Download Chapter. 01

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
Document related concepts

Cyberwarfare wikipedia , lookup

Airport security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Cryptanalysis wikipedia , lookup

Distributed firewall wikipedia , lookup

Authentication wikipedia , lookup

Information security wikipedia , lookup

Cryptography wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cyberattack wikipedia , lookup

Wireless security wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Security-focused operating system wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
An Overview
Muhammad Najmul Islam Farooqui
Assistant Professor
Department of Computer Engineering
1





Muhammad Najmul Islam Farooqui (B)
Ms. Roohi Kamal(A)
Mr. Muhammad Naseem (C)
Mr. Hisham Naeem (DE)
Mr. Noman Ali Khan (F)
2
3/4
Theory
Theoretical aspects
of the course
1/4
Practical
Labs
Mid Term Exam
Practical approach
to the course
Labs
3
Marks Distribution
Total 100 points
80
20
Lectures
5
Labs
75
Course Work
2
Assign.
3
Quizzes
14
Exams
15
Mid Term
Weekly Labs
6
Attendance
60
Final Lab1, Lab 2 ……Lab n
4
Course Coverage
5
Week
1.
2.
3.
4.
Topics Covered
Introduction, General discussion about course contents, Historical Review of
Computer Security, Threats and attacks to Data Security, A Generic Model of
Network Security
What is Cryptography & Cryptanalysis, Concepts of Cryptographic Algorithm,
Conventional Cryptographic techniques, Substitution and Transposition,
Cryptanalysis Techniques
Introduction to S-DES, Overview and Mechanism of Encryption in DES, DES
Design Principles
Triple Data Encryption Standard (3-DES), Modes of Operations of Symmetric
Key Algorithms, International Data Encryption Algorithm (IDEA)
Study Ref.
Pg # 31-54
Pg # 55-89
Pg # 90-124
Pg # 217-241, IDEA
Handout
5.
Raijndael Algorithm (The Finalist of AES), Simplified AES, Mechanism of
Encryption in AES
Pg # 171-214
6.
Key Exchange Problem, Key Exchange Approaches using Symmetric Key
algorithm and Need for Public Key Cryptography
Pg # 435- 453
7.
8.
Number Theory, Modular Arithmetic, Euler’s Function and Public Key
Cryptography, Diffie-Hellman Key Exchange Algorithm
Pg # 267-275, 324332
Introduction to RSA, Key Generation and Encryption, Examples, RSA
Applications in Network Security
Pg # 290-331
6
Course Coverage
7
9.
10.
Authentication Functions, Hash Function and its properties, Secure
Hashing Algorithm (SHA),
Digital Signature and Authentication Requirements, Message
Authentication Code, Introduction to Digital Signatures, RSA
Approach, Digital Signature Standard (DSS) and its proof
Pg #351-376,
386-399
Pg # 419-430
11.
Email Security Standards, PGP Certificate and Algorithms, Introduction
to Trust Models
Pg # 591- 599,
636-638
12.
Introduction to IPSec, IPSec Security Model, IPSec modes and
protocols, IPSec Technologies
Pg # 639-662
13.
14.
Introduction to VPNs, VPN Features, Protocols used in VPNs, L2TP,
PPTP
Introduction & History of SSL, SSL in Client-Server Architecture,
Transport Layer Security
Introduction to Firewalls, Components of Firewalls, Types of Firewalls,
15.
16.
Architecture and Policies in Intrusion Detection Systems, Introduction
to Viruses, and Trojans
Final Examination
Lecture Notes
Pg # 509-543
Lecture Notes,
Online Chapter
Lecture Notes,
Online Chapter
8


Text Book
Reference Books
◦ Specific to the course
◦ General to the topic

Internet Sources
9

Cryptography and Network Security:
Principles & Practice (Fifth Edition)
◦ By William Stallings – Prentice Hall Publication
10

Specific to the Course
◦ Handbook of Cryptography
 By Alfred J. Menezese, Paul C. van Orchi
◦ Network Security Essentials, 2nd Edition
 William Stallings, Prentice Hall, 2003
◦ Web Security: A step-by-step Reference Guide
 By Lincoln D. Stein – Addison Wesley Publication
◦ Internet Security Protocols: Protecting IP Traffic
(Low Price Edition)
 By Uyless Black – Pearson Education Asia Publication

General to the Topic
◦ Active Defense: A Comprehensive Guide to
Network Security
 By Chris Brenton & Cameron Hunt
11






http://www.ssuet.edu.pk/~mfarooqui
http://sites.google.com/site/ibrahimmhr
http://www.dcs.ed.ac.uk/home/compsec/
http://www.infosecuritymag.com/
http://www.w3.org/Security/Faq/
http://www.iwar.org.uk/comsec/resources/
security-lecture/
12

