Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cryptography and Network Security: Overview

advertisement 
Cryptography and
Network Security: Overview
Raj Jain
Washington University in Saint Louis
Saint Louis, MO 63130
Jain@cse.wustl.edu
Audio/Video recordings of this lecture are available at:
http://www.cse.wustl.edu/~jain/cse571-11/
Washington University in St. Louis
CSE571S
1-1
©2011 Raj Jain
Overview
1.
2.
3.
4.
5.
Computer Security Concepts
OSI Security Architecture
Security Attacks
Security Services
Security Mechanisms
These slides are based on Lawrie Brown’s slides supplied with William Stalling’s
book “Cryptography and Network Security: Principles and Practice,” 5th Ed, 2011.
Washington University in St. Louis
CSE571S
1-2
©2011 Raj Jain
Standards Organizations
National Institute of Standards & Technology (NIST)
http://csrc.nist.gov/
 Internet Society (ISOC):
Internet Engineering Task Force (IETF), ietf.org
Internet Architecture Board (IAB)
 International Telecommunication Union
Telecommunication Standardization Sector (ITU-T)
http://www.itu.int
 International Organization for Standardization (ISO)
http://www.iso.org

Washington University in St. Louis
CSE571S
1-3
©2011 Raj Jain
Security Components
Confidentiality: Need access control, Cryptography,
Existence of data
 Integrity: No change, content, source, prevention
mechanisms, detection mechanisms
 Availability: Denial of service attacks,
 Confidentiality, Integrity and Availability (CIA)

Washington University in St. Louis
CSE571S
1-4
©2011 Raj Jain
OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”
 Defines a systematic way of defining and providing
security requirements
 Provides a useful, if abstract, overview of concepts

Washington University in St. Louis
CSE571S
1-5
©2011 Raj Jain
Aspects of Security
Aspects of information security:
 Security attack
 Security mechanism
 Security service
 Note:
 Threat – a potential for violation of security
 Attack – an assault on system security, a deliberate
attempt to evade security services

Washington University in St. Louis
CSE571S
1-6
©2011 Raj Jain
Passive Attacks
Washington University in St. Louis
CSE571S
1-7
©2011 Raj Jain
Active Attacks
Washington University in St. Louis
CSE571S
1-8
©2011 Raj Jain
Security Services (X.800)






Authentication - assurance that communicating entity is the
one claimed
 have both peer-entity & data origin authentication
Access Control - prevention of the unauthorized use of a
resource
Data Confidentiality –protection of data from unauthorized
disclosure
Data Integrity - assurance that data received is as sent by an
authorized entity
Non-Repudiation - protection against denial by one of the
parties in a communication
Availability – resource accessible/usable
Washington University in St. Louis
CSE571S
1-9
©2011 Raj Jain
Security Mechanism
Feature designed to detect, prevent, or recover from a
security attack
 However one particular element underlies many of the
security mechanisms in use:
 cryptographic techniques

Washington University in St. Louis
CSE571S
1-10
©2011 Raj Jain
Security Mechanisms (X.800)
 Specific security mechanisms:

Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
 Pervasive security mechanisms:

Trusted functionality, security labels, event
detection, security audit trails, security recovery
Washington University in St. Louis
CSE571S
1-11
©2011 Raj Jain
Services and Mechanisms Relationship
Washington University in St. Louis
CSE571S
1-12
©2011 Raj Jain
Model for Network Security
1.
2.
3.
4.
Algorithm for Security transformation
Secret key generation
Distributed and share secret information
Protocol for sharing secret information
Washington University in St. Louis
CSE571S
1-13
©2011 Raj Jain
Model for Network Access Security
1.
2.
Select appropriate gatekeeper functions to identify
users
Implement security controls to ensure only authorised
users access designated information or resources
Washington University in St. Louis
CSE571S
1-14
©2011 Raj Jain
Summary





