Upload File

security requirements and attacks

prev
next
out of 40
Download Security Requirements and Attacks

Upload: iwc2008007

Post on 08-Jan-2016

21 views

Category:

Documents


0 download

Report

DESCRIPTION

Security Requirements and Attacks

TRANSCRIPT

  • Network Security

  • ContentsSecurity Requirements and AttacksConfidentiality with Conventional EncryptionMessage Authentication and Hash FunctionsPublic-Key Encryption and Digital SignaturesIPv4 and IPv6 Security

  • Security RequirementsConfidentialityIntegrityAvailability

  • Passive AttacksRelease of message content (eavesdropping)Prevented by encryptionTraffic AnalysisFixed by traffic paddingPassive attacks are easier to prevent than to detect

  • Active AttacksInvolve the modification of the data stream or creation of a false data streamActive Attacks are easier to detect than to prevent

  • Active Attacks (cont.)MasqueradeReplayModification of messagesDenial of service

  • Conventional EncryptionPlain textEncryption algorithmDecryption algorithmPlain textTransmitted ciphertextShared secret key

  • Conventional Encryption RequirementsKnowing the algorithm, the plain text and the ciphered text, it shouldnt be feasible to determine the key.The key sharing must be done in a secure fashion.

  • Encryption AlgorithmsData Encryption Standard (DES)Plaintext: 64-bit blocksKey: 56 bitsHas been broken in 1998 (brute force)Triple DESAdvanced Encryption Standard (AES)Plaintext: 128-bit blocksKey: 128, 256 or 512 bits

  • Location of Encryption DevicesPSNPSNPSNPSNPSNPacket Switching NodeEnd-to-end encryption deviceLink encryption device

  • Key DistributionManualSelected by A, physically delivered to BSelected by C, physically delivered to A and BAutomaticThe new key is sent encrypted with an old keySent through a 3-rd party with which A and B have encrypted links

  • Message AuthenticationAuthentic message means that: it comes from the alleged sourceit has not been modified

  • Message Authentication ApproachesAuthentication with conventional encryptionAuthentication without message encryption:when confidentiality is not necessarywhen encryption is unpractical

  • Message Authentication CodeUses a secret key to generate a small block of dataMACM = F (KAB, M)

  • One-way Hash FunctionMessage digest a fingerprint of the messageLike MAC, but without the use of a secret keyThe message digest must be authenticated

  • Secure Hash RequirementsH can be applied to a block of any sizeH produces a fixed-length outputH(x) is easy to computeGiven h, it is infeasible to compute x s.t. H(x) = hGiven x, it is infeasible to find y s.t. H(x) = H(y)It is infeasible to find (x,y) such that H(x) = H(y)

  • Secure Hash FunctionsMessage Digest v5 (MD5)128-bit message digesthas been found to have collision weaknessSecure Hash Algorithm (SHA-1)160-bit message digest

  • Public-Key EncryptionEach user has a pair of keys:public keyprivate keyWhat is encrypted with one, can only be decrypted with the other

  • EncryptionPlain textPlain textTransmitted ciphertextBobs public keyAliceBobBobs private key

  • AuthenticationPlain textPlain textTransmitted ciphertextAlices public keyAliceBobAlices private key

  • Digital SignatureLike authentication, only performed on a message authenticator (SHA-1)

  • Public-Key Encryption AlgorithmsRSA (used by PGP)El Gamal (used by GnuPG)

  • Key ManagementPublic-Key encryption can be used to distribute secret keys for conventional encryptionPublic-Key authentication:signing authorityweb of trust

  • IPv4 and IPv6 SecurityProvides encryption/authentication at the network (IP) layerIPSec applications:Virtual Private NetworkingE-commerceOptional for IPv4, mandatory for IPv6

  • IP Header with IPSec Information

  • Two Types of IPSec Security Protocols

  • Advantages of IPSec

  • How an AH is Generated in IPSec

  • AH Fields

  • The ESP Header FormatEncapsulated Security Payload

  • Tunnel Versus Transport Mode

  • AH Header Placement in Transport Mode

  • AH Header Placement in Tunnel Mode

  • ESP Header Placement in Transport Mode

  • ESP Header Placement in Tunnel Mode

  • Security AssociationOne-way relationship between two hosts, providing security services for the payloadUniquely identified by:Security Parameter Index (SPI)IP destination addressSecurity Protocol Identifier (AH/ESP)

  • SA Security Parameters

  • IPSec Process Negotiation

  • Key ManagementManualused for small networkseasier to configureAutomatedmore scalablemore difficult to setupISAKMP/Oakley

  • IKE Use in an IPSec Environment


Emission Security - University of Haifaorrd/CompSecSeminar/2014/...Introduction cont. Attacks that use emanations are called Emission Attacks, or Side Channel attacks. Emission Security

GSM Security Attacks

Network Security and Spoofing Attacks

Security mechanisms, attacks and security enhancements for the

1. Security Requirements and Attacks - Universitas … · 2008-08-25 · Chap.18 Network Security 4 • Encryption algorithms – the Data Encryption Standard(DES) • block cipher

Security Attacks on RSA

E-Commerce Security - Application attacks - Server Attacks

Information and network Security 10CS835€¦ · Introduction to Network Security, Authentication Applications: Attacks, services, and Mechanisms; Security Attacks; Security Services;

Tugas 2 - Security Attacks

Attacks Based on Security Configurations

Security-Web Vulnerabilities-Browser Attacks

Social engineering for security attacks

Web Security attacks and defense

Security: Injection Attacks (PDF)

Network Security David Lazăr. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash

Gsm Security and Attacks

Improving BGP security Data-plane attacks Security Goals

Network Security and Network Attacks

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key

VoIP – some threats, security attacks and security mechanismslarsstrand.no/NR/files/RiskNet-workshop-LarsStrand-240609.pdf · VoIP – some threats, security attacks and security

1. Security Requirements and Attacks - PCU …faculty.petra.ac.id/ariewm/komdat/materi_12_network_security.pdf · 1. Security Requirements and Attacks ... • Encryption algorithms

1 Introduction to Network Security Spring 2011. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services

Industrial IoT Security Attacks & Countermeasures · Industrial IoT Security Attacks & Countermeasures Conference 2016 Chris Shire – Infineon Technologies 06.12.16

A Vulnerability-Centric Requirements Engineering Framework ...gelahi/vulnerability FinalREJ.pdfA Vulnerability-Centric Requirements Engineering Framework: Analyzing Security Attacks,

Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks

Network Security and DoS Attacks

Replay Attacks Network Systems Security

Sphinx: Detecting Security Attacks in Software … Detecting Security Attacks in Software-Defined Networks ... and potentially unknown security attacks on these two key SDN properties

Computer Security Seminar API Attacks

Hardware Security Attacks Security Architecture Hardware Security

Attacks on UEFI Security

Web Security: Injection Attacks

Security Attacks and Cyber Crime: Computing through Failures and Cyber Attacks

Introduction Benefits of VANET Different types of attacks and threats Requirements and challenges Security Architecture Vehicular PKI

1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services