Basic Internet Security Concepts

  • Uploaded by: akirank1
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Basic Internet Security Concepts as PDF for free.

More details

  • Words: 1,111
  • Pages: 29
Basic Internet Security Concepts

© MMII JW Ryder

CS 428 Computer Networking

1

Purpose • • • •

Some ideas on Internet Security Classes of mischief on Internet, definitions Tools to fight mischief Combinations of these tools

© MMII JW Ryder

CS 428 Computer Networking

2

Purpose continued      

Very high level Good starting point for further study about General networking & strategies Cryptography Key Management Algorithm Analysis

© MMII JW Ryder

CS 428 Computer Networking

3

Introduction • The Internet is a vast wilderness, an infinite world of opportunity • Exploring, e-mail, free software, chat, video, e-business, information, games • Explored by humans

© MMII JW Ryder

CS 428 Computer Networking

4

Internet Security Concepts 



Introduction of several basic security concepts General mechanisms for protection

© MMII JW Ryder

CS 428 Computer Networking

5

Sniffing and Spoofing  

[1] Sniffing 



The ability to inspect IP Datagrams which are not destined for the current host.

Spoofing 

After sniffing, create malicious havoc on the internet

© MMII JW Ryder

CS 428 Computer Networking

6

Private Network node Secure Gateway node

Unprotected Internet node A Guy

Gabrielle Poirot (C)

1

Bank (I)

Sears

Steve Burns (C) Wall Street (N)

© MMII JW Ryder

Ramon Sanchez (A)

A Guy’s Swiss Bank CS 428 Computer Networking

7

A Guy has no Integrity  

Swiss Bank Scam Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit

© MMII JW Ryder

CS 428 Computer Networking

8

Ramon springs for sound  

Sears solid state stereos Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender

© MMII JW Ryder

CS 428 Computer Networking

9

A guy sniffs success  

Gabrielle and Steve almost strike it rich Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data.

© MMII JW Ryder

CS 428 Computer Networking

10

Wall Street Woes  

A guy spots a hot stock tip Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram

© MMII JW Ryder

CS 428 Computer Networking

11

A guy becomes desperate  

Bring Wall St. to its knees Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service

© MMII JW Ryder

CS 428 Computer Networking

12

One Way Hash Functions (MD5,SHA1)

Application

2

In Comm. Stack Key Mgmt. Functions

IP

Crypto Functions (DES, CDMF, 3DES) © MMII JW Ryder

Physical Adapter

CS 428 Computer Networking

13

Protocol Flow  





[2, 3] Through layers, each layer has a collection of responsibilities ISO OSI Reference Model - (Open Systems Interconnection) IP Datagram

© MMII JW Ryder

CS 428 Computer Networking

14

3 IP Hdr.

Data

IP Datagram Data

MAC Fn

Digest

MAC Function IP Hdr.

Data

Digest

Integrity © MMII JW Ryder

CS 428 Computer Networking

15

Keys 

 

Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication The longer the better - 40, 48, 56, 128 Brute force attacks can win with small keys

© MMII JW Ryder

CS 428 Computer Networking

16

Symmetric Keys 



Have qualities such as life times, refresh rates, etc. Symmetric - Keys that are shared secrets on N cooperating, trusted hosts

© MMII JW Ryder

CS 428 Computer Networking

17

Asymmetric  



 

Public / Private key pairs Public key lists kept on well known public key servers Public key is no secret. If it is, the strategy will not work. Public and Private keys inverse functional values Private key is only known to you and must remain secret

© MMII JW Ryder

CS 428 Computer Networking

18

Concept   



Sender encrypts data with private key Receiver decrypts data with public key Receiver replies after encrypting with public key Sender receives response and decrypts with private key

© MMII JW Ryder

CS 428 Computer Networking

19

4 Data

Crypto Fn.

Encrypted Data

Key

Encryption Function IP Hdr.

Encrypted Data

Confidentiality © MMII JW Ryder

CS 428 Computer Networking

20

5 Encrypted Data

Crypto Fn.

Data

Key

Decryption Function Data

© MMII JW Ryder

Confidentialit y CS 428 Computer Networking

21

MACs 



Message Authentication Codes, One Way Hashing Functions A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that 





h (M1) = h (M2)

MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST) MD5 yields a 128 bit digest [3]

© MMII JW Ryder

CS 428 Computer Networking

22

DES       

Data Encryption Standard U.S. Govt. Standard 56 bit key - originally 128 bits Absolute elimination of exhaustive search of key space U.S. Security Agency Request - Reduce to 56 bits Export CDMF (40 bits) Keys are secrets to algorithms, not algorithms themselves [4, 5]

© MMII JW Ryder

CS 428 Computer Networking

23

IP Hdr.

Encrypted Data

Confidentiality & Integrity Encrypted IP Hdr. Data

Digest

Digital Signature (Encrypted Digest)

Confidentiality, Integrity, & Authentication © MMII JW Ryder

CS 428 Computer Networking

24

Data

CF

EM DS

Key

MAC Digest

MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest? Why not?

Keyed Digest

What types of Security are provided with EM, DS, Digest, Keyed Digest? © MMII JW Ryder

CS 428 Computer Networking

25

No Security

Msg Msg

MD

Confidentiality

EM EM Msg EM

© MMII JW Ryder

Integrity

MD DS DS

Msg

KD

EM

KD

Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth.

CS 428 Computer Networking

26

Post Presentation Results 

You should be familiar with concepts & terms such as 





Integrity, Authentication, Non-repudiation, Confidentiality Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram High level understanding of some methods to combat some the above types of Internet mischief

© MMII JW Ryder

CS 428 Computer Networking

27

One-Way Hashing Function Demo 

Show MD5 example

© MMII JW Ryder

CS 428 Computer Networking

28

Sniffers  

Threads comment Show Sniffer.java

© MMII JW Ryder

CS 428 Computer Networking

29

Related Documents

Basic Concepts
May 2020 19
Basic Concepts
May 2020 17
Basic Concepts
May 2020 22
Basic Concepts
June 2020 20
Basic Concepts
December 2019 30

More Documents from "puneet"

Javascript
May 2020 19
Ch8 Structures
April 2020 24
Ch4 Functions
April 2020 24
Cold Fusion Ii
May 2020 21