1 / 71

Network Security

Network Security. Mohamed Khalil , Ph.D. Security Attacks. Passive Attacks. Active Attacks. Passive Attacks. Interception (confidentiality). Release Of Message Contents. Traffic Analysis. Interception. learn sensitive information Determine the identity and location of the host.

ozzy
Télécharger la présentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Mohamed Khalil , Ph.D.

  2. Security Attacks Passive Attacks Active Attacks

  3. Passive Attacks Interception (confidentiality)

  4. Release Of Message Contents Traffic Analysis Interception • learn sensitive information • Determine the identity and location of the host

  5. Interruption (availability) Modification (integrity) Fabrication (authenticity) Active Attacks

  6. Modification (integrity) Modify the contents of the message or a file. It is an attack on integrity

  7. Interception (availability) Try to break the system to make out of service. It is an attack on Availability.

  8. Fabrication (Authenticity) Insert messages to system or object to files. Try to fool the system. It is attack on authenticity.

  9. Confidentiality Authentication Nonrepudiation Aviliability Integrity Security Service

  10. Confidentiality Is the protection of transmission from passive attacks ***-**-**** 444-21-8888 444-21-8888

  11. Authentication The authentication service assures that the recipient receive information from reliable source. I am friend Ok-let us talk

  12. Integrity Make sure that the message is received as it is sent without modification, duplication, insertion, reordering,or reply. He/She Broker Buy 1000 stocks, Buy 1000 stocks Buy 1000 stocks

  13. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transaction. He/She Broker You are not john, I can’t do that. I am John, buy 1000 stocks

  14. Availability Protect against Denial Of Service attacks.

  15. Secret Key Public Key Encryption Techniques

  16. Secret Key Data Encryption Standard (DES) E D K (56 bits) Cipher Data Plain Data K (56 bits) Plain Data Cipher Data

  17. 2DES E E D D K1 (56 bits) K2 (56 bits) Cipher Data Plain Data K1 (56 bits) K2 (56 bits) Plain Data Cipher Data

  18. 3DES D E E E D D K1 (56 bits) K2 (56 bits) K1 (56 bits) Cipher Data Plain Data K1 (56 bits) K2 (56 bits) K1 (56 bits) Plain Data Cipher Data

  19. RSA (Rivest-Chami-Adelman) Secret Key E D KU (Alice) Cipher Data Bob’s Plain Data KP (Alice) Plain Data Cipher Data

  20. Secret Key Public Key Authentication Techniques

  21. Authentication With Secret Key E D K (Alice-Bob secret key) Bob Cipher Data Bob’s Name Bob’s Name K (Alice-Bob-secret key) Alice Cipher Data

  22. Authentication With Public Key E D KP (Bob’s Private Key) Bob Cipher Data Bob’s Name Bob’s Name KU (Bob’s Public Key) Alice Cipher Data

  23. Integrity Hashing Algorithms Message Digest of 128 bits 512 bit Blocks MD5 Message Digest of 160 bits 512 bit Blocks SHA-1

  24. Hash Function Requirements H(x) = h x is any size h is fixed

  25. Hash Function Requirements (continue) H is easy to implement using hardware or software

  26. Hash Function Requirements (continue) One way property : given h it is Computationally infeasible to find X such that H(x) = h

  27. Hash Function Requirements (continue) Week Collision Resistance : for any given x it is computationally infeasible to find y <> x with H(x) = H(y) Strong Collision Resistance : for any given(x,y) it is computationally infeasible to find H(x) = H(y)for x<>y

  28. Hash Function Requirements (continue) block1 block2 blockm Ci = bi1 + bi2 + …….. bim

  29. Problem with simple hash function. Doesn’t provide collision resistance

  30. Y L-1 Y0 Y1 b b b F n n F F n n n CV1 CV2 CV L-1 General Structure Of Secure Hash Function IV = CV0 IV = Initial Value CV = Chaining Value Yi = ith input block F = Compression Function L = Number of input blocks n = Number of Hash code b = length input input block

