Скачать презентацию Information Science Institute of Sripatum University CIS 514 Скачать презентацию Information Science Institute of Sripatum University CIS 514

537faf4190f10d0a1ae117c4c3c3c393.ppt

  • Количество слайдов: 69

Information Science Institute of Sripatum University CIS 514 Computer Communication and Networks การสอสารคอมพวเตอรและเครอขาย Asst. Information Science Institute of Sripatum University CIS 514 Computer Communication and Networks การสอสารคอมพวเตอรและเครอขาย Asst. Dr. Surasak Mungsing surasak. [email protected] ac. th [email protected] com http: //www. spu. ac. th/teacher/surasak. mu Sripatum University 1 SPU

Network Security Network Security

Information Science Institute of Sripatum University Security Information Security Computer Security protecting information and Information Science Institute of Sripatum University Security Information Security Computer Security protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction a branch of computer technology known as information security as applied to computers and networks protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users Network Security provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resourcesork Security 3 SPU

Information Science Institute of Sripatum University Need for Security Some people who cause security Information Science Institute of Sripatum University Need for Security Some people who cause security problems and why. 4 SPU

Information Science Institute of Sripatum University Security Threats Passive attacks) eavesdropping( Release of message Information Science Institute of Sripatum University Security Threats Passive attacks) eavesdropping( Release of message contents - ลกลอบนำขอมลออกไป Traffic analysis – แอบวเคราะหสภาวะการจราจร และสงเกตกระบวนการรบสงขอมล Difficult to detect because there is no data alteration Emphasis on prevention through encryption Active attacks เกยวของกบการแกไขเปลยนแปลงสายขอมล Masquerade – ปลอมเปนผใชทไดรบอนญาต Replay – ดกจบขอมลโดยไมใหรตว แลวนำมาสงใหมโดยมวตถประสงคราย Modification of messagesเปลยนแปลงแกไขบางสวนของขอความโดยมวตถประสงคร าย Denial of Service – ปองกนการใชงานตามปกตหรอการทำให server 5 ทำงานมากผดปกตจนไมสามารถใหบรการไดตามปกต SPU

Information Science Institute of Sripatum University Security Requirements Confidentiality – ความลบของขอมล เฉพาะผทไดรบอนญาตเทานนจงจะสามาร ถเขาถงขอมลไดเทานน Integrity Information Science Institute of Sripatum University Security Requirements Confidentiality – ความลบของขอมล เฉพาะผทไดรบอนญาตเทานนจงจะสามาร ถเขาถงขอมลไดเทานน Integrity – ความมนคงของขอมล เฉพาะผทไดรบอนญาตเทานนจงจะสามาร ถเปลยนแปลงแกไขขอมลได Availability ความพรอมใหบรการขอมลเพาะกบผทไดร บอนญาต Authenticity ความสามารถในการพสจนทราบผใช 6 SPU

Information Science Institute of Sripatum University Cryptography The encryption model (for a symmetric-key cipher). Information Science Institute of Sripatum University Cryptography The encryption model (for a symmetric-key cipher). 7 SPU

Information Science Institute of Sripatum University Substitution Ciphers เปนวธการแทนตวอกษรหนงตวหรอหนงกล มดวยตวอกษรอกตวหนงเพอปดบงคาทแท จรง วธการแบบนทเกาแกทสดเรยกวา Caesar cipher Information Science Institute of Sripatum University Substitution Ciphers เปนวธการแทนตวอกษรหนงตวหรอหนงกล มดวยตวอกษรอกตวหนงเพอปดบงคาทแท จรง วธการแบบนทเกาแกทสดเรยกวา Caesar cipher Plaintext: xy z a b c d e fg h i j k l mn o pqr s t u v w Ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V BNM ตวอยางเชน “attack” จะถกแปลงเปน “QZZQEA” What is plain text for Caesar cipher text “exxegoexsrgi” ? Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ Plaintext: the quick brown fox jumps over the lazy dog 8 SPU

