1 Week 1: Introduction & Symmetric Cryptographic.
-
date post
21-Dec-2015 -
Category
Documents
-
view
221 -
download
1
Transcript of 1 Week 1: Introduction & Symmetric Cryptographic.
![Page 1: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/1.jpg)
1
Week 1:Introduction & Symmetric Cryptographic
![Page 2: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/2.jpg)
2
Technology and applications play a big role on community services and security aspects
![Page 3: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/3.jpg)
3
First, Let us look at the Evolution of Communications
Extracted from : Next Generation Home Networks: Driving a New Society?
Consumer Market
![Page 4: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/4.jpg)
4
• The start of the Internet for masses using dial-up:
• Phone line is shared between the PC and the phone– Emergence of the ISP concept
with AOL,…
• New concept:• Content available to everybody
• First Internet boom: • “New economy concept”
Modem
Phone Line28 – 56kbps
Extracted from : Next Generation Home Networks: Driving a New Society?
80-90s: A New World Called Internet
Consumer Market
![Page 5: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/5.jpg)
5
2000 – 2003: The Beginning of the Always-On Concept
• Emergence of the ADSL technology:– Higher bandwidth than dial-up:
typically 64k to 384kbps– “Always on” concept; i.e., no busy
signal
• Device per service– One phone– One PC
ADSL64 – 384 kbps
Extracted from : Next Generation Home Networks: Driving a New Society?
Consumer Market
![Page 6: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/6.jpg)
6
xDSL20+ Mbps
• Emergence of the new DSL and xPON technologies:– Higher bandwidth than ADSL:
typically 20Mbps per home
• First signs of home networks with the digitalization of the Home:– Digital Camera, Camcorder,
Playstation, DVD, iPOD…
Extracted from : Next Generation Home Networks: Driving a New Society?
2003 – 2005: Emergence of Basic Home Networks and Triple Play Services
Consumer Market
![Page 7: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/7.jpg)
7
2005 – 2015: The Digital Connected Home
• Many multi-service devices in the home:– All using IP as a foundation
• Virtualization of Content: – Access content anywhere/anytime,
whether it is home-based (Personal) or network-based (Public)
• Communications and Entertainment
Extracted from : Next Generation Home Networks: Driving a New Society?
Consumer Market
![Page 8: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/8.jpg)
8
Example of Network Infrastructure
Residential Gateway (RG)
Broadband Termination Unit (BTU)
BTU
![Page 9: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/9.jpg)
9
Example of Network Infrastructure
![Page 10: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/10.jpg)
10
Applications over Network
![Page 11: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/11.jpg)
11
DATA (D) VOICE (V)
IMAGE (I)
Services
DI IV
DV
DIV
![Page 12: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/12.jpg)
12
Services
![Page 13: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/13.jpg)
13
What are we facing?
![Page 14: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/14.jpg)
14
Unwanted visitorsUnwanted visitors
14
Safeguarding assets is responsibility of usersThreat agent may also place value on the assetSuch vulnerability may be exploited by threat agentCountermeasures are imposed to reduce vulnerability
Countermeasures U ser
ThreatAgents
VulnerabilitiesAssets
![Page 15: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/15.jpg)
15
Multiple AttackMultiple Attack
15
Countermeasures
U ser
ThreatAgents
AssetsVulnerabilities
![Page 16: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/16.jpg)
16
ObjectivesObjectives
16
OutdoorOutdoor OfficeOfficeHomeHome
Security Policy Level
![Page 17: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/17.jpg)
17
Security mechanism is embedded on technology.Security use in daily basis.
