cryptography and network security 2 nd edition by william stallings note: lecture slides by lawrie...
TRANSCRIPT
![Page 1: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/1.jpg)
Cryptography and Network Security
2nd Edition
by William Stallings
Note:
Lecture slides by Lawrie Brown and Henric Johnson,
Modified by Andrew Yang
![Page 2: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/2.jpg)
Network Security 2
Chapter 1 – Introduction
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War, Sun Tzu
![Page 3: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/3.jpg)
Network Security 3
Background
• Information Security requirements have changed in recent times
• traditionally provided by physical and administrative mechanisms
• computer use requires automated tools to protect files and other stored information
• use of networks and communications links requires measures to protect data during transmission
![Page 4: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/4.jpg)
Network Security 4
Definitions
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
![Page 5: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/5.jpg)
Network Security 5
Aim of Course
• our focus is on Internet Security
• consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information
![Page 6: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/6.jpg)
Network Security 6
Information security
• Assets
• Threats
• Attacks
• Vulnerabilities
• Controls
![Page 7: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/7.jpg)
Network Security 7
Security ‘components’
• Also known as security goals, objectives, etc.
1. Confidentiality
2. Data integrity
3. Origin integrity (aka. Authenticity)
4. Non-repudiability
5. Availability
![Page 8: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/8.jpg)
Network Security 8
Services, Mechanisms, Attacks
• need systematic way to define requirements
• consider three aspects of information security:– security attack– security mechanism– security service
![Page 9: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/9.jpg)
Network Security 9
Security Service
– is something that enhances the security of the data processing systems and the information transfers of an organization
– intended to counter security attacks– make use of one or more security
mechanisms to provide the service– replicate functions normally associated with
physical documents• eg have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
![Page 10: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/10.jpg)
Network Security 10
Security Mechanism
• a mechanism that is designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all functions required
• however one particular element underlies many of the security mechanisms in use: cryptographic techniques
• hence our focus on this area
![Page 11: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/11.jpg)
Network Security 11
Security Attack
• any action that compromises the security of information owned by an organization
• information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
• have a wide range of attacks
• can focus of generic types of attacks
• note: often threat & attack mean same
![Page 12: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/12.jpg)
Network Security 12
Security AttacksSecurity Attacks
![Page 13: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/13.jpg)
Network Security 13
OSI Security Architecture
• ITU-T X.800 Security Architecture for OSI
local copy
• defines a systematic way of defining and providing security requirements
• for us it provides a useful, if abstract, overview of concepts we will study
![Page 14: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/14.jpg)
Network Security 14
Security Services
• X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
• RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
• X.800 defines it in 5 major categories
![Page 15: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/15.jpg)
Network Security 15
Security Services (X.800)
• Authentication - assurance that the communicating entity is the one claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial by one of the parties in a communication
![Page 16: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/16.jpg)
Network Security 16
Security Mechanisms (X.800)
• specific security mechanisms:– encipherment, digital signatures, access
controls, data integrity, authentication exchange, traffic padding, routing control, notarization
• pervasive security mechanisms:– trusted functionality, security labels, event
detection, security audit trails, security recovery
![Page 17: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/17.jpg)
Network Security 17
Classify Security Attacks as
• passive attacks (fig. 1) - eavesdropping on, or monitoring of, transmissions to:– obtain message contents, or– monitor traffic flows
• active attacks (fig. 2a, 2b)– modification of data stream to:– masquerade of one entity as some other– replay previous messages– modify messages in transit– denial of service
![Page 18: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/18.jpg)
Network Security 18
Model for Network Security
![Page 19: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/19.jpg)
Network Security 19
Model for Network Security
• using this model requires us to: – design a suitable algorithm for the security
transformation – generate the secret information (keys) used
by the algorithm – develop methods to distribute and share the
secret information – specify a protocol enabling the principals to
use the transformation and secret information for a security service
![Page 20: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/20.jpg)
Network Security 20
Model for Network Access Security
![Page 21: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/21.jpg)
Network Security 21
Model for Network Access Security
• using this model requires us to: – select appropriate gatekeeper functions to
identify users – implement security controls to ensure only
authorised users access designated information or resources
• trusted computer systems can be used to implement this model
![Page 22: Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang](https://reader030.vdocuments.net/reader030/viewer/2022032517/56649c895503460f94941aa0/html5/thumbnails/22.jpg)
Network Security 22
Summary
• have considered:– computer, network, internet security def’s– security services, mechanisms, attacks– X.800 standard– models for network (access) security