basic internet security concepts n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Basic Internet Security Concepts PowerPoint Presentation
Download Presentation
Basic Internet Security Concepts

Loading in 2 Seconds...

play fullscreen
1 / 27

Basic Internet Security Concepts - PowerPoint PPT Presentation


  • 150 Views
  • Uploaded on

Basic Internet Security Concepts. J.W. Ryder RyderJ@Oneonta.Edu. Introduction. The internet is a vast wilderness, an infinite world of opportunity Exploring, e-mail, free software, chat, video, e-business, information, games Explored by humans. Internet Security Concepts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Basic Internet Security Concepts' - stone-holden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
basic internet security concepts

Basic Internet Security Concepts

J.W. Ryder

RyderJ@Oneonta.Edu

04-01-98 J.W. Ryder

slide2

Introduction

  • The internet is a vast wilderness, an infinite world of opportunity
  • Exploring, e-mail, free software, chat, video, e-business, information, games
  • Explored by humans

04-01-98 J.W. Ryder

internet security concepts
Internet Security Concepts
  • Introduction of several basic security concepts
  • General mechanisms for protection

04-01-98 J.W. Ryder

sniffing and spoofing
Sniffing and Spoofing
  • [1]
  • Sniffing
    • The ability to inspect IP Datagrams which are not destined for the current host.
  • Spoofing
    • After sniffing, create malicious havoc on the internet

04-01-98 J.W. Ryder

slide5

1

Unprotected Internet node

Private Network node

Gabrielle

Poirot (C)

Secure Gateway node

A Guy

Bank

(I)

Steve

Burns

(C)

Sears

Wall Street

(N)

A Guy’s

Swiss

Bank

Ramon

Sanchez

(A)

04-01-98 J.W. Ryder

a guy has no integrity
A Guy has no integrity
  • Swiss Bank Scam
  • Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

04-01-98 J.W. Ryder

ramon springs for sound
Ramon springs for sound
  • Sears solid state stereos
  • Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

04-01-98 J.W. Ryder

a guy sniffs success
A guy sniffs success
  • Gabrielle and Steve almost strike it rich
  • Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

04-01-98 J.W. Ryder

wall street woes
Wall Street Woes
  • A guy spots a hot stock tip
  • Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

04-01-98 J.W. Ryder

a guy becomes desperate
A guy becomes desperate
  • Bring Wall St. to its knees
  • Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

04-01-98 J.W. Ryder

slide11

2

One Way

Hash

Functions

(MD5,

SHA1)

Application

In

Comm.

Stack

Key

Mgmt.

Functions

IP

Crypto

Functions

(DES,

CDMF,

3DES)

Physical Adapter

04-01-98 J.W. Ryder

protocol flow
Protocol Flow
  • [2, 3]
  • Through layers, each layer has a collection of responsibilities
  • ISO OSI Reference Model - (Open Systems Interconnection)
  • IP Datagram

04-01-98 J.W. Ryder

slide13

3

IP Hdr.

Data

IP Datagram

Data

MAC Fn

Digest

MAC Function

IP Hdr.

Data

Digest

Integrity

04-01-98 J.W. Ryder

slide14
Keys
  • Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication
  • The longer the better - 40, 48, 56, 128
  • Brute force attacks can win with small keys

04-01-98 J.W. Ryder

symmetric keys
Symmetric Keys
  • Have qualities such as life times, refresh rates, etc.
  • Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

04-01-98 J.W. Ryder

asymmetric
Asymmetric
  • Public / Private key pairs
  • Public key lists kept on well known public key servers
  • Public key is no secret. If it is, the strategy will not work.
  • Public and Private keys inverse functional values
  • Private key is only known to you and must remain secret

04-01-98 J.W. Ryder

concept
Concept
  • Sender encrypts data with private key
  • Receiver decrypts data with public key
  • Receiver replies after encrypting with public key
  • Sender receives response and decrypts with private key

04-01-98 J.W. Ryder

slide18

4

Data

Crypto Fn.

Encrypted

Data

Key

Encryption Function

Encrypted

Data

IP Hdr.

Confidentiality

04-01-98 J.W. Ryder

slide19

5

Encrypted

Data

Crypto Fn.

Data

Key

Decryption Function

Data

Confidentiality

04-01-98 J.W. Ryder

slide20
MACs
  • Message Authentication Codes, One Way Hashing Functions
  • A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that
    • h (M1) = h (M2)
  • MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST)
  • MD5 yields a 128 bit digest [3]

04-01-98 J.W. Ryder

slide21
DES
  • Data Encryption Standard
  • U.S. Govt. Standard
  • 56 bit key - originally 128 bits
  • Absolute elimination of exhaustive search of key space
  • U.S. Security Agency Request - Reduce to 56 bits
  • Export CDMF (40 bits)
  • Keys are secrets to algorithms, not algorithms themselves [4, 5]

04-01-98 J.W. Ryder

slide22

Encrypted

Data

IP Hdr.

Digest

Confidentiality & Integrity

Digital

Signature

(Enc. Digest)

Encrypted

Data

IP Hdr.

Confidentiality, Integrity,

& Authentication

04-01-98 J.W. Ryder

slide23

Data

CF

EM

DS

MAC

Key

Digest

MAC_Time < CF _Time

Why would a guy prefer a Digital Signature over a Keyed Digest ? Why not?

What types of Security are provided with EM, DS, Digest, Keyed Digest?

Keyed

Digest

04-01-98 J.W. Ryder

slide24

No Security

Integrity

Confidentiality

Conf. & Integrity

Integrity & Auth.

Conf., Int., & Auth.

Integrity & Auth.

Conf., Int., & Auth.

Msg

Msg

MD

EM

EM

MD

Msg

DS

EM

DS

Msg

KD

EM

KD

04-01-98 J.W. Ryder

slide25

Purpose

  • Some ideas on Internet Security
  • Classes of mischief on Internet, definitions
  • Tools to fight mischief
  • Combinations of these tools

04-01-98 J.W. Ryder

purpose continued
Purpose continued
  • Very high level
  • Good starting point for further study about
  • General networking & strategies
  • Cryptography
  • Key Management
  • Algorithm Analysis

04-01-98 J.W. Ryder

post presentation results
Post Presentation Results
  • Should be familiar with concepts & terms such as
    • Integrity, Authentication, Non-repudiation, Confidentiality
    • Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram
    • High level understanding of some methods to combat some the above types of Internet mischief

04-01-98 J.W. Ryder