Online Access
 http://www.ssuet.edu.pk/courses/ce408/CompSec/

Soft Copy
 http://www.ssuet.edu.pk/courses/ce408/CompSec/

Hard Copy
 Will not be provided
13





Strictly practice your attendance in the class
and labs.
No relaxation, compensation or adjustment in
your attendance.
Be in Uniform (at least in the class)
Preserve the sanity of the class, teachers,
department and the University.
Help us in serving you for a better future.
14

The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources (includes
hardware, software, firmware,
information/data, and telecommunications) is
called Computer Security.
15
Computer security is a heady
concoction of science, technology, and
engineering. A secure system is only
as strong as the weakest link, so each
part of the mix needs to be good.
16

Security
◦ The protection of assets.

Computer Security
◦ Focuses on protecting assets within computer
systems. Just as real-world physical security
systems vary in their security provision (e.g., a
building may be secure against certain kinds of
attack, but not all), so computer security systems
provide different kinds and amounts of security.
17





For some Computer Security is controlling access to
hardware, software and data of a computerized system.
A large measure of computer security is simply keeping
the computer system's information secure.
In broader terms, computer security can be thought of
as the protection of the computer and its resources
against accidental or intentional disclosure of
confidential data, unlawful modification of data or
programs, the destruction of data, software or
hardware.
Computer security also includes the denial of use of
one’s computer facilities for criminal activities including
computer related fraud and blackmail.
Finally, computer security involves the elimination of
weaknesses or vulnerabilities that might be exploited to
cause loss or harm.
18

Why the need for Computer Security?
◦ The value of computer assets and services

What is the new IT environment?
◦ Networks and distributed applications/services
◦ Electronic Commerce (E-commerce, E-business)
19



Most companies use electronic information
extensively to support their daily business
processes.
Data is stored on customers, products,
contracts, financial results, accounting etc.
If this electronic information were to become
available to competitors or to become
corrupted, false or disappear, what would
happen? What would the consequences be?
Could the business still function?
20







“The network is the computer”
Proliferation of networks has increased security
risks much more.
Sharing of resources increases complexity of
system.
Unknown perimeter (linked networks),
unknown path.
Many points of attack.
Computer security has to find answers to
network security problems.
Hence today the field is called Computer and
Network Security.
21
22




Computer fraud in the U.S. alone exceeds $3
billion each year.
Less than 1% of all computer fraud cases are
detected
over 90% of all computer crime goes
unreported.
“Although no one is sure how much is lost to
EFT crime annually, the consensus is that the
losses run in the billions of dollars. Yet few in
the financial community are paying any heed.”
Average computer bank theft amounts to $1.5
million.
23
24
25




Millions of dollars of damage resulted from the
1989 San Francisco earthquake.
The fire at Subang International Airport
knocked out the computers controlling the
flight display system. A post office near the
Computer Room was also affected by the soot
which decommissioned the post office counter
terminals. According to the caretaker, the
computers were not burnt but crashed because
soot entered the hard disks.
Fire, Earthquakes, Floods, Electrical hazards,
etc.
How to prevent?
26






Secrecy
Integrity
Availability
Authenticity
Non-repudiation
Access control
27


Secrecy requires that the information in a
computer system only be accessible for
reading by authorized parties.
This type of access includes:
◦ Printing
◦ Displaying
◦ Other forms of disclosure, including simply
revealing the existing of an object
28


Integrity requires that the computer system
asset can be modified only by authorized
parties.
Modification includes:
◦
◦
◦
◦
◦
Writing
Changing
Changing status
Deleting and
Creating
29


Availability requires that computer system
assets are available to authorized parties.
Availability is a requirement intended to
assure that systems work promptly and
service is not denied to authorized users.
30




Integrity: In lay usage, information has integrity when it is
timely, accurate, complete, and consistent. However,
computers are unable to provide or protect all of these
qualities. Therefore, in the computer security field,
integrity is often discussed more narrowly as having two
data integrity and system integrity.
“Data integrity is a requirement that information and
programs are changed only in a specified and authorized
manner.”
System integrity is a requirement that a system “performs
its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the
system.”
The definition of integrity has been, and continues to be,
the subject of much debate among computer security
experts.
31
Data
Confidentiality
Data
Integrity
Data
Availability
Data
Secure Data
32



Authenticity means that parties in a
information services can ascertain the identity
of parties trying to access information
services.
Also means that the origin of the message is
certain.
Therefore two types:
◦ Principal Authentication
◦ Message Authentication
33




