Network Security Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information Technology (IIT), University of Dhaka (DU) shafiul@du.ac.bd December 10, 2017 M S A Khan (IIT, DU) Network Security December 10, 2017 1 / 23
Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 2 / 23
Goal of Network Security Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 3 / 23
Goal of Network Security Goal of Network Security Properties Confidentiality Integrity Availability OR Authentication protecting the information from disclosure to unauthorized parties protecting information from being modified by unauthorized parties ensuring that authorized parties are able to access the information when needed The CIA triad is a very fundamental concept in security. However, it has been suggested that the CIA triad is not enough. M S A Khan (IIT, DU) Network Security December 10, 2017 4 / 23
Secure Socket Layer (SSL) Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 5 / 23
Secure Socket Layer (SSL) Secure Socket Layer (SSL) Widely deployed security protocol Variation: TLS— transport layer security (RFC 2246) Provide confidentiality,integrity, and authentication Available to all TCP applications M S A Khan (IIT, DU) Network Security December 10, 2017 6 / 23
Secure Socket Layer (SSL) SSL/TLS M S A Khan (IIT, DU) Network Security December 10, 2017 7 / 23
Secure Socket Layer (SSL) How SSL Works Handshake: Alice and Bob use their certificates, private keys to authenticate each other and exchange shared secret Key derivation: Alice and Bob use shared secret to derive set of keys Data transfer: data to be transferred is broken up into series of records Connection closure: special messages to securely close connection M S A Khan (IIT, DU) Network Security December 10, 2017 8 / 23
Secure Socket Layer (SSL) SSL Cipher Suite Cipher suite contains – Public-key algorithm, for example, RSA Symmetric encryption algorithm, for example, 3DES, AES, RC4, RC5 MAC algorithm SSL supports several cipher suites Negotiation: client, server agree on cipher suite. For example, client offers choice server picks one M S A Khan (IIT, DU) Network Security December 10, 2017 9 / 23
Public Key Infrastructure (PKI) Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 10 / 23
Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) Features Provides a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Manage public-key encryption M S A Khan (IIT, DU) Network Security December 10, 2017 11 / 23
Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) Application In network, PKI allows for the centralization of network authentication Authentication of client systems using SSL (Secure Socket Layer) signatures or encryption in web browser. Other applications include the transmission of authenticated email messages using S/MIME (Secure/Multi-purpose Internet Mail Extensions), OpenPGP (Open Pretty Good Privacy) and other technologies M S A Khan (IIT, DU) Network Security December 10, 2017 12 / 23
Browser Security Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 13 / 23
Browser Security Browser Finger Printing Browser Finger Printing Discuss a recent paper M S A Khan (IIT, DU) Network Security December 10, 2017 14 / 23
Browser Security Integrated Java Script Power of Java Script to Do Nasty Staffs Group Discussion M S A Khan (IIT, DU) Network Security December 10, 2017 15 / 23
Different Network Attacks Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 16 / 23
Different Network Attacks Spoofing Spoofing A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage What are the possible ways to implement this attack? M S A Khan (IIT, DU) Network Security December 10, 2017 17 / 23
Different Network Attacks Reflection Attack Reflection Attack A reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. How to prevent such attack? For example, use of nonce or time-stamp M S A Khan (IIT, DU) Network Security December 10, 2017 18 / 23
Different Network Attacks Distributed Denial of Service Attack (DDOS) DDOS DOS attack in distributed nature How to prevent such attack? For example, Monitoring M S A Khan (IIT, DU) Network Security December 10, 2017 19 / 23
Different Network Attacks Botnet Botnet A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. M S A Khan (IIT, DU) Network Security December 10, 2017 20 / 23
Conclusion Outline Goal of Network Security 1 Secure Socket Layer (SSL) 2 Public Key Infrastructure (PKI) 3 Browser Security 4 Different Network Attacks 5 Conclusion 6 M S A Khan (IIT, DU) Network Security December 10, 2017 21 / 23
Conclusion Conclusion Discuss the required security service in a network Discuss TLS/SSL Discuss Browser security issues Discuss different network attacks M S A Khan (IIT, DU) Network Security December 10, 2017 22 / 23
M S A Khan (IIT, DU) Network Security December 10, 2017 23 / 23
Recommend
More recommend