![Page 18: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/18.jpg)
18
Security use in daily basis 1 - biometric
![Page 19: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/19.jpg)
19
Security use in daily basis 2 - Business
![Page 20: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/20.jpg)
20
Security use in daily basis 3 – Voice Communication
![Page 21: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/21.jpg)
21
Security use in daily basis 4 – Integration Operation
![Page 22: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/22.jpg)
22
Security use in daily basis 5 – Operating System
![Page 23: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/23.jpg)
23
Security use in daily basis 6 – WEB
![Page 24: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/24.jpg)
24
Let me share with you on OSI layers and
Internet layers
![Page 25: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/25.jpg)
25
Seventh layers OSI Model
Physical
Network
Data Link
Transport
Session
Presentation
Application
Bits
Packets
Frames
Segments
Presentation
Application
Network
Data Link
Session
Presentation
Application
Media, Signal and binary transmission
Path determination and logicaladdressing (IP)
Physical addressing (MAC & LLC)
End-to-end communications andreliability (TCP)
Interhost communication
Data representation and encryption
Network process to application
Data
MediaLayers
Data Unit
Application
Layer
Application
Function
Network process to application
HostLayers
OSI Model
Presentation
![Page 26: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/26.jpg)
26
Five Layers TCP/IP Model
Ethernet physical layer • ISDN • Modems • PLC • SONET/SDH • G.709 • Wireless •
Presentation
ApplicationDHCP • DNS • FTP • Gopher • HTTP • IMAP4 • IRC • NNTP • XMPP • MIME • POP3 • SIP • SMTP • SNMP • SSH • TELNET • RPC • RTP • RTCP • TLS/SSL •
SDP • SOAP • VPN • PPTP • L2TP • GTP •
TCP • UDP • DCCP • SCTP •
IP (IPv4 • IPv6) • IGMP • ICMP • RSVP • BGP • RIP • OSPF • ISIS • IPsec • ARP • RARP •
802.11 • ATM • DTM • Ethernet • FDDI • Frame Relay • GPRS • EVDO • HSPA • HDLC • PPP •
Physical
Internet
Data Link
Transport
Application
![Page 27: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/27.jpg)
27
Hexadecimal dump of the Packet
• Hexadecimal Dump of the Packet
• 0: 00e0 f726 3fe9 0800 2086 354b 0800 4500 ..÷&?... .5K..E.
• 16: 0028 08b9 4000 ff06 999a 8b85 d96e 8b85 .([email protected]..
• 32: e902 9005 0017 7214 f115 9431 1028 5010 ......r....1.(P.• 48: 2238 1c80 0000 "8....
![Page 28: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/28.jpg)
28
Packet Decode
• ETHER: ----- Ether Header -----• ETHER:• ETHER: Packet 5 arrived at 17:37:23.94• ETHER: Packet size = 54 bytes• ETHER: Destination = 0:e0:f7:26:3f:e9, CISCO
Router• ETHER: Source = 8:0:20:86:35:4b, Sun• ETHER: Ethertype = 0800 (IP)• ETHER:
![Page 29: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/29.jpg)
29
Packet Decode
IP: ----- IP Header -----IP:IP: Version = 4IP: Header length = 20 bytesIP: Type of service = 0x00 (normal)IP: Total length = 40 bytesIP: Identification = 2233IP: Flags = 0x4IP: .1.. .... = do not fragmentIP: ..0. .... = last fragmentIP: Fragment offset = 0 bytesIP: Time to live = 255 seconds/hopsIP: Protocol = 6 (TCP)IP: Header checksum = 999aIP: Source address = 139.133.217.110, clientIP: Destination address = 139.133.233.2, server.abdn.ac.ukIP: No optionsIP:
![Page 30: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/30.jpg)
30
Packet Decode
TCP: ----- TCP Header -----TCP:TCP: Source port = 36869TCP: Destination port = 23 (TELNET)TCP: Sequence number = 1913975061TCP: Acknowledgement number = 2486243368TCP: Data offset = 20 bytesTCP: Flags = 0x10TCP: ..0. .... = No urgent pointerTCP: ...1 .... = AcknowledgementTCP: .... 0... = No pushTCP: .... .0.. = No resetTCP: .... ..0. = No SynTCP: .... ...0 = No FinTCP: Window = 8760TCP: Checksum = 0x1c80TCP: Urgent pointer = 0TCP: No options
![Page 31: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/31.jpg)
31
Five Layers TCP/IP Model
TCP/IP Fundamentals
Connection-oriented and connectionless services
The TCP/IP layers
Differences between OSI and TCP/IP models
![Page 32: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/32.jpg)
32
Connection-Oriented Services
• Connection-oriented service modeled after the telephone system– To talk to someone, pick up a phone, dial the
number, talk and disconnect• Similarly, in a network, the service user will– Establish a connection– Use the connection– Release the connection– The sender, receiver and the network may
