1 / 105

Chapter 4: Virtual Networks

4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems. Chapter 4: Virtual Networks. 4.2 Virtual Private Networks, VPN 4.2.1 Introduction 4.2.2 PPTP 4.2.3 L2TP 4.2.4 IPsec 4.2.5 SSL

vanya
Télécharger la présentation

Chapter 4: Virtual Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN Virtual Networks

  2. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalysis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  3. Secure channel: Properties: Confidentiality Integrity Authenticity Non-repudiation Introduction Secure channel? Receiver Sender Virtual Networks

  4. Confidentiality: Transmitted info in an insecure channel can only be understood by desired destination/s It must stay unintelligible for the rest Ways of protection: Dedicated physical links High cost Difficult maintenance Cipher Attack e.g.: obtaining data from sender Introduction Virtual Networks

  5. Integrity: Ensures that transmitted info was not modified during the communication process Message in destination must be the same as in source Ways of protection: Digital signature Attack e.g.: modifying the destination address in a product bought on the internet Introduction Virtual Networks

  6. Authenticity: Ensures the source of the info Avoids impersonation Ways of protection: Digital signature Challenge Human authentication Biometric (fingerprint, retina, facial recognition, etc.) Attack e.g.: user impersonation in bank transaction Introduction Virtual Networks

  7. Non-repudiation: Avoid sender’s denial Avoid receiver’s denial Ways of protection: Digital signature Attack e.g.: loss of an application form Introduction Virtual Networks

  8. Insecure channel: Non-reliable Attacks: Violation of channel security Types Passive Active Categories Interception Interruption Modification Fabrication Introduction Virtual Networks

  9. Passive attacks: Attacker does not change the content of the transmitted information Objectives: Entity identification Traffic control Traffic analysis Usual data exchange time detection Difficult to detect Easy to avoid -> encryption Introduction Virtual Networks

  10. Active attacks: Attacker does change the content of the transmitted information Types: Masked (impostor) Repetitive (intercepted msg, repeated later) Msg modification Service denial Difficult to prevent Easy to detect -> detection & recovery Introduction Virtual Networks

  11. Introduction Interception: • Confidentiality attack • Passive • A non-authorized intruder achieves the access to a non-shared resource • E.g: • Traffic capture • Obtaining copies of files or programs Receiver Transmitter Intruder Virtual Networks

  12. Introduction Interruption: • Destruction of a shared resource • Active • E.g: • Destruction of hardware • Communication breakdown Receiver Transmitter Intruder Virtual Networks

  13. Introduction Modification: • A non-shared resource is intercepted & modified by a non-authorized host before arriving to its final destination • Active • E.g: • Change in sent data Receiver Transmitter Intruder Virtual Networks

  14. Introduction Fabrication: • Authenticity attack • Active • Non-authorized host (impostor) generates a resource that arrives to the final destination • E.g: • Fraud information Receiver Transmitter Intruder Virtual Networks

  15. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  16. Introduction: Why? Way of protecting information against intruders (encryption & digital signatures) Definition Science of secret writing, for hiding information from third parties Principle Keeping privacy between two or more communication elements Cryptography Virtual Networks

  17. Introduction: Functioning basis Altering original msg to avoid the access to the information of any non-authorized party E.g Original msg: “This lecture is boring” Altered msg: “Wklv ohfwxuh lv erulqj” Caesar cipher (K=3) Cryptography Virtual Networks

  18. Cipher: Mechanism that converts a plain msg in an incomprehensible one Cipher algorithm needs a key Cryptography Decipher: • Mechanism that converts an incomprehensible msg in the original one • Necessary to know the used cipher algorithm and the key Virtual Networks

  19. Cryptography Introduction: • Functioning scheme Receiver Transmitter cipher decipher Virtual Networks

  20. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  21. Introduction: Definition Set of methods used to guess the key used by the elements of communication Objective Reveal the secret of communication Attacks Brute force attack (most common) Types: Ciphertext-Only Attack Known Plaintext Attack Chosen Plaintext Attack Cryptanalysis Virtual Networks

  22. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  23. Features: Private key Transmitter & Receiver share the same key Symmetric Key Receiver Transmitter cipher decipher Virtual Networks

  24. Algorithms: DES, 3DES, RC5, IDEA, AES Requirements: Neither plaintext nor the key may be extracted from the msg The cost in time & money of obtaining the information must be higher than the value of the obtained information Algorithm strength: Internal complexity Key length Symmetric Key Virtual Networks

  25. Symmetric Key Accomplished objectives: • Confidentiality • Integrity • Authentication • Non repudiation • Depending on the number of parties sharing the secret key Virtual Networks

  26. Advantages: Algorithm execution rate Best method to cipher great pieces of information Disadvantages: Distribution of private key Key management The number of used keys is proportional to the number of used secure channels Symmetric Key Virtual Networks

