MTE114 - Keamanan Jaringan

Dr. Teuku Yuliar Arif, ST., M.Kom

Magister Teknik Elektro Pasca Sarjana

Universitas Syiah Kuala

1

Instructor

Lecturer

Dr. Teuku Yuliar Arif, ST., M.Kom Mobile: 082160313880

E-mail: yuliar@unsyiah.ac.id, yuliararif@gmail.com

Homepage: http://elektro.unsyiah.ac.id/staf/tyarif/

http://tyarif.wordpress.com

Office: Electrical Engineering Department, Faculty of Engineering, University of Syiah Kuala

2

Course Overview

Course: Network Security

Time: 14:00-16:30pm on Saturday

Classroom: JTE-1

Prerequisite: Computer Networks

Course webpage: http://tyarif.wordpress.com/teaching/

3

References Network Security Essentials: Applications and Standards, 4th

ed., by William Stallings, Pearson Education, Inc., 2011.

Cryptography and Network Security: Principles and Practice, Fifth Edition, by William Stallings, Prentice-Hall, 2011.

Kriptografi untuk Keamanan Jaringan, Rifki Sadikin, Andi-Offset, 2012.

Selected network security papers (ieeexplore, elsevier).

4

Grading Policy

(Tentative) grading policy

Attendance: 10%

Assignments: 30%

Midterm: 30%

Final exam: 30%

5

Course Description

Introduction to basic concepts in network security and their applications

Cryptography

Encryption, hash function, digital signature

Network security applications

HTTPS, Email security, wireless security

System security

Firewall, Intrusion, virus

6

Tentative Class Schedule

Week-1 : Introduction to Network Security

Week-2 : Sistem sandi klasik Tipe-tipe serangan keamanan jaringan

Algortima enkripsi klasik.

Week-3 : Data Encription Standard (DES) Boks permutasi, subsitusi, XOR, shift sirkular dan swap.

DES-Sederhana

DES

Week-4 : Advanced Encription Standard (AES) Unit data AES

Struktur Enkripsi/Dekripsi AES.

Transformasi AES

7

Tentative Class Schedule

Week-5 : Pembangkit Kunci AES Ekspansi kunci AES

Keamanan sandi AES

Contoh artikel DES dan AES

Week-6 : Mode operasi Mode operasi

Bilangan Acak

Sistem sandi stream

Sandi RC4

Week-7 : Sistem sandi kunci publik Kriptografi RSA

Algoritma pembangkit kunci RSA

Algoritma enkripsi/dekripsi RSA

8

Tentative Class Schedule

Week-8 : Midterm test/UTS

Week-9 : Fungsi hash Fungsi hash dan keutuhan data

Keamanan fungsi hash

Fungsi hash dengan iterasi

Week-10 : Digital Signature Keamanan digital signature

Skema-skema digital signature

Skema digital signature standar

Week-11 : Keamanan lapisan transport Secure Socket Layer (SSL)

Transport Layer Security (TLS)

HTTPS

9

Tentative Class Schedule

Week-12 : Keamanan jaringan wireless Keamanan WLAN IEEE 802.11i

Keamanan lapisan transport wireless

Keamanan WAP

Week-13 : Keamanan Email Pretty Good Privacy (PGP)

S/MIME

DKIM

Week-14 : Presentasi tugas kelompok

Week-15 : Presentasi tugas kelompok

Week-16 : Final test/UAS

10

Introduction to Network Security

Week-1, 7/2/2015

11

Key Security Concepts

12

Three Key Objectives

Confidentiality

Data confidentiality : Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Privacy : Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

13

Three Key Objectives

Integrity

Data integrity : Assures that information and programs are changed only in a specified and authorized manner.

System integrity : Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Availability : Assures that systems work promptly and service is not denied to authorized users.

14

Examples of Security Requirements

confidentiality student grades

integrity patient information

availability authentication service

15

Computer Security Challenges

1. not simple 2. must consider potential attacks 3. procedures used counter-intuitive 4. having designed various security mechanisms 5. must decide where to deploy mechanisms 6. battle of wits between attacker / admin 7. not perceived on benefit until fails 8. requires regular monitoring 9. too often an after-thought 10. regarded as impediment to using system

16

Classifying Security Attacks

passive attacks : attempts to learn or make use of

information from the system but does not affect system resources.

active attacks attempts to alter system resources or

affect their operation.

17

Passive Attacks

Passive attacks do not affect system resources Eavesdropping, monitoring

Two types of passive attacks Release of message contents

Traffic analysis

Passive attacks are very difficult to detect Message transmission apparently normal

No alteration of the data

Emphasis on prevention rather than detection By means of encryption

18

Passive Attacks (1) Release of Message Contents

sensitive or confidential information - voip, email, file transfer, etc

prevent an opponent from

learning the contents 19

Passive Attacks (2) Traffic Analysis

masking the contents:

encryption

20

Active Attacks

Active attacks try to alter system resources or affect their operation Modification of data, or creation of false data

Four categories Masquerade Replay Modification of messages Denial of service: preventing normal use

A specific target or entire network

Difficult to prevent The goal is to detect and recover

21

Active Attacks (1) Masquerade

22

Active Attacks (2) Replay

23

Active Attacks (3) Modification of Messages

24

Active Attacks (4) Denial of Service

25

http://idsirtii.or.id

26

http://www.acad-csirt.or.id

27