This chapter presents the following content: Outline of the course is discussed; topic roadmap & standards organizations; security concepts; X.800 security architecture; security attacks, services, mechanisms; models for network (access) security.
Trang 1(CSE348)
Trang 2Assistant ProfessorComsats Institute of Information
Technology, Islamabad
Trang 10Course Outline
Part Seven: Legal and Ethical Issues:
Deals with the legal and ethical issues related
to computer and network security.
Trang 11Course Outline
Chapter 1 Overview
1.1 Computer Security Concepts
1.2 The OSI Security Architecture
1.3 Security Attacks
1.4 Security Services
1.5 Security Mechanisms
1.6 A Model for Network Security
1.7 Recommended Reading and Web Sites
1.8 Key Terms and Review Questions
Trang 12Course Outline
PART ONE SYMMETRIC CIPHERS
Chapter 2 Classical Encryption Techniques
2.1 Symmetric Cipher Model
2.2 Substitution Techniques
2.3 Transposition Techniques
2.4 Rotor Machines
2.5 Steganography
2.6 Recommended Reading and Web Sites
2.7 Key Terms and Review Questions
Trang 13Course Outline
Chapter 3 Block Ciphers and the Data Encryption
Standard
3.1 Block Cipher Principles
3.2 The Data Encryption Standard (DES)
3.3 A DES Example
3.4 The Strength of DES
3.5 Differential and Linear Cryptanalysis
3.6 Block Cipher Design Principles
3.7 Recommended Reading and Web Site
3.8 Key Terms and Review Questions
Trang 14Course Outline
Chapter 4 Basic Concepts in Number Theory and
Finite Fields
4.1 Divisibility and the Division Algorithm
4.2 The Euclidean Algorithm
4.3 Modular Arithmetic
4.4 Groups, Rings, and Fields
4.5 Finite Fields of the Form GF(p)
4.6 Polynomial Arithmetic
4.7 Finite Fields of the Form GF(2n)
4.8 Recommended Reading and Web Sites
4.9 Key Terms and Review Questions
Trang 15Course Outline
Chapter 5 Advanced Encryption Standard
5.1 The Origins AES
5.2 AES Structure
5.3 AES Round Functions
5.4 AES Key Expansion
5.5 An AES Example
5.6 AES Implementation
5.7 Recommended Reading and Web Sites
5.8 Key Terms and Review Questions
Trang 16Course Outline
Chapter 6 Block Cipher Operation
6.1 Multiple Encryption and Triple DES
6.2 Electronic Codebook Mode
6.3 Cipher Block Chaining Mode
6.4 Cipher Feedback Mode
6.5 Output Feedback Mode
6.6 Counter Mode
6.7 XTS Mode for Block-Oriented Storage Devices
6.8 Recommended Web Site
6.9 Key Terms and Review Questions
Trang 17Course Outline
Chapter 7 Pseudorandom Number Generation and
Stream Ciphers
7.1 Principles of Pseudorandom Number Generation
7.2 Pseudorandom Number Generators
7.3 Pseudorandom Number Generation Using a Block
Trang 18Course Outline
PART TWO ASYMMETRIC CIPHERS
Chapter 8 More Number Theory
8.1 Prime Numbers
8.2 Fermat’s and Euler’s Theorems
8.3 Testing for Primality
8.4 The Chinese Remainder Theorem
8.5 Discrete Logarithms
8.6 Recommended Reading and Web Sites
8.7 Key Terms and Review Questions
Trang 19Course Outline
Chapter 9 Public-Key Cryptography and RSA
9.1 Principles of Public-Key Cryptosystems
9.2 The RSA Algorithm
9.3 Recommended Reading and Web Sites
9.4 Key Terms and Review Questions
Trang 20Course Outline
Chapter 10 Other Public-Key Cryptosystems
10.1 Diffie-Hellman Key Exchange
10.2 ElGamal Cryptosystem
10.3 Elliptic Curve Arithmetic
10.4 Elliptic Curve Cryptography
10.5 Pseudorandom Number Generation Based on an
Asymmetric Cipher
10.6 Recommended Reading and Web Sites
10.7 Key Terms and Review Questions
Trang 21Course Outline
PART THREE CRYPTOGRAPHIC DATA
INTEGRITY ALGORITHMS
Chapter 11 Cryptographic Hash Functions
11.1 Applications of Cryptographic Hash Functions
11.2 Two Simple Hash Functions
11.3 Requirements and Security
11.4 Hash Functions Based on Cipher Block Chaining
11.5 Secure Hash Algorithm (SHA)
11.6 SHA-3
11.7 Recommended Reading and Web Sites
11.8 Key Terms and Review Questions
Trang 22Course Outline
Chapter 12 Message Authentication Codes
12.1 Message Authentication Requirements
12.2 Message Authentication Functions
12.3 Message Authentication Codes
12.4 Security of MACs
12.5 MACs Based on Hash Functions:HMAC
12.6 MACs Based on Block Ciphers: DAA and CMAC
12.7 Authenticated Encryption: CCM and GCM
12.8 Pseudorandom Number Generation Using Hash
Functions and MACs
12.9 Recommended Reading
12.10 Key Terms and Review Questions
Trang 23Course Outline
Chapter 13 Digital Signatures
13.1 Digital Signatures
13.2 ElGamal Digital Signature Scheme
13.3 Schnorr Digital Signature Scheme
13.4 Digital Signature Standard (DSS)
13.5 Recommended Reading and Web Sites
13.6 Key Terms and Review Questions
Trang 24Course Outline
PART FOUR MUTUAL TRUST
Chapter 14 Key Management and Distribution
14.1 Symmetric Key Distribution Using Symmetric
14.5 Public Key Infrastructure
14.6 Recommended Reading and Web Sites
14.7 Key Terms and Review Questions
Trang 25Course Outline
Chapter 15 User Authentication Protocols
15.1 Remote User Authentication Principles
15.2 Remote User Authentication Using Symmetric
Encryption
15.3 Kerberos
15.4 Remote User Authentication Using Asymmetric
Encryption
15.5 Federated Identity Management
15.6 Recommended Reading and Web Sites
15.7 Key Terms and Review Questions
Trang 26Course Outline
PART FIVE NETWORK AND INTERNET
SECURITY
Chapter 16 Transport-Level Security
16.1 Web Security Issues
16.2 Secure Sockets Layer (SSL)
16.3 Transport Layer Security (TLS)
16.4 HTTPS
16.5 Secure Shell (SSH)
16.6 Recommended Reading and Web Sites
16.7 Key Terms and Review Questions
Trang 27Course Outline
Chapter 17 Wireless Network Security
17.1 IEEE 802.11 Wireless LAN Overview
