Network Security - Computer Engineering, Chulalongkorn University

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

89 εμφανίσεις

Krerk Piromsopa.

Network Security

Krerk Piromsopa.

Department of Computer Engineering.

Chulalongkorn University.

Krerk Piromsopa.

Network Security


Communicate securely.


Secrecy (Understand only by the sender and intended)


Authentication (Confirm Identity of other party involved)


Message integrity (The message is not altered)


Passive Intruder, Active Intruder


Both party might be Routers, applications, etc..


LAN.


Packet sniffer (Ethernet promiscuous mode)

Krerk Piromsopa.

Secrecy (Encryption)


Symmetric Key Cryptography


Caesar cipher


DES (Data Encryption Standard)


Public Key Encryption


RSA algorithm (Ron Rivest, Adi Shamir, and Leonard Adleman)


Krerk Piromsopa.

Authentication


Digital Signature


Key Distribution and Certification (KDC)


Certification Authority (CA)


Krerk Piromsopa.

Protocols


PGP


S/MIME


SSL


SET


IPsec


AH(Authentication Header)


ESP

Krerk Piromsopa.

Secure sockets layer (SSL)

Client

Server

Browse secure page

Send server’s CA

Got server’s Public Key

Make Random
symmetic key and
encrypts using
server’s Public Key

Got symmetric key

Krerk Piromsopa.

SSL

Krerk Piromsopa.

Secure Email


Public Key encryption


inefficient for long messages
(attachments,images, audio,
video)


Symmetric key session



Hash function and digital
signatures



PGP


S/MIME

Krerk Piromsopa.

PGP


PGP (short for Pretty Good Privacy), created by Philip Zimmermann, is the de
facto standard program for secure e
-
mail and file encryption on the Internet. Its
public
-
key cryptography system enables people who have never met to secure
transmitted messages against unauthorized reading and to add digital
signatures to messages to guarantee their authenticity. Why do we need PGP?
E
-
mail sent over the Internet is more like paper mail on a postcard than mail in
a sealed envelope. It can easily be read, or even altered, by anyone with
privileged access to any of the computers along the route followed by the mail.
Hackers can read and/or forge e
-
mail. Government agencies eavesdrop on
private communications.



Krerk Piromsopa.

Secure electronic transaction (SET)


Developed by Visa and MasterCard in Feb 1996


three software components


Browser wallet


Merchant server


Acquirer gateway

Krerk Piromsopa.

IPsec


Authentication Header (AH)


Provides source host
identification and data integrity


not secrecy


RFC 2402


AH header includes


Next Header field


Security Parameter Index


Sequence Number


Authentication Data (digital
signature)




Encapsulation Security
Payload (ESP)


Encrypt IP Datagram


RFC 2406

Krerk Piromsopa.

Firewalls


Benefits


Prevent intruders from interfering with the daily operation of the
internal network. Denail
-
of
-
service attack (SYN flooding)


Prevent intruders from deleting or modifying information stored
within the internal network.


Prevent intruders from obtaining secret information.


Packet Filtering


Source/Destination IP address, TCP and UDP Source/Destination
Port, ICMP message type, TCP SYN and ACK


Application Gateways


Provide services for limit number of user.

Krerk Piromsopa.

Firewalls

Krerk Piromsopa.

Firewalls

Krerk Piromsopa.

VPN

Krerk Piromsopa.

Microsoft Passport


Single
-
Sign
-
On

Krerk Piromsopa.

Microsoft Passport Risk


DNS attacks


Active attacks

Krerk Piromsopa.

EC investigates MS Passport's Privacy



The European Commission is studying Microsoft's
Passport system to ensure that the sign
-
on software
complies with security and privacy requirements


An EC working party has questioned whether the Passport
system breaks the European Union
-
US Safe Harbour
agreement on data protection, which restricts the migration
of personal data beyond the control of computer users to
other countries.



Source: Computer Weekly, 20 August 2002

Krerk Piromsopa.

Reference


Firewall Figures from
http://www.firewalls.pl/


http://www.setco.org/


http://avirubin.com/passport.html


http://www.usabilitynews.com/news/article644.asp