CSE 651: Introduction to Network Security

1. CSE 651:Introduction to Network Security Steve Lai Spring 2010

2. Syllabus • Instructor: Steve Lai • Office: DL 581 • Office hours: MWF 2:30-3:30 • Email: lai@cse.ohio-state.edu • Home page: www.cse.ohio-state.edu/~lai

3. Text (required) • William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010. • http://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/0136097049

4. Prerequisite • CSE 677 • Some maturity in mathematical reasoning

5. Content of Course • Will cover the first 17 chapters of Stallings with many sections skipped.

6. Topics • Introduction (Ch. 1) • Symmetric-key encryption • Classical encryption techniques (Ch. 2) • Block ciphers and data encryption standard (Ch. 3) • Advanced encryption standard (Ch. 5) • Block cipher operation (Ch. 6) • Stream ciphers (Ch. 7) • Public-key cryptography and RSA (Ch. 9)

7. Topics (cont.) • Cryptographic hash functions (Ch. 11) • Message Authentication (Ch. 12) • Digital Signatures (Ch. 13) • Key management and distribution (Ch. 14) • User authentication protocols (Ch. 15) • Web Security: SSL (Ch 16) • IEEE 802.11 Wireless LAN Security (Ch. 17)

8. Grading plan • Assignments: 20% • Midterm exam I: 25% (Monday, April 26) • Midterm exam II: 25% (Monday, May 17) • Final exam: 30% (Wed, June 9, 9:30) • Late homework will NOT be accepted.

9. Three related courses • CSE 551: Introduction to Information Security • CSE 652: Applied Information Security Project • CSE 794Q: Introduction to Cryptography

10. Introduction CSE 651: Introduction to Network Security

11. What is Network Security? • Network Security – measures to protect data during their transmission over a network or internet. • Internet Security

12. Aspects of Network Security • ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects: • security attack • security service • security mechanism

13. Security Attack • Attack: any action that compromises the security of information • Many different types of attacks • Can be generally classified as • Passive attacks • Active attacks

14. Passive Attacks • Reading contents of messages • Also called eavesdropping • Difficult to detect passive attacks • Defense: to prevent their success

15. Active Attacks • Modification or creation of messages (by attackers) • Four categories: modification of messages, replay, masquerade, denial of service • Easy to detect but difficult to prevent • Defense: detect attacks and recover from damages

19. Security Services (Goals) • Data Confidentiality: protecting data from unauthorized disclosure. • Data Integrity: • assuring that data received is as sent (w/o modification) • or detecting its non-integrity.

20. Authentication: • (from dictionary: the action of confirming someone or something as authentic.) • (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed. • Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.

21. Message Authentication • Data origin authentication • Data integrity • Entity Identification • Entity authentication

22. Non-Repudiation: • Origin non-repudiation: preventing sender from denying that he has sent a message • Destination non-repudiation: preventing receiver from denying that she has received a message

23. Access Control: preventing unauthorized use of a resource. • Availability:making systems or resources available upon demand by legitimate users.

24. Security Mechanisms • Means to implement security services: • Encryption • Symmetric-key encryption • Public-key encryption • Key management • Hash functions • Message authentication codes • Digital signatures • Entity authentication protocols