17.2 IEEE 802.11i Wireless LAN Security
17.3 Wireless Application Protocol Overview
17.4 Wireless Transport Layer Security
17.5 WAP End-to-End Security
17.6 Recommended Reading and Web Sites
17.7 Key Terms and Review Questions
Trang 28Course Outline
Chapter 18 Electronic Mail Security
18.1 Pretty Good Privacy (PGP)
18.2 S/MIME
18.3 Domain Keys Identified Mail (DKIM)
18.4 Recommended Web Sites
18.5 Key Terms and Review Questions
Trang 29Course Outline
Chapter 19 IP Security
19.1 IP Security Overview
19.2 IP Security Policy
19.3 Encapsulating Security Payload
19.4 Combining Security Associations
19.5 Internet Key Exchange
19.6 Cryptographic Suites
19.7 Recommended Reading and Web Sites
19.8 Key Terms and Review Questions
Trang 30Chapter 0 – Reader’s Guide
The art of war teaches us to rely not on the
likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position
unassailable.
—The Art of War, Sun Tzu
Trang 33• Mutual trust: Study of techniques and
algorithms for providing mutual trust in two main areas
• First, key management and distribution deals with establishing trust in the encryption keys used between two communicating entities
• Second, user authentication deals with
establish trust in the identity of a
communicating partner
Trang 34• Network security: Covers the use of
cryptographic algorithms in network protocols and network applications
• Computer security: The term refer to the
security of computers against intruders (e.g., hackers) and malicious software (e.g., viruses)
• Typically, the computer to be secured is
attached to a network and the bulk of the
threats arise from the network
Trang 35Standards Organizations
• National Institute of Standards & Technology (NIST)
Trang 38Key Security Concepts
Trang 39CIA Triad
• These three concepts form what is often
referred to as the CIA triad Figure above.
• The three concepts embody the fundamental security objectives for both data and for
information and computing services.
• FIPS PUB 199 provides a useful
characterization of these three objectives in
terms of requirements and the definition of a loss of security in each category
Trang 40• A loss of confidentiality is the unauthorized
disclosure of information
Trang 42• Two of the most commonly mentioned are:
Trang 43CIA Triad
• Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator
Trang 44CIA Triad
• Accountability: The security goal that
generates the requirement for actions of an
entity to be traced uniquely to that entity
Trang 45Levels of Impact
• can define 3 levels of impact from a security breach
– Low
– Moderate
– High
Trang 47Levels of Impact
• degradation in mission capability to an extent and duration that the organization is able to
Trang 49Levels of Impact
• cause a significant degradation in mission
capability and effectiveness of the functions is significantly reduced;
• result in significant damage to oganizational assets;
• result in significant financial loss; or
• result in significant harm to individuals that
does not involve loss of life or serious, life
Trang 50loss might
Trang 54• Student enrollment information may have a
moderate confidentiality rating.
Trang 55Confidentiality Example
• While still covered by FERPA, this
information is seen by more people on a daily basis, is less likely to be targeted than grade
Trang 56cause harm to the hospital.
Trang 57Integrity Example
• The database needs to be restored to a trusted basis quickly, and it should be possible to trace the error back to the person responsible
• Patient allergy information is an example of an asset with a high requirement for integrity
• Inaccurate information could result in serious harm or death to a patient and expose the
hospital to massive liability
Trang 58Availability Example
• The more critical a component or service, the higher is the level of availability required.
• Consider a system that provides authentication services
• An interruption of service results in the
inability for customers to access computing
resources.
• loss of service translates into a large financial loss productivity and potential customer loss
Trang 59Computer Security Challenges
1 not simple
2 must consider potential attacks
3 procedures used counter-intuitive
4 involve algorithms and secret info
5 must decide where to deploy mechanisms
6 battle of wits between attacker / admin
7 not perceived on benefit until fails
8 requires regular monitoring
9 too often an after-thought
regarded as impediment to using system
Trang 60OSI Security Architecture
Trang 62Aspects of Security
• Security attack: Any action that compromises the security of information owned by an
organization.
Trang 63Aspects of Security
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
Trang 64Aspects of Security
• Security service: A processing or
communication service that enhances the
security of the data processing systems and the information transfers of an organization.
Trang 65Passive Attacks
Trang 68Active Attacks
Trang 70• Instead, the goal is to detect active attacks and to recover from any disruption/or delays caused by them.
Trang 71Security Service
– enhance security of data processing systems and information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
Trang 74Security Mechanism
• feature designed to detect, prevent, or recover from a security attack
Trang 75Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery
Trang 76Model for Network Security
Trang 77Model for Network Security
Trang 78Model for Network Access Security
Trang 79Model for Network Access Security