Introduction to Network Systems Security Mort Anvari.
-
Upload
regina-atkinson -
Category
Documents
-
view
226 -
download
0
description
Transcript of Introduction to Network Systems Security Mort Anvari.
![Page 1: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/1.jpg)
Introduction toNetwork Systems Security
Mort Anvari
![Page 2: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/2.jpg)
8/24/2004 2
About the Course A grad-level seminar course focusing on
basics and issues in network security First half will be lectures about elements
of network security, cryptography backgrounds, and introduction to network security designs
Second half will be your chance to present what you have learned from key research papers
![Page 3: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/3.jpg)
8/24/2004 3
Why Should You Take This Course Security is an increasingly important
issue You want to have basic knowledge
about network security You can learn latest attacks and
newest skills to counter those attacks You have a chance to implement the
skills learned in the class
![Page 4: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/4.jpg)
8/24/2004 4
Your Best Strategy Come to every lecture to learn basic
security problems and skills to counter them
Keep yourself exposed to articles related to network security to collect project ideas
Read each assigned paper and write good summary for each paper
Do not wait till last minute to prepare for exam or work on project
Enjoy the fun!
![Page 5: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/5.jpg)
8/24/2004 5
What Can Go Wrong… …when your computer y receive or
is waiting for a message m?
m
Internet
x y
?
![Page 6: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/6.jpg)
8/24/2004 6
Message Loss Adversary A can discard m in its
transit
m
x y
A
![Page 7: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/7.jpg)
8/24/2004 7
Message Interception Adversary A can get a copy of m
when m passes by
m
x y
m
m
A
![Page 8: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/8.jpg)
8/24/2004 8
Message Modification Adversary A can arbitrarily modify
the content of m to become m’
m
x y
m’
A
![Page 9: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/9.jpg)
8/24/2004 9
Message Insertion Adversary A can arbitrarily fabricate a
message m, pretending that m was sent by x
x y
m
src: xdst: yA
![Page 10: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/10.jpg)
8/24/2004 10
Message Replay Adversary A can replay a message m
that has been sent earlier by x and received by y
x y
m
m
A
![Page 11: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/11.jpg)
8/24/2004 11
Denial-of-Service Attack Adversary A can send huge amount of
messages to y to block m from arriving at y
x y
m… … … … ……
?????
A
![Page 12: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/12.jpg)
8/24/2004 12
Type of Attacks Passive attacks
Traffic analysis Message
interception
Active attacks Message loss Message
modification Message insertion Message replay Denial-of-Service
attack
![Page 13: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/13.jpg)
8/24/2004 13
Network Security Services Confidentiality Integrity Authentication Anti-replay
…
Availability Access control Non-repudiation Anonymity
![Page 14: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/14.jpg)
8/24/2004 14
Confidentiality Keep message known only to the
receiver and secret to anyone else Counter message interception
![Page 15: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/15.jpg)
8/24/2004 15
Integrity When receiver receives message
m, receiver can verify m is intact after sent by sender
Counter message modification
![Page 16: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/16.jpg)
8/24/2004 16
Authentication When receiver receives message
m, receiver can verify m is indeed sent by the sender recorded in m
Counter message insertion
![Page 17: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/17.jpg)
8/24/2004 17
Anti-replay When receiver receives message
m, receiver can verify m is not a message that was sent and received before
Counter message replay
![Page 18: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/18.jpg)
8/24/2004 18
Availability Property of a system or a resource
being accessible and usable upon demand by an authorized entity
Counter denial-of-service attack
![Page 19: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/19.jpg)
8/24/2004 19
Access Control Mechanism to enforce access rights
to resources and data Users can access resources and
data to which they have access rights
Users cannot access resources and data to which they don’t have access rights
![Page 20: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/20.jpg)
8/24/2004 20
Non-repudiation When receiver receives message
m, receiver gets proof that sender of m ever sent m
Receiver of m can show proof to third-party so that sender of m cannot repudiate
![Page 21: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/21.jpg)
8/24/2004 21
Anonymity Identity of sender is hidden from
receiver When receiver receives message
m, receiver has no clue about sender of m
![Page 22: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/22.jpg)
8/24/2004 22
Network Security Is Great… Protect messages from
interception in their transit Detect and discard messages that
are modified, inserted, or replayed Disallow unauthorized access to
local system resource and sensitive data
![Page 23: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/23.jpg)
8/24/2004 23
…But Hard To Achieve Many layers in network architecture Many different media of network
connection Adversary’s location hard to
determine New attacks keep emerging Cryptographic overhead
![Page 24: Introduction to Network Systems Security Mort Anvari.](https://reader035.fdocuments.in/reader035/viewer/2022062402/5a4d1b967f8b9ab0599c3e72/html5/thumbnails/24.jpg)
8/24/2004 24
Next Class Formal specification and
verification of network protocols Network security tools to counter
the effects of adversary actions