Information Science Institute of Sripatum University Transposition Ciphers เปนแบบทตวอกษรยงรกษาลำดบเด มของตวอกษรในขอความตนฉบบเอาไวแ ตจดการสบเปลยนตวอกษรเหลานนเ ปนตวอนทงหมด A transposition Information Science Institute of Sripatum University Transposition Ciphers เปนแบบทตวอกษรยงรกษาลำดบเด มของตวอกษรในขอความตนฉบบเอาไวแ ตจดการสบเปลยนตวอกษรเหลานนเ ปนตวอนทงหมด A transposition cipher. 9 SPU

Information Science Institute of Sripatum University One-Time Pads เปนการสราง ciphertext ทไมสามารถถอดรหส (โดยผทไมไดรบอนญาต ) ได Information Science Institute of Sripatum University One-Time Pads เปนการสราง ciphertext ทไมสามารถถอดรหส (โดยผทไมไดรบอนญาต ) ได ขนตอนแรกใหเลอก bit string แบบสมเลอก จากนนเปลยน plaintext ใหเปน bit string แลวทำการ exclusive OR bit string ทงสองเขาดวยกนทละบต 10 SPU

Information Science Institute of Sripatum University Quantum Cryptography เปนการเขารหสทใชกบการสอสารสญญาณผานใยแกวนำแสง โดยใชหลกการของ quantum mechanics ซงจะมการใช polarizing Information Science Institute of Sripatum University Quantum Cryptography เปนการเขารหสทใชกบการสอสารสญญาณผานใยแกวนำแสง โดยใชหลกการของ quantum mechanics ซงจะมการใช polarizing filter เพอปรบความเขมของแสงทลอดออกมา 2 ชดสำหรบทงฝายผรบและฝายผสงคอ rectilinear basis และ diagonal basis 11 SPU

Information Science Institute of Sripatum University Symmetric Encryption The only form of encryption prior Information Science Institute of Sripatum University Symmetric Encryption The only form of encryption prior to late 1970 s Five components to the algorithm Plaintext- เอกสารหรอขอมลตนฉบบ Encryption algorithm ขนตอนวธการเขารหสขอมล Secret key- กญแจทใชในการเขารหส Ciphertext - ขอความใหมทผานการเขารหสแลว Decryption algorithmขนตอนวธในการถอดรหสโดยใชกญแจตวเดม Two requirements Strong encryption algorithm Secure exchange of keys 12 SPU

Information Science Institute of Sripatum University Conventional Encryption Operation 13 SPU Information Science Institute of Sripatum University Conventional Encryption Operation 13 SPU

Information Science Institute of Sripatum University Symmetric Encryption Attacks Cryptanalysis • • เปนความพยายามทจะวเคราะหขนตอนวธการเขารห ส Information Science Institute of Sripatum University Symmetric Encryption Attacks Cryptanalysis • • เปนความพยายามทจะวเคราะหขนตอนวธการเขารห ส หากมตวอยางของขอความกอนเขารหสและหลงเขารห สดวยแลวกยงมโอกาสทจะนำไปสกญแจทใช ในการเขารหสได ถาประสบความสำเรจ ขอความทสงไปแลวและทจะสงใหมในอนาคตซงใช กญแจดงกลาวเขารหสจะถกถอดรหสได Brute Force • • เปนการพยายามใชกญแจทคดวาเปนไปไดทกตวใน การถอดรหส จนกวาจะไดขอความทอานไดอยางมเหตผล โดยเฉลยแลวตองใชกญแจในความพยายามถงครงของ กญแจทเปนไปไดทงหมดจงจะประสบความสำเรจ 14 SPU

