240 likes | 350 Views
CSE 651: Introduction to Network Security. Steve Lai Spring 2010. Syllabus. Instructor: Steve Lai Office: DL 581 Office hours: MWF 2:30-3:30 Email: lai@cse.ohio-state.edu Home page: www.cse.ohio-state.edu/~lai. Text (required). William Stallings Cryptography and Network Security:
E N D
CSE 651:Introduction to Network Security Steve Lai Spring 2010
Syllabus • Instructor: Steve Lai • Office: DL 581 • Office hours: MWF 2:30-3:30 • Email: lai@cse.ohio-state.edu • Home page: www.cse.ohio-state.edu/~lai
Text (required) • William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010. • http://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/0136097049
Prerequisite • CSE 677 • Some maturity in mathematical reasoning
Content of Course • Will cover the first 17 chapters of Stallings with many sections skipped.
Topics • Introduction (Ch. 1) • Symmetric-key encryption • Classical encryption techniques (Ch. 2) • Block ciphers and data encryption standard (Ch. 3) • Advanced encryption standard (Ch. 5) • Block cipher operation (Ch. 6) • Stream ciphers (Ch. 7) • Public-key cryptography and RSA (Ch. 9)
Topics (cont.) • Cryptographic hash functions (Ch. 11) • Message Authentication (Ch. 12) • Digital Signatures (Ch. 13) • Key management and distribution (Ch. 14) • User authentication protocols (Ch. 15) • Web Security: SSL (Ch 16) • IEEE 802.11 Wireless LAN Security (Ch. 17)
Grading plan • Assignments: 20% • Midterm exam I: 25% (Monday, April 26) • Midterm exam II: 25% (Monday, May 17) • Final exam: 30% (Wed, June 9, 9:30) • Late homework will NOT be accepted.
Three related courses • CSE 551: Introduction to Information Security • CSE 652: Applied Information Security Project • CSE 794Q: Introduction to Cryptography
Introduction CSE 651: Introduction to Network Security
What is Network Security? • Network Security – measures to protect data during their transmission over a network or internet. • Internet Security
Aspects of Network Security • ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects: • security attack • security service • security mechanism
Security Attack • Attack: any action that compromises the security of information • Many different types of attacks • Can be generally classified as • Passive attacks • Active attacks
Passive Attacks • Reading contents of messages • Also called eavesdropping • Difficult to detect passive attacks • Defense: to prevent their success
Active Attacks • Modification or creation of messages (by attackers) • Four categories: modification of messages, replay, masquerade, denial of service • Easy to detect but difficult to prevent • Defense: detect attacks and recover from damages
Security Services (Goals) • Data Confidentiality: protecting data from unauthorized disclosure. • Data Integrity: • assuring that data received is as sent (w/o modification) • or detecting its non-integrity.
Authentication: • (from dictionary: the action of confirming someone or something as authentic.) • (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed. • Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.
Message Authentication • Data origin authentication • Data integrity • Entity Identification • Entity authentication
Non-Repudiation: • Origin non-repudiation: preventing sender from denying that he has sent a message • Destination non-repudiation: preventing receiver from denying that she has received a message
Access Control: preventing unauthorized use of a resource. • Availability:making systems or resources available upon demand by legitimate users.
Security Mechanisms • Means to implement security services: • Encryption • Symmetric-key encryption • Public-key encryption • Key management • Hash functions • Message authentication codes • Digital signatures • Entity authentication protocols