CSCE 715: Network Systems Security

1
CSCE 715Network Systems Security

• Chin-Tser Huang
• huangct_at_cse.sc.edu
• University of South Carolina

2
About Me

• Chin-Tser Huang
• Ph.D. in Computer Sciences, 2003, University of
  Texas at Austin
• Research in network security, network protocol
  design and verification, distributed systems
• My web page can be found at http//www.cse.sc.edu/
  huangct

3
About the Course

• A grad-level course focusing on basics and issues
  in network security
• First half will be lectures about elements of
  network security, cryptography backgrounds, and
  introduction to network security designs
• Second half will be your chance to present what
  you have learned from key research papers

4
Course Information Online

• http//www.cse.sc.edu/huangct/CSCE715F07/index.ht
  m
• List of assigned paper and useful links are
  available on the page
• Lecture slides will be available online too

5
Why Should You Take This Course

• Security is an increasingly important issue
• You want to have basic knowledge about network
  security
• You can learn latest attacks and newest skills to
  counter those attacks
• You have a chance to implement the skills learned
  in the class

6
Your Best Strategy

• Come to every lecture to learn basic security
  problems and skills to counter them
• Keep yourself exposed to articles related to
  network security to collect project ideas
• Read each assigned paper and write good summary
  for each paper
• Do not wait till last minute to prepare for exam
  or work on project
• Enjoy the fun!

7
What Can Go Wrong

• when your computer y receive or is waiting for a
  message m?

?
Internet
m
x
y
8
Message Loss

• Adversary A can discard m in its transit

A
m
x
y
9
Message Interception

• Adversary A can get a copy of m when m passes by

m
A
m
m
x
y
10
Message Modification

• Adversary A can arbitrarily modify the content of
  m to become m

A
m
m
x
y
11
Message Insertion

• Adversary A can arbitrarily fabricate a message
  m, pretending that m was sent by x

src x dst y
A
m
x
y
12
Message Replay

• Adversary A can replay a message m that has been
  sent earlier by x and received by y

m
A
m
x
y
13
Denial-of-Service Attack

• Adversary A can send huge amount of messages to y
  to block m from arriving at y

A
m
?????
x
y
14
More Scenarios

• In one case, x wants y to be able to verify
  message m is sent by a legitimate party but not
  able to determine identity of x

src ? dst y
Internet
m
x
y
15
More Scenarios

• In another case, y wants to be able to prove to
  third party z that y receives message m from x

Internet
m
x
y
16
Network Security Is Great

• Protect messages from interception in their
  transit
• Provide desired level of privacy for user or data
• Detect and discard messages that are modified,
  inserted, or replayed
• Disallow unauthorized access to local system
  resource and sensitive data

17
But Hard To Achieve

• Many layers in network architecture
• Many different media of network connection
• Adversarys location hard to determine
• New attacks keep emerging
• Cryptographic overhead

18
Next Class

• Type of attacks
• Network security services
• Formal specification and verification of network
  protocols
• Read Ch. 1