Information Science Institute of Sripatum University Average time Required for Exhaustive Key Search Key Information Science Institute of Sripatum University Average time Required for Exhaustive Key Search Key size(bits) Number of Alternative keys Time required at 1 encryption/µs Time required at 106 encryption/µs 32 232=4. 3 x 109 231µs=35. 8 minutes 2. 15 56 256=7. 2 x 1016 255µs=1142 years 10. 01 hours 128 2128=3. 4 x 1038 2127µs=5. 4 x 1024 years 5. 4 x 1018 years 168 2168=3. 7 x 1050 2167µs=5. 9 x 1036 years 5. 9 x 1030 years SPU

Information Science Institute of Sripatum University Symmetric Key Encryption Algorithm n Most commonly used Information Science Institute of Sripatum University Symmetric Key Encryption Algorithm n Most commonly used symmetric encryption algorithm are block ciphers. A block cipher processes the plaintext input in fixed-size blocks and produce a block of ciphertext of equal size for each plaintext block. Two most important symmetric algorithms DES – Data Encryption Standard AES – Advanced Encryption Standard 16 SPU

Information Science Institute of Sripatum University Data Encryption Standard (DES) เปน encryption algorithm ทมความโดดเดนหลงจากทเรมใชงานในป Information Science Institute of Sripatum University Data Encryption Standard (DES) เปน encryption algorithm ทมความโดดเดนหลงจากทเรมใชงานในป 1977 กญแจขนาด 56 -bit ทำให นงายเกนไปทจะถก algorithm ไดมการยดอายการใช DES crack 1998 ไดภายในไมเกนป โดยใชเทคนค triple DES (3 DES) Repeats basic DES algorithm three times, using either two or three unique keys Key size of 112 or 168 bits Drawbacks: Algorithm is sluggish in software, 64 -bit block 17 size is inefficient SPU

Information Science Institute of Sripatum University Data Encryption Standard The data encryption standard. (a) Information Science Institute of Sripatum University Data Encryption Standard The data encryption standard. (a) General outline. (b) Detail of one iteration. The circled + means exclusive OR. 18 SPU

Information Science Institute of Sripatum University Advanced Encryption Standard 3 DES is not a Information Science Institute of Sripatum University Advanced Encryption Standard 3 DES is not a reasonable candidate for long-term use National Institute of Standard and Technology (NIST) proposes AES with equal or better strength than 3 DES AES be symmetric cipher with a block length of 128 bits and support for key lengths of 128, 192, and 256 bits 19 SPU

Information Science Institute of Sripatum University Advanced Encryption Standard 20 SPU Information Science Institute of Sripatum University Advanced Encryption Standard 20 SPU

Information Science Institute of Sripatum University Cryptanalysis 21 SPU Information Science Institute of Sripatum University Cryptanalysis 21 SPU

Information Science Institute of Sripatum University Encryption across a Packet –Switching Network 22 SPU Information Science Institute of Sripatum University Encryption across a Packet –Switching Network 22 SPU

Information Science Institute of Sripatum University Location of Encryption Devices Link encryption Each vulnerable Information Science Institute of Sripatum University Location of Encryption Devices Link encryption Each vulnerable communications link is equipped on both ends with an encryption device. All traffic over all communications links is secured. Vulnerable at each switch End-to-end encryption Encryption process carried out at two end systems Encrypted data transmitted unaltered across network; destination shares key with source to decrypt data Packet headers cannot be secured 23 SPU

Information Science Institute of Sripatum University Symmetric Encryption Key Distribution Both parties must have Information Science Institute of Sripatum University Symmetric Encryption Key Distribution Both parties must have the secret key Key is changed frequently Requires either manual delivery of keys, or a third-party encrypted channel Most effective method is a Key Distribution Center (e. g. Kerberos) 24 SPU

Information Science Institute of Sripatum University End-to-End Encryption Two types of keys Session keys Information Science Institute of Sripatum University End-to-End Encryption Two types of keys Session keys – data are encrypted with one-time session key Permanent keys – used between entities for the purpose of distributing session keys Required components Key distribution center – determines which systems are allowed to communicate with each other and provides one-time session key for that connection Security service module (SSM) – performs end-to- end encryption and obtain session keys on behalf of users. 25 SPU

