SlideShare a Scribd company logo

Network Security

Download as PPT, PDF
Reem Alattas
Reem Alattas

This presentation covers introduction to security, cryptography, and security in action.

Education
1 of 61
Arab Open University 2nd Semester, 2006-2007 M301 Unit 6.1 Network Security reem.attas@arabou.org.sa
Reem AlAttas © 2 Topic Road Map  Introduction to security Cryptography Security in action
Reem AlAttas © 3 Introduction to Security There is a need to protect a computing system and its resources from unauthorized access by those who seek to gain some advantage. They are intruders who try to read, change or delete the data that is stored, processed or passed around a computing system.
Reem AlAttas © 4 Examples of Intruders  Hackers who test their skills against the security measures of a system for their personal pleasure.  Competitors who may try to gain access to commercial secret information.  Fraudsters who try to obtain financial gain from the owner of the system or some third party.
Reem AlAttas © 5 Computer Security Concerned with the detection and prevention of unauthorized actions by users of a computer system.
Reem AlAttas © 6 With a …  Stand-alone computer you could affect security by physical means (put the computer in a room and guard the room).  Distributed computing system, there is the possibility of someone being able to intercept users’ communications.  Passive interception (just listening to the communications).  Active interception (listening and retransmitting the messages with or without changes).
Reem AlAttas © 7 Intentions of Intruders  Disclosure (of confidential information) or the unauthorized release of information.  Modification (integrity) or the unauthorized alteration of data (information).  Denial of use or service where there is some denial of network service to its authorized (legitimate) users.  Repudiation where you (a legitimate user) claim that you did not send or receive a particular message.
Reem AlAttas © 8 Forms of Attacks Virus. Worm. Trojan Horse.
Reem AlAttas © 9 Virus A fragment of code embedded in a legitimate program or file. As the name implies, a virus can wreak havoc in a computing system when the program that contains it is executed. Viruses are usually transferred by users obtaining copies of virus-infected programs or files.
Reem AlAttas © 10 Worm A program that can exploit weaknesses in an operating system to generate copies of itself in order to use up local resources.
Reem AlAttas © 11 Trojan Horse A program which appears to the user to be a program for doing one legitimate task, but has a side effect similar to a virus or performs some other illegitimate function such as transmitting a user’s password to an unauthorized party (usually the author of the Trojan horse program).
Reem AlAttas © 12 Solutions  Load and execute only from reliable sources.  A good virus checker that checks not only executable files but ‘data’ files that contain executable components.  Ensure that all valuable data is backed up so that in the event of a problem the loss can be minimized.  Ensure the virus checker is kept up to date.
Reem AlAttas © 13 Security Services 1. Protection relates to the controlled access to the resources within a computing system by its users. 2. Security is about the prevention of unauthorized access to a computing system and possible malicious alteration or destruction of resources (e.g. data).
Reem AlAttas © 14 … Security Services 3. Authentication:  Origin or one-way authentication is the ability to identify the sender of a message.  Peer or two-way authentication is the ability for two communicating parties to identify each other to their mutual satisfaction namely.
Reem AlAttas © 15 … Security Services 4. Secrecy is a feature that usually comes to mind when you consider security. 5. Confidentiality:  Data confidentiality is to protect against unauthorized disclosure of the contents of messages traveling through the network.  Traffic confidentiality is to protect against the disclosure of the origin, destination, volume and also the existence of messages traveling through the network.
Reem AlAttas © 16 … Security Services 6. Non-repudiation: used to counter those who deny that they are the originators of certain messages.  non-repudiation of origin is the ability to convince a third party of the identity of the origin of a message in order to prevent the sender from denying the source of that message.  non-repudiation of receipt is the ability to convince a third party of the identity of the destination of a message in order to prevent the intended recipient from denying the arrival of that message.
Reem AlAttas © 17 … Security Services 7. Integrity service used to protect messages (or data) from the threat of modification by an unauthorized user. 8. Security Admin accountable for every action or event that affects the security of a distributed computing system.  Accountability: How is the audit trail kept? How do those responsible keep records of access and change?  Authorization: Who has responsibility? For what do they have responsibility? How can that responsibility be delegated?
