introduction to network systems security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to Network Systems Security PowerPoint Presentation
Download Presentation
Introduction to Network Systems Security

play fullscreen
1 / 24
Download Presentation

Introduction to Network Systems Security - PowerPoint PPT Presentation

branxton
188 Views
Download Presentation

Introduction to Network Systems Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Introduction toNetwork Systems Security Mort Anvari

  2. About the Course • A grad-level seminar course focusing on basics and issues in network security • First half will be lectures about elements of network security, cryptography backgrounds, and introduction to network security designs • Second half will be your chance to present what you have learned from key research papers

  3. Why Should You Take This Course • Security is an increasingly important issue • You want to have basic knowledge about network security • You can learn latest attacks and newest skills to counter those attacks • You have a chance to implement the skills learned in the class

  4. Your Best Strategy • Come to every lecture to learn basic security problems and skills to counter them • Keep yourself exposed to articles related to network security to collect project ideas • Read each assigned paper and write good summary for each paper • Do not wait till last minute to prepare for exam or work on project • Enjoy the fun!

  5. What Can Go Wrong… • …when your computer y receive or is waiting for a message m? ? Internet m x y

  6. Message Loss • Adversary A can discard m in its transit A m x y

  7. Message Interception • Adversary A can get a copy of m when m passes by m A m m x y

  8. Message Modification • Adversary A can arbitrarily modify the content of m to become m’ A m m’ x y

  9. Message Insertion • Adversary A can arbitrarily fabricate a message m, pretending that m was sent by x src: x dst: y A m x y

  10. Message Replay • Adversary A can replay a message m that has been sent earlier by x and received by y m A m x y

  11. … … … … … Denial-of-Service Attack • Adversary A can send huge amount of messages to y to block m from arriving at y A m ????? x y

  12. Passive attacks Traffic analysis Message interception Active attacks Message loss Message modification Message insertion Message replay Denial-of-Service attack Type of Attacks

  13. Confidentiality Integrity Authentication Anti-replay … Availability Access control Non-repudiation Anonymity Network Security Services

  14. Confidentiality • Keep message known only to the receiver and secret to anyone else • Counter message interception

  15. Integrity • When receiver receives message m, receiver can verify m is intact after sent by sender • Counter message modification

  16. Authentication • When receiver receives message m, receiver can verify m is indeed sent by the sender recorded in m • Counter message insertion

  17. Anti-replay • When receiver receives message m, receiver can verify m is not a message that was sent and received before • Counter message replay

  18. Availability • Property of a system or a resource being accessible and usable upon demand by an authorized entity • Counter denial-of-service attack

  19. Access Control • Mechanism to enforce access rights to resources and data • Users can access resources and data to which they have access rights • Users cannot access resources and data to which they don’t have access rights

  20. Non-repudiation • When receiver receives message m, receiver gets proof that sender of m ever sent m • Receiver of m can show proof to third-party so that sender of m cannot repudiate

  21. Anonymity • Identity of sender is hidden from receiver • When receiver receives message m, receiver has no clue about sender of m

  22. Network Security Is Great… • Protect messages from interception in their transit • Detect and discard messages that are modified, inserted, or replayed • Disallow unauthorized access to local system resource and sensitive data

  23. …But Hard To Achieve • Many layers in network architecture • Many different media of network connection • Adversary’s location hard to determine • New attacks keep emerging • Cryptographic overhead

  24. Next Class • Formal specification and verification of network protocols • Network security tools to counter the effects of adversary actions