Security Mechanisms in High Level Network Protocols by L' Voydock and T' Kent - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Security Mechanisms in High Level Network Protocols by L' Voydock and T' Kent

Description:

Different modes of operation Electronic code book (ECB) mode. Cipher block chaining (CBC) Mode ... Bind error detection code to PDUs (binding should be secure) ... – PowerPoint PPT presentation

Number of Views:162
Avg rating:3.0/5.0
Slides: 20
Provided by: chetann
Category:

less

Transcript and Presenter's Notes

Title: Security Mechanisms in High Level Network Protocols by L' Voydock and T' Kent


1
Security Mechanisms in High Level Network
Protocolsby L. Voydock and T. Kent
  • Presented by Chetan Nanjunda
  • at
  • BrainStorm MSyNC Seminar Series

2
Contents
  • Introduction
  • Threats to Network Security
  • Approaches to Communication Security
  • Data Encryption
  • Release of Message Contents
  • Traffic Analysis
  • Message Stream Modification
  • Denial of Message Service
  • Summary

3
Introduction
  • Importance of network security
  • Improved physical security at terminals
  • remote access
  • Sharing
  • new network technologies
  • Establish goals of communication security

4
Threats to Network Security
  • ISO reference model
  • Layers
  • Protocol entities, Peer entities
  • Peer to peer protocol (PDU, SDU)
  • Connectionless, connection oriented
  • Environment models
  • Network Model ( Terminal, service, gateway hosts)
  • Association Model
  • Classifications of Attacks
  • Unauthorized release of information (passive)
  • Unauthorized modification of information (active)
  • Unauthorized denial of use of resources
  • Active attack ? hard to prevent, easy to detect
  • Passive attack ? easy to prevent, hard to detect

5
Association model
6
Communication Security Goals
  • Prevention of release of message contents
  • Prevention of traffic analysis
  • Detection of message stream modification
  • Detection of denial of message service

7
Approaches to communication security
  • Link oriented measures
  • Encryption performed independently on each
    communication link
  • Different key is often used on each link
  • Stream ciphers are generally employed
  • Assumes intermediate nodes to be secure
  • Cost of key distribution is high
  • Not scalable

8
Approaches to communication security
continued..
  • End to End measures
  • Individual user or host can elect to employ them
    without affecting other users
  • Naturally suited for users perception of their
    security requirements
  • End to end measures can be association oriented

9
Data Encryption
  • Basic concepts
  • Attacks on cryptosystems
  • computationally secure
  • ciphertext-only, known-plaintext,
    chosen-plaintext
  • Major encryption techniques
  • block ciphers
  • stream ciphers

10
Different modes of operation Electronic code book
(ECB) mode
11
Cipher block chaining (CBC) Mode
12
Cipher feedback (CFB) mode
13
Release of message contents
  • Where to perform encryption?
  • encryption at network layer will not provide any
    additional security compared to encryption at
    transport layer
  • Key granularity
  • unique key per association or single key among
    the entire group of protocol entities?
  • Masking data patterns
  • ECB mode block size data patterns falling on
    block boundaries are exposed
  • CBC/ CFB mode patterns masked by ensuring that
    every message encrypted under the same key begins
    with a unique prefix
  • Limitations of IVs
  • For a given association, the IV and key
    combination should not be repeated

14
Traffic analysis
  • Link oriented security offers more protection
    against traffic analysis
  • End to end measures can limit origin
    destination analysis to the host level
  • Maintain predefined pattern of message
    frequencies and lengths between each pair of
    hosts in the network

15
Message stream modification
  • Integrity (modifying PDUs)
  • Independent PDU encryption
  • Bind error detection code to PDUs (binding should
    be secure)
  • Error propagation (avalanche effect)
  • Authentication (Inserting synthesized PDU, play
    back valid PDU)
  • Unique IDs (time stamps) for every PDU passing
    thru an association
  • Unique keys for each association (Keys act as
    IDs)
  • Ordering (deleting, altering order, duplicating)
  • Sequence numbering on PDUs

16
Denial of Message service
  • Delaying or discarding PDUs
  • Entity attempting to send PDUs can detect the
    attack but has no way to tell the other end
  • Request response mechanism
  • Verify that an open path exists periodically

17
Summary
  • Threats to Network Security
  • Classifications of Attacks
  • Active , passive
  • Communication Security Goals
  • Approaches to Communication Security
  • Link Oriented Measures
  • End to End Measures
  • Data Encryption
  • Attacks on Cryptosystems
  • Major Encryption Techniques
  • The Data Encryption Standard
  • Release of Message Contents
  • Key Granularity
  • Masking Data Patterns
  • IV limitations
  • Traffic Analysis
  • Message Stream Modification
  • Integrity
  • Authenticity
  • Ordering
  • Denial of Message Service

18
Questions?
19
Thank You
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security Mechanisms in High Level Network Protocols by L' Voydock and T' Kent" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!