Network Security - PowerPoint PPT Presentation

Loading...

PPT – Network Security PowerPoint presentation | free to download - id: 640dc-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Network Security

Description:

DES, 3-DES, IDEA, CAST, Blowfish, RC2, RC5, .... Public-key Cryptography ... Blowfish: fast, secure, variable length key (32 to 448) IDEA: key is 128-bit ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 27
Provided by: UNIVERSITY586
Learn more at: http://www.cs.sfu.ca
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Network Security


1
  • Network Security
  • Tools and Techniques
  • Mohamed M. Hefeeda
  • Supervised By Prof. Reda Ammar
  • September 2000

2
???? Motivations ????
  • How does my bank secure my online transactions?
  • How does ___.com protect my credit card if I
    order online?
  • How can an enterprise build a secure private
    network to link its distributed sites?
  • How can we send e-mails that contain secret or
    sensitive data over the insecure Internet?
  • How ..?
  • They usually say Dont Worry, we use
    Cryptography, 128-bit encryption, SSL, SET, !!
  • Well, but how???????????

3
Outline
  • Part I Applied Cryptography
  • The Tools
  • Part II Network Security Techniques
  • How to use the Tools to build secure systems
  • Part III Mobil Code Security
  • New evolving technology which has many potential
    applications but security is a major
    issue/problem

4
Outline (contd.)
  • Part I Applied Cryptography (The Tools)
  • Conventional Cryptography (Private- or
    Symmetric-key)
  • Concepts/Principles
  • DES, 3-DES, IDEA, CAST, Blowfish, RC2, RC5, .
  • Public-key Cryptography
  • Concepts/Principles
  • RSA, ElGamal, Diffie-Hellman,
  • Message Digest (One-way Hash algorithms)
  • MD5 and SHA
  • Digital Signature
  • DSS (based on ElGamal and Schnor scheme) and RSA
  • Message Authentication Code (MAC)
  • HMAC
  • Cryptographic Pseudorandom Number Generators
  • Blum-Blum-Shub, ANSI X9.17, ...

5
Outline (contd.)
  • Part II Network Security (The Techniques)
  • Authentication Protocols
  • Kerberos and X.509 Authentication services
  • Web Security
  • SSL and SET
  • E-mail Security
  • PGP and S/MIME
  • IP Security
  • Biometrics
  • Smartcards
  • Languages which support Security
  • Java Security Model
  • Case Study (Windows 2000 Security Features)
  • Kerberos, Public-Key Infrastructure, Encrypted
    File System, ...

6
Outline (contd.)
  • Part III Mobile Code Security
  • Mobile Agents
  • Concepts, applications, and Security Issues
  • Protecting the host from the visiting agents
  • Sandboxing
  • Digital-Shrink Wrap
  • Proof-Carrying Code
  • Protecting the agent during the transfer
  • Passive attacks
  • Active attacks
  • Protecting the agent from the Host
  • Limited Backbox
  • Computing with encrypted functions
  • Cryptographic traces

7
Conventional Cryptography Concepts
  • One Key
  • used for both encryption and decryption
    (symmetric)
  • Alice and Bob meet in private and agree on a key
  • Principles
  • Confusion
  • The ciphertext should depend on the plaintext and
    the key in a complicated and involved manner.
    (done through substitution)
  • Objective hide how the statistics of the
    ciphertext depend on the statistics of the
    plaintext
  • Diffusion
  • Each plaintext bit should affect every (or as
    many as possible) of the ciphertext bits. (done
    through permutation or transposition)

8
Conventional Cryptography DES
  • Data Encryption Standard (DES)
  • Late 60s IBM developed LUCIFER encryption
    algorithm
  • In 1973 NIST accepts IBMs proposal as a
    national cipher standard
  • In 1977 After refinement, DES became the
    standard
  • Description
  • Plaintext X X 64 bits, X L0R0
  • Key K K 56 bits
  • Three stages
  • IP Initial Permutation, X0 IP(L0R0)
  • 16 iterations of a certain function, F
  • IP-1 Y IP-1(L16R16)

