1 / 71

N e t w o r k S e c u r i t y

Explore the network security protocols and the impact of machine learning on bad crypto design. Learn about wireless network setup, configuration, and secure connections using TLS.

jeanporter
Télécharger la présentation

N e t w o r k S e c u r i t y

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetworkSecurity And We Call It "Machine Learning"

  2. BadCryptoDesignSuper-RedundantXOR(SRX)

  3. Announcements

  4. NetworkSecurity

  5. Protocols

  6. SoLet'sDoAGoogleSearch...

  7. 1. Join the wireless network Your laptop shouts: HEY, DOES WIRELESS NETWORK X EXIST?

  8. 1. Join the wireless network Wireless access point(s) continually shout:HEY, I’M WIRELESS NETWORK Y, JOIN ME!

  9. 1. Join the wireless network If either match up, your laptop joins the network. Optionally performs a cryptographic exchange.

  10. 2. Configure your connection Your laptop shouts: HEY, ANYBODY, WHAT BASIC CONFIG DO I NEED TO USE?

  11. 2. Configure your connection Some system on the local network replies: Here’s your config, enjoy

  12. The configuration includes: An Internet address (IP address) your laptop should use; typ. 32 bits (IPv4). May also include 64b of the 128b IPv6 address The address of a “gateway” system to use to access hosts beyond the local network The address of a DNS server (“resolver”) to map names like google.com to IP addresses 2. Configure your connection 192.168.1.14

  13. 3. Find the address of google.com Your laptop sends a DNS request asking: “address for google.com?” It’s transmitted using the UDP protocol (lightweight, unreliable). The DNS resolver might not be on the local network. 192.168.1.14

  14. 3. Find the address of google.com gateway 192.168.1.14

  15. 3. Find the address of google.com gateway 192.168.1.14 The Rest of the Internet router resolver 172.217.6.78

  16. 3. Find the address of google.com google.com? gateway 192.168.1.14 The Rest of the Internet router resolver 172.217.6.78

  17. 3. Find the address of google.com gateway 192.168.1.14 The Rest of the Internet google.com? router resolver (The resolver now itself uses DNS queries to other DNS servers to figure out the address associated with google.com.) 172.217.6.78

  18. 3. Find the address of google.com gateway 192.168.1.14 The Rest of the Internet router resolver google.com’s address is 172.217.6.78 172.217.6.78

  19. 4. Connect to google.com server gateway 192.168.1.14 The Rest of the Internet router resolver 172.217.6.78

  20. 4. Connect to google.com server The Rest of the Internet gateway 192.168.1.14 router resolver Your laptop now establishes a connection with the web server at 172.217.6.78. It uses TCP for this rather than UDP, to obtain reliability. 172.217.6.78

  21. 4. Connect to google.com server TCP SYN The Rest of the Internet gateway 192.168.1.14 router resolver The first step of establishing the connection is to send a TCP connection request (“SYN”) to the server. 172.217.6.78

  22. 4. Connect to google.com server The Rest of the Internet gateway 192.168.1.14 router resolver TCP SYN ACK 172.217.6.78 If the server accepts the connection, it replies with a “SYN ACK”.

  23. 4. Connect to google.com server TCP ACK The Rest of the Internet gateway 192.168.1.14 router resolver Your laptop completes the connection establishment by likewise sending an acknowledgement. 172.217.6.78

  24. 4. Connect to google.com server The Rest of the Internet gateway 192.168.1.14 router resolver At this point the connection is established and data can be (reliably) exchanged. 172.217.6.78

  25. I want a confidential connection with integrity & authentication The Rest of the Internet gateway 192.168.1.14 router resolver 5. Establish a secure connection using TLS (https) 172.217.6.78

  26. The Rest of the Internet gateway 192.168.1.14 Here’s a certificate that vouches for my public key, google.com router resolver 5. Establish a secure connection using TLS (https) 172.217.6.78

  27. Well if you really possess the corresponding private key, prove it by decrypting this blob which we’ll use to establish shared secret keys The Rest of the Internet gateway 192.168.1.14 router resolver 5. Establish a secure connection using TLS (https) 172.217.6.78

