Network Security

1
Network Security

• Krerk Piromsopa.
• Department of Computer Engineering.
• Chulalongkorn University.

2
Network Security

• Communicate securely.
• Secrecy (Understand only by the sender and
  intended)
• Authentication (Confirm Identity of other party
  involved)
• Message integrity (The message is not altered)
• Passive Intruder, Active Intruder
• Both party might be Routers, applications, etc..
• LAN.
• Packet sniffer (Ethernet promiscuous mode)

3
Secrecy (Encryption)

• Symmetric Key Cryptography
• Caesar cipher
• DES (Data Encryption Standard)
• Public Key Encryption
• RSA algorithm (Ron Rivest, Adi Shamir, and
  Leonard Adleman)

4
Authentication

• Digital Signature
• Key Distribution and Certification (KDC)
• Certification Authority (CA)

5
Protocols

• PGP
• S/MIME
• SSL
• SET
• IPsec
• AH(Authentication Header)
• ESP

6
Secure sockets layer (SSL)
Client
Server
Browse secure page
Send servers CA
Got servers Public Key
Make Random symmetic key and encrypts using
servers Public Key
Got symmetric key
7
SSL
8
Secure Email

• Public Key encryption
• inefficient for long messages (attachments,images,
  audio, video)
• Symmetric key session

• Hash function and digital signatures
• PGP
• S/MIME

9
PGP

• PGP (short for Pretty Good Privacy), created by
  Philip Zimmermann, is the de facto standard
  program for secure e-mail and file encryption on
  the Internet. Its public-key cryptography system
  enables people who have never met to secure
  transmitted messages against unauthorized reading
  and to add digital signatures to messages to
  guarantee their authenticity. Why do we need PGP?
  E-mail sent over the Internet is more like paper
  mail on a postcard than mail in a sealed
  envelope. It can easily be read, or even altered,
  by anyone with privileged access to any of the
  computers along the route followed by the mail.
  Hackers can read and/or forge e-mail. Government
  agencies eavesdrop on private communications.

10
Secure electronic transaction (SET)

• Developed by Visa and MasterCard in Feb 1996
• three software components
• Browser wallet
• Merchant server
• Acquirer gateway

11
IPsec

• Authentication Header (AH)
• Provides source host identification and data
  integrity
• not secrecy
• RFC 2402
• AH header includes
• Next Header field
• Security Parameter Index
• Sequence Number
• Authentication Data (digital signature)

• Encapsulation Security Payload (ESP)
• Encrypt IP Datagram
• RFC 2406

12
Firewalls

• Benefits
• Prevent intruders from interfering with the daily
  operation of the internal network.
  Denail-of-service attack (SYN flooding)
• Prevent intruders from deleting or modifying
  information stored within the internal network.
• Prevent intruders from obtaining secret
  information.
• Packet Filtering
• Source/Destination IP address, TCP and UDP
  Source/Destination Port, ICMP message type, TCP
  SYN and ACK
• Application Gateways
• Provide services for limit number of user.

13
Firewalls
14
Firewalls
15
VPN
16
Microsoft Passport

• Single-Sign-On

17
Microsoft Passport Risk

• DNS attacks
• Active attacks

18
EC investigates MS Passport's Privacy

• The European Commission is studying Microsoft's
  Passport system to ensure that the sign-on
  software complies with security and privacy
  requirements
• An EC working party has questioned whether the
  Passport system breaks the European Union-US Safe
  Harbour agreement on data protection, which
  restricts the migration of personal data beyond
  the control of computer users to other countries.
• Source Computer Weekly, 20 August 2002

19
Reference

• Firewall Figures from http//www.firewalls.pl/
• http//www.setco.org/
• http//avirubin.com/passport.html
• http//www.usabilitynews.com/news/article644.asp