Information Science Institute of Sripatum University Automated Key Distribution 26 SPU Information Science Institute of Sripatum University Automated Key Distribution 26 SPU

Information Science Institute of Sripatum University Traffic Padding เพอปองกนการโจมตแบบ Cryptanalysis A function that produces Information Science Institute of Sripatum University Traffic Padding เพอปองกนการโจมตแบบ Cryptanalysis A function that produces ciphertext output continuously, even in the absence of plaintext Continuous random data stream is generated. When plaintext is available, it is encrypted and transmitted. When input plaintext is not present, the random data are encrypted and transmitted Makes it impossible for an attacker to distinguish between true data flow and noise and therefore impossible to deduce the amount of traffic 27 SPU

Information Science Institute of Sripatum University Message Authentication Must verify that contents have not Information Science Institute of Sripatum University Message Authentication Must verify that contents have not been altered and that source is authentic Approaches Authentication using symmetric encryption Authentication without message encryption Message authentication code One-way hash function 28 SPU

Information Science Institute of Sripatum University Message authentication code (MAC) 29 SPU Information Science Institute of Sripatum University Message authentication code (MAC) 29 SPU

Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function Only sender Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function Only sender and receiver share the encryption key. 30 SPU

Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function (cont. ) Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function (cont. ) 31 SPU

Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function (cont. ) Information Science Institute of Sripatum University Message Authentication using One-Way Hash Function (cont. ) Technique that uses a hash function but no encryption. 32 SPU

Information Science Institute of Sripatum University Hash Function (H) Requirements Can be applied to Information Science Institute of Sripatum University Hash Function (H) Requirements Can be applied to a block of data of any size. Produces a fixed-length output. H(x) is relatively easy to compute for any given x For any given code h, it is computationally infeasible to find x such that H(x) = h. For any given block x, it is computationally infeasible to find y ≠x with H(y) = H(x). It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). 33 SPU

Information Science Institute of Sripatum University Public-Key Encryption ใชวธการเขารหสทใชคยในการเขารหสและถอดรหสแตกตางก น และคยทใชถอดรหสนนไมสามารถสรางขนมาจากคยทใชเ ขารหสได การเขารหส (E) Information Science Institute of Sripatum University Public-Key Encryption ใชวธการเขารหสทใชคยในการเขารหสและถอดรหสแตกตางก น และคยทใชถอดรหสนนไมสามารถสรางขนมาจากคยทใชเ ขารหสได การเขารหส (E) และการถอดรหส (D) จะตองอยในเงอนไข 3 ประการ 1. D(E(P))=P 2. เปนการยากทจะสราง D ขนมาจาก . 3 E จะตองทนทานตอวธการถอดรหสแบบ E chosen plaintext attack Asymmetric, involving the use of two separate keys ความเขาใจผดเกยวกบการเขารหสดวย public key คดวามความปลอดภยสงจากการโจมตแบบ cryptanalysis คดวาเปนเทคนคทใชไดเอนกประสงคททำให conventional encryption ลาสมย คดวามความยงยากนอยกวา conventional encryption 34 SPU

Information Science Institute of Sripatum University Public-Key Encryption Components Plaintext Encryption algorithm Public and Information Science Institute of Sripatum University Public-Key Encryption Components Plaintext Encryption algorithm Public and private key Ciphertext Decryption algorithm 35 SPU

Information Science Institute of Sripatum University Public-Key Encryption Operation Encryption 36 SPU Information Science Institute of Sripatum University Public-Key Encryption Operation Encryption 36 SPU

Information Science Institute of Sripatum University Public-Key Signature Operation Authentication 37 SPU Information Science Institute of Sripatum University Public-Key Signature Operation Authentication 37 SPU

Information Science Institute of Sripatum University Characteristics of Public-Key Computationally infeasible to determine the Information Science Institute of Sripatum University Characteristics of Public-Key Computationally infeasible to determine the decryption key given knowledge of the cryptographic algorithm and the encryption key Either of the two related keys can be used for encryption, with the other used for decryption 38 SPU