Reem AlAttas © 18 Security Firewalls A firewall is a device placed between an organization’s networks (distributed computing system) and the rest of the world, in order to prevent intrusion from outside the organization.
Reem AlAttas © 19 Looking for Intruders  Threat monitoring: a security administrator checks for any suspicious patterns of activity that might indicate the presence and activities of an intruder.  Audit logging: which logs significant activities on a network. You can use an audit log to determine where and how an intruder entered the system; then you attempt to assess the amount of damage.
Reem AlAttas © 20 Topic Road Map Introduction to security  Cryptography Security in action
Reem AlAttas © 21 Cryptography The science of devising codes and ciphers.
Reem AlAttas © 22 The Encryption-Decryption Model Showing an Intruder
Reem AlAttas © 23 Fundamental Assumptions in Cryptography 1. The general method of encryption/decryption is well known, since it is impractical to change the method every time it is compromised. 2. Privacy is achieved with the key. The length of the key usually determines the difficulty in breaking the cipher and is a design issue.
Reem AlAttas © 24 N-grams For the purpose of cryptography we may treat the plaintext as:  single letters  1-grams.  double letters  2-grams.  multiple letters  m-grams.
Reem AlAttas © 25 N-grams and Alphabets For 1-grams the alphabet might be thus:  A B C D E F G H … 2-grams:  AA BB CC DD EE FF GG HH … Ex. SECRET  /S/E/C/R/E/T/  /SE/CR/ET/
Reem AlAttas © 26 Work Factor A measure of the number of computer operations (or computations) required to break a code or cipher. The time taken also depends on the speed of the machine(s) used and the number of machines.
Reem AlAttas © 27 Cryptanalysis The science (and art) of gaining information from ciphertext.
Reem AlAttas © 28 Substitution A simple mapping between the original plaintext and the resulting ciphertext. Julius Caesar used a shift of 3,  a becomes d.  b becomes e.  y becomes b.  z becomes c.
Reem AlAttas © 29 Vigenère Table A method of encryption which involves using a table to decide upon the new character.
Reem AlAttas © 30 ROT-13 Key 13 of the Vigenère table is used to encipher the plain text. It is used to hide email or newsgroup postings from immediate view.
Reem AlAttas © 31 Code Word The ‘code word’ is written under the first letters of the alphabet (repeated letters are omitted). The remaining letters of the alphabet are written in order to complete the table. The plaintext is encoded with this table and then shifted using a Vigenère table as before.
Reem AlAttas © 32 Example …
Reem AlAttas © 33 Improvements to Substitution Ciphers One improvement to the use of single- character substitution ciphers or 1-grams is to use more characters, i.e. n-grams.
Reem AlAttas © 34 Transposition Ciphers  Shuffle the plaintext so that the ciphertext represents a reordering or transposition of the original plaintext.  Form a table of m rows and n columns (a matrix). We begin the encryption of a message by filling the table one row at a time. Then, you produce the ciphertext by joining the columns in a given sequence, which becomes the key.
Reem AlAttas © 35 Example  Plaintext: ‘SEND ME SEVEN HUNDRED POUNDS TOMORROW’.  Key: 13572468.  Ciphertext: svetnnpmmuursddoeedodhooennrersw
Reem AlAttas © 36 Mono-alphabetic Codes An n-gram from plaintext will always be enciphered to a particular n-gram in the ciphertext.  Ex. SECRET  lwgjwm
Reem AlAttas © 37 Poly-alphabetic Codes The substitution varies with the location of the n-gram in the text. Ex. one-time pad scheme.  This code is theoretically unbreakable.
Reem AlAttas © 38 One-time Pad Code 1. Changing each letter in the plaintext to its corresponding number. For example, the letters A and B are changed to the numbers 0 and 1 respectively. 2. To each letter value you add a number from your onetime pad in the same position. 3. The addition is done modulo 26. 4. The number stream is then either sent as it is or converted back to letters with 0 being A, 1 being B, etc.
Reem AlAttas © 39 Example  Plaintext: ‘TESTMESSAGE’.  One-time pad values: 3, 19, 21, 4, 7, 22, 17, 25, 3, 11, 3.
Reem AlAttas © 40 Enigma German Enigma machine which was used in the Second World War.
Reem AlAttas © 41 Secret Key Encryption  DES: Data Encryption Standard.
Reem AlAttas © 42 DES Methods such as DES rely upon keeping the identity of the key a secret to prevent intrusion. The DES is symmetric in that both sender and receiver share a common key that only they know.
Reem AlAttas © 43 Public Key Encryption Each user has a pair of keys such that one is kept private and the other is in the public domain alongside the user’s identity. The private and public keys are different. The private key cannot be derived from the public key.
Reem AlAttas © 44 PKE
Reem AlAttas © 45 RSA The Rivest Shamir Adleman (RSA) algorithm is one of the most common public key mechanisms, for which there are a number of both software and hardware implementations.
