Top Banner

of 40

Security Requirements and Attacks

Jan 08, 2016

Download

Documents

iwc2008007

Security Requirements and Attacks
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • Network Security

  • ContentsSecurity Requirements and AttacksConfidentiality with Conventional EncryptionMessage Authentication and Hash FunctionsPublic-Key Encryption and Digital SignaturesIPv4 and IPv6 Security

  • Security RequirementsConfidentialityIntegrityAvailability

  • Passive AttacksRelease of message content (eavesdropping)Prevented by encryptionTraffic AnalysisFixed by traffic paddingPassive attacks are easier to prevent than to detect

  • Active AttacksInvolve the modification of the data stream or creation of a false data streamActive Attacks are easier to detect than to prevent

  • Active Attacks (cont.)MasqueradeReplayModification of messagesDenial of service

  • Conventional EncryptionPlain textEncryption algorithmDecryption algorithmPlain textTransmitted ciphertextShared secret key

  • Conventional Encryption RequirementsKnowing the algorithm, the plain text and the ciphered text, it shouldnt be feasible to determine the key.The key sharing must be done in a secure fashion.

  • Encryption AlgorithmsData Encryption Standard (DES)Plaintext: 64-bit blocksKey: 56 bitsHas been broken in 1998 (brute force)Triple DESAdvanced Encryption Standard (AES)Plaintext: 128-bit blocksKey: 128, 256 or 512 bits

  • Location of Encryption DevicesPSNPSNPSNPSNPSNPacket Switching NodeEnd-to-end encryption deviceLink encryption device

  • Key DistributionManualSelected by A, physically delivered to BSelected by C, physically delivered to A and BAutomaticThe new key is sent encrypted with an old keySent through a 3-rd party with which A and B have encrypted links

  • Message AuthenticationAuthentic message means that: it comes from the alleged sourceit has not been modified

  • Message Authentication ApproachesAuthentication with conventional encryptionAuthentication without message encryption:when confidentiality is not necessarywhen encryption is unpractical

  • Message Authentication CodeUses a secret key to generate a small block of dataMACM = F (KAB, M)

  • One-way Hash FunctionMessage digest a fingerprint of the messageLike MAC, but without the use of a secret keyThe message digest must be authenticated

  • Secure Hash RequirementsH can be applied to a block of any sizeH produces a fixed-length outputH(x) is easy to computeGiven h, it is infeasible to compute x s.t. H(x) = hGiven x, it is infeasible to find y s.t. H(x) = H(y)It is infeasible to find (x,y) such that H(x) = H(y)

  • Secure Hash FunctionsMessage Digest v5 (MD5)128-bit message digesthas been found to have collision weaknessSecure Hash Algorithm (SHA-1)160-bit message digest

  • Public-Key EncryptionEach user has a pair of keys:public keyprivate keyWhat is encrypted with one, can only be decrypted with the other

  • EncryptionPlain textPlain textTransmitted ciphertextBobs public keyAliceBobBobs private key

  • AuthenticationPlain textPlain textTransmitted ciphertextAlices public keyAliceBobAlices private key

  • Digital SignatureLike authentication, only performed on a message authenticator (SHA-1)

  • Public-Key Encryption AlgorithmsRSA (used by PGP)El Gamal (used by GnuPG)

  • Key ManagementPublic-Key encryption can be used to distribute secret keys for conventional encryptionPublic-Key authentication:signing authorityweb of trust

  • IPv4 and IPv6 SecurityProvides encryption/authentication at the network (IP) layerIPSec applications:Virtual Private NetworkingE-commerceOptional for IPv4, mandatory for IPv6

  • IP Header with IPSec Information

  • Two Types of IPSec Security Protocols

  • Advantages of IPSec

  • How an AH is Generated in IPSec

  • AH Fields

  • The ESP Header FormatEncapsulated Security Payload

  • Tunnel Versus Transport Mode

  • AH Header Placement in Transport Mode

  • AH Header Placement in Tunnel Mode

  • ESP Header Placement in Transport Mode

  • ESP Header Placement in Tunnel Mode

  • Security AssociationOne-way relationship between two hosts, providing security services for the payloadUniquely identified by:Security Parameter Index (SPI)IP destination addressSecurity Protocol Identifier (AH/ESP)

  • SA Security Parameters

  • IPSec Process Negotiation

  • Key ManagementManualused for small networkseasier to configureAutomatedmore scalablemore difficult to setupISAKMP/Oakley

  • IKE Use in an IPSec Environment


Related Documents
Sphinx: Detecting Security Attacks in Software … Detecting Security Attacks in Software-Defined Networks ... and potentially unknown security attacks on these two key SDN properties

Sphinx: Detecting Security Attacks in Software … Detecting...

Category: Documents
Network Security and Network Attacks

Network Security and Network Attacks

Category: Documents
Industrial IoT Security Attacks & Countermeasures · Industrial IoT Security Attacks & Countermeasures Conference 2016 Chris Shire – Infineon Technologies 06.12.16

Industrial IoT Security Attacks & Countermeasures ·...

Category: Documents
1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.

1 Introduction to Network Security Spring 2009. 2 Outline...

Category: Documents
Social engineering for security attacks

Social engineering for security attacks

Category: Engineering
Security Attacks on RSA

Security Attacks on RSA

Category: News & Politics
Security-Web Vulnerabilities-Browser Attacks

Security-Web Vulnerabilities-Browser Attacks

Category: Technology
Security: Injection Attacks (PDF)

Security: Injection Attacks (PDF)

Category: Documents
Network Security Part II: Attacks Layer 2 / 3 Attacks.

Network Security Part II: Attacks Layer 2 / 3 Attacks.

Category: Documents
Information and network Security 10CS835€¦ · Introduction to Network Security, Authentication Applications: Attacks, services, and Mechanisms; Security Attacks; Security Services;

Information and network Security 10CS835€¦ ·...

Category: Documents
Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks.

Network Security Part II: Attacks Network Security Part II:....

Category: Documents
Network Security and DoS Attacks

Network Security and DoS Attacks

Category: Documents