Information Science Institute of Sripatum University Steps in Public Key Encryption Each user generates Information Science Institute of Sripatum University Steps in Public Key Encryption Each user generates a pair of keys to be used for the encryption and decryption of messages. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice's public key. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice's private key. 39 SPU

Information Science Institute of Sripatum University Digital Signature Process 40 SPU Information Science Institute of Sripatum University Digital Signature Process 40 SPU

Information Science Institute of Sripatum University RSA Encryption Algorithm Developed in 1977, by Ron Information Science Institute of Sripatum University RSA Encryption Algorithm Developed in 1977, by Ron Rivest, Adi Schamir and Len Adleman at MIT, first published in 1978 Widely accepted and implemented approach to public-key encryption For plaintext block M and ciphertext block C C = Me mod n M = Cd mod n = (Me)d mod n = Med mod n Both sender and receiver must know values of n and e; only receiver knows value of d Public key of KU = {e, n} Private key of KR = {d, n}. 41 SPU

Information Science Institute of Sripatum University RSA Encryption Algorithm) cont(. วธการแบบ RSA นนนำพนฐานของทฤษฎตวเลขมาใช มขนตอนการทำงานดงน Information Science Institute of Sripatum University RSA Encryption Algorithm) cont(. วธการแบบ RSA นนนำพนฐานของทฤษฎตวเลขมาใช มขนตอนการทำงานดงน เลอกตวเลขทเปน prime number ขนาดใหญ p และ q (โดยทวไปขนาด 1024 bit( 1. 2. 3. คำนวณ n=p x q และ z=(p-1) x (q-1) เลอกตวเลขทเปน 4. หาคา e ซง prime number เรยกวา d e x d =1 mod z 42 SPU

Information Science Institute of Sripatum University RSA An example of the RSA algorithm. 43 Information Science Institute of Sripatum University RSA An example of the RSA algorithm. 43 SPU

Information Science Institute of Sripatum University RSA Requirements It is possible to find values Information Science Institute of Sripatum University RSA Requirements It is possible to find values of e, d, n such that Med = M mod n for all M < n. It is relatively easy to calculate Me and Cd for all values of M < n. It is infeasible to determine d given e and n. This requirement can be met with large values of e and n 44 SPU

Information Science Institute of Sripatum University Approaches to Defeating RSA Brute force approach: try Information Science Institute of Sripatum University Approaches to Defeating RSA Brute force approach: try all possible private keys. The larger the number of bits in e and d, the more secure the algorithm. However, the larger the size of the key, the slower the system will run. Cryptanalysis: factoring n into its two prime factors A hard problem, but not as hard as it used to be Currently, a 1024 -bit key size is considered strong enough for virtually all applications 45 SPU

Information Science Institute of Sripatum University Key Management Symmetric encryption requires both parties to Information Science Institute of Sripatum University Key Management Symmetric encryption requires both parties to share a secret key Secure distribution of keys is the most difficult problem for symmetric encryption Public key encryption solves this problem, but adds the issue of authenticity Public key certificates address this issue 46 SPU

Information Science Institute of Sripatum University Public Key Certificate Process Public-key Certificate consists of Information Science Institute of Sripatum University Public Key Certificate Process Public-key Certificate consists of a public key plus a User ID of the key owner, with the whole block signed by the third trusted party. 47 SPU

Information Science Institute of Sripatum University Public Key Certificate Process 1. A public key Information Science Institute of Sripatum University Public Key Certificate Process 1. A public key is generated by the user and submitted to Agency X for certification. 2. X determines by some procedure, such as a faceto-face meeting, that this is authentically the user’s public key. 3. X appends a timestamp to the public key, generates the hash code of the result, and encrypts that result with X’s private key forming the signature. 4. The signature is attached to the public key. 48 SPU

