5655a65c567586e65What could go wrong?Steenkiste & Eckhardt, SCS, CMU1Quid custodit ipsos custodes?What could go wrong?»Maybe Baltimore CyberTrust didn't claim exactly that (maybe the domain name was different, maybe the key was different...)–Server could provide bogus certificate»Who is Baltimore CyberTrust anyway?–How do I know their public key?–How do I know they aren't crooks?One approach – insert a level of indirection»Server provides www.FJALJFDSL.org certificate»Server also provides Baltimore CyberTrust certificate–“To whom it may concern, the private key matching public key ... is held by the owner of Baltimore CyberTrust...Signed, ReallyTrustworthyPeople.”»“Certificate Chain”Steenkiste & Eckhardt, SCS, CMU1Browser CA ListThis indirection must bottom out eventually! »List of CA's (certificate authorities) stored in your browser–Default set compiled into executable–You can add, delete via “Security Preferences” dialogue–You probably installed “CMU CA” when you arrived here–Now you know what you did on that fateful day»Your responsibility to periodically scan CA list to make sure it's up to date–You do that, right?Steenkiste & Eckhardt, SCS, CMU1Secure Socket Layer ProtocolLots of complexities»Crypto handshake–Client and server each list their possible and preferred symmetric ciphers and key-size limits–Protocol derives a “good” compromise»Many kinds of certificates–Server certificates, signing certificates, authority certificates...»Certificate details–Expiration time, crypto protocol limitsBrowser will tell you when something is wrong»Weird confusing dialogue box»You will just click “ok” no matter what it says...Steenkiste & Eckhardt, SCS, CMU1SSL

View Full Document

CMU 15441 Computer Networking - Lecture

School: Carnegie Mellon University
Course: 15441 Computer Networking-
Pages: 46
Documents in this Course
Lecture