Reem AlAttas © 46 Topic Road Map Introduction to security Cryptography  Security in action
Reem AlAttas © 47 Key Distribution Problem The distribution of the secret keys in DES is a problem. Solution: use public key cryptography to distribute secret key in a public key encrypted message.
Reem AlAttas © 48 Authentication Problem  How we could be sure the public key we had for a particular individual was really from that individual and that it was not a fake key placed there by an intruder?  Solution: encrypt the message with the private key. So, it can be decrypted by the public key.  The encrypted message can be read by anybody who has your public key (no secrecy).
Reem AlAttas © 49 The Whole Problem What is needed is a way of associating the identity of individuals (and corporations) with the public key and having a reliable way of distributing this information? Solution: digital certificates and certifying authorities.
Reem AlAttas © 50 Digital Certificates and Certifying Authorities  An example of a digital signature is a digital certificate, an encrypted message containing your name, your public key and other information too.  Your digital signature will have been encrypted by a Certifying Authority (CA) using their private key.  If the recipient of your message trusts the CA and has the CA’s public key, they will decrypt the digital certificate and, on seeing your name, will believe that the message has been sent by you.  The recipient can then decrypt your message using your public key, helpfully enclosed in the digital certificate.  For the whole process to work, you must have registered your public key with the CA in order to receive a digital certificate from them.
Reem AlAttas © 51 Root Certificates The digital certificates for CAs that contain the CA’s public key and allow you to read digital certificates.
Reem AlAttas © 52 Digital Certificates Format
Reem AlAttas © 53 Types of Digital Certificate Class 1 is issued to individuals to identify themselves for email and web site access. Class 2 is usually used for code signing. Class 3 is used for secure web servers.
Reem AlAttas © 54 Message Digest A technique to ensure that a message has been received in its entirety and has not been changed either maliciously or by accident during transmission. A message digest ensures integrity of the message.
Reem AlAttas © 55 Algorithms for Message Digests SHA (Secure Hashing Algorithm) produced by NSA (National Security Agency). MD5 (Message Digest (algorithm 5)) by Ron Rivest.
Reem AlAttas © 56 To Sign a Message Digitally  Compute the message digest by hashing.  The message digest is then encrypted using the sender’s private key.  The original message (unencrypted) plus the encrypted digest are transmitted together.  The recipient separates the message and encrypted digest.  A new digest is generated from the message using the same hashing algorithm and compared with the decrypted digest which was received with the message.  If they are both the same you can conclude that the message came from the sender whose public key you used to decrypt the digest (authentication) and also that the message was not changed en route (integrity).
Reem AlAttas © 57 Secure Socket Layer (SSL) A way of sending secure information such as credit card details from a web browser to a web site. The secure link is established using the following handshake process: 1. The browser requests a page which is ‘secure’. 2. The web server offers the browser the option to go into secure mode. 3. The browser accepts the offer to go secure. 4. The web server sends its digital certificate. 5. The browser checks that the digital certificate sent is valid (i.e. that the dates are valid, that the issuing CA is trustworthy and that the domain name of the server matches the certificate) and extracts the server’s public key.
Reem AlAttas © 58 ..SSL 6. The browser generates a secret key (a session key) for use in this session with this web server. The session key is encrypted using the web server’s public key and is sent to the web server. Subsequent pages are now sent securely and the browser goes into secure mode. Browser page requests are also securely sent and so are the data on any forms in the pages sent. 7. The web server now sends subsequent pages encrypted with the session key that is supplied. (This might be an order form.) The browser indicates that a secure session is in progress: often using a lock symbol. 8. The browser sends its response to the web server encrypted with the DES session key. (This is the completed information on the form). 9. Steps 7 and 8 are repeated for any further secure transmissions of pages and data. 10. When the browser requests a non-secure page, the secure link is terminated and the lock symbol is removed from the browser window.
Reem AlAttas © 59 Code Signing A digital certificate must be obtained by the software developer prior to code signing. Code signing digital certificates are issued as class 3 certificates to software developer companies.
TMA6 – Q1
Thank You!

