Security - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Security

Description:

(kbytes/sec.) PRB optimized (kbytes/s) TEA. 128. 700. DES. 56. 350. 7746. Triple-DES. 112. 120 ... Confidentiality: using one of DES, Triple DES, IDEA, RC2, RC4, ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 38
Provided by: Gulu
Category:
Tags: sec | security | triple

less

Transcript and Presenter's Notes

Title: Security


1
Security
  • Yih-Kuen Tsay
  • Dept. of Information Management
  • National Taiwan University

2
Introduction
  • Security Needs
  • Secrecy (confidentiality), integrity, etc.
  • Arise from the desire to share resources
  • Security Policies
  • Specify who are authorized to access what
    resources
  • Independent of the technology used
  • Security Mechanisms
  • Enforce security policies
  • Security Models
  • Help understand and analyze the above

3
Components of a Security Model
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
4
The Enemy in Network Security
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
5
Familiar Names in the Security Literature
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
6
Classes of Security Threats
  • Leakage
  • Acquisition of information by unauthorized
    parties
  • Tampering (Modification)
  • Unauthorized alteration of information
  • Vandalism
  • Interference with the proper operation without
    gain to the perpetrator

7
Methods of Attack
  • Eavesdropping
  • Release of message contents and traffic analysis
  • Masquerading
  • Message Tampering (Modification)
  • Man-in-the-middle attack
  • Replaying
  • Denial of Service
  • Mobile Code

8
Designing Secure Systems
  • Use best standards available
  • Informal analysis and checks
  • Formal validation
  • Security logs and auditing

9
Security Requirements
  • Secrecy (Confidentiality)
  • Data Integrity
  • Authentication
  • Non-repudiation
  • Availability

10
The Secret-Key Encryption Model
Source W. Stallings, Cryptography and Network
Security
11
The Public-Key Encryption Model
Source W. Stallings, Cryptography and Network
Security
12
The Public-Key Authentication Model
Source W. Stallings, Cryptography and Network
Security
13
Notational Conventions
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
14
Alices Bank Account Certificate
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
15
A Public Key Certificate of Bobs Bank
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
16
A Scheme of Cipher Block Chaining
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
17
A Stream Cipher
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
18
Digital Signatures with Secret Keys
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
19
Digital Signatures with Public Keys
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
20
Performance of Encryption Algorithms

Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
21
The Needham-Schroeder Authentication Protocol
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
22
Kerberos
  • Developed at MIT (Project Athena)
  • For protecting networked services
  • Based on the Needham-Schroeder protocol
  • Current version Kerberos Version 5
  • Source code available
  • Also used in OSF DCE, Windows 2000, ...
  • Probable extension for the initial authentication
    of principals

23
Kerberos Architecture
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
24
The Kerberos Protocol
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
25
The Kerberos Protocol (cont.)
auth(C) contains C,t. ticket(C,S) contains
C,S,t1,t2,KCS.
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
26
Critiques of Kerberos
  • Synchronization of clients and servers clocks
    (Version 4)
  • Unique timestamps or sequence numbers as nonces
  • Limited session lifetimes

27
TLS/SSL
  • The Secure Sockets Layer (SSL) protocol
    originated from Netscape, now a nonproprietary
    standard (SSLv3)
  • An extension of SSL became the Transport Layer
    Security (TLS) protocol (RFC 2246)
  • Provides secure end-to-end communications
  • Operates between TCP/IP (or any other reliable
    transport protocol) and the application
  • Built into most browsers and servers

28
The TLS/SSL Protocol Stack

Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
29
How SSL/TLS Works
  • Sessions between a client and a server are
    established by the Handshake Protocol
  • A session defines a set of security parameters,
    including peer certificate, cipher spec, and
    master secret
  • Multiple connections can be established within a
    session, each defining further security
    parameters such as keys for encryption and
    authentication
  • Security parameters dictate how application data
    are processed by the SSL Record Protocol into TCP
    segments

30
Security Functions of SSL/TLS
  • Confidentiality using one of DES, Triple DES,
    IDEA, RC2, RC4,
  • Integrity using MAC with MD5 or SHA-1
  • Authentication using X.509v3 digital certificates

31
The SSL/TLS Handshake Protocol
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
32
SSL/TLS Handshake Configuration Options

Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
33
The SSL/TLS Record Protocol
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
34
Wired Equivalent Privacy (WEP)
  • Access control by a challenge-response protocol
  • A single key shared by the base station and all
    authorized devices
  • Encryption based on RC4
  • The access key also used for encryption

35
RC4 in IEEE 802.11 WEP
  • Note The IV is only 24-bit long and is sent in
    clear.

Source G. Coulouris et al., Distributed Systems
Concepts and Design, Fourth Edition.
36
Weaknesses in WEP
  • The sharing of a single key
  • Base stations never authenticated
  • Inappropriate use of a stream cipher
  • Key lengths of 40 bits and 64 bits
  • Weakness of RC4
  • The users likely lack of awareness
  • Solution WPA (Wi-Fi Protected Access)
  • and 802.11i WPA2

37
Micropayments
  • The price of some goods may be lower than the
    standard transaction fees
  • Micropayments offer a way for selling small-value
    products and services
  • Technology providers eCharge (via phone bills),
    Qpass (monthly bills), Millicent (prepay
    electronic cash), ...
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!