CPSC 6126 Computer Security

CPSC 6126 Computer Security

VPNs IETF developing IPsec security standards IP security At the internet layer Protects all messages at the transport and application layers E-Mail, WWW, Database, etc. TCP UDP IPsec

VPNs IPsec Transport Mode End-to-end security for hosts Local Network Secure Communication Internet Local Network

VPNs IPsec Tunnel Mode IPsec server at each site Secure communication between sites Local Network Secure Communication Internet Local Network

IPsec Server VPNs IPsec Modes Can be Combined End-to-end transport mode connection Within site-to-site tunnel connection Local Network Tunnel Mode

Internet Local Network Transport Mode VPNs Another Security System for VPNs is the Point-to-Point Tunneling Protocol (PPTP) For dial-up connections, based on PPP

Connects user with securely to a remote access server at a site Dial-Up Local Connection PPTP Connection Internet Network Remote Access Server

PKIs To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using public key encryption and authentication PKI Uses a PKI Server Server PKIs

PKI Server Creates Public Key-Private Key Pairs Distributes private keys to applicants securely Often, private keys are embedded in delivered software Private Key PKI Server PKIs

PKI Server Provides CRL Checks Distributes digital certificates to verifiers Checks certificate revocation list before sending digital certificates Digital Certificate PKI Server PKIs CRL (Certificate Revocation List) Checks If applicant gives verifier a digital certificate,

The verifier must check the certificate revocation list CRL PKI Server OK? OK or Revoked Integrated Security System When two parties communicate Their software usually handles the details First, negotiate security methods

Then, authenticate one another Then, exchange symmetric session key Then can communicate securely using symmetric session key and message-bymessage authentication SSL Integrated Security System SSL Secure Sockets Layer Developed by Netscape TLS (now)

Netscape gave IETF control over SSL IETF renamed it TLS (Transport Layer Security) Usually still called SSL Location of SSL Below the Application Layer IETF views it at the transport layer Protects all application exchanges Not limited to any single application

WWW transactions, e-mail, etc. E-Mail WWW SSL E-Mail WWW SSL SSL Operation

Browser & Webserver Software Implement SSL User can be unaware SSL Operation SSL ISS Process Two sides negotiate security parameters Webserver authenticates itself Browser may authenticate itself but rarely does

Browser selects a symmetric session key, sends to webserver Adds a digital signature and encrypts all messages with the symmetric key Importance of SSL Supported by Almost All Browsers De facto standard for Internet application security Problems

Relatively weak security Does not involve security on merchant server Does not validate credit card numbers Viewed as an available but temporary approach to consumer security Other ISSs SSL is merely an example integrated security system Many other ISSs exist IPsec PPP and PPTP Etc.

Other ISSs All ISSs have the same general steps Negotiate security parameters Authenticate the partners Exchange a session key Communicate with message-by-message privacy, authentication, and message integrity

Recently Viewed Presentations

  • Rescue Task Force Concepts

    Rescue Task Force Concepts

    Where individual(s) is 'actively engaged in killing or attempting to kill in a confined and populated area; in most cases, active shooters use firearms and there is no pattern or method to their selection of victims'.
  • Lost Generation Poetry

    Lost Generation Poetry

    4.16.2019. I'm currently passing out your "Lost Generation" poetry, keep that out we'll go over it. You might want to grab some highlighters/markers from the back of the room, as we color mark and annotate the poems because some of...
  • The Lasting Impact of War on Canada

    The Lasting Impact of War on Canada

    Canada on the Homefront . Total War and Women's Suffrage. As the war went on vast numbers of able bodied men went to Europe, Africa and Asia to support the war effort. Result? Women are thrust into paid occupations that...
  • Electrotherapy Overview Farley Brown Product Manager. Recovery Sciences/Chattanooga

    Electrotherapy Overview Farley Brown Product Manager. Recovery Sciences/Chattanooga

    Concept: "the waveform is not the treatment" We use waveforms to deliver a specific electrotherapy intervention (e.g. sensory level electro-analgesia) Always choose treatment first then choose suitable waveform. Interferential Current Marketing made IFC very popular in Europe since 50'ies, in...
  • Annual SCN Summary for 2013 AGVISE Laboratories summarized

    Annual SCN Summary for 2013 AGVISE Laboratories summarized

    AGVISE Laboratories summarized Soybean Cyst Nematode (SCN) levels on a regional basis, based upon the zip code region or county of the sample. These SCN data are summarized based upon the zip code of the submitter and may not reflect...
  • TEXT


    CSF tau Is it an informative biomarker of AD pathology Chris Clark Alzheimer's Disease Center University of Pennsylvania Disclosures T-tau and p-tau 181 ELISA kits Provided by Innogenetics CSF tau Increased tau predicts AD pathology at autopsy tau increased when...
  • Achieving Noble Gas Electron Configuration

    Achieving Noble Gas Electron Configuration

    Achieving Noble Gas Electron Configuration In this powerpoint, electron orbital filling will be reviewed. Atoms lose electrons (OIL, oxidation) or gain electrons (RIG, reduction) to achieve noble gas electron configuration Recognize the appearance of Bohr's Model after an atom lose...
  • Bio-Medical Engineering National Student Conference June 18, 2009

    Bio-Medical Engineering National Student Conference June 18, 2009

    June 18, 2009 Faculty of Engineering, Tel Aviv University Aspects of Bio-Medical Instrumentation Patents ... ( Medicine) (Tel Aviv University) Dr Smadar Bressler PhD (Phys. Chem.) (Hebrew University) Dr. Richard Schultz (Chem.) (Harvard, Berkeley Universities) Dr. Yariv Pinto PhD. ...