9
DES Encryption
  • Decryption same procedure but reverse the order
    of the sub-keys

10
DES Single Round
Li Ri-1 Ri Li-1 ? F(Ri-1 , Ki)
11
DES Single Round (contd.)
12
DES S-Boxes
13
DES Security Strength
  • The security of DES is based on the design of the
    S-boxes, which is NOT publicly published! ?
  • Some suspicious that S-boxes were designed with
    some trapdoors that might allow their designers
    (NIST) to break the system
  • Exhaustive search needs 256 ? no longer secure
  • Hence, other algorithms are proposed
  • 3-DES with two (112 bits)and three keys (168
    bits).
  • Encryption Ek1-gt Dk2 -gtEk3
    Decryption Dk3-gtEk2-gtDk1
  • Blowfish fast, secure, variable length key (32
    to 448)
  • IDEA key is 128-bit
  • CAST key is 128-bit, used in PGP

14
Public-key Cryptography Concepts
  • Two keys (Asymmetric)
  • public used for encryption
  • private used for decryption

Bob
Alice
C EKUB(M)
MDKRB(C)
Decryption Algorithm
Encryption Algorithm
M
Ciphertext
Plaintext
Private Key
Read/Verify Bobs public key
Registration
Public Keys (Trusted Party)
Certificate Authority, e.g. VeriSign, CertCo, ...
15
Public-key Cryptography RSA
  • Based on the Factoring is Hard assumption
  • Key generation
  • select p, q large primes, let n pq
  • select e where gcd (?(n), e) 1. ( ?(n)
    (p-1)(q-1) )
  • compute the private key, d e-1 mod ?(n)
  • public key e, n
  • Encryption
  • C Me (mod n)
  • Decryption
  • M Cd (mod n)

16
Network SecurityAuthentication Techniques
  • Authentication prove your identity usually by
  • knowing a shared secret (conventional
    cryptography) or
  • signing a message using your private key
    (public-key cryptography)
  • Kerberos Authentication Protocol (MIT)
  • Two versions ver 4 (still widely used) and ver 5
    (future)
  • Uses DES
  • Four entities
  • Client (C) requesting for a service
  • Server (V) providing the service
  • Authentication Server (AS) knows all passwords.
    Shares a unique secret key with each server.
  • Ticket-Granting Server (TGS) issues tickets to
    users who have been authenticated by AS to access
    a certain service on a certain server V.

17
Kerberos overview
18
Kerberos messages exchange
19
Network Security Web Security
  • Security threats
  • Passive attack (eavesdropping)
  • Active attacks (modify data)
  • Security approaches
  • Secure Socket Layer. (just above the Transport
    Layer)
  • Secure Electronic Transaction (in the Application
    Layer)
  • Using the IP Security (Network Layer)

20
Network Security SSL
  • Secure Socket Layer (SSL)
  • Originated by Netscape
  • Supports security over the Internet and Intranets
  • Provides
  • Authentication
  • using certificates (public key)
  • Confidentiality (encryption)
  • DES40, DES, 3DES, IDEA, RC2, RC4, and Fortezza
  • Integrity (MAC uses one of the following)
  • MD5 (128-bit hash)
  • SHA (160-bit hash)

21
SSL overview
SSL Protocol Stack
22
SSL Handshake Protocol
  • Used for Authentication and Key exchange

SSL Handshake Protocol Summary
23
SSL Record Protocol
  • Provides confidentiality and message integrity

SSL Record Protocol Operations
24
Network Security Biometrics
  • Authentication/identification approaches based
    on
  • Something you know, e.g. password, PIN number,
    ...
  • Something you have, e.g. ATM card, physical key,
  • Something you are, e,g. biometrics fingerprint,
  • Biometrics authenticate individuals based on
    their biological and/or behavioral
    characteristics
  • fingerprint matching
  • Iris scanning
  • Hand geometry matching
  • Retina scanning
  • Face recognition
  • voice recognition
  • DNA, ..

25
Biometrics system architecture
A typical biometric system
26
Case Study Windows 2000
  • Security Features
  • Kerberos ver 5 authentication protocol
  • Faster, more efficient, and more secure than NTLM
  • Encrypted File System (EFS)
  • transparent to the user
  • public- and private- key encryption
  • encrypts the file using DES
  • encrypts the key of the DES using the users
    private key
  • Public-key based protocols
  • SSL/TLS
  • Certificate Server
  • IP Security (IPSec)
  • to build a Virtual Private LAN
About PowerShow.com