conduct a negotiation about data transfer speed, maximum message size, etc
![Page 33: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/33.jpg)
33
Connection-Oriented Services
• Connection-oriented service is used when reliability is important– E.g., for file transfer, we want that all bits arrive
correctly and in the order they were sent
![Page 34: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/34.jpg)
34
Connectionless Services
• Connectionless service modeled after the postal system– Each message (letter) carries the full destination address– Each message is routed through the system independent
of all others– If two messages are sent to the same destination,
normally the first one to be sent should arrive first. But it is possible that the second message arrives first
![Page 35: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/35.jpg)
35
TCP/IP Protocol Suite• TCP / IP – Transmission Control Protocol / Internet Protocol• Developed prior to the OSI model• Layers of TCP/IP do not match exactly with those in the OSI
model• Used in the Internet• Ability to connect multiple networks in a seamless way was one
of the major design goals which led to development of TCP / IP
![Page 36: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/36.jpg)
36
TCP/IP Protocol Suite• TCP / IP – refers to a collection of data communication protocols
• This name TCP/IP is misleading because TCP and IP are only two of the many protocols that compose the suite
• TCP / IP has its origins in the work done by the US Department of Defense.
![Page 37: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/37.jpg)
37
TCP / IP Suite
• The TCP / IP suite does not define any specific protocols at the data link and physical layers
![Page 38: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/38.jpg)
38
Application Layer• The Application layer is equivalent to the combined OSI
Session, Presentation, and Application layers
• All the functions handled by these 3 layers in the OSI model are handled by the Application layer in TCP / IP model
![Page 39: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/39.jpg)
39
Application Layer
This layer contains all the higher-level protocolsFTP – File Transfer Protocol – basic file transfer between hosts (computers)SMTP – Simple Mail Transfer Protocol (for email)HTTP – Hyper Text Transfer Protocol (for web browsing)
Data unit created at this layer is called a message
![Page 40: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/40.jpg)
40
Encapsulation of Data
• TCP/IP protocol suite encapsulates data units at various layers of the model
• At the Application layer, the data unit created is called a message.
• The Transport layer adds a header to form either a segment with TCP.
• The Network (or Internet) layer adds another header to form a datagram
![Page 41: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/41.jpg)
41
Encapsulation of Data
• Datagram – A self-contained message unit which contains sufficient information to allow it to be routed from the source to the destination
• The protocol used at the data link layer encapsulates the datagram into a frame and this is transmitted across the transmission medium.
![Page 42: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/42.jpg)
42
Transport Layer - UDP
• This layer is represented by two protocols – TCP and UDP– TCP – Transmission Control Protocol– UDP – User Datagram Protocol
• UDP is simpler but is used when reliability and security are less important than size and speed – such as speech, video
• Since security and reliability are essential for most applications, TCP is used more often
![Page 43: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/43.jpg)
43
Transport Layer - TCP• TCP is a reliable connection-oriented protocol• Allows error-free transmission• Incoming byte stream is fragmented into a number of shorter
messages and these are passed on to the next layer • At the receiving end the TCP reassembles the messages into
an output stream• TCP also handles flow control – to control data transfer rate
![Page 44: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/44.jpg)
44
Transport Layer - TCP
• A connection must be established between the sender and the receiver before transmission begins
• TCP creates a circuit between sender and receiver for the duration of the transmission
• TCP begins each transmission by alerting the receiver that segments are on their way (connection establishment).
