1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.
-
Upload
poppy-maxwell -
Category
Documents
-
view
249 -
download
0
Transcript of 1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.
1
CSE 651: Introduction to Network Security
Steve LaiSpring 2010
2
Syllabus
• Instructor: Steve Lai
• Office: DL 581
• Office hours: MWF 2:30-3:30
• Email: [email protected]
• Home page: www.cse.ohio-state.edu/~lai
3
Text (required)
• William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010.
• http://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/0136097049
4
Prerequisite
• CSE 677
• Some maturity in mathematical reasoning
Content of Course
• Will cover the first 17 chapters of Stallings with many sections skipped.
5
6
Topics• Introduction (Ch. 1)• Symmetric-key encryption
– Classical encryption techniques (Ch. 2)
– Block ciphers and data encryption standard (Ch. 3)
– Advanced encryption standard (Ch. 5)
– Block cipher operation (Ch. 6)
– Stream ciphers (Ch. 7)• Public-key cryptography and RSA (Ch. 9)
7
Topics (cont.)
• Cryptographic hash functions (Ch. 11)• Message Authentication (Ch. 12)• Digital Signatures (Ch. 13)• Key management and distribution (Ch. 14)• User authentication protocols (Ch. 15)• Web Security: SSL (Ch 16)• IEEE 802.11 Wireless LAN Security (Ch.
17)
8
Grading plan
• Assignments: 20%
• Midterm exam I: 25% (Monday, April 26)
• Midterm exam II: 25% (Monday, May 17)
• Final exam: 30% (Wed, June 9, 9:30)
• Late homework will NOT be accepted.
Three related courses
• CSE 551: Introduction to Information Security
• CSE 652: Applied Information Security Project
• CSE 794Q: Introduction to Cryptography
9
Introduction
CSE 651: Introduction to Network Security
What is Network Security?
• Network Security – measures to protect data during their transmission over a network or internet.
• Internet Security
11
Aspects of Network Security
• ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects:– security attack– security service– security mechanism
12
Security Attack
• Attack: any action that compromises the security of information
• Many different types of attacks
• Can be generally classified as– Passive attacks– Active attacks
13
Passive Attacks• Reading contents of messages • Also called eavesdropping• Difficult to detect passive attacks• Defense: to prevent their success
14
15
Active Attacks
• Modification or creation of messages (by attackers)
• Four categories: modification of messages, replay, masquerade, denial of service
• Easy to detect but difficult to prevent
• Defense: detect attacks and recover from damages
16
17
18
19
Security Services (Goals)
• Data Confidentiality: protecting data
from unauthorized disclosure.
• Data Integrity: – assuring that data received is as sent
(w/o modification)
– or detecting its non-integrity.
20
• Authentication: – (from dictionary: the action of confirming
someone or something as authentic.)
– (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed.
– Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.
21
• Message Authentication – Data origin authentication
– Data integrity
• Entity Identification– Entity authentication
22
• Non-Repudiation: – Origin non-repudiation: preventing
sender from denying that he has sent a message
– Destination non-repudiation: preventing receiver from denying that she has received a message
23
• Access Control: preventing unauthorized use of a resource.
• Availability: making systems or resources available upon demand by legitimate users.
24
Security Mechanisms• Means to implement security services:
– Encryption• Symmetric-key encryption
• Public-key encryption
• Key management
– Hash functions
– Message authentication codes
– Digital signatures
– Entity authentication protocols