210 likes | 220 Views
Understand potential threats in computer networks like message loss, interception, modification, insertion, replay, and denial-of-service attacks. Learn countermeasures for confidentiality, integrity, authentication, anti-replay, availability, access control, non-repudiation, and anonymity. Discover the importance of network security services and the difficulties in achieving robust protection.
E N D
CSCE 515:Computer Network Programming Chin-Tser Huang huangct@cse.sc.edu University of South Carolina
What Can Go Wrong… • …when your computer y receive or is waiting for a message m? ? Internet m x y (C) 2004 Chin-Tser Huang
Message Loss • Adversary A can discard m in its transit A m x y (C) 2004 Chin-Tser Huang
Message Interception • Adversary A can get a copy of m when m passes by m A m m x y (C) 2004 Chin-Tser Huang
Message Modification • Adversary A can arbitrarily modify the content of m to become m’ A m m’ x y (C) 2004 Chin-Tser Huang
Message Insertion • Adversary A can arbitrarily fabricate a message m, pretending that m was sent by x src: x dst: y A m x y (C) 2004 Chin-Tser Huang
Message Replay • Adversary A can replay a message m that has been sent earlier by x and received by y m A m x y (C) 2004 Chin-Tser Huang
… … … … … … Denial-of-Service Attack • Adversary A can send huge amount of messages to y to block m from arriving at y A m ????? x y (C) 2004 Chin-Tser Huang
Passive attacks Traffic analysis Message interception Active attacks Message loss Message modification Message insertion Message replay Denial-of-Service attack Type of Attacks (C) 2004 Chin-Tser Huang
Confidentiality Integrity Authentication Anti-replay … Availability Access control Non-repudiation Anonymity Network Security Services (C) 2004 Chin-Tser Huang
Confidentiality • Keep message known only to the receiver and secret to anyone else • Counter message interception (C) 2004 Chin-Tser Huang
Integrity • When receiver receives message m, receiver can verify m is intact after sent by sender • Counter message modification (C) 2004 Chin-Tser Huang
Authentication • When receiver receives message m, receiver can verify m is indeed sent by the sender recorded in m • Counter message insertion (C) 2004 Chin-Tser Huang
Anti-replay • When receiver receives message m, receiver can verify m is not a message that was sent and received before • Counter message replay (C) 2004 Chin-Tser Huang
Availability • Property of a system or a resource being accessible and usable upon demand by an authorized entity • Counter denial-of-service attack (C) 2004 Chin-Tser Huang
Access Control • Mechanism to enforce access rights to resources and data • Users can access resources and data to which they have access rights • Users cannot access resources and data to which they don’t have access rights (C) 2004 Chin-Tser Huang
Non-repudiation • When receiver receives message m, receiver gets proof that sender of m ever sent m • Receiver of m can show proof to third-party so that sender of m cannot repudiate (C) 2004 Chin-Tser Huang
Anonymity • Identity of sender is hidden from receiver • When receiver receives message m, receiver has no clue about sender of m (C) 2004 Chin-Tser Huang
Network Security Is Great… • Prevent messages from being attacked in their transit • Detect and discard messages that are modified, inserted, or replayed • Disallow unauthorized access to local system resource and sensitive data (C) 2004 Chin-Tser Huang
…But Hard To Achieve • Many layers in network architecture • Many different media of network connection • Adversary’s location hard to determine • New attacks keep emerging • Cryptographic overhead (C) 2004 Chin-Tser Huang
Next … • Final exam on Tuesday, May 4, 5:30pm-7:30pm • Take CSCE 715 in Fall 2004 if you are interested in network security • Have a good summer! (C) 2004 Chin-Tser Huang