NIST, IETF, ITU-T, ISO develop standards for network
security
CIA represents the 3 key components of security
ISO X.800 security architecture specifies security attacks,
services, mechanisms
Active attacks may modify the transmitted information.
Security services include authentication, access control, …
Washington University in St. Louis
CSE571S
1-15
©2011 Raj Jain
1.
2.
3.
4.
Lab Homework 2
Read about the following tools
a. Wireshark, network protocol analyzer,
http://www.wireshark.org/download.html
Use ftp client to download in binary mode (do not use browser)
b. Advanced Port Scanner, network port scanner,
http://www.scanwith.com/Advanced_Port_Scanner_download.htm
c. LAN Surveyor, network mapping shareware with 30 day trial,
http://www.solarwinds.com/products/lansurveyor/
Use advanced port scanner to scan one to three hosts on your local net
(e.g., CSE571XPS and CSE571XPC2 in the security lab) to find their
open ports.
Use network surveyor to show the map of all hosts on your local net
Ping www.google.com to find its address. Start Wireshark. Set capture
filter option “IP Address” to capture all traffic to/from this address. Open
a browser window and Open www.google.com . Stop Wireshark. Submit
a screen capture showing the packets seen.
Washington University in St. Louis
CSE571S
1-16
©2011 Raj Jain
Security URLs







Center for Education and Research in Information Assurance
and Security,
http://www.cerias.purdue.edu/about/history/coast/archive/
IETF Security area, sec.ietf.org
Computer and Network Security Reference Index,
http://www.vtcif.telstra.com.au/info/security.html
The Cryptography FAQ,
http://www.faqs.org/faqs/cryptography-faq/
Tom Dunigan's Security page,
http://www.csm.ornl.gov/%7edunigan/security.html
IEEE Technical Committee on Security and Privacy,
http://www.ieee-security.org/index.html
Computer Security Resource Center, http://csrc.nist.gov/
Washington University in St. Louis
CSE571S
1-17
©2011 Raj Jain
Security URLs (Cont)
Security Focus, http://www.securityfocus.com/
 SANS Institute, http://sans.org/
 Data Protection resource Directory,
http://www.dataprotectionhq.com/cryptographyanddat
asecurity/
 Helger Lipmaa's Cryptology Pointers,
http://www.adastral.ucl.ac.uk/%7ehelger/crypto/

Washington University in St. Louis
CSE571S
1-18
©2011 Raj Jain
Newsgroups and Forums










sci.crypt.research, sci.crypt, sci.crypt.random-numbers
alt.security
comp.security.misc, comp.security.firewalls,
comp.security.announce
comp.risks
comp.virus
Security and Cryptography Forum,
http://forums.devshed.com/security-and-cryptography-17/
Cryptography Forum,
http://www.topix.com/forum/science/cryptography
Security Forum, http://www.windowsecurity.com/
Google groups, http://groups.google.com
LinkedIn Groups, http://www.linkedin.com
Washington University in St. Louis
CSE571S
1-19
©2011 Raj Jain
Related documents
Redefining Interior & Exterior finishes with innovative solutions
Redefining Interior & Exterior finishes with innovative solutions
Jain's Interactive Workshops will help you discover Vedic
Jain's Interactive Workshops will help you discover Vedic
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
Signal Encoding Techniques - Washington University in St. Louis
Signal Encoding Techniques - Washington University in St. Louis
Circle the incorrect punctuation in the passage using a red crayon
Circle the incorrect punctuation in the passage using a red crayon
E-mail: raj - Two Castles Housing Association
E-mail: raj - Two Castles Housing Association
Wireless Physical Layer Concepts: Part III
Wireless Physical Layer Concepts: Part III
Data Communications and Networking Overview
Data Communications and Networking Overview
Karadipatti Presentation
Karadipatti Presentation
Types of Workloads
Types of Workloads
CIS 678: Internetworking
CIS 678: Internetworking
2k-p Fractional Factorial Designs - Washington University in St. Louis
2k-p Fractional Factorial Designs - Washington University in St. Louis
Comparing Systems Using Sample Data
Comparing Systems Using Sample Data
Mean Value Analysis and Related Techniques
Mean Value Analysis and Related Techniques
Simple Linear Regression Models - Washington University in St. Louis
Simple Linear Regression Models - Washington University in St. Louis
Other Regression Models - Washington University in St. Louis
Other Regression Models - Washington University in St. Louis
Data Center Network Topologies - Washington University in St. Louis
Data Center Network Topologies - Washington University in St. Louis
Comparing Systems Using Sample Data
Comparing Systems Using Sample Data
Download
advertisement