1 / 20

Network security

Network security. Jesper Holt Nielsen. Network Security. Basic concepts Symmetric Encryption Assymetric Encryption User authentication Public and shared keys Security in networks. Basic security goals. Integrity , Availability , and Confidentiality Authenticity

mariko
Download Presentation

Network security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network security Jesper Holt Nielsen

  2. Network Security • Basicconcepts • SymmetricEncryption • AssymetricEncryption • Userauthentication • Public and sharedkeys • Security in networks

  3. Basicsecuritygoals • Integrity, Availability, and Confidentiality • Authenticity • Genuine and verified • Accountability • Logging, trace breach’s • Violete transmission of information • Computer Security • Internet Security • Virus • Attacks/hacks

  4. Basicsecurityconcepts • KeyInterchange / KeyEncryption • Private-key • Public-key • One-way Hash • Public-keyEncryption • Hashing

  5. Conceptschallenges • Designer vsattacker • Investments • Oftenlittlebenefit, untilfailure • Monitoring • Ressource heavy

  6. OSI securityarchitecture • A standard architecture for securitymeans • A definition of the requirements • Consists of three major parts • Security attacks • Services • Mechnisms • Standards X.800, RFC 2828

  7. OSI securityarchitectureSecurity attacks • Passive • Eavesdroppen, monitoring transmission • Difficult to detect • Active • Modification, creation, DoS • Easy to detect, hard to avoid

  8. OSI securityarchitecture Services • Authentication • Are you who you claim? • Access Control • Unauthorized use • Data Confidentiality • Protection of data • Data Integrity • Is the data correct? • Nonrepudiation • Protection against denial

  9. OSI securityarchitecture Mechanisms • Specific security mechanisms • Can be incorporated into protocol layers • Digital signature • Access control • Data integrity • Authentication exchange • Pervasive security mechanisms • Not specific to any layer or protocol • Trusted functionality • Security label • Event detection • Recovery

  10. Cryptographic hash functions • Arbitrary block of data -> returns a fixed-size bit string • Encoded data is the message • Hash value is the message digest or digest • Functions MD5, SHA-1 • Weakness • Collision • m1 ≠ m2 and hash(m1) = hash(m2)

  11. Hashing properties • Easy to compute the hash value for any given message • Infeasible to generate a message that has a given hash • Infeasible to modify a message without changing the hash • Infeasible to find two different messages with the same hash.

  12. Why hashing? • Digital signatures • Message authentication codes (MACs) • Integrity of a message • Altering the message • Verify issuer • Fingerprints a message • Cant be altered

  13. Symmetricencryption • Conventional Encryption method • Secret-key concept • Single-key Encryption • Same key for en- and decryption • DES, 3DES, AES • Blockand Stream Cipher • Random and pseudo-random numbers

  14. Symmetric encryption structure • Plaintext • Encryptionalgorithm • Secretkey • Ciphertext • Decryptionalgorithm

  15. Symmetric model

  16. Random and pseudo-randomnumbers • PRNGs, TRNGs and PRFs

  17. Public-key Cryptography • AssymetricEncryption • Twoseperate keys • Public-keyand Private-key • Encryptplaintext, decryptciphertext • Keydistributions • Digital Signatures • Verify a message

  18. Public-key Cryptography

  19. Implementations • RSA - Rivest, Shamir & Adleman of MIT in 1977 • Widely used • All users generate a private and public key pair • Publish their public key • Keep private key secret

  20. Thankyou

More Related