Recommended

Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
Communication Security
Communication SecurityCommunication Security
Communication SecurityAxis Communications
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 

Recommended

Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
Communication Security
Communication SecurityCommunication Security
Communication SecurityAxis Communications
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS AttackGopi Krishnan S
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacksCh Anas Irshad
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)smumbahelp
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
Security attacks
Security attacksSecurity attacks
Security attacksTejaswi Potluri
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137Spiros Fraganastasis
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptxMelkamtseganewTigabi1
 
Network security-1195284736736860-4
Network security-1195284736736860-4Network security-1195284736736860-4
Network security-1195284736736860-4nayamat32
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Network security
Network securityNetwork security
Network securityHasham Nabeel
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171International Journal of Technical Research & Application
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Techglyphs
 
OSCh19
OSCh19OSCh19
OSCh19Joe Christensen
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19Supriya Shrivastava
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography pptSoma Subbama
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointJanet Robinson
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithmsijtsrd
 

More Related Content

What's hot

Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection systemDuwinowo NT
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)smumbahelp
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 

What's hot (9)

DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
 

Similar to Network Security

Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network security-1195284736736860-4
Network security-1195284736736860-4Network security-1195284736736860-4
Network security-1195284736736860-4nayamat32
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Techglyphs
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography pptSoma Subbama
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointJanet Robinson
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithmsijtsrd
 
DES- Data Encryption Standard
DES- Data Encryption StandardDES- Data Encryption Standard
DES- Data Encryption StandardIRJET Journal
 
The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information SecurityRachel Phillips
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsF-Secure Corporation
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 

Similar to Network Security (20)

Network Security
Network SecurityNetwork Security
Network Security
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptx
 
Network security-1195284736736860-4
Network security-1195284736736860-4Network security-1195284736736860-4
Network security-1195284736736860-4
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Network security
Network securityNetwork security
Network security
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography ppt
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 Powerpoint
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithms
 
DES- Data Encryption Standard
DES- Data Encryption StandardDES- Data Encryption Standard
DES- Data Encryption Standard
 
Authentication in Smart Grid
Authentication in Smart GridAuthentication in Smart Grid
Authentication in Smart Grid
 
The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information Security
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important terms
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network Security
 
Network security
Network securityNetwork security
Network security
 

More from Reem Alattas

Rumble Lights Pitch Deck
Rumble Lights Pitch DeckRumble Lights Pitch Deck
Rumble Lights Pitch DeckReem Alattas
 
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular Robots
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular RobotsNASA Datanauts Water Cooler Chat: Autonomous Design of Modular Robots
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular RobotsReem Alattas
 
She looks just like me 2017
She looks just like me 2017She looks just like me 2017
She looks just like me 2017Reem Alattas
 
Nasa Datanauts Water Cooler Chat: Robotics for Space Exploration
Nasa Datanauts Water Cooler Chat: Robotics for Space ExplorationNasa Datanauts Water Cooler Chat: Robotics for Space Exploration
Nasa Datanauts Water Cooler Chat: Robotics for Space ExplorationReem Alattas
 
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space Exploration
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space ExplorationNasa Datanauts Water Cooler Chat: Evolutionary Robots for Space Exploration
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space ExplorationReem Alattas
 
She Looks Just Like Me 2017
She Looks Just Like Me 2017She Looks Just Like Me 2017
She Looks Just Like Me 2017Reem Alattas
 
Evolutionary Algorithms
Evolutionary AlgorithmsEvolutionary Algorithms
Evolutionary AlgorithmsReem Alattas
 
Evolutionary Robotics
Evolutionary RoboticsEvolutionary Robotics
Evolutionary RoboticsReem Alattas
 
Enhancing input on and above the interactive surface
Enhancing input on and above the interactive surfaceEnhancing input on and above the interactive surface
Enhancing input on and above the interactive surfaceReem Alattas
 
Skinput: Appropriating the Body as an Input Surface
Skinput: Appropriating the Body as an Input SurfaceSkinput: Appropriating the Body as an Input Surface
Skinput: Appropriating the Body as an Input SurfaceReem Alattas
 
XML - EXtensible Markup Language
XML - EXtensible Markup LanguageXML - EXtensible Markup Language
XML - EXtensible Markup LanguageReem Alattas
 