Information Science Institute of Sripatum University Virtual Private Networks (VPNs) Internet connectivity provides easier Information Science Institute of Sripatum University Virtual Private Networks (VPNs) Internet connectivity provides easier access for telecommuters and off-site employees Use of a public network exposes corporate traffic to eavesdropping and provides an entry point for unauthorized users A variety of encryption and authentication packages and products are available to secure and authenticate remote access Need for a standard that allows a variety of platforms to interconnect securely 49 SPU

Information Science Institute of Sripatum University Virtual Private Networks (a) A leased-line private network. Information Science Institute of Sripatum University Virtual Private Networks (a) A leased-line private network. (b) A virtual private network. 50 SPU

Information Science Institute of Sripatum University Applications of IPSec Secures communications across a LAN, Information Science Institute of Sripatum University Applications of IPSec Secures communications across a LAN, WANs, and/or the Internet Can encrypt and/or authenticate all traffic at the IP level Examples of use: Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security 51 SPU

Information Science Institute of Sripatum University Benefits of IPSec When implemented in a firewall Information Science Institute of Sripatum University Benefits of IPSec When implemented in a firewall or router, provides strong security for all traffic crossing the perimeter IPSec in a firewall is resistant to bypass Runs below the transport layer (TCP, UDP) and so is transparent to applications Can be transparent to end users Can provide security for individual users if needed 52 SPU

Information Science Institute of Sripatum University An IP Security Scenario 53 SPU Information Science Institute of Sripatum University An IP Security Scenario 53 SPU

Information Science Institute of Sripatum University IPSec Functions IPSec provides three main facilities authentication-only Information Science Institute of Sripatum University IPSec Functions IPSec provides three main facilities authentication-only function referred to as Authentication Header (AH) combined authentication/encryption function called Encapsulating Security Payload (ESP) a key exchange function For VPNs, both authentication and encryption are generally desired 54 SPU

Information Science Institute of Sripatum University IPsec The IPsec authentication header in transport mode Information Science Institute of Sripatum University IPsec The IPsec authentication header in transport mode for IPv 4. 55 SPU

Information Science Institute of Sripatum University IPsec (2) (a) ESP in transport mode. (b) Information Science Institute of Sripatum University IPsec (2) (a) ESP in transport mode. (b) ESP in tunnel mode. 56 SPU

Information Science Institute of Sripatum University ESP Transport and Tunneling Transport Mode provides protection Information Science Institute of Sripatum University ESP Transport and Tunneling Transport Mode provides protection primarily for upperlayer protocols. Typically used for endto-end communication between two hosts encrypts and optionally authenticates the IP payload but not the IP header useful for relatively small networks; for a full-blown VPN, tunnel mode is far more efficient Tunnel Mode Provides protection to the entire packet Original packet is encapsulated in ESP fields, protecting contents from examination Used when one or both ends is a security gateway Multiple hosts on networks behind firewalls may engage in secure communications without implementing IPSec 57 SPU

Information Science Institute of Sripatum University Scope of ESP Encryption and Authentication 58 SPU Information Science Institute of Sripatum University Scope of ESP Encryption and Authentication 58 SPU

Information Science Institute of Sripatum University IPSec Key Management Manual System administrator manually configures Information Science Institute of Sripatum University IPSec Key Management Manual System administrator manually configures each system with its own keys and with the keys of other communicating systems Practical for small, relatively static environments Automated Enables the on-demand creation of keys for SAs and facilitates the use of keys in a large distributed system Most flexible but requires more effort to configure and requires more software 59 SPU

Information Science Institute of Sripatum University IPSec and VPNs Organizations need to isolate their Information Science Institute of Sripatum University IPSec and VPNs Organizations need to isolate their networks and at the same time send and receive traffic over the Internet Authentication and privacy mechanisms of secure IP allow for security strategy IPSec can be implemented in routers or firewalls owned and operated by the organization, allowing the network manager complete control over security aspects of the VPN 60 SPU

