Security Overview
description
Transcript of Security Overview
![Page 1: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/1.jpg)
Security OverviewSecurity Overview
Hofstra UniversityHofstra University
University College for Continuing University College for Continuing EducationEducation
- Advanced Java Programming- Advanced Java Programming
Lecturer: Engin YaltLecturer: Engin Yalt
May 24, 2006May 24, 2006
![Page 2: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/2.jpg)
DisclaimerDisclaimer
The images in this presentation are The images in this presentation are taken from taken from
http://williamstallings.com/NetSec2e.hhttp://williamstallings.com/NetSec2e.htmltml
Network Security Essentials, William Network Security Essentials, William Stallings Stallings
![Page 3: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/3.jpg)
Security AttacksSecurity Attacks
![Page 4: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/4.jpg)
Security AttacksSecurity Attacks
Interruption: attack on availabilityInterruption: attack on availability Interception: attack on Interception: attack on
confidentialityconfidentiality Modification: attack on integrityModification: attack on integrity Fabrication: attack on authenticityFabrication: attack on authenticity
![Page 5: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/5.jpg)
Threat ClassificationsThreat Classifications
![Page 6: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/6.jpg)
Passive Attacks -Passive Attacks -Release of message Release of message
contentscontents
![Page 7: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/7.jpg)
Passive Attacks - Passive Attacks - Traffic analysisTraffic analysis
![Page 8: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/8.jpg)
Active Attacks - Active Attacks - MasqueradeMasquerade
![Page 9: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/9.jpg)
Active Attacks – Active Attacks – ReplayReplay
![Page 10: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/10.jpg)
Active Attacks – Active Attacks – Modification of messageModification of message
![Page 11: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/11.jpg)
Active Attacks – Active Attacks – Denial of serviceDenial of service
![Page 12: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/12.jpg)
Security GoalsSecurity Goals
Integrity
Authenticity
Availability
Confidentiality
![Page 13: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/13.jpg)
Security ServicesSecurity Services
Confidentiality (privacy)Confidentiality (privacy) Authentication (who created or sent the Authentication (who created or sent the
data)data) Integrity (has not been altered)Integrity (has not been altered) Non-repudiation (the order is final)Non-repudiation (the order is final) Access control (prevent misuse of Access control (prevent misuse of
resources)resources) Availability (permanence, non-erasure)Availability (permanence, non-erasure)
Denial of Service AttacksDenial of Service Attacks Virus that deletes filesVirus that deletes files
![Page 14: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/14.jpg)
Model of Network Model of Network SecuritySecurity
![Page 15: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/15.jpg)
Methods of DefenseMethods of Defense
EncryptionEncryption Software Controls (access limitations Software Controls (access limitations
in a data base, in operating system in a data base, in operating system protect each user from other users)protect each user from other users)
Hardware Controls (smartcard)Hardware Controls (smartcard) Policies (frequent changes of Policies (frequent changes of
passwords)passwords) Physical ControlsPhysical Controls
![Page 16: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/16.jpg)
Conventional EncryptionConventional Encryption
![Page 17: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/17.jpg)
CryptographyCryptography
Classified along three independent Classified along three independent dimensions:dimensions:
The type of operations used for The type of operations used for transforming plaintext to cipher texttransforming plaintext to cipher text
The number of keys usedThe number of keys used symmetric (single key) (DES, 3DES)symmetric (single key) (DES, 3DES) asymmetric (two-keys, or public-key) (RSA)asymmetric (two-keys, or public-key) (RSA)
The way in which the plaintext is The way in which the plaintext is processedprocessed
Block cipher vs. Stream cipher processingBlock cipher vs. Stream cipher processing
![Page 18: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/18.jpg)
Average time required for Average time required for exhaustiveexhaustive key search key search
Key Size Key Size (bits)(bits)
Number of Number of Alternative KeysAlternative Keys
Time required at Time required at 101066 Decryption/ Decryption/µsµs
3232 223232 = 4.3 x 10 = 4.3 x 1099 2.15 milliseconds2.15 milliseconds
5656 225656 = 7.2 x 10 = 7.2 x 101616 10 hours10 hours
128128 22128 128 = 3.4 x 10= 3.4 x 103838 5.4 x 105.4 x 101818 yearsyears
168168 22168 168 = 3.7 x 10= 3.7 x 105050 5.9 5.9 xx 10 103030 yearsyears
![Page 19: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/19.jpg)
Key DistributionKey Distribution A key could be selected by A and A key could be selected by A and
physically delivered to B.physically delivered to B. A third party could select the key and A third party could select the key and
physically deliver it to A and B.physically deliver it to A and B. If A and B have previously used a key, one If A and B have previously used a key, one
party could transmit the new key to the party could transmit the new key to the other, encrypted using the old key.other, encrypted using the old key.
If A and B each have an encrypted If A and B each have an encrypted connection to a third party C, C could connection to a third party C, C could deliver a key on the encrypted links to A deliver a key on the encrypted links to A and B.and B.
![Page 20: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/20.jpg)
Key DistributionKey Distribution
Session key:Session key: Data encrypted with a one-time session Data encrypted with a one-time session
key. At the conclusion of the session, key. At the conclusion of the session, the key is destroyedthe key is destroyed
Permanent key:Permanent key: Used between entities for the purpose Used between entities for the purpose
of distributing session keysof distributing session keys
![Page 21: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/21.jpg)
Key DistributionKey Distribution
![Page 22: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/22.jpg)
AuthenticationAuthentication
• Requirements - must be able to verify Requirements - must be able to verify that:that:1. Message came from apparent source1. Message came from apparent source or authoror author2. Contents have not been altered,2. Contents have not been altered,3. Sometimes, it was sent at a certain 3. Sometimes, it was sent at a certain time or time or sequence.sequence.