Lecture

14 pages

Lecture

Lecture

19 pages

Lecture

Lecture

14 pages

Lecture

Lecture

78 pages

Lecture

Lecture

35 pages

Lecture

Lecture

4 pages

Lecture

Lecture

4 pages

Lecture

Lecture

29 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Lecture

Lecture

44 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Recitation

Recitation

25 pages

Lecture

Lecture

40 pages

Lecture

Lecture

13 pages

Lecture

Lecture

47 pages

Lecture

Lecture

49 pages

Lecture

Lecture

7 pages

Lecture

Lecture

18 pages

Peer­to­Peer

Peer­to­Peer

64 pages

Lecture

Lecture

15 pages

Lecture

Lecture

74 pages

Lecture

Lecture

35 pages

Lecture

Lecture

17 pages

Peer-to-Peer Protocols and Systems

Peer-to-Peer Protocols and Systems

14 pages

lecture

lecture

13 pages

Lecture

Lecture

21 pages

Lecture

Lecture

14 pages

Lecture

Lecture

53 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Homework

Homework

6 pages

final review

final review

50 pages

Lecture

Lecture

11 pages

Lecture

Lecture

20 pages

Lecture

Lecture

39 pages

25-security

25-security

26 pages

r09-project3

r09-project3

13 pages

07-datalink

07-datalink

50 pages

1L24_Security

1L24_Security

36 pages

17-congctl

17-congctl

42 pages

17-congctl

17-congctl

42 pages

27-research-S08

27-research-S08

8 pages

Lecture

Lecture

10 pages

debugging

debugging

8 pages

08-IP_addr

08-IP_addr

51 pages

22-tcp_qos

22-tcp_qos

13 pages

Socket Programming

Socket Programming

39 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

cmu-15-441-final-spring2008

cmu-15-441-final-spring2008

16 pages

lecture

lecture

11 pages

lecture

lecture

7 pages

Lecture

Lecture

10 pages

02-layering

02-layering

12 pages

lecture

lecture

46 pages

24-security1

24-security1

8 pages

Inter-Domain Routing

Inter-Domain Routing

40 pages

Socket Programming

Socket Programming

35 pages

lecture

lecture

7 pages

Wireless Networking

Wireless Networking

39 pages

Lecture

Lecture

8 pages

lecture

lecture

55 pages

lecture

lecture

45 pages

lecture

lecture

47 pages

lecture

lecture

39 pages

lecture

lecture

33 pages

lecture

lecture

38 pages

Routing Protocol Review

Routing Protocol Review

108 pages

lecture

lecture

9 pages

lecture 21-security

lecture 21-security

52 pages

midterm

midterm

16 pages

Lecture 1

Lecture 1

9 pages

Lecturel 7

Lecturel 7

47 pages

lecture 26

lecture 26

19 pages

assignment

assignment

7 pages

Lecture

Lecture

39 pages

Lecture

Lecture

14 pages

Security Part One: Network Attacks and Countermeasures

Security Part One: Network Attacks and Countermeasures

39 pages

Lecture

Lecture

8 pages

Lecture

Lecture

40 pages

Lecture

Lecture

11 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Lecture

Lecture

9 pages

Lab

Lab

3 pages

Lecture

Lecture

53 pages

Lecture

Lecture

51 pages

Lecture

Lecture

38 pages

Lecture

Lecture

42 pages

Lecture

Lecture

49 pages

Lecture

Lecture

63 pages

Lecture

Lecture

7 pages

Lecture

Lecture

51 pages

Lecture

Lecture

35 pages

Lecture

Lecture

29 pages

Lecture

Lecture

65 pages

Lecture

Lecture

47 pages

Lecture

Lecture

41 pages

Lecture

Lecture

41 pages

Lecture

Lecture

32 pages

Lecture

Lecture

35 pages

Lecture

Lecture

15 pages

Lecture

Lecture

52 pages

Lecture

Lecture

16 pages

Sockets and concurrency

Sockets and concurrency

14 pages

Lecture

Lecture

4 pages

midterm-review

midterm-review

23 pages

Design, Modularity & Testing

Design, Modularity & Testing

25 pages

lecture

lecture

27 pages

lecture04

lecture04

46 pages

Lecture

Lecture

46 pages

Lecture

Lecture

13 pages

lecture

lecture

41 pages

lecture

lecture

38 pages

Network Programming

Network Programming

31 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

Lecture

Lecture

38 pages

lecture

lecture

11 pages

Lecture

Lecture

42 pages

Lecture

Lecture

12 pages

Lecture

Lecture

36 pages

Lecture

Lecture

46 pages

Lecture

Lecture

35 pages

Lecture

Lecture

34 pages

Multimedia

Multimedia

52 pages

Lecture

Lecture

9 pages

lecture

lecture

49 pages

class03

class03

39 pages

Inter-Domain Routing

Inter-Domain Routing

38 pages

Lecture

Lecture

8 pages

Lecture 8

Lecture 8

42 pages

Lecture

Lecture

20 pages

lecture

lecture

29 pages

Lecture

Lecture

9 pages

lecture

lecture

46 pages

Lecture

Lecture

12 pages

Lecture

Lecture

24 pages

Lecture

Lecture

41 pages

Lecture

Lecture

37 pages

lecture

lecture

59 pages

Lecture

Lecture

47 pages

Lecture

Lecture

34 pages

Lecture

Lecture

38 pages

Lecture

Lecture

28 pages

Exam

Exam

17 pages

Lecture

Lecture

21 pages

Lecture

Lecture

15 pages

Lecture

Lecture

9 pages

Project

Project

20 pages

Lecture

Lecture

40 pages

L13b_Exam

L13b_Exam

17 pages

Final-Additions and Corrections

Final-Additions and Corrections

2 pages

Lecture

Lecture

48 pages

Lecture

Lecture

10 pages

Lecture

Lecture

52 pages

25-security-dosfirewall

25-security-dosfirewall

56 pages

26-security2

26-security2

47 pages

20040422_15441p2plecture

20040422_15441p2plecture

16 pages

21-p2p

21-p2p

16 pages

lecture

lecture

77 pages

Systems Dev. Tutorial IV

Systems Dev. Tutorial IV

23 pages

Peer­to­Peer Protocols and Systems

Peer­to­Peer Protocols and Systems

82 pages

Lecture

Lecture

18 pages

Lecture

Lecture

62 pages

Homework

Homework

4 pages

Lecture

Lecture

25 pages

Lecture

Lecture

24 pages

Project

Project

20 pages

Lecture

Lecture

47 pages

Lecture

Lecture

38 pages

Lecture

Lecture

35 pages

Roundup

Roundup

45 pages

Lecture

Lecture

47 pages

Lecture

Lecture

39 pages

Makefiles & Project 1 Q&A

Makefiles & Project 1 Q&A

22 pages

Lecture

Lecture

13 pages

Midterm

Midterm

22 pages

Project

Project

26 pages

Secure Communication with an Insecure Internet Infrastructure

Secure Communication with an Insecure Internet Infrastructure

46 pages

Lecture

Lecture

11 pages

Project

Project

27 pages

Lecture

Lecture

10 pages

Lecture

Lecture

50 pages

Lab

Lab

9 pages

Design & Modularity

Design & Modularity

19 pages

Lecture

Lecture

30 pages

Lecture

Lecture

6 pages

r05-ruby

r05-ruby

27 pages

Lecture

Lecture

8 pages

Lecture

Lecture

28 pages

Lecture

Lecture

30 pages

Project

Project

13 pages

Lecture

Lecture

11 pages

Lecture

Lecture

12 pages

Lecture

Lecture

48 pages

Lecture

Lecture

55 pages

Lecture

Lecture

36 pages

Lecture

Lecture

17 pages

Load more
Download Lecture
Our administrator received your request to download this document. We will send you the file to your email shortly.

Please select your school

Login

Join to view Lecture and access 3M+ class-specific study document.

Continue Continue
or
We will never post anything without your permission.
Don't have an account?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.

Sign Up

Join to view Lecture 2 2 and access 3M+ class-specific study document.

Continue Continue
or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.