1 / 63

The Internet and Network Security

Internet dan Jaringan Komputer. The Internet and Network Security. Dr. Tb. Maulana Kusuma mkusuma@staff.gunadarma.ac.id http://staffsite.gunadarma.ac.id/mkusuma. An Overview of Telecommunications and Networks. Telecommunications: the electronic transmission of signals for communications

annice
Download Presentation

The Internet and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet dan Jaringan Komputer The Internet and Network Security Dr. Tb. Maulana Kusuma mkusuma@staff.gunadarma.ac.id http://staffsite.gunadarma.ac.id/mkusuma Magister Manajemen Sistem Informasi

  2. An Overview of Telecommunications and Networks • Telecommunications: the electronic transmission of signals for communications • Telecommunications medium: anything that carries an electronic signal and interfaces between a sending device and a receiving device Magister Manajemen Sistem Informasi

  3. An Overview of Telecommunications and Networks (continued) Magister Manajemen Sistem Informasi

  4. Use and Functioning of the Internet • Internet: a collection of interconnected networks, all freely exchanging information • ARPANET • The ancestor of the Internet • A project started by the U.S. Department of Defense (DoD) in 1969 • Internet Protocol (IP): communication standard that enables traffic to be routed from one network to another as needed Magister Manajemen Sistem Informasi

  5. How the Internet Works • The Internet transmits data from one computer (called a host) to another • If the receiving computer is on a network to which the first computer is directly connected, it can send the message directly • If the receiving computer is not on a network to which the sending computer is connected, the sending computer relays the message to another computer that can forward it Magister Manajemen Sistem Informasi

  6. How the Internet Works (continued) Magister Manajemen Sistem Informasi

  7. How the Internet Works (continued) • Data is passed in chunks called packets • Internet Protocol (IP): communications standard that enables traffic to be routed from one network to another as needed • Transmission Control Protocol (TCP): widely used transport-layer protocol that is used in combination with IP by most Internet applications • Uniform Resource Locator (URL): an assigned address on the Internet for each computer Magister Manajemen Sistem Informasi

  8. Accessing the Internet • Connect via a LAN server • Connect via Serial Line Internet Protocol (SLIP)/Point-to-Point Protocol (PPP) • Connect via an online service • Other ways to connect Magister Manajemen Sistem Informasi

  9. Accessing the Internet (continued) Magister Manajemen Sistem Informasi

  10. Internet and Telecommunications Services • E-mail and instant messaging • Instant messaging: a method that allows two or more individuals to communicate online, using the Internet • Internet cell phones and handheld computers • Career information and job searching • Web log (blog): a Web site that people can create and use to write about their observations, experiences, and feelings on a wide range of topics Magister Manajemen Sistem Informasi

  11. Internet and Telecommunications Services (continued) • Chat rooms: enable two or more people to engage in interactive “conversations” over the Internet • Internet phone and videoconferencing services • Content streaming: a method for transferring multimedia files over the Internet so that the data stream of voice and pictures plays more or less continuously without a break, or very few of them • Shopping on the Web Magister Manajemen Sistem Informasi

  12. Internet and Telecommunications Services (continued) • Web auctions • Music, radio, and video on the Internet • Other Internet services and applications Magister Manajemen Sistem Informasi

  13. Intranets and Extranets • Intranet • Internal corporate network built using Internet and World Wide Web standards and products • Used by employees to gain access to corporate information • Slashes the need for paper Magister Manajemen Sistem Informasi

  14. Intranets and Extranets (continued) • Extranet • A network based on Web technologies that links selected resources of a company’s intranet with its customers, suppliers, or other business partners • Virtual private network (VPN): a secure connection between two points across the Internet • Tunneling: the process by which VPNs transfer information by encapsulating traffic in IP packets over the Internet Magister Manajemen Sistem Informasi

  15. Intranets and Extranets (continued) Magister Manajemen Sistem Informasi

  16. Net Issues • Management issues • No centralized governing body controls the Internet • Service and speed issues • Web server computers can be overwhelmed by the amount of “hits” (requests for pages) • More and more Web sites have video, audio clips, or other features that require faster Internet speeds Magister Manajemen Sistem Informasi

  17. Net Issues (continued) • Privacy • Spyware: hidden files and information trackers that install themselves secretly when you visit some Internet sites • Cookie: a text file that an Internet company can place on the hard disk of a computer system • Fraud • Phishing Magister Manajemen Sistem Informasi

  18. Security Threats Magister Manajemen Sistem Informasi

  19. Passive Attacks • Eavesdropping on transmissions • To obtain information • Release of message contents • Outsider learns content of transmission • Traffic analysis • By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed • Difficult to detect • Can be prevented Magister Manajemen Sistem Informasi

