1

CSE 651: Introduction to Network Security

Steve LaiSpring 2010

2

Syllabus

• Instructor: Steve Lai

• Office: DL 581

• Office hours: MWF 2:30-3:30

• Email: lai@cse.ohio-state.edu

• Home page: www.cse.ohio-state.edu/~lai

3

Text (required)

• William Stallings Cryptography and Network Security: Principles & Practice (5th edition) Pearson/Prentice Hall, 2010.

• http://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/0136097049

4

Prerequisite

• CSE 677

• Some maturity in mathematical reasoning

Content of Course

• Will cover the first 17 chapters of Stallings with many sections skipped.

5

6

Topics• Introduction (Ch. 1)• Symmetric-key encryption

– Classical encryption techniques (Ch. 2)

– Block ciphers and data encryption standard (Ch. 3)

– Advanced encryption standard (Ch. 5)

– Block cipher operation (Ch. 6)

– Stream ciphers (Ch. 7)• Public-key cryptography and RSA (Ch. 9)

7

Topics (cont.)

• Cryptographic hash functions (Ch. 11)• Message Authentication (Ch. 12)• Digital Signatures (Ch. 13)• Key management and distribution (Ch. 14)• User authentication protocols (Ch. 15)• Web Security: SSL (Ch 16)• IEEE 802.11 Wireless LAN Security (Ch.

17)

8

Grading plan

• Assignments: 20%

• Midterm exam I: 25% (Monday, April 26)

• Midterm exam II: 25% (Monday, May 17)

• Final exam: 30% (Wed, June 9, 9:30)

• Late homework will NOT be accepted.

Three related courses

• CSE 551: Introduction to Information Security

• CSE 652: Applied Information Security Project

• CSE 794Q: Introduction to Cryptography

9

Introduction

CSE 651: Introduction to Network Security

What is Network Security?

• Network Security – measures to protect data during their transmission over a network or internet.

• Internet Security

11

Aspects of Network Security

• ITU-T Recommendation X.800 “Security Architecture for OSI” describes network security in three aspects:– security attack– security service– security mechanism

12

Security Attack

• Attack: any action that compromises the security of information

• Many different types of attacks

• Can be generally classified as– Passive attacks– Active attacks

13

Passive Attacks• Reading contents of messages • Also called eavesdropping• Difficult to detect passive attacks• Defense: to prevent their success

14

15

Active Attacks

• Modification or creation of messages (by attackers)

• Four categories: modification of messages, replay, masquerade, denial of service

• Easy to detect but difficult to prevent

• Defense: detect attacks and recover from damages

16

17

18

19

Security Services (Goals)

• Data Confidentiality: protecting data

from unauthorized disclosure.

• Data Integrity: – assuring that data received is as sent

(w/o modification)

– or detecting its non-integrity.

20

• Authentication: – (from dictionary: the action of confirming

someone or something as authentic.)

– (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed.

– Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.

21

• Message Authentication – Data origin authentication

– Data integrity

• Entity Identification– Entity authentication

22

• Non-Repudiation: – Origin non-repudiation: preventing

sender from denying that he has sent a message

– Destination non-repudiation: preventing receiver from denying that she has received a message

23

• Access Control: preventing unauthorized use of a resource.

• Availability: making systems or resources available upon demand by legitimate users.

24

Security Mechanisms• Means to implement security services:

– Encryption• Symmetric-key encryption

• Public-key encryption

• Key management

– Hash functions

– Message authentication codes

– Digital signatures

– Entity authentication protocols