Network Security

Chase Q. Wu
New Jersey Institute of Technology
Oak Ridge National Laboratory
https://web.njit.edu/~chasewu
Email: [email protected]
[email protected]
1
Cyber Security

2
 About This Course
Textbook:
1. Network Security Essentials: Applications and Standards,
3rd Ed. William Stallings
2. Cryptography and Network Security: Principles and
Practices, 4th Ed. William Stallings

Contents:
1. Cryptography
– Algorithms and protocols
– Conventional and public key-based encryption, hash func,
digital signatures, and key exchange
2. Network security applications
– Applications and tools
– Kerberos, X.509v3 certificates, PGP, S/MIME, IP
security, SSL/TLS, SET, and SNMPv3
3. System security
– System-level issues 3
– Intruders, viruses, worms, DOS
4
 Coursework Components
Homework:
– After each chapter
Projects:
– Cryptography (RSA implementation)
– A secure instant messenger system
Exams: Comprehensive in English

Do I have a TA to help with the class?

5
 Chapter 1 – Introduction
… teaches us to rely not on the likelihood of the
enemy's not coming, but on our own readiness
to receive him; not on the chance of his not
attacking, but rather on the fact that we have
made our position unassailable.
—The Art of War, Sun Tzu

故用兵之法，无恃其不来，恃吾有以待也；无
恃其不攻，恃吾有所不可攻也。
—《孙子兵法 · 九变篇》
6
 Outline
• Background
• Attacks, services and mechanisms
• Security attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
• Internet standards and RFCs
7
 Background
• Information Security requirements have
changed in recent times
– Traditionally provided by physical and
administrative mechanisms
– Many daily activities have been shifted from
physical world to cyber space
• Use of computers
– Protect files and other stored information
• Use of networks and communications links
– Protect data during transmission
• The focus of many funding agencies in US
– DOD, NSF, DHS, etc.
– ONR: game theory for cyber security
8
 Definitions
• Computer Security
– Generic name for the collection of tools
designed to protect data and to thwart
hackers
• Network Security
– Measures to protect data during their
transmission
• Internet Security (our focus!)
– Measures to protect data during their
transmission over a collection of
interconnected networks
9
Security Trends

10
 OSI Security Architecture
• ITU-T X.800 “Security Architecture for
OSI”
– A systematic way of defining and providing
security requirements
– Provides a useful, if abstract, overview of
concepts we will study

ITU-T: International Telecommunication Union

Telecommunication Standardization Sector
OSI: Open Systems Interconnection
11
 3 Aspects of Info Security
• Security Attack
– Any action that compromises the security of
information.
• Security Mechanism
– A mechanism that is designed to detect, prevent, or
recover from a security attack.
• Security Service
– A service that enhances the security of data
processing systems and information transfers.
• Makes use of one or more security mechanisms.

12
 Security Attacks
• Threat & attack
– Often used equivalently
• There are a wide range of attacks
– Two generic types of attacks
• Passive

• Active

13
Security Attack Classification

14
 Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on
integrity
• Fabrication: This is an attack on
authenticity
15
3 Primary Security Goals

Fundamental security objectives for both data and

information/computing services
16
17
 Security Services
X.800
– A service provided by a protocol layer of communicating open systems,
which ensures adequate security of the systems or of data transfers
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files

18
 Security Mechanism
• Features designed to detect, prevent, or
recover from a security attack
• No single mechanism that will support all
services required
• One particular element underlies many of
the security mechanisms in use:
– Cryptographic techniques
– Hence we will focus on this topic first

19
 Security Mechanisms (X.800)
• Specific security mechanisms:
– Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• Pervasive security mechanisms:
– Trusted functionality, security labels, event
detection, security audit trails, security recovery

20
Model for Network Security

21
 Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation (message de/encryption)
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information (keys)
4. specify a protocol enabling the principals to
use the transformation and secret information
for a security service (e.g. ssh)
22
Model for Network Access Security

23
Model for Network Access Security
Using this model requires us to implement:
1. Authentication
 select appropriate gatekeeper functions to identify
users
2. Authorization
 implement security controls to ensure only
authorized users access designated information or
resources
Trusted computer systems may be useful
to help implement this model
24
 Methods of Defense
• Encryption
• Software Controls
– Limit access in a database or in operating
systems
– Protect each user from other users
• Hardware Controls
– Smartcard (ICC, used for digital signature and
secure identification)
• Policies
– Frequent changes of passwords
– Recent study shows controversial arguments
• Physical Controls
25
Internet standards and RFCs
• Three organizations in the Internet
society
– Internet Architecture Board (IAB)
• Defining overall Internet architecture
• Providing guidance to IETF
– Internet Engineering Task Force (IETF)
• Actual development of protocols and standards
– Internet Engineering Steering Group (IESG)
• Technical management of IETF activities and
Internet standards process
26
Internet RFC Publication
Standardization Process

27
 Recommended Reading
• Pfleeger, C. Security in Computing.
Prentice Hall, 1997.

• Mel, H.X. Baker, D. Cryptography

Decrypted. Addison Wesley, 2001.

28