  20. Active Attacks • Masquerade • Pretending to be a different entity • Replay • Modification of messages • Denial of service • Easy to detect • Detection may lead to deterrent • Hard to prevent Magister Manajemen Sistem Informasi

  21. Net Issues (continued) • Security with encryption and firewalls • Cryptography: converting a message into a secret code and changing the encoded message back to regular text • Digital signature: encryption technique used to verify the identity of a message sender for processing online financial transactions • Firewall: a device that sits between an internal network and the Internet, limiting access into and out of a network based on access policies Magister Manajemen Sistem Informasi

  22. Net Issues (continued) Cryptography is the process of converting a message into a secret code and changing the encoded message back into regular text. Magister Manajemen Sistem Informasi

  23. An Introduction To PUBLIC KEY INFRASTRUCTURE Tb. Maulana Kusuma mkusuma@staff.gunadarma.ac.id Magister Manajemen Sistem Informasi

  24. Outline • Introduction • How to build the trust ? • Basic Cryptography • One way hashing • Digital Signature • Certification Authority • CA Component • Future Technology Magister Manajemen Sistem Informasi

  25. Electronic Commerce • Traditional Trading • Paper Based • Based on Trust • EDI (Electronic Data Interchange) • Secure • Closed • Proprietary • Internet • Not Secure • Open • Open System Magister Manajemen Sistem Informasi

  26. Electronic Commerce : The Problem Paper Based Trading EDI (Electronic Data Interchange) Internet Based E-Commerce How to build the TRUST ? Magister Manajemen Sistem Informasi

  27. The Problem (cont’d) • Information over the Internet is Free, Available, Unencrypted, and Untrusted. • Not desirable for many Applications • Electronic Commerce • Software Products • Financial Services • Corporate Data • Healthcare • Subscriptions • Legal Information Magister Manajemen Sistem Informasi

  28. Another Problem Magister Manajemen Sistem Informasi

  29. Multiple Security Issues to be Solved Privacy Authentication Interception Spoofing Integrity Nonrepudiation Proof of parties involved Modification Magister Manajemen Sistem Informasi

  30. Trust in conducting e-commerce • AUTHENTICATION • to identify the parties involved • CONFIDENTIALITY • to keep the information private • INTEGRITY • to prevent the manipulation of information • NON-REPUDIATION • to prevent the denial of information by the owner Magister Manajemen Sistem Informasi

  31. Trust in paper based commerce • AUTHENTICATION • wrote a letter and sign • CONFIDENTIALITY • put the letter in envelope and seal it • INTEGRITY • send it by certified mail, make a copy and send it twice • NON-REPUDIATION • have a witness verified that our signature was authentic Magister Manajemen Sistem Informasi

  32. Technology Outline • Basic Cryptography • Symmetric Cryptography • Asymmetric Cryptography • One Way Hashing • Digital Signature • C.A. & Digital Certificate Magister Manajemen Sistem Informasi

  33. Encryption : Ksjdksjdkskjksd jsdkjsk ksjdksjdksj ksdjksdjskjdskjd skdj ksjdk sjd ksdjsj ksjdksjdksj dksjd jskdj skjsdkjskdjskjd Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan bahwa gaji bapak naik 100 % terhitung dari sekarang Terimakasih Decryption : Ksjdksjdkskjksd jsdkjsk ksjdksjdksj ksdjksdjskjdskjd skdj ksjdk sjd ksdjsj ksjdksjdksj dksjd jskdj skjsdkjskdjskjd Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan bahwa gaji bapak naik 100 % terhitung dari sekarang Terimakasih Algorithm Cryptography Concepts cipher text Requires : an ALGORITHM and a KEY Magister Manajemen Sistem Informasi

  34. Encryption Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Algorithm Decryption Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Algorithm Symmetric Cryptography Requires : SHARED KEY Example : DES,IDEA,Red Pike,RC2,RC4 Magister Manajemen Sistem Informasi

  35. Symmetric Cryptography (cont’d) • Characteristic : • High Performance • Useful for Fast Encryption / Decryption • Key management is not practical Magister Manajemen Sistem Informasi

  36. Asymmetric Cryptography Encryption Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Private Key Algorithm Decryption Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Public Key Algorithm Magister Manajemen Sistem Informasi

  37. Asymmetric Cryptography (cont’d) • Also known as Public Key Cryptography • Public Key is distributed to public • Private Key is kept private • IF Private Key is used to encrypt then ONLY Public Key can decrypt • IF Public Key is used to encrypt then ONLY Private Key can decrypt Magister Manajemen Sistem Informasi

