1 / 27

Basic Internet Security Concepts

Basic Internet Security Concepts. J.W. Ryder RyderJ@Oneonta.Edu. Introduction. The internet is a vast wilderness, an infinite world of opportunity Exploring, e-mail, free software, chat, video, e-business, information, games Explored by humans. Internet Security Concepts.

stone-holden
Download Presentation

Basic Internet Security Concepts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic Internet Security Concepts J.W. Ryder RyderJ@Oneonta.Edu 04-01-98 J.W. Ryder

  2. Introduction • The internet is a vast wilderness, an infinite world of opportunity • Exploring, e-mail, free software, chat, video, e-business, information, games • Explored by humans 04-01-98 J.W. Ryder

  3. Internet Security Concepts • Introduction of several basic security concepts • General mechanisms for protection 04-01-98 J.W. Ryder

  4. Sniffing and Spoofing • [1] • Sniffing • The ability to inspect IP Datagrams which are not destined for the current host. • Spoofing • After sniffing, create malicious havoc on the internet 04-01-98 J.W. Ryder

  5. 1 Unprotected Internet node Private Network node Gabrielle Poirot (C) Secure Gateway node A Guy Bank (I) Steve Burns (C) Sears Wall Street (N) A Guy’s Swiss Bank Ramon Sanchez (A) 04-01-98 J.W. Ryder

  6. A Guy has no integrity • Swiss Bank Scam • Integrity - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the data was changed in transit 04-01-98 J.W. Ryder

  7. Ramon springs for sound • Sears solid state stereos • Authentication - The guarantee that, upon receipt of a datagram from the network, the receiver will be able to determine if the stated sender of the datagram is, in fact, the sender 04-01-98 J.W. Ryder

  8. A guy sniffs success • Gabrielle and Steve almost strike it rich • Confidentiality - Ensure that each party, which is supposed to see the data, sees the data and ensure that those who should not see the data, never see the data. 04-01-98 J.W. Ryder

  9. Wall Street Woes • A guy spots a hot stock tip • Non-repudiation - Once a host has sent a datagram, ensure that that same host cannot later claim that they did not send the datagram 04-01-98 J.W. Ryder

  10. A guy becomes desperate • Bring Wall St. to its knees • Denial of Service Attack - Flood a given IP Address (Host) with packets so that it spends the majority of its processing time denying service 04-01-98 J.W. Ryder

  11. 2 One Way Hash Functions (MD5, SHA1) Application In Comm. Stack Key Mgmt. Functions IP Crypto Functions (DES, CDMF, 3DES) Physical Adapter 04-01-98 J.W. Ryder

  12. Protocol Flow • [2, 3] • Through layers, each layer has a collection of responsibilities • ISO OSI Reference Model - (Open Systems Interconnection) • IP Datagram 04-01-98 J.W. Ryder

  13. 3 IP Hdr. Data IP Datagram Data MAC Fn Digest MAC Function IP Hdr. Data Digest Integrity 04-01-98 J.W. Ryder

  14. Keys • Bit values fed into cryptographic algorithms and one way hashing functions which provide help provide confidentiality, integrity, and authentication • The longer the better - 40, 48, 56, 128 • Brute force attacks can win with small keys 04-01-98 J.W. Ryder

  15. Symmetric Keys • Have qualities such as life times, refresh rates, etc. • Symmetric - Keys that are shared secrets on N cooperating, trusted hosts 04-01-98 J.W. Ryder

  16. Asymmetric • Public / Private key pairs • Public key lists kept on well known public key servers • Public key is no secret. If it is, the strategy will not work. • Public and Private keys inverse functional values • Private key is only known to you and must remain secret 04-01-98 J.W. Ryder

  17. Concept • Sender encrypts data with private key • Receiver decrypts data with public key • Receiver replies after encrypting with public key • Sender receives response and decrypts with private key 04-01-98 J.W. Ryder

  18. 4 Data Crypto Fn. Encrypted Data Key Encryption Function Encrypted Data IP Hdr. Confidentiality 04-01-98 J.W. Ryder

  19. 5 Encrypted Data Crypto Fn. Data Key Decryption Function Data Confidentiality 04-01-98 J.W. Ryder

  20. MACs • Message Authentication Codes, One Way Hashing Functions • A function, easy to compute but computationally infeasible to find 2 messages M1 and M2 such that • h (M1) = h (M2) • MD5 (Rivest, Shamir, Adleman) RSA ; SHA1 (NIST) • MD5 yields a 128 bit digest [3] 04-01-98 J.W. Ryder

  21. DES • Data Encryption Standard • U.S. Govt. Standard • 56 bit key - originally 128 bits • Absolute elimination of exhaustive search of key space • U.S. Security Agency Request - Reduce to 56 bits • Export CDMF (40 bits) • Keys are secrets to algorithms, not algorithms themselves [4, 5] 04-01-98 J.W. Ryder

  22. Encrypted Data IP Hdr. Digest Confidentiality & Integrity Digital Signature (Enc. Digest) Encrypted Data IP Hdr. Confidentiality, Integrity, & Authentication 04-01-98 J.W. Ryder

  23. Data CF EM DS MAC Key Digest MAC_Time < CF _Time Why would a guy prefer a Digital Signature over a Keyed Digest ? Why not? What types of Security are provided with EM, DS, Digest, Keyed Digest? Keyed Digest 04-01-98 J.W. Ryder

  24. No Security Integrity Confidentiality Conf. & Integrity Integrity & Auth. Conf., Int., & Auth. Integrity & Auth. Conf., Int., & Auth. Msg Msg MD EM EM MD Msg DS EM DS Msg KD EM KD 04-01-98 J.W. Ryder

  25. Purpose • Some ideas on Internet Security • Classes of mischief on Internet, definitions • Tools to fight mischief • Combinations of these tools 04-01-98 J.W. Ryder

  26. Purpose continued • Very high level • Good starting point for further study about • General networking & strategies • Cryptography • Key Management • Algorithm Analysis 04-01-98 J.W. Ryder

  27. Post Presentation Results • Should be familiar with concepts & terms such as • Integrity, Authentication, Non-repudiation, Confidentiality • Keys, MACs, Cryptography, Digest, Digital Certificates, Datagram • High level understanding of some methods to combat some the above types of Internet mischief 04-01-98 J.W. Ryder

More Related