Dynamic HTML Event Model
Dynamic HTML Event ModelDynamic HTML Event Model
Dynamic HTML Event ModelReem Alattas
 
DHTML - Dynamic HTML
DHTML - Dynamic HTMLDHTML - Dynamic HTML
DHTML - Dynamic HTMLReem Alattas
 
JavaScript Objects
JavaScript ObjectsJavaScript Objects
JavaScript ObjectsReem Alattas
 
Linear Search & Binary Search
Linear Search & Binary SearchLinear Search & Binary Search
Linear Search & Binary SearchReem Alattas
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays Reem Alattas
 
JavaScript Functions
JavaScript Functions JavaScript Functions
JavaScript Functions Reem Alattas
 

More from Reem Alattas (20)

Rumble Lights Pitch Deck
Rumble Lights Pitch DeckRumble Lights Pitch Deck
Rumble Lights Pitch Deck
 
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular Robots
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular RobotsNASA Datanauts Water Cooler Chat: Autonomous Design of Modular Robots
NASA Datanauts Water Cooler Chat: Autonomous Design of Modular Robots
 
She looks just like me 2017
She looks just like me 2017She looks just like me 2017
She looks just like me 2017
 
Nasa Datanauts Water Cooler Chat: Robotics for Space Exploration
Nasa Datanauts Water Cooler Chat: Robotics for Space ExplorationNasa Datanauts Water Cooler Chat: Robotics for Space Exploration
Nasa Datanauts Water Cooler Chat: Robotics for Space Exploration
 
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space Exploration
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space ExplorationNasa Datanauts Water Cooler Chat: Evolutionary Robots for Space Exploration
Nasa Datanauts Water Cooler Chat: Evolutionary Robots for Space Exploration
 
She Looks Just Like Me 2017
She Looks Just Like Me 2017She Looks Just Like Me 2017
She Looks Just Like Me 2017
 
Tran helmet pitch
Tran helmet pitchTran helmet pitch
Tran helmet pitch
 
Evolutionary Algorithms
Evolutionary AlgorithmsEvolutionary Algorithms
Evolutionary Algorithms
 
Evolutionary Robotics
Evolutionary RoboticsEvolutionary Robotics
Evolutionary Robotics
 
Create a Need
Create a NeedCreate a Need
Create a Need
 
Enhancing input on and above the interactive surface
Enhancing input on and above the interactive surfaceEnhancing input on and above the interactive surface
Enhancing input on and above the interactive surface
 
Skinput: Appropriating the Body as an Input Surface
Skinput: Appropriating the Body as an Input SurfaceSkinput: Appropriating the Body as an Input Surface
Skinput: Appropriating the Body as an Input Surface
 
XML - EXtensible Markup Language
XML - EXtensible Markup LanguageXML - EXtensible Markup Language
XML - EXtensible Markup Language
 
Dynamic HTML Event Model
Dynamic HTML Event ModelDynamic HTML Event Model
Dynamic HTML Event Model
 
PHP Scripting
PHP ScriptingPHP Scripting
PHP Scripting
 
DHTML - Dynamic HTML
DHTML - Dynamic HTMLDHTML - Dynamic HTML
DHTML - Dynamic HTML
 
JavaScript Objects
JavaScript ObjectsJavaScript Objects
JavaScript Objects
 
Linear Search & Binary Search
Linear Search & Binary SearchLinear Search & Binary Search
Linear Search & Binary Search
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays
 
JavaScript Functions
JavaScript Functions JavaScript Functions
JavaScript Functions
 

Recently uploaded

ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 

Recently uploaded (20)

ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 

Network Security

  • 1. Arab Open University 2nd Semester, 2006-2007 M301 Unit 6.1 Network Security reem.attas@arabou.org.sa
  • 2. Reem AlAttas © 2 Topic Road Map  Introduction to security Cryptography Security in action
  • 3. Reem AlAttas © 3 Introduction to Security There is a need to protect a computing system and its resources from unauthorized access by those who seek to gain some advantage. They are intruders who try to read, change or delete the data that is stored, processed or passed around a computing system.
  • 4. Reem AlAttas © 4 Examples of Intruders  Hackers who test their skills against the security measures of a system for their personal pleasure.  Competitors who may try to gain access to commercial secret information.  Fraudsters who try to obtain financial gain from the owner of the system or some third party.
  • 5. Reem AlAttas © 5 Computer Security Concerned with the detection and prevention of unauthorized actions by users of a computer system.
  • 6. Reem AlAttas © 6 With a …  Stand-alone computer you could affect security by physical means (put the computer in a room and guard the room).  Distributed computing system, there is the possibility of someone being able to intercept users’ communications.  Passive interception (just listening to the communications).  Active interception (listening and retransmitting the messages with or without changes).
  • 7. Reem AlAttas © 7 Intentions of Intruders  Disclosure (of confidential information) or the unauthorized release of information.  Modification (integrity) or the unauthorized alteration of data (information).  Denial of use or service where there is some denial of network service to its authorized (legitimate) users.  Repudiation where you (a legitimate user) claim that you did not send or receive a particular message.
  • 8. Reem AlAttas © 8 Forms of Attacks Virus. Worm. Trojan Horse.
  • 9. Reem AlAttas © 9 Virus A fragment of code embedded in a legitimate program or file. As the name implies, a virus can wreak havoc in a computing system when the program that contains it is executed. Viruses are usually transferred by users obtaining copies of virus-infected programs or files.
  • 10. Reem AlAttas © 10 Worm A program that can exploit weaknesses in an operating system to generate copies of itself in order to use up local resources.
  • 11. Reem AlAttas © 11 Trojan Horse A program which appears to the user to be a program for doing one legitimate task, but has a side effect similar to a virus or performs some other illegitimate function such as transmitting a user’s password to an unauthorized party (usually the author of the Trojan horse program).
  • 12. Reem AlAttas © 12 Solutions  Load and execute only from reliable sources.  A good virus checker that checks not only executable files but ‘data’ files that contain executable components.  Ensure that all valuable data is backed up so that in the event of a problem the loss can be minimized.  Ensure the virus checker is kept up to date.
  • 13. Reem AlAttas © 13 Security Services 1. Protection relates to the controlled access to the resources within a computing system by its users. 2. Security is about the prevention of unauthorized access to a computing system and possible malicious alteration or destruction of resources (e.g. data).
  • 14. Reem AlAttas © 14 … Security Services 3. Authentication:  Origin or one-way authentication is the ability to identify the sender of a message.  Peer or two-way authentication is the ability for two communicating parties to identify each other to their mutual satisfaction namely.
  • 15. Reem AlAttas © 15 … Security Services 4. Secrecy is a feature that usually comes to mind when you consider security. 5. Confidentiality:  Data confidentiality is to protect against unauthorized disclosure of the contents of messages traveling through the network.  Traffic confidentiality is to protect against the disclosure of the origin, destination, volume and also the existence of messages traveling through the network.
  • 16. Reem AlAttas © 16 … Security Services 6. Non-repudiation: used to counter those who deny that they are the originators of certain messages.  non-repudiation of origin is the ability to convince a third party of the identity of the origin of a message in order to prevent the sender from denying the source of that message.  non-repudiation of receipt is the ability to convince a third party of the identity of the destination of a message in order to prevent the intended recipient from denying the arrival of that message.
  • 17. Reem AlAttas © 17 … Security Services 7. Integrity service used to protect messages (or data) from the threat of modification by an unauthorized user. 8. Security Admin accountable for every action or event that affects the security of a distributed computing system.  Accountability: How is the audit trail kept? How do those responsible keep records of access and change?  Authorization: Who has responsibility? For what do they have responsibility? How can that responsibility be delegated?
