8/24/2004 2About the Course A grad-level seminar course focusing on basics and issues in network security First half will be lectures about elements of network security, cryptography
Trang 1Introduction to Network Systems Security
Mort Anvari
Trang 28/24/2004 2
About the Course
A grad-level seminar course focusing on basics and issues in network security
First half will be lectures about elements
of network security, cryptography
backgrounds, and introduction to
network security designs
Second half will be your chance to
present what you have learned from key research papers
Trang 3Why Should You Take This
Course
Security is an increasingly important
issue
You want to have basic knowledge
about network security
You can learn latest attacks and newest skills to counter those attacks
You have a chance to implement the
Trang 48/24/2004 4
Your Best Strategy
Come to every lecture to learn basic
security problems and skills to counter
them
Keep yourself exposed to articles related
to network security to collect project ideas
Read each assigned paper and write good summary for each paper
Do not wait till last minute to prepare for exam or work on project
Enjoy the fun!
Trang 5What Can Go Wrong…
…when your computer y receive or
is waiting for a message m?
m
?
Trang 88/24/2004 8
Message Modification
Adversary A can arbitrarily modify
the content of m to become m’
m
m’
A
Trang 9Message Insertion
Adversary A can arbitrarily fabricate a
message m, pretending that m was sent
by x
m
src: x dst: y
A
Trang 108/24/2004 10
Message Replay
Adversary A can replay a message m
that has been sent earlier by x and
Trang 11Denial-of-Service Attack
Adversary A can send huge amount of
messages to y to block m from arriving
Trang 12 Message insertion
Message replay
Denial-of-Service attack
Trang 13Network Security Services
Trang 148/24/2004 14
Confidentiality
Keep message known only to the
receiver and secret to anyone else
Counter message interception
Trang 15 When receiver receives message m,
receiver can verify m is intact after sent
by sender
Counter message modification
Trang 168/24/2004 16
Authentication
When receiver receives message m,
receiver can verify m is indeed sent by the sender recorded in m
Counter message insertion
Trang 17 When receiver receives message m,
receiver can verify m is not a message that was sent and received before
Counter message replay
Trang 188/24/2004 18
Availability
Property of a system or a resource
being accessible and usable upon
demand by an authorized entity
Counter denial-of-service attack
Trang 19 Users cannot access resources and data
to which they don’t have access rights
Trang 208/24/2004 20
Non-repudiation
When receiver receives message m,
receiver gets proof that sender of m
ever sent m
Receiver of m can show proof to
third-party so that sender of m cannot
repudiate
Trang 21 Identity of sender is hidden from
receiver
When receiver receives message m,
receiver has no clue about sender of m
Trang 22 Disallow unauthorized access to local
system resource and sensitive data
Trang 23…But Hard To Achieve
Many layers in network architecture
Many different media of network
connection
Adversary’s location hard to determine
New attacks keep emerging
Cryptographic overhead
Trang 248/24/2004 24
Next Class
Formal specification and verification of network protocols
Network security tools to counter the
effects of adversary actions