  38. Asymmetric Cryptography (cont’d) • Public Key & Private Key : • Generated as a pair of keys • Derived from very large prime number • It’s impossible to determine one knowing each other • Strength of Key : 512 bit, 1024 bit, 2048 bit …… • Example : RSA, ECC, DSA Magister Manajemen Sistem Informasi

  39. One Way Hash Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 A0 B0 C0 E0 G0 D0F0 80 87 80 70 30 DIGEST / FINGERPRINT One way hashfunction • Produce unique fingerprint of data (128/160 bits) • No Key is used • Irreversible • A one bit change in the message affects at least half the bits in the digest • Used to determine if data has been changed Magister Manajemen Sistem Informasi

  40. A0 B0 C0 E0 30 70 80 A0 One way hashfunction A0 B0 C0 E0 30 70 80 A0 Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 A0 B0 C0 E0 30 70 80 A0 One way hashfunction A0 B0 C0 E0 30 70 80 A0 equal ? One Way Hash (cont’d) Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Example : MD5, SHA-1 Magister Manajemen Sistem Informasi

  41. Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 A0 B0 C0 E0 G0 D0F0 80 87 80 70 30 One way hashfunction ENCRYPT Sender’sPrivate Key DIGITAL SIGNATURE XX B0 XX E0 XX D0F0 XX 87 XX 70 30 Digital Signature Magister Manajemen Sistem Informasi

  42. Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 A0 B0 C0 E0 30 70 80 A0 A0 B0 C0 E0 30 70 80 A0 A0 B0 C0 E0 30 70 80 A0 A0 B0 C0 E0 30 70 80 A0 Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 A0 B0 C0 E0 30 70 80 A0 A0 B0 C0 E0 30 70 80 A0 Equal ? A0 B0 C0 E0 30 70 80 A0 A0 B0 C0 E0 30 70 80 A0 Whole Mechanism Kepada Yth Bapak Asep di Tempat Dengan hormat …. Kami ingin memberitahukan ak naik 100 Private Key Private Key Asep Budi Magister Manajemen Sistem Informasi Public Key Public Key

  43. Achieving 4 Cornerstones of Trust • AUTHENTICATION • the use of private key to encrypt digest - only sender’s public key can decrypt • CONFIDENTIALITY • encrypt the message with recepient public key - only sender’s private key can decrypt • INTEGRITY • comparing the digest from decrypting digital signature • NON-REPUDIATION • digital signature do the job Magister Manajemen Sistem Informasi

  44. AUTHENTICATION PRIVACY INTEGRITY Services NON-REPUDIATION Technology Public Key Technology Digital Certificates Infrastructure Certification Authorities Security Management Public Key Security • Public Key Technology Best Suited to Solve Business Needs • Infrastructure = Certification Authorities Magister Manajemen Sistem Informasi

  45. About the Key • Pseudo Random Number • Key size is vital. The longest is the strongest. • Private Key must be kept private : • File based storage (using PIN/ PassPhrase • SmartCard storage (using PIN as the protection Magister Manajemen Sistem Informasi

  46. The Problem of Distributing Public Key MAN IN THE MIDDLE OF ATTACK Magister Manajemen Sistem Informasi

  47. The Problem of Distributing Public Key • How do I know who the public key belongs to ? • Digital Certificates • Certification Authority Magister Manajemen Sistem Informasi

  48. Digital Certificate • A certificate binds a public key to an owner • It is the envelope to distribute public key • The trusted CA digitally sign the certificate to verify the ownership of the key itself Magister Manajemen Sistem Informasi

  49. Digital Certificate (cont’d) • Contain : • Detail about Owner • Detail about certificate issuer (CA) • Public Key • Validity and Expiration dates • Digital Signature of the certificate by the CA • Time Stamp • Distributed through Directory Server / LDAP (Lightweight Directory Access Protocol) Magister Manajemen Sistem Informasi

  50. ~~~~ ~~~~ ~~~~ Digital Signature Digital Certificate (cont’d) Before two parties exchange data using Public Key cryptography, each wants to be sure that the other party is authenticated. Before B accepts a message with A’s Digital Signature, B wants to be sure that the public key belongs to A and not to someone masquerading as A on an open network. One way to be sure, is to use a trusted third party to authenticate that the public key belongs to A. Such a party is known as a Certification Authority (CA). Once A has provided proof of identity, the Certification Authority creates a message containing A’s name and public key. This message is known as a Digital Certificate. Magister Manajemen Sistem Informasi

More Related