@yuan xue ([email protected]) cs 285 network security fall 2008
TRANSCRIPT
![Page 2: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/2.jpg)
@Yuan Xue ([email protected])
Course Information
When and Where Tuesday/Thursday 11am-12:15pm 209 Featheringill Hall
Instructor: Yuan Xue ([email protected]) Office: 383 Jacobs Hall, Phone: 615-322-2926 Office hours: Monday/Thursday 2pm-3pm or by
appointment.
Web: http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.html
![Page 3: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/3.jpg)
@Yuan Xue ([email protected])
Books and References
Textbook [WS] Cryptography and Network Security:
Principles and Practice (4th Edition) by William Stallings
Reference books [KPS] Network Security: Private Communication in
a Public World (2nd Edition), by Charlie Kaufman, Radia Perlman, Mike Speciner
[CSP] Security in Computing (3rd Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger
[MB] Computer Security: Art and Science, by Matthew A. Bishop
![Page 4: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/4.jpg)
@Yuan Xue ([email protected])
Course Component
Lecture Slides + white board Take note Online digest/slides
Participation Discussion Presentation
Homework 5 assignments
MidtermProject
Grading Policy Participation:
10% Homework: 35% Midterm: 25% Project: 30%
![Page 5: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/5.jpg)
@Yuan Xue ([email protected])
What you will learn from this course
What is “Security”?Where the security problems come from? Potential threats to a system
What are the solutions? Apply an appropriate mix of security measures
(protective, defensive, etc) Knowing what has worked, what has failed.
Security involves many aspects -Operating system, programming language, administration and policy
Our FocusNetwork Security
![Page 6: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/6.jpg)
@Yuan Xue ([email protected])
Course Topics
Security Basics and Principles Symmetric/ Asymmetric Cryptography Basic concept, algorithm, mechanism, Design principles
Security Practices Secure protocols, systems and applications Hand-on experiences Secure network programming
Hot Topics and Recent Development Wireless security, DoS attack, etc.
![Page 7: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/7.jpg)
@Yuan Xue ([email protected])
Survey and Feedback
Your input is important
Online Survey http://www.zoomerang.com/Survey/?p=WEB22873V62Y
WQ Feedback
![Page 8: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/8.jpg)
@Yuan Xue ([email protected])
What is security?In general, security is the condition of being protected against danger or loss. (Wikipedia)In computer security and network security What are the subjects that need to be
protected?
Let’s start with some terms System
computer, network, application, data, resource Principal: an entity that participate in a
system user, person
![Page 9: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/9.jpg)
@Yuan Xue ([email protected])
What is security?Computer Security Confidentiality means that only authorized
people or system can access the data or resource.
Integrity refers to the trustworthiness of data or resources. Data integrity means that data can only be modified
by authorized people or system in authorized ways Origin integrity means that the source of the data is
trustworthy, also called authentication. Message authentication means messages received
are exactly as sent (i.e. no modification, insertion, deletion, or replay), and the ID of the sender is valid.
Note: timing information Availability means that people has the ability to
use the information or resource desired.
![Page 10: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/10.jpg)
@Yuan Xue ([email protected])
Where the security problem comes from?Let’s look at some example systems:
Bank Bookkeeping
Core operations customer account, journals recording the transactions
Who has the access to the information? Bank’s own staff – what if they cheat?
ATM Authenticate users based on card and ID number
Let’s go Internet The user – how do we know they are the “real” (authenticate)
user? Protect web servers and bookkeeping database
![Page 11: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/11.jpg)
@Yuan Xue ([email protected])
Where the security problem comes from?
Hospital Patient record system
Who can access the record? – Many parties – insurance company, care giver, researcher,
etc Complicated -- role can change Privacy issue – HIPPA
Anonymize the record for research Is it sufficient?
Show me all records of 59-year-old males who were treated for a broken collarbone on September 15, 1966
Drug management Let’s go to Web
….
![Page 13: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/13.jpg)
@Yuan Xue ([email protected])
Network Security IssuesFrom a Computer to Internet Single computer Networking environment
Secure communication in a public environment Computer system security with remote access
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Network Security
![Page 14: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/14.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Read content of the messagefrom Bob to Alice
![Page 15: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/15.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Modify content of the messagefrom Bob to Alice
![Page 16: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/16.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
capture the message from Bob to AliceAnd replay the message later
![Page 17: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/17.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Pretend to be Bob tosend a message to Alice
![Page 18: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/18.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Interrupt
![Page 19: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/19.jpg)
@Yuan Xue ([email protected])
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Observe message pattern
![Page 21: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/21.jpg)
@Yuan Xue ([email protected])
Why many solutions fail?
Protect wrong thingsProtect right things in the wrong way
![Page 22: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/22.jpg)
@Yuan Xue ([email protected])
What are the solutions?
Security Basics and Principles Symmetric/ Asymmetric Cryptography Basic concept, algorithm, mechanism,
Security Practices Secure protocol designs Secure systems and applications
![Page 23: @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008](https://reader030.vdocuments.us/reader030/viewer/2022032709/56649e9e5503460f94b9f78d/html5/thumbnails/23.jpg)
@Yuan Xue ([email protected])
How to study network security?
Principle of Easiest Penetration An intruder are expected to use any available
means of penetration. Computer security specialists must consider all
possible means of penetration.
Learning methodology examine all possible vulnerabilities of the system consider available countermeasures.