Lecture1 4

CS 285 Network Security
Fall 2008
@Yuan Xue (yuan.xue@vanderbilt.edu)
Course Information
When and Where
Tuesday/Thursday 11am-12:15pm
209 Featheringill Hall
Instructor: Yuan Xue (yuan.xue@vanderbilt.edu)
Office: 383 Jacobs Hall, Phone: 615-322-2926

Office hours: Monday/Thursday 2pm-3pm or by appointment.
Web: http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.html
Books and References

Textbook
[WS] Cryptography and Network Security: Principles

and Practice (4th Edition) by William Stallings
Reference books
[KPS] Network Security: Private Communication in a

Public World (2nd Edition), by Charlie Kaufman, Radia
Perlman, Mike Speciner
[CSP] Security in Computing (3rd Edition), by Charles P.
Pfleeger, Shari Lawrence Pfleeger
[MB] Computer Security: Art and Science, by Matthew
A. Bishop
Course Component
Lecture
Slides + white board

Take note
Online digest/slides
Participation
Discussion
Presentation
Homework
5 assignments
Midterm
Project
Grading Policy
Participation: 10%
Homework: 35%
Midterm: 25%
Project: 30%
What you will learn from this course

What is Security?
Where the security problems come from?
Potential threats to a system
What are the solutions?

Apply an appropriate mix of security measures (protective,
defensive, etc)
Knowing what has worked, what has failed.
Security involves many aspects
-Operating system, programming language, administration and policy
Our Focus
Network Security
Course Topics
Security Basics and Principles
Symmetric/ Asymmetric Cryptography

Basic concept, algorithm, mechanism,
Design principles
Security Practices
Secure protocols, systems and applications

Hand-on experiences
Secure network programming
Hot Topics and Recent Development
Wireless security, DoS attack, etc.
Survey and Feedback

Your input is important
Online Survey
http://www.zoomerang.com/Survey/?p=WEB22873V62YWQ
Feedback
What is security?
In general, security is the condition of being
protected against danger or loss. (Wikipedia)
In computer security and network security
What are the subjects that need to be protected?
Lets start with some terms
System
computer, network, application, data, resource
Principal: an entity that participate in a system

user, person
What is security?
Computer Security
Confidentiality means that only authorized people

or system can access the data or resource.
Integrity refers to the trustworthiness of data or
resources.
Data integrity means that data can only be modified by
authorized people or system in authorized ways

Origin integrity means that the source of the data is
trustworthy, also called authentication.
Message authentication means messages received are
exactly as sent (i.e. no modification, insertion, deletion,
or replay), and the ID of the sender is valid.
Note: timing information
Availability means that people has the ability to

use the information or resource desired.
Where the security problem comes from?

Lets look at some example systems:
Bank
Bookkeeping
Core operations
customer account, journals recording the transactions

Who has the access to the information?
Banks own staff what if they cheat?
ATM
Authenticate users based on card and ID number
Lets go Internet
The user how do we know they are the real (authenticate) user?
Protect web servers and bookkeeping database
Where the security problem comes from?

Hospital
Patient record system

Who can access the record?
Many parties insurance company, care giver, researcher, etc

Complicated -- role can change
Privacy issue HIPPA
Anonymize the record for research

Is it sufficient?
Show me all records of 59-year-old males who were treated for a

broken collarbone on September 15, 1966
Drug management
Lets go to Web
.
Issues that will be addressed

in this class
Network Security Issues

From a Computer to Internet
Network Security
Single computer
Networking environment
Secure communication in a public environment
Computer system security with remote access
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet
Some Simple Scenarios

Alice
Bob
Read content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet

Alice
Bob
Modify content of the message
from Bob to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet

Bob
capture the message from Bob to Alice

And replay the message later
Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet

Alice
Bob
Pretend to be Bob to
send a message to Alice
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet

Alice
Bob
Interrupt
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet

Alice
Bob
Observe message pattern
Darth
Application
Application
TCP/UDP
TCP/UDP
IP
IP
IP
IP
Link
Link
Link
Link
Internet
Why many solutions fail?

Protect wrong things
Protect right things in the wrong way

Security Basics and Principles
Symmetric/ Asymmetric Cryptography

Basic concept, algorithm, mechanism,
Security Practices
Secure protocol designs

Secure systems and applications
How to study network security?

Principle of Easiest Penetration
An intruder are expected to use any available means of

penetration.
Computer security specialists must consider all possible
means of penetration.
Learning methodology
examine all possible vulnerabilities of the system

consider available countermeasures.

Lecture1 4

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Lecture1 4

Încărcat de

Drepturi de autor:

Formate disponibile

CS 285 Network Security

@Yuan Xue (yuan.xue@vanderbilt.edu)

Instructor: Yuan Xue (yuan.xue@vanderbilt.edu)

Office: 383 Jacobs Hall, Phone: 615-322-2926

@Yuan Xue (yuan.xue@vanderbilt.edu)

Books and References

[WS] Cryptography and Network Security: Principles

[KPS] Network Security: Private Communication in a

@Yuan Xue (yuan.xue@vanderbilt.edu)

Slides + white board

What you will learn from this course

What are the solutions?

Symmetric/ Asymmetric Cryptography

Secure protocols, systems and applications

Hot Topics and Recent Development

Wireless security, DoS attack, etc.

@Yuan Xue (yuan.xue@vanderbilt.edu)

Survey and Feedback

@Yuan Xue (yuan.xue@vanderbilt.edu)

What are the subjects that need to be protected?

Lets start with some terms

Principal: an entity that participate in a system

@Yuan Xue (yuan.xue@vanderbilt.edu)

Confidentiality means that only authorized people

authorized people or system in authorized ways

Availability means that people has the ability to

@Yuan Xue (yuan.xue@vanderbilt.edu)

Where the security problem comes from?

customer account, journals recording the transactions

@Yuan Xue (yuan.xue@vanderbilt.edu)

Where the security problem comes from?

Patient record system

Many parties insurance company, care giver, researcher, etc

Anonymize the record for research

Show me all records of 59-year-old males who were treated for a

@Yuan Xue (yuan.xue@vanderbilt.edu)

Issues that will be addressed

@Yuan Xue (yuan.xue@vanderbilt.edu)

Network Security Issues

Some Simple Scenarios

Some Simple Scenarios

Some Simple Scenarios

capture the message from Bob to Alice

Some Simple Scenarios

Some Simple Scenarios

Some Simple Scenarios

What are the solutions?

@Yuan Xue (yuan.xue@vanderbilt.edu)

Why many solutions fail?

@Yuan Xue (yuan.xue@vanderbilt.edu)

What are the solutions?

Symmetric/ Asymmetric Cryptography

Secure protocol designs

@Yuan Xue (yuan.xue@vanderbilt.edu)

How to study network security?

An intruder are expected to use any available means of

examine all possible vulnerabilities of the system

@Yuan Xue (yuan.xue@vanderbilt.edu)

S-ar putea să vă placă și