• Each transmission is ended with connection termination
![Page 45: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/45.jpg)
45
Transport Layer - TCP
• Each segment created by TCP includes – A sequencing number for re-ordering after receipt. – An acknowledgement ID number – Source address– Destination address– Checksum – for error detection– Data– And other fields
![Page 46: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/46.jpg)
46
Internetwork or Network LayerAlso referred to as Network Layer or Internetwork LayerInternetwork Protocol (IP) is an unreliable and connectionless protocolIt offers a best–effort delivery service
No error checkingIP does its best to get a transmission through to its destination but with no guaranteesNoise can cause bit errors during transmissionDatagrams maybe discarded due to timeout errorsExample of best-effort delivery service is: post-office
![Page 47: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/47.jpg)
47
Internetwork or Network Layer
IP transports data in packets called datagramsEach datagram is transported separatelyDatagrams can be of variable lengths (up to 64 KB)Datagrams may travel along different routes and may arrive out of sequenceIP does not keep track of the routesIP does not have the facility to reorder datagrams once they arriveA datagram contains a header and dataThe header contains a number of fields including source and destination address
![Page 48: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/48.jpg)
48
Comparison of OSI and TCP/IP Models
• The OSI model makes a clear distinction between services, interfaces and protocols– Each layer performs some service for the layer above it– A layer’s interface tells the processes above it how to
access it. It specifies what the parameters are and what results to expect (somewhat like a function declaration)
– The protocols used in a layer are used to get the job done.
![Page 49: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/49.jpg)
49
Comparison of OSI and TCP/IP Models• The OSI model has 7 layers while the TCP/ IP model has 5
layers• Both have network, transport, and application layers, but the
other layers are different• OSI model supports both connectionless and connection-
oriented communication • TCP/IP supports only connectionless communication
![Page 50: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/50.jpg)
50
Before I explain to you on security layerLet review back the slides that presenting on
“security use in daily basis”
![Page 51: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/51.jpg)
51
What is behind of these applications?
What is a mechanism that make it secure?
![Page 52: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/52.jpg)
52
Security Flows
CryptographyAlgorithm:Symmetric, Asymmetric (i.e.:Cipher, DES, AES)
Protocol
Applications
Protocol:SSL, TLS
Applications:Web, email, any application use security mechanism
* This approach is totally under my knowledge and experience, is not a standard, just to understand the layer concept.
![Page 53: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/53.jpg)
53
Security versus OSI & TCP/IP Model
Physical
Network
Data Link
Transport
Session
Presentation
Application
Physical
Internet
Data Link
Transport
Presentation
Application
Application
OSI TCP/IP
Cryptography
Protocol
Applications
Security
![Page 54: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/54.jpg)
54
Concept
Why we want security?
Let review back the slides that presenting on “security use in daily basis”
![Page 55: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/55.jpg)
55
Intruder
![Page 56: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/56.jpg)
56
Hacking - 1
![Page 57: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/57.jpg)
57
Hacking - 2
DATA CENTER
![Page 58: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/58.jpg)
58
ObjectivesObjectives
58
OutdoorOutdoor OfficeOfficeHomeHome
Security Policy Level
![Page 59: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/59.jpg)
59
Type of Attacks
Passive
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.
Active
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
![Page 60: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/60.jpg)
60
Passive Attack
Read contents of message from Bobto Alice
Release of Message Contents
Observe pattern ofmessages from Bobto Alice
Traffic Analysis
![Page 61: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/61.jpg)
61
Active Attack - 1
Message from Hackerthat appears to be from Bob
Masquerade
Capture message fromBob to Alice; laterreplay message to Alice
Replay*
* An attack in which a service already authorized and completed is forged by another "duplicate request" in an attempt to repeat authorized commands.
![Page 62: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/62.jpg)
62
Active Attack - 2
Modifies message from Bob to Alice
Modification of messages
disrupts service provided by server
Denial of Service
![Page 63: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/63.jpg)
63
Could you explain to me why we need security?
![Page 64: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/64.jpg)
64
Why We Need Security
Privacy
Integrity
Authentication
Nonrepudation
The protection of data from unauthorized disclosure.
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion.
The assurance that the communicating entity is the one that it claims to be.
Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
![Page 65: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/65.jpg)
65
International Standards
Common Criteria for Information Technology Security Evaluation. Part 1-3.Common Criteria for Information Technology Security Evaluation. Part 1-3.
Information technology - Security techniques - Guide for the production of protection profiles and security targets.
Information technology - Security techniques - Guide for the production of protection profiles and security targets.
Information technology - Guidelines for the management of IT Security - Part 1-5Information technology - Guidelines for the management of IT Security - Part 1-5
Information technology - Code of practice for information security management (ISO/IEC 27002)
Information technology - Code of practice for information security management (ISO/IEC 27002)
Federal Information Processing standards publication. FIPS 140-2. Security Requirements for Cryptographic Modules.
