Network Security - Computer Network Systems - Lecture Slides, Slides of Computer Networks

During the first semester of our degree program, we study Computer Networks Fundamentals. These lecture slides are very informative for me. The major points which are core of course are:Network Security, Principles of Network Security, Cryptography, Authentication, Message Integrity, Security in Practice, Firewalls and Intrusion, Security in Application, Link Layers, Principles of Cryptography

Typology: Slides

2012/2013

Uploaded on 04/25/2013

avanti
avanti 🇮🇳

4.4

(11)

112 documents

1 / 38

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 21
Network Security
slides are modified from Dave Hollinger
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26

Partial preview of the text

Download Network Security - Computer Network Systems - Lecture Slides and more Slides Computer Networks in PDF only on Docsity!

Lecture 21

Network Security

slides are modified from Dave Hollinger Docsity.com

Chapter 8: Network Security

Chapter goals:

  • understand principles of network security:
    • cryptography and its many uses beyond “confidentiality”
    • authentication
    • message integrity
  • security in practice:
    • firewalls and intrusion detection systems
    • security in application, transport, network, link layers

What is network security?

Confidentiality: only sender, intended receiver should “understand” message contents

  • sender encrypts message
  • receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Access and availability: services must be accessible and available to users

Friends and enemies: Alice, Bob, Trudy

  • well-known in network security world
  • Bob, Alice (lovers!) want to communicate “securely”
  • Trudy (intruder) may intercept, delete, add messages

secure sender

secure receiver

channel data, control messages

data data

Alice (^) Bob

Trudy

There are bad guys (and girls) out there!

Q: What can a “bad guy” do?

A: A lot! See section 1.

  • eavesdrop: intercept messages
  • actively insert messages into connection
  • impersonation: can fake (spoof) source address

in packet (or any field in packet)

  • hijacking: “take over” ongoing connection by

removing sender or receiver, inserting himself

in place

  • denial of service : prevent service from being

used by others (e.g., by overloading resources)

Chapter 8 roadmap

8.1 What is network security?

8.2 Principles of cryptography

8.3 Message integrity

8.4 Securing e-mail

8.5 Securing TCP connections: SSL

8.6 Network layer security: IPsec

8.7 Securing wireless LANs

8.8 Operational security: firewalls and IDS

Simple encryption scheme

substitution cipher: substituting one thing for another

  • monoalphabetic cipher: substitute one letter for another

10

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc

E.g.:

Key: the mapping from the set of 26 letters to the set of 26 letters

Polyalphabetic encryption

• n monoalphabetic cyphers, M 1 ,M 2 ,…,M n

• Cycling pattern:

  • e.g., n=4, M 1 ,M 3 ,M 4 ,M 3 ,M 2 ; M 1 ,M 3 ,M 4 ,M 3 ,M 2 ;

• For each new plaintext symbol, use

subsequent monoalphabetic pattern in cyclic

pattern

  • dog: d from M 1 , o from M 3 , g from M (^4)

• Key: the n ciphers and the cyclic pattern

Types of Cryptography

• Crypto often uses keys:

  • Algorithm is known to everyone
  • Only “keys” are secret

• Public key cryptography

  • Involves the use of two keys

• Symmetric key cryptography

  • Involves the use one key

• Hash functions

  • Involves the use of no keys
  • Nothing secret: How can this be useful?

Symmetric key cryptography

symmetric key crypto: Bob and Alice share same (symmetric) key: K

  • e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?

14

ciphertext plaintext

K S

encryption algorithm

decryption algorithm

S

K S

plaintext message, m K (^) S (m) m = K^ S (K^ S (m))

Stream Ciphers

  • Combine each bit of keystream with bit of plaintext to get bit of ciphertext
  • m(i) = ith bit of message
  • ks(i) = ith bit of keystream
  • c(i) = ith bit of ciphertext
  • c(i) = ks(i) ⊕ m(i) (⊕ = exclusive or)
  • m(i) = ks(i) ⊕ c(i)

16

keystream key (^) generator keystream

pseudo random

RC4 Stream Cipher

• RC4 is a popular stream cipher

  • Extensively analyzed and considered good
  • Key can be from 1 to 256 bytes

Block ciphers

• How many possible mappings are there for k=3?

  • How many 3-bit inputs?
  • How many permutations of the 3-bit inputs?
  • Answer: 40,320 ; not very many!

• In general, 2 k^! mappings; huge for k=

• Problem:

  • Table approach requires table with 2 64 entries, each

entry with 64 bits

• Table too big: instead use function that

simulates a randomly permuted table

Prototype function

20

64-bit input

S 1

8bits

8 bits

S 2

8bits

8 bits

S 3

8bits

8 bits

S 4

8bits

8 bits

S 7

8bits

8 bits

S 6

8bits

8 bits

S 5

8bits

8 bits

S 8

8bits

8 bits

64-bit intermediate

64-bit output

Loop for n rounds

8-bit to 8-bit mapping

From Kaufman et al