  • 18. Reem AlAttas © 18 Security Firewalls A firewall is a device placed between an organization’s networks (distributed computing system) and the rest of the world, in order to prevent intrusion from outside the organization.
  • 19. Reem AlAttas © 19 Looking for Intruders  Threat monitoring: a security administrator checks for any suspicious patterns of activity that might indicate the presence and activities of an intruder.  Audit logging: which logs significant activities on a network. You can use an audit log to determine where and how an intruder entered the system; then you attempt to assess the amount of damage.
  • 20. Reem AlAttas © 20 Topic Road Map Introduction to security  Cryptography Security in action
  • 21. Reem AlAttas © 21 Cryptography The science of devising codes and ciphers.
  • 22. Reem AlAttas © 22 The Encryption-Decryption Model Showing an Intruder
  • 23. Reem AlAttas © 23 Fundamental Assumptions in Cryptography 1. The general method of encryption/decryption is well known, since it is impractical to change the method every time it is compromised. 2. Privacy is achieved with the key. The length of the key usually determines the difficulty in breaking the cipher and is a design issue.
  • 24. Reem AlAttas © 24 N-grams For the purpose of cryptography we may treat the plaintext as:  single letters  1-grams.  double letters  2-grams.  multiple letters  m-grams.
  • 25. Reem AlAttas © 25 N-grams and Alphabets For 1-grams the alphabet might be thus:  A B C D E F G H … 2-grams:  AA BB CC DD EE FF GG HH … Ex. SECRET  /S/E/C/R/E/T/  /SE/CR/ET/
  • 26. Reem AlAttas © 26 Work Factor A measure of the number of computer operations (or computations) required to break a code or cipher. The time taken also depends on the speed of the machine(s) used and the number of machines.
  • 27. Reem AlAttas © 27 Cryptanalysis The science (and art) of gaining information from ciphertext.
  • 28. Reem AlAttas © 28 Substitution A simple mapping between the original plaintext and the resulting ciphertext. Julius Caesar used a shift of 3,  a becomes d.  b becomes e.  y becomes b.  z becomes c.
  • 29. Reem AlAttas © 29 Vigenère Table A method of encryption which involves using a table to decide upon the new character.
  • 30. Reem AlAttas © 30 ROT-13 Key 13 of the Vigenère table is used to encipher the plain text. It is used to hide email or newsgroup postings from immediate view.
  • 31. Reem AlAttas © 31 Code Word The ‘code word’ is written under the first letters of the alphabet (repeated letters are omitted). The remaining letters of the alphabet are written in order to complete the table. The plaintext is encoded with this table and then shifted using a Vigenère table as before.
  • 32. Reem AlAttas © 32 Example …
  • 33. Reem AlAttas © 33 Improvements to Substitution Ciphers One improvement to the use of single- character substitution ciphers or 1-grams is to use more characters, i.e. n-grams.
  • 34. Reem AlAttas © 34 Transposition Ciphers  Shuffle the plaintext so that the ciphertext represents a reordering or transposition of the original plaintext.  Form a table of m rows and n columns (a matrix). We begin the encryption of a message by filling the table one row at a time. Then, you produce the ciphertext by joining the columns in a given sequence, which becomes the key.
  • 35. Reem AlAttas © 35 Example  Plaintext: ‘SEND ME SEVEN HUNDRED POUNDS TOMORROW’.  Key: 13572468.  Ciphertext: svetnnpmmuursddoeedodhooennrersw
  • 36. Reem AlAttas © 36 Mono-alphabetic Codes An n-gram from plaintext will always be enciphered to a particular n-gram in the ciphertext.  Ex. SECRET  lwgjwm
  • 37. Reem AlAttas © 37 Poly-alphabetic Codes The substitution varies with the location of the n-gram in the text. Ex. one-time pad scheme.  This code is theoretically unbreakable.
  • 38. Reem AlAttas © 38 One-time Pad Code 1. Changing each letter in the plaintext to its corresponding number. For example, the letters A and B are changed to the numbers 0 and 1 respectively. 2. To each letter value you add a number from your onetime pad in the same position. 3. The addition is done modulo 26. 4. The number stream is then either sent as it is or converted back to letters with 0 being A, 1 being B, etc.
  • 39. Reem AlAttas © 39 Example  Plaintext: ‘TESTMESSAGE’.  One-time pad values: 3, 19, 21, 4, 7, 22, 17, 25, 3, 11, 3.
  • 40. Reem AlAttas © 40 Enigma German Enigma machine which was used in the Second World War.
  • 41. Reem AlAttas © 41 Secret Key Encryption  DES: Data Encryption Standard.
  • 42. Reem AlAttas © 42 DES Methods such as DES rely upon keeping the identity of the key a secret to prevent intrusion. The DES is symmetric in that both sender and receiver share a common key that only they know.
  • 43. Reem AlAttas © 43 Public Key Encryption Each user has a pair of keys such that one is kept private and the other is in the public domain alongside the user’s identity. The private and public keys are different. The private key cannot be derived from the public key.
  • 44. Reem AlAttas © 44 PKE
  • 45. Reem AlAttas © 45 RSA The Rivest Shamir Adleman (RSA) algorithm is one of the most common public key mechanisms, for which there are a number of both software and hardware implementations.