Originator of communications can’t deny it
later.
Without non-repudiation you could place an
order for 1 million dollars of equipment
online and then simply deny it later.
Or you could send an email inviting a friend
to the dinner and then disclaim it later.
Non-repudiation associates the identity of
the originator with the transaction in a nondeniable way.
34







Unauthorized users are kept out of the
system.
Unauthorized users are kept out of places on
the system/disk.
Typically makes use of Directories or Access
Control Lists (ACLs) or Access Control Matrix
Objects: Resources that need to be protected
Subjects: Entities that need access to
resources
Rights: Permissions
Each entry is a triple <subject, object, rights>
35
OBJECT 1
OBJECT 2
OBJECT 3
OBJECT 4
SUBJECT 1
RW
RW
R
X
SUBJECT 2
R
RW
R
R
SUBJECT 3
X
X
RW
RW
SUBJECT 4
R
R
R
RW
SUBJECT N
X
R
R
X
36



For example:
User authentication
used for access
authorization
control purposes in
confidentiality.
Non-repudiation is
combined with
authentication.
Confidentiality
Integrity
Availability
37





A threat is a danger which could affect the
security (confidentiality, integrity, availability)
of assets, leading to a potential loss or
damage.
Interruption
Interception
Modification
Fabrication
38
39
40
An asset of the system is destroyed
or becomes unavailable or unusable.
This is an attack on the availability.
 Examples include destruction of a
piece of hardware, such as a hard
disk, the cutting of a communication
link, or the disabling of the file
management system.
 DOS - Denial of Service Attacks have
become very well known.

41
42





Information disclosure/information leakage
An unauthorized party gains access to an
asset.
This is an attack on confidentiality.
The unauthorized party could be a person, a
program, or a computer.
Examples include:
◦ wiretapping to capture data in a network
◦ the illicit copying of files or programs
43
44




Modification is integrity violation.
An unauthorized party not only gains access
to but tampers with an asset.
This is an attack on the integrity.
Examples include changing values in a data
file, altering a program so that it performs
differently, and modifying the content of a
message being transmitted in a network.
45
46


An unauthorized party inserts counterfeit
objects into the system. This is an attack on
the authenticity.
Examples include the insertion of spurious
messages in a network or the addition of
records to a file.
47
48

Computer Security attacks can be classified
into two broad categories:
◦ Passive Attacks can only observe communications
or data.
◦ Active Attacks can actively modify communications
or data. Often difficult to perform, but very
powerful. Examples include
 Mail forgery/modification
 TCP/IP spoofing/session hijacking
49
50
51



Eavesdropping on or monitoring of
transmission.
The goal of the opponent is to obtain
information that is being transmitted.
Two types:
◦ Release-of-message contents
◦ Traffic Analysis
52


Opponent finds out the contents or the actual
messages being transmitted.
How to protect?
◦ Encryption
◦ Steganography
53




More subtle than release-of-message
contents.
Messages may be kept secret by masking or
encryption but …
The opponent figures out information being
carried by the messages based on the
frequency and timings of the message.
How to protect?
◦ Data/Message Padding
◦ Filler Sequences
54


Difficult to detect because there is no
modification of data.
Protection approach should be based on
prevention rather than detection.
55


Active attacks involve some sort of
modification of the data stream or the
creation of a false stream.
Four sub-categories:
◦
◦
◦
◦
Masquerade
Replay
Modification of Messages
Denial of service
56




An entity pretends to be another.
For the purpose of doing some other form of
attack.
Example a system claims its IP address to be
what it is not, IP spoofing.
How to protect?
◦ Principal/Entity Authentication
57



First passive capture of data and then its
retransmission to produce an unauthorized
effect.
Could be disastrous in case of critical
messages such as authentication sequences,
even if the password were encrypted.
How to protect?
◦ Time stamps
◦ Sequence Numbers
58


Some portion of a legitimate message is
altered or messages are delayed or reordered
to produce an unauthorized effect.
How to protect?
◦ Message Authentication Codes
◦ Chaining
59




Prevents the normal use or management of
communication facilities.
Such attacks have become very common on
the Internet especially against web servers.
On the Internet remotely located hackers can
crash the TCP/IP software by exploiting
known vulnerabilities in various
implementations.
One has to constantly look out for software
updates and security patches to protect
against these attacks.
60



Easy to detect but difficult to prevent.
Efforts are directed to quickly recover from
disruption or delays.
Good thing is that detection will have a
deterrent effect.
61
Interruption
(Denial of Service)
Interception
(Theft)
HARDWARE
Interruption
(Deletion)
Modification
(Malicious Code)
Interruption
(Loss)
Modification
Interception
(Theft)
SOFTWARE
Interception
(Eavesdropping)
DATA
Fabrication
62
63

