IN3210/4210 Network and Communications Security Seminar ...
Transcript of IN3210/4210 Network and Communications Security Seminar ...
![Page 1: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/1.jpg)
IN3210/4210 Network and Communications Security
Seminar & Review
1 November 2021
![Page 2: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/2.jpg)
IN3210/4210
Seminar
● The seminar will be switched to Zoom!
● Zoom room (login required): https://uio.zoom.us/j/62061912054
● If you need a room at IFI during yourpresentation, please contact us.
2
![Page 3: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/3.jpg)
IN3210/4210
Seminar – Instructions for the speakers
● Name yourself in the Zoom meeting according to the following pattern:
<Number of your talk> <First name> <Last name>
● thus, for example:
S02 John Smith
● (no further spaces, special character etc.)
3
![Page 4: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/4.jpg)
IN3210/4210
Seminar
● Please submit your handout and slides (both as PDF, packed in a ZIP file). Submission deadline: the day before the presentation at 18:00 h.
● https://uio.instructure.com/courses/33328/assignments/62603
● Check the number of your talk in the schedule and name your submission accordingly (e.g. S02-handout.pdf + S02-slide.pdf -> S02.zip)
4
![Page 5: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/5.jpg)
IN3210/4210
Curriculum
● Required
− Lecture slides
− Seminar talks (core ideas)
● Highly recommended
− Reading assignments
− Workshop exercises
− Canvas quizzes
5
![Page 6: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/6.jpg)
IN3210/4210
General knowledge requirements
● understanding the concepts
● security services
● vulnerabilities/threats
● advantages/disadvantages to other security methods
● applications
6
![Page 7: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/7.jpg)
IN3210/4210
Part 0: Introduction
● Security objectives
− CIA
− Authenticity
− Non-repudiation
− Privacy
● Security threats and attacks
7
![Page 8: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/8.jpg)
IN3210/4210
Part 1: Symmetric cryptography
● The one-time pad
● Notions of security
● Symmetric stream ciphers
● Symmetric block ciphers (AES)
● Block cipher modes of operation (ECB, CBC, CTR, GCM)
● Attacks on cryptosystems
8
![Page 9: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/9.jpg)
IN3210/4210
Part 2: Asymmetric Cryptography
● Key exchange
● Asymmetric encryption
● Cryptographic hash functions
● Message authentication codes (MAC)
● Digital signatures
9
![Page 10: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/10.jpg)
IN3210/4210
Part 3: Key-management and entity authentication
● Symmetric key distribution
− Key Distribution Centre (KDC)
− Kerberos (Realm, AS, TGS, TGT, (service) ticket)
− Attacks on Kerberos
− Using asymmetric encryption for distributing symmetric keys
● SAML – detailed knowledge not expected
10
![Page 11: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/11.jpg)
IN3210/4210
Part 4: Certificates and PKI
● Certificates/PKI
− Public-key certificates (X.509)
− PKI
− Certificate Trust
● Certificate/PKI security
− Typical Threats
− CAA
− Certificate Transparency
11
![Page 12: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/12.jpg)
IN3210/4210
Part 5: Transport Layer Security
● TLS
− Architecture, services, and protocols
− Advantages and disadvantages
− TLS Handshake Protocol ▪ Key exchange and authentication
− Perfect Forward Secrecy
− TLS 1.2 vs. 1.3
12
![Page 13: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/13.jpg)
IN3210/4210
Part 6: Domain Name System
● DNS
● DNS cache poisoning
● DNSSEC
● DNS amplification attack
● DoH and DoT
13
![Page 14: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/14.jpg)
IN3210/4210
Part 7: Perimeter security and network segmentation
● Applicability of security design principles to perimeter security and network segmentation
● Network segmentation
● Zero Trust
● Firewalls – types and advantages/limitations
● Information flow control
14
![Page 15: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/15.jpg)
IN3210/4210
Part 8: Security monitoring and detection
● Types/classification of IDSs, advantages and disadvantages
− Network-based and/or host-based
− Signature-based
− Anomaly-based
− Stateful protocol analysis
− Network behaviour analysis / Flow based
● False positives/negatives
● TLS inspection
● (Machine learning for monitoring and detection)
15
![Page 16: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/16.jpg)
IN3210/4210
Part 9: BGP Security
● BGP basics
● BGP router security
● Prefix hijacking and AS Path manipulation
● RPKI
● BGPsec
16
![Page 17: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/17.jpg)
IN3210/4210
Part 10: Email security
● Phishing
● Email tracking
● Spam
● SPF
● DKIM
● DMARC
● S/MIME and PGP
17
![Page 18: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/18.jpg)
IN3210/4210
Part 11: Wireless network security
● Security threats concerning wireless networks and mobile devices
● WEP
● WPA
● 802.11i RSN (WPA2 when used with CCMP)
− RSN architecture
− Port-based access control
− Authentication and key management
− Enterprise (i.e., using Authentication Server/EAP) vs. Personal (i.e., using PSK)
● WPA3 – know main advantages compared to WPA2
18
Know main differences to WPA2
![Page 19: IN3210/4210 Network and Communications Security Seminar ...](https://reader033.fdocuments.in/reader033/viewer/2022042421/62607312c7f56e3d89582d1e/html5/thumbnails/19.jpg)
IN3210/4210
Part 11: IPsec
Based on reading assignment – IPsec will not be subject to separate questioning on the final exam, but may still be part of an answer
● ESP
● AH
● Transport and tunnel modes
19