Information Science Institute of Sripatum University Firewalls A firewall consisting of two packet filters Information Science Institute of Sripatum University Firewalls A firewall consisting of two packet filters and an application gateway. 61 SPU

Information Science Institute of Sripatum University E-Mail Security - Pretty Good Privacy(PGP) ทำการเขารหสขอมลโดยการใช block Information Science Institute of Sripatum University E-Mail Security - Pretty Good Privacy(PGP) ทำการเขารหสขอมลโดยการใช block cipher เรยกวา IDEA (International Data Encryption Algorithm) ใชคยขนาด 128 bits การบรหารคย ใชวธ RSA และการตรวจสอบความถกตองของขอมลเปนแบบ MD 5 PGP in operation for sending a message. 62 SPU

Information Science Institute of Sripatum University Web Security Threats - ภยคกคาม Secure Naming- การตงชออยางปลอดภย Information Science Institute of Sripatum University Web Security Threats - ภยคกคาม Secure Naming- การตงชออยางปลอดภย SSL – The Secure Sockets Layer Mobile Code Securityการใชโคดทปลอดภยสำหรบโมบาย 63 SPU

ภยคกคาม Information Science Institute of Sripatum University Hackers- ทมความสามารถสงกวาโปรแกรมเมอรทวไป Cracker – เวบไซตยอดนยม เคยถกโจมตมาแลว Denial ภยคกคาม Information Science Institute of Sripatum University Hackers- ทมความสามารถสงกวาโปรแกรมเมอรทวไป Cracker – เวบไซตยอดนยม เคยถกโจมตมาแลว Denial of Service attack ซง Cracker จะโดมตดวยการ สงขาวสารจำนวนมหาศาล ทำใหไมสามารถบรการไดตามปกต ป 1999 Cracker ชาวสวเดนบกเขาเวบไซตของ แลวสราง mirror site ทอนญาตใหผใดกไดสมารถพมพชอผใช แลว อาน ขอความใน email ได เชน Yahoo, CIA, NASA มายงเวบไซตนน Microsoft Hotmail hotmail Cracker ชาวรสเซย อาย 19 ปบกเขาเวบไซต e-commerce แหงหนงและ ขโมยหมายเลขบตรเครดต ไปกวา 30, 000 ใบแลวเรยกรองเงนจากเจาของเวบไซต $100, 000 เจาของรานปฏเสธ จงประกาศหมายเลขเครดตการดไปทวอนเทอรเนต ทำใหเจาของบตรสญเสยเงนไปจำนวนมาก อกกรณหนง หนมชาวแคลฟอเนย อาย 23 ป สง email เปนการแถลงขาวกลาววา emulex Corporation กำลงจะนำ รายงานการขาดทน การประกอบการในไตรมาสทสามเปนเง นจำนวนมากซงมผลทำใหประธานกรรมการบรหารตองลาออกในท 64 นท ภายในไมกชวโมงหลงจากนน หนของบรษทไดตกกวา 60% SPU

Information Science Institute of Sripatum University Secure Naming (a) Normal situation. (b) An attack Information Science Institute of Sripatum University Secure Naming (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record. 65 SPU

Information Science Institute of Sripatum University Secure DNS An example RRSet for bob. com. Information Science Institute of Sripatum University Secure DNS An example RRSet for bob. com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed has of the A and KEY records to verify their authenticity. 66 SPU

Information Science Institute of Sripatum University SSL—The Secure Sockets Layers (and protocols) for a Information Science Institute of Sripatum University SSL—The Secure Sockets Layers (and protocols) for a home user browsing with SSL. 67 SPU

Information Science Institute of Sripatum University Java Applet Security Applets inserted into a Java Information Science Institute of Sripatum University Java Applet Security Applets inserted into a Java Virtual Machine interpreter inside the browser. 68 SPU

Information Science Institute of Sripatum University Next Lecture Networks Services 69 SPU Information Science Institute of Sripatum University Next Lecture Networks Services 69 SPU