• Protection against active attack Protection against active attack (falsification of data and transactions)(falsification of data and transactions)
![Page 23: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/23.jpg)
Authentication - MACAuthentication - MAC
![Page 24: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/24.jpg)
Authentication – Encrypted Authentication – Encrypted MACMAC
![Page 25: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/25.jpg)
Authentication – Secret Authentication – Secret ValueValue
![Page 26: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/26.jpg)
Public-Key CryptographyPublic-Key Cryptography
Use of two keys (public key, private Use of two keys (public key, private key)key)
The scheme has six ingredientsThe scheme has six ingredients Public keyPublic key Private keyPrivate key PlaintextPlaintext Encryption algorithmEncryption algorithm CiphertextCiphertext Decryption algorithmDecryption algorithm
![Page 27: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/27.jpg)
Encryption using Public-Encryption using Public-KeyKey
![Page 28: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/28.jpg)
Authentication usingAuthentication using Public-KeyPublic-Key
![Page 29: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/29.jpg)
Public-Key Cryptographic Public-Key Cryptographic AlgorithmsAlgorithms
RSA - Ron Rives, Adi Shamir and Len RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.Adleman at MIT, in 1977. RSA is a block cipherRSA is a block cipher The most widely implementedThe most widely implemented
Diffie-Hellman Diffie-Hellman Echange a secret key securelyEchange a secret key securely Compute discrete logarithmsCompute discrete logarithms
![Page 30: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/30.jpg)
Public-Key Infrastructure Public-Key Infrastructure (PKI) (PKI)
Creating CertificateCreating Certificate
* CA = Certificate Authority
![Page 31: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/31.jpg)
Public-Key Infrastructure Public-Key Infrastructure (PKI) (PKI)
Obtaining a CertificateObtaining a Certificate
http://www.sdl.hitachi.co.jp/english/people/pki/index04.html
![Page 32: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/32.jpg)
X.509 Authentication X.509 Authentication ServiceService
Distributed set of servers that Distributed set of servers that maintains a database about users.maintains a database about users.
Each certificate contains the public key Each certificate contains the public key of a user and is signed with the private of a user and is signed with the private key of a CA*.key of a CA*.
Is used in S/MIME, IP Security, Is used in S/MIME, IP Security, SSL/TLS and SET.SSL/TLS and SET.
RSA is recommended to use.RSA is recommended to use.
* CA = Certificate Authority* CA = Certificate Authority
![Page 33: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/33.jpg)
X.509 CA HierarchyX.509 CA Hierarchy
![Page 34: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/34.jpg)
Revocation of Revocation of CertificatesCertificates
Reasons:Reasons: The users secret key is assumed to be The users secret key is assumed to be
compromised.compromised. The user is no longer certified by this The user is no longer certified by this
CA.CA. The CA’s certificate is assumed to be The CA’s certificate is assumed to be
compromised.compromised.
![Page 35: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/35.jpg)
E-Mail SecurityE-Mail Security PGP – PGP – (Pretty Good Privacy)(Pretty Good Privacy)
Philip R. Zimmerman is the creatorPhilip R. Zimmerman is the creator Provides a confidentiality and authentication Provides a confidentiality and authentication
serviceservice Can be used for email and file storage applicationsCan be used for email and file storage applications
S/MIME - S/MIME - ((Secure/Multipurpose Internet Mail Secure/Multipurpose Internet Mail Extension)Extension) Enveloped Data:Enveloped Data: content and session keys content and session keys
encrypted for recipients.encrypted for recipients. Signed Data:Signed Data: Message Digest encrypted with Message Digest encrypted with
private key of “signer.”private key of “signer.” Clear-Signed Data:Clear-Signed Data: Signed but not encrypted. Signed but not encrypted. Signed and Enveloped DataSigned and Enveloped Data
![Page 36: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/36.jpg)
PGPPGP
![Page 37: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/37.jpg)
Secure Sockets Layer - Secure Sockets Layer - SSLSSL
Browser connects to a secure server https://.....Browser connects to a secure server https://..... The server sends it’s certificateThe server sends it’s certificate The browser The browser
verifies the certificateverifies the certificate creates a session key (shared secret)creates a session key (shared secret) encrypts the session key with server’s public keyencrypts the session key with server’s public key sends it to the server.sends it to the server.
The server decrypts the session key using it’s private The server decrypts the session key using it’s private keykey
The handshake is comlete! Now browser and server The handshake is comlete! Now browser and server can talk using a shared secret key.can talk using a shared secret key.
The browser send sensitive info (credit card) over a The browser send sensitive info (credit card) over a secure channel.secure channel.
http://www.ourshop.com/resources/ssl.htmlhttp://www.ourshop.com/resources/ssl.html
![Page 38: Security Overview](https://reader036.fdocuments.in/reader036/viewer/2022062518/56814020550346895dab7ae9/html5/thumbnails/38.jpg)
Security and Java Security and Java PlatformPlatform
Platform Security (Java Language, Sand Platform Security (Java Language, Sand Box)Box)
Cryptography (JCA, JCE)Cryptography (JCA, JCE) Authentication and Access Control Authentication and Access Control
(JAAS)(JAAS) Secure Communications (JSSE, JGSS)Secure Communications (JSSE, JGSS) Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)
http://java.sun.com/security/http://java.sun.com/security/