Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

computer architecture.ppt

Download as PPT, PDF
Pandiya Rajan
Pandiya Rajan

This document provides an overview of network security for a course, including discussing cryptography algorithms and protocols, network security applications and tools, system security issues, and standards for internet security. The course will cover topics such as encryption, digital signatures, key exchange, and network security protocols and applications. Students will complete homework assignments, projects implementing cryptography and a secure messaging system, and exams.

1 of 28
1 Network Security Chase Q. Wu New Jersey Institute of Technology Oak Ridge National Laboratory https://web.njit.edu/~chasewu Email: chase.wu@njit.edu wuqn@ornl.gov
Cyber Security 2
3 About This Course Textbook: 1. Network Security Essentials: Applications and Standards, 3rd Ed. William Stallings 2. Cryptography and Network Security: Principles and Practices, 4th Ed. William Stallings Contents: 1. Cryptography – Algorithms and protocols – Conventional and public key-based encryption, hash func, digital signatures, and key exchange 2. Network security applications – Applications and tools – Kerberos, X.509v3 certificates, PGP, S/MIME, IP security, SSL/TLS, SET, and SNMPv3 3. System security – System-level issues – Intruders, viruses, worms, DOS
4
5 Coursework Components Homework: – After each chapter Projects: – Cryptography (RSA implementation) – A secure instant messenger system Exams: Comprehensive in English Do I have a TA to help with the class?
6 Chapter 1 – Introduction … teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu 故用兵之法,无恃其不来,恃吾有以待也;无 恃其不攻,恃吾有所不可攻也。 —《孙子兵法 · 九变篇》
7 Outline • Background • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
8 Background • Information Security requirements have changed in recent times – Traditionally provided by physical and administrative mechanisms – Many daily activities have been shifted from physical world to cyber space • Use of computers – Protect files and other stored information • Use of networks and communications links – Protect data during transmission • The focus of many funding agencies in US – DOD, NSF, DHS, etc. – ONR: game theory for cyber security
9 Definitions • Computer Security – Generic name for the collection of tools designed to protect data and to thwart hackers • Network Security – Measures to protect data during their transmission • Internet Security (our focus!) – Measures to protect data during their transmission over a collection of interconnected networks
10 Security Trends
11 OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” – A systematic way of defining and providing security requirements – Provides a useful, if abstract, overview of concepts we will study ITU-T: International Telecommunication Union Telecommunication Standardization Sector OSI: Open Systems Interconnection
12 3 Aspects of Info Security • Security Attack – Any action that compromises the security of information. • Security Mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service – A service that enhances the security of data processing systems and information transfers. • Makes use of one or more security mechanisms.
13 Security Attacks • Threat & attack – Often used equivalently • There are a wide range of attacks – Two generic types of attacks • Passive • Active
14 Security Attack Classification
15 Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
16 3 Primary Security Goals Fundamental security objectives for both data and information/computing services
17
18 Security Services X.800 – A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
19 Security Mechanism • Features designed to detect, prevent, or recover from a security attack • No single mechanism that will support all services required • One particular element underlies many of the security mechanisms in use: – Cryptographic techniques – Hence we will focus on this topic first
20 Security Mechanisms (X.800) • Specific security mechanisms: – Encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • Pervasive security mechanisms: – Trusted functionality, security labels, event detection, security audit trails, security recovery
21 Model for Network Security
22 Model for Network Security Using this model requires us to: 1. design a suitable algorithm for the security transformation (message de/encryption) 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information (keys) 4. specify a protocol enabling the principals to use the transformation and secret information for a security service (e.g. ssh)
23 Model for Network Access Security
24 Model for Network Access Security Using this model requires us to implement: 1. Authentication  select appropriate gatekeeper functions to identify users 2. Authorization  implement security controls to ensure only authorized users access designated information or resources Trusted computer systems may be useful to help implement this model
25 Methods of Defense • Encryption • Software Controls – Limit access in a database or in operating systems – Protect each user from other users • Hardware Controls – Smartcard (ICC, used for digital signature and secure identification) • Policies – Frequent changes of passwords – Recent study shows controversial arguments • Physical Controls
26 Internet standards and RFCs • Three organizations in the Internet society – Internet Architecture Board (IAB) • Defining overall Internet architecture • Providing guidance to IETF – Internet Engineering Task Force (IETF) • Actual development of protocols and standards – Internet Engineering Steering Group (IESG) • Technical management of IETF activities and Internet standards process
27 Internet RFC Publication Standardization Process
28 Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001.