A protocol is a series of steps, involving two or
more parties, designed to accomplish a task.
◦ Every one involved in a protocol must know the
protocol and all of the steps to follow in advance.
◦ Everyone involved in the protocols must agree to
follow it.
◦ The protocol must be unambiguous; each step must
be well defined and there must be no chance of
misunderstanding.
◦ The protocol must be complete; there must be a
specified action for every possible situation.
◦ It should not be possible to do more or learn more
than what is specified in the protocol.
64










Alice
First participant in all the protocols
Bob
Second participant in all the protocols
Carol
Participant in three- and four-party
protocols
Dave
Participant in four-party protocols
Eve
Eavesdropper
Mallory Malicious active intruder
Trent
Trusted arbitrator
Victor Verifier
Peggy Prover
Walter Warden; he’ll be guarding Alice and
Bob in
some protocols
65
Trent




Arbitrated
Protocols
Adjudicated
Protocols
Self Enforcing
Protocols
Example Protocols
◦ Key Exchange
Protocols
◦ Authentication
Protocols
◦ Time stamping
Service
◦ Digital Cash
Alice
Bob
(a) Arbitrated Protocol
Alice
Bob
Evidence
Evidence
Trent
(After the fact)
(b) Adjudicated Protocol
Alice
Bob
(c) Self-enforcing Protocol
66
Application
Email - S/MIME
Presentation
Session
The further
down you go,
the more
transparent it is
The further up
you go, the
easier it is to
deploy
Application
Presentation
SSL
Transport
Session
Transport
Network
IPSec
Network
Datalink
PPP - ECP
Datalink
Physical
Encrypting
NIC
Physical
PHYSICAL NETWORK
Encrypting
NIC
67





Access control: Protects against unauthorized
use.
Authentication: Provides assurance of
someone's identity.
Confidentiality: Protects against disclosure to
unauthorized identities.
Integrity: Protects from unauthorized data
alteration.
Non-repudiation: Protects against originator
of communications later denying it.
68

Three basic building blocks are used:
◦ Encryption is used to provide confidentiality, can
provide authentication and integrity protection.
◦ Digital signatures are used to provide
authentication, integrity protection, and nonrepudiation.
◦ Checksums/hash algorithms are used to provide
integrity protection, can provide authentication.

One or more security mechanisms are
combined to provide a security
service/protocol.
69



A typical security protocol provides one or
more security services (authentication,
secrecy, integrity, etc.)
Services are built from mechanisms.
Mechanisms are implemented using
algorithms.
Services
(Security Protocols)
SSL
Signatures
DSA
RSA
Encryption
RSA
DES
Hashing
SHA1
MD5
Mechanisms
Algorithms
70
Security Protocols (Services)
Standards-based Security Protocols
SSL
Proprietary Security Protocols
IPSec
PrivateWire
Big Brother
Hashing
Key Exchange
MD-5
SHA-1
Diffie-Hellman
Mechanisms
Encryption
Signature
Algorithms
Symmetric
DES
AES
Asymmetric
RSA
ECC
Asymmetric
DSA
RSA
Symmetric
DESMAC
71



Encryption is a key enabling technology to
implement computer security.
But Encryption is to security like bricks are to
buildings.
In the next module we will study encryption
in detail.
72
Firewalls and Security
Gateways are based on this
model
73
1. Computer security should support the
mission of the organization.
2. Computer security is an integral element of
sound management.
3. Computer security should be cost-effective.
4. Computer security responsibilities and
accountability should be made explicit.
5. System owners have computer security
responsibilities outside their own organizations.
6. Computer security requires a comprehensive
and integrated approach.
7. Computer security should be periodically
reassessed.
8. Computer security is constrained by societal
factors.
74

Determine
where on this
line your
organization
needs lie
Convenience
/ Usability
0
Security

75









Physical security
Encryption
Access control
Automatic call back
Node authentication
Differentiated access
rights
Antivirus software
Public Key
Infrastructure
Firewalls






User authentication
Passwords and
passphrases
Challenge-response
systems
Token or smart cards
Exchange of secret
protocol
Personal
characteristics Biometrics
76
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Database Security
Database Security
security leaflet
security leaflet
Authentication and Access Control
Authentication and Access Control
CH10 E-Commerce Fraud and Security
CH10 E-Commerce Fraud and Security
Course Learning Objectives:
Course Learning Objectives:
61765 Computer Networks I
61765 Computer Networks I
About Environmental Science
About Environmental Science
Introduction to network security
Introduction to network security
Communication Protocols
Communication Protocols
Cleveland State University Department of Electrical and Computer Engineering EEC 484:Computer Networks
Cleveland State University Department of Electrical and Computer Engineering EEC 484:Computer Networks
Network Engineering
Network Engineering