DOC PREVIEW
Rutgers University ECE 544 - Network Security

This preview shows page 1-2-3-4-31-32-33-34-35-64-65-66-67 out of 67 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 67 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

ECE544: Communication Networks-II Spring 2009Today’s LectureIntroduction, Security ServicesIntroduction, Security MechanismsIntroduction, Security AttacksSecurity ThreatsSlide 7Cryptography, Conventional Encryption ModelConventional EncryptionClassical Encryption TechniquesModern Security TaxonomyModern Cryptographic AlgorithmsWhat Cryptography Does?Key sizes and Brute Force AttacksBlock CiphersMode of Operation of Block CiphersSingle Round of DES Algorithm3DES & AESStream CiphersHash AlgorithmsHash Algorithms(one-way functions)Slide 22Other kinds of authenticatorsView of Public Key SchemePublic-Key Cipher for AuthenticationComparison between Public Key and Symmetric Key AlgorithmsKey DistributionPre-distribution of Public KeysCertificate AuthoritiesMessage IntegrityIntegrity & AuthenticationAuthenticationAuthentication ProtocolsPublic-Key Authentication Protocol (2)Symmetric-Key Authentication ProtocolsAuthentication with KERBEROSKerberos Authentication SystemDiffie-Hellman Key AgreementDiffie-Hellman Key Agreement ProtocolSecurity SystemOverview of PGP(Pretty Good Privacy)E-mail Security(PGP)Web-Based Security SSL,TLS and WTLSTLS Handshake ProtocolTLS Record ProtocolIP Layer Security (IPSec)IP Security OverviewIP Security ScenarioIPSec ModesIPSec ServicesIPSec HeadersIPSec Headers in AHTunnel Mode (AH Authentication)End-to-end versus End-to-Intermediate AuthenticationSlide 55Slide 56Slide 57Slide 58Wireless security (802.11i)FirewallsFirewall ConfigurationsFirewall Design PrinciplesViruses and ”Malicious Programs”Taxonomy of Malicious SoftwareVirus, Worm, Anti-malware applicationsSlide 66ReferencesECE544: Communication Networks-II Spring 2009H. LiuLecture 10 (Network Security)Includes teaching materials from D. RaychaudhuriToday’s Lecture•Introduction–Security Services and Mechanisms, Security Attacks –Model for Internet Security • Cryptography –Symmetric Key algorithms: DES, 3DES, RC4, etc. –Asymmetric Key algorithms: Public-keys, Hash Algorithms, Digital signatures •Security Protocols –Authentication, –Mail Security (PGP), TSL(SSL), IP security (IPSec), 802.11i•System Security –viruses, intruders, worms –FirewallsIntroduction, Security Services•Confidentiality–Protection of transmitted data•Integrity–Assuring that received message was not modified, reordered, duplicated, replayed, delayed. Keep data integrity, originality, timelines.•Authentication–Assuring that communication is authentic. Authentication entails integrity.•Access Control–Ability to limit and control access to system•Availability–Loss of or reduction of availability (denial of service)•Non-repudiation and nonforgeability–Disprove a bogus denial (repudiation) of a transaction or disprove claim of a bogus (forged) transactionIntroduction, Security Mechanisms•Encryption–DES, RC4, AES•Hash algorithms–MD5, SHA•Public key algorithms–RSA•Message integrity•Digital signatures & certificates•Public key distribution•Authentication algorithms–KerberosIntroduction, Security Attacks •Interruption–System is destroyed or becomes unavailable or usable, blocking the communication. Link high-jacking•Interception–Unauthorized party gains access to communication, attack on confidentiality, decrypting communication, traffic analysis•Modification–Unauthorized party not only gains access but also tampers with communication. Changing value in data file•Fabrication–Unauthorized party inserts counterfeit information into communication, attack on integrity. Creating artificial messages.Security ThreatsSecurity ThreatsCryptography, Conventional Encryption Model•Cryptography:–Operation used for transforming plaintext to ciphertext •Substitution: elements in plaintext are mapped into another element•Transposition: elements in plaintext are rearranged–Number of key used•Both sender and receiver use the same key, system is symmetric single-key, secret-key or conventional encryption•Sender and receiver each uses a different key, system is asymmetric key –Way in which the plaintext is processed•Block cipher, input data processed block by block•Stream cipher, input data processed continuously•Cryptanalysis–Process (science) to break encryptionConventional EncryptionCiphertext=Plaintext  Key Plaintext=Ciphertext  Key = (Plaintext Key) Key = Plaintext (Key  Key) = PlaintextClassical Encryption Techniques•Cesar Cipher–Plain: meet me after the party–Cipher: PHHW PH DIWHU WKH SDUWBC=E(p)=(p+3) mod(26)P=m+3 (m, 1-n,2-l, 3-o, “P”) •Polyalphabetic Cipher–Key: deceptiondeceptiond–Plain meetmeaftertheparty–Cipher qjhxcyjuhiwwkujjghcC=E(kp),  is exclusive-or(XOR)•Rotor Machines: Famous “ENIGMA”These techniques became very weak around and after World War II.Modern Security TaxonomySecurityCryptographyalgorithmsPublickey(e.g., RSA)Secretkey(e.g., DES)Messagedigest(e.g., MD5)SecurityservicesAuthenticationPrivacy MessageintegrityModern Cryptographic AlgorithmsSecret Key (Symmetric)•Symmetric key•Block cipher(DES, AES)•Stream ciphers(RC4)Public Key(Asymmetric)•Asymmetric key•Public-Private keys(RSA) Cryptography AlgorithmsHash algorithms Authentication and integrity checking(MD5, SHA)What Cryptography Does?•Diffusion:–Statistical structure of the plaintext is dissipated into long range, each plaintext digit affects many ciphertext digits.•Confusion:–Seeks to make the relationship between the statistics of ciphertext and the encrypted value as complex as possible.P1  K = C1P2  K = C2 C1  C2=P1  P2Key sizes and Brute Force AttacksBlock CiphersPlaintextEncryptionSecret KeyBlocksOf plaintextBlocksOf ciphertext•Block of fixed-length plaintext (typically 64 bits or 128 bits) is treated as a whole and used to produce a ciphertext block of equal length. •Example: DES(Data Encryption Standard), AES(Advance Encryption Technique)Mode of Operation of Block Ciphers •Electronic codebook (ECB) mode: The message is divided into blocks and each block is encrypted separately. –Disadvantage: identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well.•Cipher block chaining (CBC) Initialization vector (IV)Plaintext block 1Block cipher encryption+Ciphertext block 1KeyPlaintext block 2Block cipher encryption+Ciphertext block 2KeyPlaintext block 3Block cipher encryption+Ciphertext block 3KeySingle Round of DES


View Full Document
Download Network Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Network Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Network Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?