More Related Content

computer architecture.ppt

  • 1. 1 Network Security Chase Q. Wu New Jersey Institute of Technology Oak Ridge National Laboratory https://web.njit.edu/~chasewu Email: chase.wu@njit.edu wuqn@ornl.gov
  • 3. 3 About This Course Textbook: 1. Network Security Essentials: Applications and Standards, 3rd Ed. William Stallings 2. Cryptography and Network Security: Principles and Practices, 4th Ed. William Stallings Contents: 1. Cryptography – Algorithms and protocols – Conventional and public key-based encryption, hash func, digital signatures, and key exchange 2. Network security applications – Applications and tools – Kerberos, X.509v3 certificates, PGP, S/MIME, IP security, SSL/TLS, SET, and SNMPv3 3. System security – System-level issues – Intruders, viruses, worms, DOS
  • 4. 4
  • 5. 5 Coursework Components Homework: – After each chapter Projects: – Cryptography (RSA implementation) – A secure instant messenger system Exams: Comprehensive in English Do I have a TA to help with the class?
  • 6. 6 Chapter 1 – Introduction … teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu 故用兵之法,无恃其不来,恃吾有以待也;无 恃其不攻,恃吾有所不可攻也。 —《孙子兵法 · 九变篇》
  • 7. 7 Outline • Background • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
  • 8. 8 Background • Information Security requirements have changed in recent times – Traditionally provided by physical and administrative mechanisms – Many daily activities have been shifted from physical world to cyber space • Use of computers – Protect files and other stored information • Use of networks and communications links – Protect data during transmission • The focus of many funding agencies in US – DOD, NSF, DHS, etc. – ONR: game theory for cyber security
  • 9. 9 Definitions • Computer Security – Generic name for the collection of tools designed to protect data and to thwart hackers • Network Security – Measures to protect data during their transmission • Internet Security (our focus!) – Measures to protect data during their transmission over a collection of interconnected networks
  • 11. 11 OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” – A systematic way of defining and providing security requirements – Provides a useful, if abstract, overview of concepts we will study ITU-T: International Telecommunication Union Telecommunication Standardization Sector OSI: Open Systems Interconnection
  • 12. 12 3 Aspects of Info Security • Security Attack – Any action that compromises the security of information. • Security Mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service – A service that enhances the security of data processing systems and information transfers. • Makes use of one or more security mechanisms.
  • 13. 13 Security Attacks • Threat & attack – Often used equivalently • There are a wide range of attacks – Two generic types of attacks • Passive • Active
  • 15. 15 Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
  • 16. 16 3 Primary Security Goals Fundamental security objectives for both data and information/computing services
  • 17. 17
  • 18. 18 Security Services X.800 – A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
  • 19. 19 Security Mechanism • Features designed to detect, prevent, or recover from a security attack • No single mechanism that will support all services required • One particular element underlies many of the security mechanisms in use: – Cryptographic techniques – Hence we will focus on this topic first
  • 20. 20 Security Mechanisms (X.800) • Specific security mechanisms: – Encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • Pervasive security mechanisms: – Trusted functionality, security labels, event detection, security audit trails, security recovery
  • 22. 22 Model for Network Security Using this model requires us to: 1. design a suitable algorithm for the security transformation (message de/encryption) 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information (keys) 4. specify a protocol enabling the principals to use the transformation and secret information for a security service (e.g. ssh)
  • 23. 23 Model for Network Access Security
  • 24. 24 Model for Network Access Security Using this model requires us to implement: 1. Authentication  select appropriate gatekeeper functions to identify users 2. Authorization  implement security controls to ensure only authorized users access designated information or resources Trusted computer systems may be useful to help implement this model
  • 25. 25 Methods of Defense • Encryption • Software Controls – Limit access in a database or in operating systems – Protect each user from other users • Hardware Controls – Smartcard (ICC, used for digital signature and secure identification) • Policies – Frequent changes of passwords – Recent study shows controversial arguments • Physical Controls
  • 26. 26 Internet standards and RFCs • Three organizations in the Internet society – Internet Architecture Board (IAB) • Defining overall Internet architecture • Providing guidance to IETF – Internet Engineering Task Force (IETF) • Actual development of protocols and standards – Internet Engineering Steering Group (IESG) • Technical management of IETF activities and Internet standards process
  • 28. 28 Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001.