Network Security: Threats, Countermeasures, and Protocols, Study notes of Electrical and Electronics Engineering

An overview of network security, focusing on threats, consequences, and countermeasures. It covers various aspects of security, including integrity, confidentiality, denial of service, and authentication. The text also discusses different security facilities in the tcp/ip protocol stack and their roles in securing data transmission. Students can use this document as a reference for understanding network security concepts and protocols.

Typology: Study notes

Pre 2010

Uploaded on 08/05/2009

koofers-user-04m
koofers-user-04m 🇺🇸

10 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE-8843
http://www.csc.gatech.edu/copeland/jac/8813-03/
Prof. John A. Copeland
404 894-5177
fax 404 894-0035
Office: GCATT Bldg 579
email or call for office visit, or call Kathy Cheek, 404 894-5696
Chapter 7: 07-WebSec.pdf has PDF copies of slides from Chap. 7 of
the text, “Network Security Essentials, Applications and Standards”
by William Stallings)
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Network Security: Threats, Countermeasures, and Protocols and more Study notes Electrical and Electronics Engineering in PDF only on Docsity!

ECE-88 43

http://www.csc.gatech.edu/copeland/jac/ 8813 -03/

Prof. John A. Copeland

[email protected]

fax 404 894-

Office: GCATT Bldg 579

email or call for office visit, or call Kathy Cheek, 404 894-

Chapter 7: 07-WebSec.pdf has PDF copies of slides from Chap. 7 of

the text, “Network Security Essentials, Applications and Standards”

by William Stallings)

Threats Consequences Countermeasures Integrity • Modification of data • Loss of information • Cryptographic checksums

  • Trojan horse browser • Compromise of machine
  • Modification of memory • Vulnerability to all threats
  • Modification of messages in transit Confidentiality • Eavesdropping on the net • Loss of information • Encryption
  • Theft of info from server • Loss of privacy • Web Proxies
  • Theft of data from client
  • Info about network configuration
  • Information about which clients talk to server Denial of Service • Killing of user threads • Disruptive • Difficult to prevent
  • Flooding machine with bogus requests
  • Annoying
  • Filling disk or memory • Prevent users from getting work done
  • Isolating machines by DNS attacks Authentication • Impersonate users • Misrepresentation of user • Cryptographic techniques
  • Data forgery • Belief that false data is valid

IP

Figure 7.2 SSL Protocol Stack

TCP

SSL Record Protocol

SSL

Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol

HTTP

Application Data

Fragment

Compress

Add MAC

Encrypt

Append SSL

Record Header

Figure 7.3 SSL Record Protocol Operation

Figure 7.5 SSL Record Protocol Payload

(a) Change Cipher Spec Protocol 1 byte Type (c) Handshake Protocol 1 byte Length 3 bytes Content ≥ 0 bytes (d) Other Upper-Layer Protocol (e.g., HTTP) OpaqueContent ≥ 1 byte Level (b) Alert Protocol 1 byte 1 byte Alert

server_ ke^ y^ _e xchan g^ e

Figure 7.6 Handshake Protocol Action

Client Server

Time client_hello ce r tifi cate c l ie n t_ key_e xchange c ertifi c ate_v erify c han ge _ cipher_s pec finished server_hello ce^ rtif icate certi^ fi c^ a^ te_r equest s^ e^ rve r^ h^ e^ llo done change _^ ciph er_spe c fin^ i^ shed Establish security capabilities, including protocol version, session ID, cipher suite, compression method, and initial random numbers. Server may send certificate, key exchange, and request certificate. Server signals end of hello message phase. Client sends certificate if requested. Client sends key exchange. Client may send certificate verification. Change cipher suite and finish handshake protocol. Note: Shaded transfers are optional or situation-dependent messages that are not always sent.

Internet

Cardholder

Certificate

Authority

Merchant

Payment

Gateway

Acquirer

Issuer

Figure 7.8 Secure Electronic Commerce Components

Payment Network Internet

PI

PIMD

OI

H

H E

OIMD

Figure 7.9 Construction of Dual Signature

H

POMD

KRc

Dual

Signature

PI = Payment Information OI = Order Information H = Hash function (SHA-1) || = Concatenation PIMD = PI message digest OIMD = OI message digest POMD = Payment Order message digest E = Encryption (RSA) KRc = Customer's private signature key

Figure 7.11 Merchant Verifies Customer Purchase Request

KUc

OI = Order Information OIMD = OI message digest POMD = Payment Order message digest D = Decryption (RSA) H = Hash function (SHA-1) KUc = Customer's public signature key OIMD

H

Passed on by merchant to payment gateway

H

D

POMD

Compare

POMD

OI

Digital Envelope Request Message Dual Signature

Cardholder Certificate

PIMD