  27. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  28. Asymmetric Key Tx private Tx public Rx private Features: • Public Key • Every party has got a pair of keys (private-public) Rx public Receiver Transmitter cipher decipher Virtual Networks

  29. Algorithms: Diffie-Hellman, RSA, DSA Requirements: Neither plaintext nor the key may be extracted from the msg The cost in time & money of obtaining the information must be higher than the value of the obtained information For an public-key encrypted text, there must be only a private key capable of decrypt it, and viceversa Asymmetric Key Virtual Networks

  30. Asymmetric Key Accomplished objectives: • Confidentiality • Integrity • Authentication • Offers very good mechanisms • Non repudiation • Offers very good mechanisms Virtual Networks

  31. Advantages: No problems for key distribution -> public key In case of the steal of a user’s private key, only the msgs sent to that user are involved Better authentication mechanisms than symmetric systems Disadvantages: Algorithm execution rate Asymmetric Key Virtual Networks

  32. Authentication: Challenge-response Digital signature Digital certificate Non repudiation: Digital signature Digital certificate Asymmetric Key Virtual Networks

  33. Asymmetric Key Tx private Tx public Rx private Rx public Challenge-response: • Send of a challenge in clear text. Its response is only known by the transmitter • The transmitter sends a private-key ciphered response Receiver Transmitter cipher decipher Virtual Networks

  34. Asymmetric Key Tx private Tx public Rx private Digital signature: • Verifies source authenticity • Parts • Signature (transmitter) • Signature verification (receiver) Rx public Receiver Transmitter Signature verification Virtual Networks

  35. Asymmetric Key Tx private Tx public Rx private Digital signature: • Problem: Process is slow • Use of fingerprint Rx public Receiver Transmitter Virtual Networks

  36. Digital signature - fingerprint: Reduces encryption time Hash function Turns a variable length set of data in a summary or fingerprint. A fingerprint has a fixed length and it is illegible and nonsense Irreversible Algorithms SHA-1, MD5 Requirements Capability of turning variable length data in fixed length blocks Easy to use and implement Impossible to obtain the original fingerprint text Different texts must generate different fingerprints Problem: Key management Asymmetric Key Virtual Networks

  37. Digital certificate: Information unit containing a pair of public-private keys, together with the necessary information to allow the owner for secure communications Contents: Public key Private key (if owner) Owner information Useful information (algorithms, allowed functions, ...) Valid-from Certificate Authority signatures Revocation is possible Asymmetric Key Virtual Networks

  38. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  39. Mixed systems Tx private Tx public Rx private Rx public Session keys: • Process • Session Key distribution (asymmetric) • Secure communication (symmetric) Session key Receiver Transmitter Virtual Networks

  40. Mixed systems Tx private Tx public Rx private Rx public Session keys: • Process • Session Key distribution (asymmetric) • Secure communication (symmetric) Session key Receiver Transmitter Virtual Networks

  41. Mixed systems Accomplished objectives: • Confidentiality • Integrity • Authentication • Non repudiation • Use of digital signatures & certificates Virtual Networks

  42. Advantages: No problems for key distribution -> public key Improbable to guess session key May use public key authentication & non-repudiation mechanisms Algorithm execution rate Mixed systems Virtual Networks

  43. Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks

  44. Virtual Private Networks Introduction: • Interconnection of users & entities • Dedicated line (intranets) • Expensive • Difficult to manage • Use os public access network • Security risks LAN Public network Virtual Networks

  45. Virtual Private Networks Concept: • VPN: Private data channel implemented upon a public communication network • Objectives: • Linking remote subnetworks • Linking subnetworks & remote users • Use of virtual tunnel with encryption Virtual tunnel LAN Public network Virtual Networks

  46. Requirements: Authentication & identity verification Virtual IP address range management Data cipher Management of digital certificates and public and private keys Support for many protocols Virtual Private Networks Virtual Networks

  47. Types: Hardware-based systems optimized specific designs Very secure and simple High performance High cost Additional services (firewalls, intruder detectors, antivirus, etc.) Cisco, Stonesoft, Juniper, Nokia, Panda Security Software-based systems Virtual Private Networks Virtual Networks

  48. Advantages: Security & confidentiality Cost reduction Scalability Simple management Compatibility with wireless links Virtual Private Networks Virtual Networks

  49. Elements: Local or private networks Restricted access LAN with pvt IP address range Insecure networks VPN tunnels Servers Routers Remote users (road warriors) Remote offices (gateways) Virtual Private Networks Virtual Networks

  50. Scenarios: P2P LAN - LAN LAN – remote user Virtual Private Networks LAN LAN LAN Virtual Networks

More Related