CSE 651:
Steve Lai
Spring 2010
1
• Instructor: Steve Lai
• Office: DL 581
• Office hours: MWF 2:30-3:30
• Email: lai@cse.ohio-state.edu
• Home page: www.cse.ohiostate.edu/~lai
2
• William Stallings
Cryptography and Network Security:
Principles & Practice (5th edition)
Pearson/Prentice Hall, 2010.
• http://www.amazon.com/Cryptography-
Network-Security-Principles-
Practice/dp/0136097049
3
• CSE 677
• Some maturity in mathematical reasoning
4
• Will cover the first 17 chapters of Stallings with many sections skipped.
5
• Introduction (Ch. 1)
• Symmetric-key encryption
– Classical encryption techniques (Ch. 2)
– Block ciphers and data encryption standard (Ch. 3)
– Advanced encryption standard (Ch. 5)
– Block cipher operation (Ch. 6)
– Stream ciphers (Ch. 7)
• Public-key cryptography and RSA (Ch. 9)
6
• Cryptographic hash functions (Ch. 11)
• Message Authentication (Ch. 12)
• Digital Signatures (Ch. 13)
• Key management and distribution (Ch. 14)
• User authentication protocols (Ch. 15)
• Web Security: SSL (Ch 16)
• IEEE 802.11 Wireless LAN Security (Ch.
17)
7
• Assignments: 20%
• Midterm exam I: 25% ( Monday, April 26 )
• Midterm exam II: 25% ( Monday, May 17 )
• Final exam: 30% (Wed, June 9, 9:30)
• Late homework will NOT be accepted.
8
• CSE 551 : Introduction to Information
Security
• CSE 652: Applied Information Security
Project
• CSE 794Q: Introduction to Cryptography
9
CSE 651: Introduction to Network
Security
• Network Security – measures to protect data during their transmission over a network or internet.
• Internet Security
11
• ITU-T Recommendation X.800 “Security
Architecture for OSI” describes network security in three aspects:
– security attack
– security service
– security mechanism
12
• Attack: any action that compromises the security of information
• Many different types of attacks
• Can be generally classified as
– Passive attacks
– Active attacks
13
• Reading contents of messages
• Also called eavesdropping
• Difficult to detect passive attacks
• Defense: to prevent their success
14
• Modification or creation of messages (by attackers)
• Four categories: modification of messages, replay, masquerade, denial of service
• Easy to detect but difficult to prevent
• Defense: detect attacks and recover from damages
15
16
17
18
• Data Confidentiality: protecting data from unauthorized disclosure.
• Data Integrity:
– assuring that data received is as sent
(w/o modification)
– or detecting its non-integrity.
19
• Authentication:
– (from dictionary: the action of confirming someone or something as authentic.)
– (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed.
– Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.
20
• Message Authentication
– Data origin authentication
– Data integrity
• Entity Identification
– Entity authentication
21
• Non-Repudiation:
– Origin non-repudiation: preventing sender from denying that he has sent a message
– Destination non-repudiation: preventing receiver from denying that she has received a message
22
• Access Control: preventing unauthorized use of a resource.
• Availability: making systems or resources available upon demand by legitimate users.
23
• Means to implement security services:
– Encryption
• Symmetric-key encryption
• Public-key encryption
• Key management
– Hash functions
– Message authentication codes
– Digital signatures
– Entity authentication protocols
24