  28. The Rest of the Internet gateway 192.168.1.14 router Here’s your proof resolver 5. Establish a secure connection using TLS (https) 172.217.6.78

  29. GET /search?query=who+is+outis%3F… The Rest of the Internet gateway 192.168.1.14 router resolver 6. Finally, your laptop can send along your query!(Using HTTP inside the TLS channel) 172.217.6.78

  30. Layering Code You Write Run-Time Library } System Calls Device Drivers Fullyisolatedfrom userprograms Voltage Levels /Magnetic Domains

  31. Internet Layering (“Protocol Stack”) Note on a point of potential confusion: these diagrams are always drawn with lower layers below higher layers … But diagrams showing the layouts of packets are often the opposite, with the lower layers at the top since their headers precede those for higher layers 8 People & Politics 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  32. Packets and The Network

  33. Horizontal View of a Single Packet First bit transmitted (Inter)Network Layer Header (IP) Transport Layer Header Link Layer Header Application Data: structure depends on the application …

  34. Vertical View of a Single Packet Link Layer Header First bit transmitted (Inter)Network Layer Header (IP) Transport Layer Header Application Data: structure depends on the application . . . . . . .

  35. Internet Layering (“Protocol Stack”) 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  36. Layer 1: Physical Layer 7 Application 4 Transport Encoding bits to send them over a singlephysicallink e.g. patterns ofvoltage levels / photon intensities / RF modulation 3 (Inter)Network Link 2 1 Physical

  37. Layer 2: Link Layer Framing and transmission of a collection of bits into individual messages sent across a single “subnetwork” (one physical technology) Might involve multiple physical links (e.g., modern Ethernet) Often technology supports broadcast transmission (every “node” connected to subnet receives) 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  38. Layer 3: (Inter)Network Layer (IP) 7 Application 4 Transport } 3 (Inter)Network Link 2 Different for each Internet “hop” 1 Physical

  39. Layer 4: Transport Layer End-to-end communication between processes Different services provided: TCP = reliablebyte stream UDP = unreliable datagrams 7 Application 4 Transport 3 (Inter)Network (Datagram = single packet message) Link 2 1 Physical

  40. Layer 7: Application Layer Communication of whatever you wish Can use whatever transport(s) is convenient Freely structured E.g.: Skype, SMTP (email), HTTP (Web), Halo, BitTorrent 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  41. Internet Layering (“Protocol Stack”) } Implemented only at hosts, not at interior routers(“dumb network”) 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  42. Internet Layering (“Protocol Stack”) 7 Application } 4 Transport 3 (Inter)Network Link 2 Implemented everywhere 1 Physical

  43. Internet Layering (“Protocol Stack”) 7 Application 4 Transport } } ~ Same for each Internet “hop” 3 (Inter)Network Link 2 Different for each Internet “hop” 1 Physical

  44. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 Host B Host E Router 7 Router 6 Router 4

  45. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A E.g., Ethernet Router 1 Router 2 Router 3 E.g., Wi-Fi Router 5 Host B Host E Router 7 Router 6 Router 4 Different Physical & Link Layers (Layers 1 & 2)

  46. Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 E.g., HTTP over TCP over IP Host B Host E Router 7 Router 6 Router 4 Same Network / Transport / Application Layers (3/4/7) (Routers ignore Transport & Application layers)

  47. Layer 3: (Inter)Network Layer (IP) 7 Application 4 Transport 3 (Inter)Network Link 2 1 Physical

  48. IP Packet Structure 4-bit Header Length 8-bit Type of Service (TOS) 4-bit Version 16-bit Total Length (Bytes) 3-bit Flags 16-bit Identification 13-bit Fragment Offset 8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

  49. IP Packet Structure 4-bit Header Length 8-bit Type of Service (TOS) 4-bit Version 16-bit Total Length (Bytes) 3-bit Flags 16-bit Identification 13-bit Fragment Offset Specifies the length of the entire IP packet: bytes in this header plus bytes in the Payload 8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

More Related