lecture1_2.ppt 1080KB Jun 23 2011 10:19:28 AM
CS 285 Network Security
@Yuan Xue ([email protected])
Fall 2008
Course Information
When and Where
Tuesday/Thursday 11am-12:15pm
209 Featheringill Hall
Instructor: Yuan Xue ([email protected])
Office: 383 Jacobs Hall, Phone: 615-322-2926
Office hours: Monday/Thursday 2pm-3pm or by
appointment.
Web:
http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.htm
l
@Yuan Xue ([email protected])
Books and References
Textbook
[WS] Cryptography and Network Security: Principles
and Practice (4th Edition) by William Stallings
Reference books
[KPS] Network Security: Private Communication in a
Public World (2nd Edition), by Charlie Kaufman,
Radia Perlman, Mike Speciner
[CSP] Security in Computing (3rd Edition), by
Charles P. Pfleeger, Shari Lawrence Pfleeger
[MB] Computer Security: Art and Science, by
Matthew A. Bishop
@Yuan Xue ([email protected])
Course Component
Lecture
Slides + white board
Take note
Online digest/slides
Participation
Discussion
Presentation
Homework
5 assignments
Midterm
Project
@Yuan Xue ([email protected])
Grading Policy
Participation:
10%
Homework: 35%
Midterm: 25%
Project: 30%
What you will learn from this
course
What is “Security”?
Where the security problems come from?
Potential threats to a system
What are the solutions?
Apply an appropriate mix of security measures (protective,
defensive, etc)
Knowing what has worked, what has failed.
Security involves many aspects
-Operating system, programming language, administration and policy
@Yuan Xue ([email protected])
Our Focus
Network Security
Course Topics
Security Basics and Principles
Symmetric/ Asymmetric Cryptography
Basic concept, algorithm, mechanism,
Design principles
Security Practices
Secure protocols, systems and applications
Hand-on experiences
Secure network programming
Hot Topics and Recent Development
Wireless security, DoS attack, etc.
@Yuan Xue ([email protected])
Survey and Feedback
Your input is important
Online Survey
http://www.zoomerang.com/Survey/?p=WEB22873V62
YWQ
Feedback
@Yuan Xue ([email protected])
What is security?
In general, security is the condition of
being protected against danger or loss.
(Wikipedia)
In computer security and network
security
What are the subjects that need to be
protected?
Let’s start with some terms
System
computer, network, application, data, resource
Principal: an entity that participate in a
system
user, person
@Yuan Xue ([email protected])
What is security?
Computer Security
Confidentiality means that only authorized people
or system can access the data or resource.
Integrity refers to the trustworthiness of data or
resources.
Data integrity means that data can only be modified by
authorized people or system in authorized ways
Origin integrity means that the source of the data is
trustworthy, also called authentication.
Message authentication means messages received are
exactly as sent (i.e. no modification, insertion, deletion,
or replay), and the ID of the sender is valid.
Note: timing information
Availability means that people has the ability to
use the information or resource desired.
@Yuan Xue ([email protected])
Where the security problem comes
from?
Let’s look at some example systems:
Bank
Bookkeeping
Core operations
customer account, journals recording the transactions
Who has the access to the information?
Bank’s own staff – what if they cheat?
ATM
Authenticate users based on card and ID number
Let’s go Internet
The user – how do we know they are the “real” (authenticate)
user?
Protect web servers and bookkeeping database
@Yuan Xue ([email protected])
Where the security problem comes
from?
Hospital
Patient record system
Who can access the record? –
Many parties – insurance company, care giver, researcher, etc
Complicated -- role can change
Privacy issue – HIPPA
Anonymize the record for research
Is it sufficient?
Show me all records of 59-year-old males who were treated for
a broken collarbone on September 15, 1966
Drug management
Let’s go to Web
….
@Yuan Xue ([email protected])
Issues that will be
addressed in this class
@Yuan Xue ([email protected])
Network Security Issues
From a Computer to Internet
Network Security
Single computer
Networking environment
Secure communication in a public environment
Computer system security with remote access
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Read content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Modify content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Bob
Alice
capture the message from Bob to Alice
And replay the message later
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Pretend to be Bob to
send a message to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Interrupt
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Observe message pattern
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
What are the solutions?
@Yuan Xue ([email protected])
Why many solutions fail?
Protect wrong things
Protect right things in the wrong way
@Yuan Xue ([email protected])
What are the solutions?
Security Basics and Principles
Symmetric/ Asymmetric Cryptography
Basic concept, algorithm, mechanism,
Security Practices
Secure protocol designs
Secure systems and applications
@Yuan Xue ([email protected])
How to study network security?
Principle of Easiest Penetration
An intruder are expected to use any available
means of penetration.
Computer security specialists must consider all
possible means of penetration.
Learning methodology
examine all possible vulnerabilities of the system
consider available countermeasures.