Federal Information Processing standards publication. FIPS 140-2. Security Requirements for Cryptographic Modules.
NIST Special Publication 800-57, Recommendation for Key Management .NIST Special Publication 800-57, Recommendation for Key Management .
Information technology – Security techniques. Security assessment of operational systems.
Information technology – Security techniques. Security assessment of operational systems.
DevelopmentDevelopmentDevelopmentDevelopment ManagementManagementManagementManagement
Federal Information Processing standards publication. FIPS 140-3. Security Requirements for Cryptographic Modules.
Federal Information Processing standards publication. FIPS 140-3. Security Requirements for Cryptographic Modules.
Move to
Move to
![Page 66: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/66.jpg)
66
International Standards
We are focus on X.800 security services
![Page 67: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/67.jpg)
67
X.800 Services
• X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
• A clearer definition is found in RFC 2828, which provides the following definition:– a processing or communication service that is provided by a
system to give a specific kind of protection to system resources;
– security services implement security policies and are implemented by security mechanisms.
![Page 68: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/68.jpg)
68
X.800 Services
• Authentication
• Access Control
Five Categories Fourteen Specific Services
The assurance that the communicating entity is the one that it claims to be.
• Peer Entity AuthenticationUsed in association with a logical connection to provide confidence in the identity of the entities connected.
• Data Origin AuthenticationIn a connectionless transfer, provides assurance that the source of received data is as claimed.
The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).
![Page 69: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/69.jpg)
69
X.800 Services
• Data Confidentiality
Five Categories Fourteen Specific Services
The protection of data from unauthorized disclosure.
• Connection Confidentiality The protection of all user data on a
connection.• Connectionless Confidentiality The protection of all user data in a single
data block.• Selective-Field Confidentiality The confidentiality of selected fields within
the user data on a connection or in a single data block.
• Traffic Flow Confidentiality The protection of the information that might
be derived from observation of traffic flows.
![Page 70: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/70.jpg)
70
X.800 Services
• Data Integrity
Five Categories Fourteen Specific Services
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
• Connection Integrity with Recovery Provides for the integrity of all user data on
a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted.
• Connection Integrity without Recovery As above, but provides only detection
without recovery.• Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified.
![Page 71: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/71.jpg)
71
X.800 Services
• Data Integrity
Five Categories Fourteen Specific Services
Selective-Field Connection Integrity Provides for the integrity of selected fields
within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed.
Connectionless Integrity
Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided.
![Page 72: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/72.jpg)
72
X.800 Services
• Nonrepudation
Five Categories Fourteen Specific Services
Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
• Nonrepudiation, OriginProof that the message was sent by the specified party.
• Nonrepudiation, Destination Proof that the message was received by the
specified party.
![Page 73: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/73.jpg)
73
Authentication
X.800
These are the identification and authorization mechanisms used to be certain that the person or computer using the web application is the correct person to be using it.
What It Means
Every time you login to a web page that has your personal data then you are authenticating.
Authentication often means just giving a login and password.
Sometimes it means giving an identification number or even just coming from an acceptable IP Address (white-listing).
Example (WEB)
Example : Goal & Setting
![Page 74: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/74.jpg)
74
Non-repudiation
X.800
A record that proves that the data sent to or from the web application was really sent and where.
What It Means
Although you may not see it, most web applications keep track of purchases you make from a particular IP address using a particular browser on a particular operating system as a record that it was most likely someone on your computer who made that purchase. Without specific “authentication” theycan't guarantee 100% it was you though.
Example (WEB)
Example : Goal & Setting
![Page 75: 1 Week 1: Introduction & Symmetric Cryptographic.](https://reader035.fdocuments.in/reader035/viewer/2022081514/56649d575503460f94a36a7d/html5/thumbnails/75.jpg)
75
Confidentiality A way to assure communication with application cannot be on by another person.
The HTTPS part of interaction with a webapplication provides pretty good confidentiality. It does a decent job of making your web traffic with the web app from being publicly readable.
X.800 What It Means Example (WEB)
Example : Goal & Setting