  31. The compression function F has to be collision resistance, then the resultant iteration will be more collision resistance. Hash Function Summary CV0 = IV = Initial Value CVi = F(CVi-1,Yi-1) , 1=<i<= L H(M) = CVL

  32. MD5

  33. 512 bits 512 bits 512 bits 512 bits Y0 Y1 Yq YL-1 Padding 1-512 bits Length L x 512 bits K bits IV 128 128 bit digest 128 MD5 128 128 MD5 MD5 MD5 CVq CV1 CV L-1

  34. The length of the padding is 64 bits less than an integer multiple of 512 bits. Step 1 Appending padding bits Padding:1-512 L x 512 bits K bits M = 448 bits, pad = 512 bits

  35. A 64 bit representation of the length in bits of the original message is appended to the result of step 1 (least significant byte first). If length is grater than 2^64, then only the low order 64 bits of the length is used. Step 2 Adding Length Length L x 512 bits K bits Length = K mod 2 ^ 64

  36. 128 bit buffer is used to hold intermediate and final result of the hash function. The buffer is presented as four 32-bit registers (A,B,C,D). The initial values are stored in little-endian, which least significant byte is in the lowest address Step 3 Initialize MD buffer A = 01 33 45 57 B = 89 AB CD EF C = FE DC BA 98 D = 76 54 32 10 IV

  37. A B C D F,T[1..16], 16 steps A B C D G,T[16..32], 16 steps A B C D H,T[32..48], 16 steps Step 4 CVq Process message in 512 blocks Yq A B C D I,T[49..64], 16 steps + + + + CVq+1

  38. 0 7 1 12 2 17 3 22 4 7 A B C D 5 12 F,T[1..16], 16 steps 6 17 7 22 8 7 9 12 10 17 11 22 12 7 13 12 14 17 15 22 Round 1

  39. MD5 compression function A B C D + g X[k] + T[i] + cls + A B C D a b +((a+g(b,c,d)+X[k]+T[i]) <<<s)

  40. Word 0-32 bits Block 512 Word 16-32 bits

  41. Round 1 X[i] = i Round 2 X[i] = (1+5i) mod16 Round 3 X[i] = (5+3i) mod16 Round 4 X[i] = 7i mod16

  42. sin table T[ i] = 2^32 x abs (sin(i))

  43. SHA-1

  44. 512 bits 512 bits 512 bits 512 bits Y0 Y1 Yq YL-1 Padding 1-512 bits Length L x 512 bits K bits IV 160 160 bit digest 160 SHA-1 160 160 SHA-1 SHA-1 SHA-1 CVq CV1 CV L-1

  45. The length of the padding is 64 bits less than an integer multiple of 512 bits. Step 1 Appending padding bits Padding:1-512 L x 512 bits K bits M = 448 bits, pad = 512 bits

  46. A 64 bit representation of the length in bits of the original message is appended to the result of step 1 (least significant byte first). If length is grater than 2^64, then only the low order 64 bits of the length is used. Step 2 Adding Length Length L x 512 bits K bits Length = K mod 2 ^ 64

  47. 160 bit buffer is used to hold intermediate and final result of the hash function. The buffer is presented as four 32-bit registers (A,B,C,D,E). The initial values are stored in big-endian, which least significant byte is in the hightest address Step 3 Initialize ID buffer A = 67 45 23 01 B = EF CD AB 89 C = 98 BA DC FE D = 10 32 54 76 E = C3 D2 E1 F0 IV

  48. Step 4 CVq Process Message in 512-bits blocks Yq A B C D E F1,,W[0..19], 20 steps E A B C D F2,,W[20..39], 20 steps E A B C D H,W[40..59], 20 steps E A B C D I,T[60..79], 20 steps + + + + + CVq+1

  49. A B C D E + f S5 + + S30 + A B C D E SHA-1 compression function Wt Kt

More Related