Lecture 1

EE-476 COMMUNICATION AND NETWORK SECURITY

Ayesha Naureen

LECTURE 1INTRODUCTION

Text Book and Reference Books Network Security Essentials: Applications

and Standards - William Stallings Cryptography and Network Security

Principles and Practices -William Stallings Network security: PRIVATE communication

in a PUBLIC world - Kaufman, Perlman, and Speciner

Assessment & Grading

Assignments (3-4) – 10% Quizzes (4-5) – 10% Mid-Term Exam – 30% Final Exam – 50%

Course Outline (1/2)

Introduction Cryptography

Secret key cryptography Conventional Encryption Techniques Block Ciphers : DES, AES Hashes and message digests: SHA-1 ,

MD5 Public key cryptography: RSA

Course Outline (2/2)

Network and system security applications Authentication Applications: Kerberos Email security: PGP (Pretty Good Privacy) IP security: IPSEC Web and E-commerce: Secure Socket Layer Firewalls Intrusion detection Malicious Software

Information Security

Protection of information from theft, corruption, or collapse by unauthorized activities/untrustworthy individuals and unplanned events respectively, while allowing the information and property to remain accessible to its intended users.

Information Security – Computer Security & Network Security

Computer Security A collection of tools designed to protect data

stored on a machine. Network Security

Security measures needed to protect data during transmission.

No distinct boundaries between the two.

Understanding the Terminology through Example (1/5)

User A transmits a file to user B. The file contains sensitive information that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.

CONFIDENTIALITYAssuring information will be kept secret, with access limited to appropriate (authorized) persons.


A network manager, D, transmits a message to a computer, E, under its management. The message instructs computer E to update a file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message, alter its contents to add or delete entries, and then forwards the message to E, which accepts the message as coming from manager D and updates its authorization file accordingly.

INTEGRITY (MESSAGE INTEGRITY)

Assuring information will not be accidentally or maliciously altered or destroyed.


Denial of Service (DoS) attacks can bring down networks, servers, or applications.

A hacker or disgruntled employee could delete important data.

AVAILABILITY

Assuring information and communications services will be ready for use when expected.


In continuation with example 2, rather than intercepting a message, user F constructs its own message with the desired entries and transmits that message to E as if it had come from manager D. Computer E accepts that message as coming from manager D and updates its authorization file accordingly.

AUTHENTICATION (ORIGIN INTEGRITY)

To positively verify the identity of an entity, often as a prerequisite to allowing access to resources in a system.


A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message.

NON-REPUDIATION

Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender’s identity, so that neither can later deny having processed the data.

Revisiting the Definition

Protection of information from theft, corruption, or collapse by unauthorized activities/untrustworthy individuals and unplanned events respectively, while allowing the information and property to remain accessible to its intended users.

CONFIDENTIALITY, INTEGRITY & AVAILABILITY

Basic Security Components

Confidentiality Integrity Availability Authentication Non-repudiation Authorization

Lecture 1

Education

Transcript of Lecture 1