1 / 21

Network Security Challenges and Countermeasures

Understand potential threats in computer networks like message loss, interception, modification, insertion, replay, and denial-of-service attacks. Learn countermeasures for confidentiality, integrity, authentication, anti-replay, availability, access control, non-repudiation, and anonymity. Discover the importance of network security services and the difficulties in achieving robust protection.

ahammond
Download Presentation

Network Security Challenges and Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CSCE 515:Computer Network Programming Chin-Tser Huang huangct@cse.sc.edu University of South Carolina

  2. What Can Go Wrong… • …when your computer y receive or is waiting for a message m? ? Internet m x y (C) 2004 Chin-Tser Huang

  3. Message Loss • Adversary A can discard m in its transit A m x y (C) 2004 Chin-Tser Huang

  4. Message Interception • Adversary A can get a copy of m when m passes by m A m m x y (C) 2004 Chin-Tser Huang

  5. Message Modification • Adversary A can arbitrarily modify the content of m to become m’ A m m’ x y (C) 2004 Chin-Tser Huang

  6. Message Insertion • Adversary A can arbitrarily fabricate a message m, pretending that m was sent by x src: x dst: y A m x y (C) 2004 Chin-Tser Huang

  7. Message Replay • Adversary A can replay a message m that has been sent earlier by x and received by y m A m x y (C) 2004 Chin-Tser Huang

  8. … … … … … Denial-of-Service Attack • Adversary A can send huge amount of messages to y to block m from arriving at y A m ????? x y (C) 2004 Chin-Tser Huang

  9. Passive attacks Traffic analysis Message interception Active attacks Message loss Message modification Message insertion Message replay Denial-of-Service attack Type of Attacks (C) 2004 Chin-Tser Huang

  10. Confidentiality Integrity Authentication Anti-replay … Availability Access control Non-repudiation Anonymity Network Security Services (C) 2004 Chin-Tser Huang

  11. Confidentiality • Keep message known only to the receiver and secret to anyone else • Counter message interception (C) 2004 Chin-Tser Huang

  12. Integrity • When receiver receives message m, receiver can verify m is intact after sent by sender • Counter message modification (C) 2004 Chin-Tser Huang

  13. Authentication • When receiver receives message m, receiver can verify m is indeed sent by the sender recorded in m • Counter message insertion (C) 2004 Chin-Tser Huang

  14. Anti-replay • When receiver receives message m, receiver can verify m is not a message that was sent and received before • Counter message replay (C) 2004 Chin-Tser Huang

  15. Availability • Property of a system or a resource being accessible and usable upon demand by an authorized entity • Counter denial-of-service attack (C) 2004 Chin-Tser Huang

  16. Access Control • Mechanism to enforce access rights to resources and data • Users can access resources and data to which they have access rights • Users cannot access resources and data to which they don’t have access rights (C) 2004 Chin-Tser Huang

  17. Non-repudiation • When receiver receives message m, receiver gets proof that sender of m ever sent m • Receiver of m can show proof to third-party so that sender of m cannot repudiate (C) 2004 Chin-Tser Huang

  18. Anonymity • Identity of sender is hidden from receiver • When receiver receives message m, receiver has no clue about sender of m (C) 2004 Chin-Tser Huang

  19. Network Security Is Great… • Prevent messages from being attacked in their transit • Detect and discard messages that are modified, inserted, or replayed • Disallow unauthorized access to local system resource and sensitive data (C) 2004 Chin-Tser Huang

  20. …But Hard To Achieve • Many layers in network architecture • Many different media of network connection • Adversary’s location hard to determine • New attacks keep emerging • Cryptographic overhead (C) 2004 Chin-Tser Huang

  21. Next … • Final exam on Tuesday, May 4, 5:30pm-7:30pm • Take CSCE 715 in Fall 2004 if you are interested in network security • Have a good summer! (C) 2004 Chin-Tser Huang

More Related