  • 46. Reem AlAttas © 46 Topic Road Map Introduction to security Cryptography  Security in action
  • 47. Reem AlAttas © 47 Key Distribution Problem The distribution of the secret keys in DES is a problem. Solution: use public key cryptography to distribute secret key in a public key encrypted message.
  • 48. Reem AlAttas © 48 Authentication Problem  How we could be sure the public key we had for a particular individual was really from that individual and that it was not a fake key placed there by an intruder?  Solution: encrypt the message with the private key. So, it can be decrypted by the public key.  The encrypted message can be read by anybody who has your public key (no secrecy).
  • 49. Reem AlAttas © 49 The Whole Problem What is needed is a way of associating the identity of individuals (and corporations) with the public key and having a reliable way of distributing this information? Solution: digital certificates and certifying authorities.
  • 50. Reem AlAttas © 50 Digital Certificates and Certifying Authorities  An example of a digital signature is a digital certificate, an encrypted message containing your name, your public key and other information too.  Your digital signature will have been encrypted by a Certifying Authority (CA) using their private key.  If the recipient of your message trusts the CA and has the CA’s public key, they will decrypt the digital certificate and, on seeing your name, will believe that the message has been sent by you.  The recipient can then decrypt your message using your public key, helpfully enclosed in the digital certificate.  For the whole process to work, you must have registered your public key with the CA in order to receive a digital certificate from them.
  • 51. Reem AlAttas © 51 Root Certificates The digital certificates for CAs that contain the CA’s public key and allow you to read digital certificates.
  • 52. Reem AlAttas © 52 Digital Certificates Format
  • 53. Reem AlAttas © 53 Types of Digital Certificate Class 1 is issued to individuals to identify themselves for email and web site access. Class 2 is usually used for code signing. Class 3 is used for secure web servers.
  • 54. Reem AlAttas © 54 Message Digest A technique to ensure that a message has been received in its entirety and has not been changed either maliciously or by accident during transmission. A message digest ensures integrity of the message.
  • 55. Reem AlAttas © 55 Algorithms for Message Digests SHA (Secure Hashing Algorithm) produced by NSA (National Security Agency). MD5 (Message Digest (algorithm 5)) by Ron Rivest.
  • 56. Reem AlAttas © 56 To Sign a Message Digitally  Compute the message digest by hashing.  The message digest is then encrypted using the sender’s private key.  The original message (unencrypted) plus the encrypted digest are transmitted together.  The recipient separates the message and encrypted digest.  A new digest is generated from the message using the same hashing algorithm and compared with the decrypted digest which was received with the message.  If they are both the same you can conclude that the message came from the sender whose public key you used to decrypt the digest (authentication) and also that the message was not changed en route (integrity).
  • 57. Reem AlAttas © 57 Secure Socket Layer (SSL) A way of sending secure information such as credit card details from a web browser to a web site. The secure link is established using the following handshake process: 1. The browser requests a page which is ‘secure’. 2. The web server offers the browser the option to go into secure mode. 3. The browser accepts the offer to go secure. 4. The web server sends its digital certificate. 5. The browser checks that the digital certificate sent is valid (i.e. that the dates are valid, that the issuing CA is trustworthy and that the domain name of the server matches the certificate) and extracts the server’s public key.
  • 58. Reem AlAttas © 58 ..SSL 6. The browser generates a secret key (a session key) for use in this session with this web server. The session key is encrypted using the web server’s public key and is sent to the web server. Subsequent pages are now sent securely and the browser goes into secure mode. Browser page requests are also securely sent and so are the data on any forms in the pages sent. 7. The web server now sends subsequent pages encrypted with the session key that is supplied. (This might be an order form.) The browser indicates that a secure session is in progress: often using a lock symbol. 8. The browser sends its response to the web server encrypted with the DES session key. (This is the completed information on the form). 9. Steps 7 and 8 are repeated for any further secure transmissions of pages and data. 10. When the browser requests a non-secure page, the secure link is terminated and the lock symbol is removed from the browser window.
  • 59. Reem AlAttas © 59 Code Signing A digital certificate must be obtained by the software developer prior to code signing. Code signing digital certificates are issued as class 3 certificates to software developer companies.

Editor's Notes

  1. Hence, in a distributed computing system, security becomes a major issue.