1 cse 651: introduction to network security steve lai spring 2010
TRANSCRIPT
![Page 1: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/1.jpg)
1
CSE 651: Introduction to Network Security
Steve LaiSpring 2010
![Page 2: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/2.jpg)
2
Syllabus
• Instructor: Steve Lai
• Office: DL 581
• Office hours: MWF 2:30-3:30
• Email: [email protected]
• Home page: www.cse.ohio-state.edu/~lai
![Page 3: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/3.jpg)
3
Text (required)
• William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010.
• http://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/0136097049
![Page 4: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/4.jpg)
4
Prerequisite
• CSE 677
• Some maturity in mathematical reasoning
![Page 5: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/5.jpg)
Content of Course
• Will cover the first 17 chapters of Stallings with many sections skipped.
5
![Page 6: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/6.jpg)
6
Topics• Introduction (Ch. 1)• Symmetric-key encryption
– Classical encryption techniques (Ch. 2)
– Block ciphers and data encryption standard (Ch. 3)
– Advanced encryption standard (Ch. 5)
– Block cipher operation (Ch. 6)
– Stream ciphers (Ch. 7)• Public-key cryptography and RSA (Ch. 9)
![Page 7: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/7.jpg)
7
Topics (cont.)
• Cryptographic hash functions (Ch. 11)• Message Authentication (Ch. 12)• Digital Signatures (Ch. 13)• Key management and distribution (Ch. 14)• User authentication protocols (Ch. 15)• Web Security: SSL (Ch 16)• IEEE 802.11 Wireless LAN Security (Ch.
17)
![Page 8: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/8.jpg)
8
Grading plan
• Assignments: 20%
• Midterm exam I: 25% (Monday, April 26)
• Midterm exam II: 25% (Monday, May 17)
• Final exam: 30% (Wed, June 9, 9:30)
• Late homework will NOT be accepted.
![Page 9: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/9.jpg)
Three related courses
• CSE 551: Introduction to Information Security
• CSE 652: Applied Information Security Project
• CSE 794Q: Introduction to Cryptography
9
![Page 10: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/10.jpg)
Introduction
CSE 651: Introduction to Network Security
![Page 11: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/11.jpg)
What is Network Security?
• Network Security – measures to protect data during their transmission over a network or internet.
• Internet Security
11
![Page 12: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/12.jpg)
Aspects of Network Security
• ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects:– security attack– security service– security mechanism
12
![Page 13: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/13.jpg)
Security Attack
• Attack: any action that compromises the security of information
• Many different types of attacks
• Can be generally classified as– Passive attacks– Active attacks
13
![Page 14: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/14.jpg)
Passive Attacks• Reading contents of messages • Also called eavesdropping• Difficult to detect passive attacks• Defense: to prevent their success
14
![Page 15: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/15.jpg)
15
Active Attacks
• Modification or creation of messages (by attackers)
• Four categories: modification of messages, replay, masquerade, denial of service
• Easy to detect but difficult to prevent
• Defense: detect attacks and recover from damages
![Page 16: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/16.jpg)
16
![Page 17: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/17.jpg)
17
![Page 18: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/18.jpg)
18
![Page 19: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/19.jpg)
19
Security Services (Goals)
• Data Confidentiality: protecting data
from unauthorized disclosure.
• Data Integrity: – assuring that data received is as sent
(w/o modification)
– or detecting its non-integrity.
![Page 20: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/20.jpg)
20
• Authentication: – (from dictionary: the action of confirming
someone or something as authentic.)
– (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed.
– Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.
![Page 21: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/21.jpg)
21
• Message Authentication – Data origin authentication
– Data integrity
• Entity Identification– Entity authentication
![Page 22: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/22.jpg)
22
• Non-Repudiation: – Origin non-repudiation: preventing
sender from denying that he has sent a message
– Destination non-repudiation: preventing receiver from denying that she has received a message
![Page 23: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/23.jpg)
23
• Access Control: preventing unauthorized use of a resource.
• Availability: making systems or resources available upon demand by legitimate users.
![Page 24: 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010](https://reader036.vdocument.in/reader036/viewer/2022081419/56649d9e5503460f94a890b7/html5/thumbnails/24.jpg)
24
Security Mechanisms• Means to implement security services:
– Encryption• Symmetric-key encryption
• Public-key encryption
• Key management
– Hash functions
– Message authentication codes
– Digital signatures
– Entity authentication protocols