@Yuan Xue ([email protected])
@Yuan Xue ([email protected])
Fall 2008
Course Information
When and Where
Tuesday/Thursday 11am-12:15pm
209 Featheringill Hall
Instructor: Yuan Xue ([email protected])
Office: 383 Jacobs Hall, Phone: 615-322-2926
Office hours: Monday/Thursday 2pm-3pm or by
appointment.
Web:
http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.htm
l
@Yuan Xue ([email protected])
Books and References
Textbook
[WS] Cryptography and Network Security: Principles
and Practice (4th Edition) by William Stallings
Reference books
[KPS] Network Security: Private Communication in a
Public World (2nd Edition), by Charlie Kaufman,
Radia Perlman, Mike Speciner
[CSP] Security in Computing (3rd Edition), by
Charles P. Pfleeger, Shari Lawrence Pfleeger
[MB] Computer Security: Art and Science, by
Matthew A. Bishop
@Yuan Xue ([email protected])
Course Component
Lecture
Slides + white board
Take note
Online digest/slides
Participation
Discussion
Presentation
Homework
5 assignments
Midterm
Project
@Yuan Xue ([email protected])
Grading Policy
Participation:
10%
Homework: 35%
Midterm: 25%
Project: 30%
What you will learn from this
course
What is “Security”?
Where the security problems come from?
Potential threats to a system
What are the solutions?
Apply an appropriate mix of security measures (protective,
defensive, etc)
Knowing what has worked, what has failed.
Security involves many aspects
-Operating system, programming language, administration and policy
@Yuan Xue ([email protected])
Our Focus
Network Security
Course Topics
Security Basics and Principles
Symmetric/ Asymmetric Cryptography
Basic concept, algorithm, mechanism,
Design principles
Security Practices
Secure protocols, systems and applications
Hand-on experiences
Secure network programming
Hot Topics and Recent Development
Wireless security, DoS attack, etc.
@Yuan Xue ([email protected])
Survey and Feedback
Your input is important
Online Survey
http://www.zoomerang.com/Survey/?p=WEB22873V62
YWQ
Feedback
@Yuan Xue ([email protected])
What is security?
In general, security is the condition of
being protected against danger or loss.
(Wikipedia)
In computer security and network
security
What are the subjects that need to be
protected?
Let’s start with some terms
System
computer, network, application, data, resource
Principal: an entity that participate in a
system
user, person
@Yuan Xue ([email protected])
What is security?
Computer Security
Confidentiality means that only authorized people
or system can access the data or resource.
Integrity refers to the trustworthiness of data or
resources.
Data integrity means that data can only be modified by
authorized people or system in authorized ways
Origin integrity means that the source of the data is
trustworthy, also called authentication.
Message authentication means messages received are
exactly as sent (i.e. no modification, insertion, deletion,
or replay), and the ID of the sender is valid.
Note: timing information
Availability means that people has the ability to
use the information or resource desired.
@Yuan Xue ([email protected])
Where the security problem comes
from?
Let’s look at some example systems:
Bank
Bookkeeping
Core operations
customer account, journals recording the transactions
Who has the access to the information?
Bank’s own staff – what if they cheat?
ATM
Authenticate users based on card and ID number
Let’s go Internet
The user – how do we know they are the “real” (authenticate)
user?
Protect web servers and bookkeeping database
@Yuan Xue ([email protected])
Where the security problem comes
from?
Hospital
Patient record system
Who can access the record? –
Many parties – insurance company, care giver, researcher, etc
Complicated -- role can change
Privacy issue – HIPPA
Anonymize the record for research
Is it sufficient?
Show me all records of 59-year-old males who were treated for
a broken collarbone on September 15, 1966
Drug management
Let’s go to Web
….
@Yuan Xue ([email protected])
Issues that will be
addressed in this class
@Yuan Xue ([email protected])
Network Security Issues
From a Computer to Internet
Network Security
Single computer
Networking environment
Secure communication in a public environment
Computer system security with remote access
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Read content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Modify content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Bob
Alice
capture the message from Bob to Alice
And replay the message later
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Pretend to be Bob to
send a message to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Interrupt
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
Some Simple Scenarios
Alice
Bob
Observe message pattern
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Lin
k
Lin
k
Lin
k
Lin
k
@Yuan Xue ([email protected])
Internet
What are the solutions?
@Yuan Xue ([email protected])
Why many solutions fail?
Protect wrong things
Protect right things in the wrong way
@Yuan Xue ([email protected])
What are the solutions?
Security Basics and Principles
Symmetric/ Asymmetric Cryptography
Basic concept, algorithm, mechanism,
Security Practices
Secure protocol designs
Secure systems and applications
@Yuan Xue ([email protected])
How to study network security?
Principle of Easiest Penetration
An intruder are expected to use any available
means of penetration.
Computer security specialists must consider all
possible means of penetration.
Learning methodology
examine all possible vulnerabilities of the system
consider available countermeasures.
@Yuan Xue ([email protected])