Test 2 2019 Review (1).pdf - TEST 2 Review This is a review-only main concepts are introduced but you also have to know the details not presented in

Test 2 2019 Review (1).pdf - TEST 2 Review This is a...

This preview shows page 1 - 16 out of 76 pages.

TEST 2 Review This is a review-only main concepts are introduced but you also have to know the details not presented in these slides. You need to understandthe concepts, not just memorizethe figures.
Image of page 1
Material Covered SSL (Lecture 7, Chapter 5) Wireless Security (Lecture 9, Chapter 6) IPSec (Lectures 10-1,10-2, Chapter 8) IDS (Lectures 11-1, 11-2, Chapter 9) Firewalls (Lecture 12, Chapter 11)
Image of page 2
Transport Level Security (Lecture 7, Chapter 5)
Image of page 3
4 Security facilities in the TCP/IP protocol stack Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Image of page 4
5 SSL Architecture Lower SSL Layer Upper SSL Layer
Image of page 5
6 SSL Record Protocol Operation Hash (MD5 or SHA-1) using shared secret key and the padded compressed message (HMAC) Use symmetric encryption (AES, IDEA, DES, 3DES…)
Image of page 6
7 Handshake Protocol Phase 1: Establish Security Capabilities Phase 2: Server Authentication and Key Exchange –uses public key encryption Phase 3: Client Authentication and Key Exchange –encrypted pre-master secret with the server s public key. Phase 4: Finish Make sure you go overexamples presented in class!!
Image of page 7
Wireless Network Security (Lecture 9, Chapter 6)
Image of page 8
802.1X Topologies Authenticator/EtherNAS (e.g. Access Point or Bridge) Supplicant Enterprise or ISP Network Semi - Public Network / Enterprise Edge Authentication Server R A D I U S PAE PAE EtherCPE Supplicant Non - 802.1X
Image of page 9
Figure 6.7 802.1X Access Control Station Access point Uncontrolled port Controlled port Controlled port To DS To other wireless stations on this BSS Authentication serve 1. Connect to AS – STA sends request to AP to request connection to AS 2. Extensible Authentication Protocol (EAP) exchange: STA and AS authenticate to each other 3. Secure key delivery: AS generates a session key (MSK) and sends it to STA.
Image of page 10
802.11 Association EAP/802.1X/RADIUS Authentication MSK 4-Way Handshake Group Key Handshake 802.11i Protocol Data Communication Supplicant Auth/Assoc 802.1X UnBlocked PTK/GTK Authenticator Auth/Assoc 802.1X UnBlocked PTK/GTK Authentica- tion Server (RADIUS) No Key
Image of page 11
STA AP Figure 6.6 IEEE 802.11i Phases of Operation: Capability Discovery, Authentication, and Association AS Probe request Station sends a request to join network AP sends possible security parameter (security capabilties set per the security policy) AP performs null authentication AP sends the associated security parameters Station sends a request to perform null authentication Station sends a request to associate with AP with security parameters Station sets selected security parameters Open system authentication request Probe response 802.1x EAP request Access request (EAP request) 802.1x EAP response Accept/EAP-success key material 802.1x EAP success Association request Association response Open system authentication response 802.1X controlled port blocked 802.1X controlled port blocked Extensible Authentication Protocol Exchange
Image of page 12
Key Management Pairwise keys – used for secure communication between STA and AP Group keys- used by AP to multicast Pairwise keys: Pre-shared key (PSK) secret key shared by STA and AP (outside scope of IEEE 802.11i) Master session key (MSK) generated by IEEE 802.1x protocolduring authenticationphase
Image of page 13
IPsec Lectures 10-1,10-2, Chapter 8
Image of page 14
TCP/IP Example
Image of page 15
Image of page 16

You've reached the end of your free preview.

Want to read all 76 pages?

  • Fall '16
  • auraganz

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors