MTE114 - Keamanan Jaringan

Dr. Teuku Yuliar Arif, ST., M.Kom

Magister Teknik Elektro
Pasca Sarjana
Universitas Syiah Kuala
1

Instructor
Lecturer
Dr. Teuku Yuliar Arif, ST., M.Kom
Mobile: 082160313880
E-mail: yuliar@unsyiah.ac.id, yuliararif@gmail.com
Homepage: http://elektro.unsyiah.ac.id/staf/tyarif/
http://tyarif.wordpress.com

Office: Electrical Engineering Department, Faculty of

Engineering, University of Syiah Kuala

Course Overview

Course: Network Security

Time: 14:00-16:30pm on Saturday
Classroom: JTE-1
Prerequisite: Computer Networks
Course webpage:
http://tyarif.wordpress.com/teaching/

References
Network Security Essentials: Applications and Standards, 4th
ed., by William Stallings, Pearson Education, Inc., 2011.
Cryptography and Network Security: Principles and Practice,
Fifth Edition, by William Stallings, Prentice-Hall, 2011.
Kriptografi untuk Keamanan Jaringan, Rifki Sadikin, AndiOffset, 2012.
Selected network security papers (ieeexplore, elsevier).

Grading Policy
(Tentative) grading policy
Attendance: 10%
Assignments: 30%
Midterm: 30%
Final exam: 30%

Course Description
Introduction to basic concepts in network
security and their applications
Cryptography
Encryption, hash function, digital signature

Network security applications

HTTPS, Email security, wireless security

System security
Firewall, Intrusion, virus

Tentative Class Schedule

Week-1 : Introduction to Network Security
Week-2 : Sistem sandi klasik
Tipe-tipe serangan keamanan jaringan
Algortima enkripsi klasik.

Week-3 : Data Encription Standard (DES)

Boks permutasi, subsitusi, XOR, shift sirkular dan swap.
DES-Sederhana
DES

Week-4 : Advanced Encription Standard (AES)

Unit data AES
Struktur Enkripsi/Dekripsi AES.
Transformasi AES
7

Tentative Class Schedule

Week-5 : Pembangkit Kunci AES
Ekspansi kunci AES
Keamanan sandi AES
Contoh artikel DES dan AES

Week-6 : Mode operasi

Mode operasi
Bilangan Acak
Sistem sandi stream
Sandi RC4

Week-7 : Sistem sandi kunci publik

Kriptografi RSA
Algoritma pembangkit kunci RSA
Algoritma enkripsi/dekripsi RSA

Tentative Class Schedule

Week-8 : Midterm test/UTS
Week-9 : Fungsi hash
Fungsi hash dan keutuhan data
Keamanan fungsi hash
Fungsi hash dengan iterasi

Week-10 : Digital Signature

Keamanan digital signature
Skema-skema digital signature
Skema digital signature standar

Week-11 : Keamanan lapisan transport

Secure Socket Layer (SSL)
Transport Layer Security (TLS)
HTTPS

Tentative Class Schedule

Week-12 : Keamanan jaringan wireless
Keamanan WLAN IEEE 802.11i
Keamanan lapisan transport wireless
Keamanan WAP

Week-13 : Keamanan Email

Pretty Good Privacy (PGP)
S/MIME
DKIM

Week-14 : Presentasi tugas kelompok

Week-15 : Presentasi tugas kelompok
Week-16 : Final test/UAS
10

Introduction to Network
Security
Week-1, 7/2/2015

11

Key Security Concepts

12

Three Key Objectives

Confidentiality
Data confidentiality : Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
Privacy : Assures that individuals control or influence what
information related to them may be collected and stored
and by whom and to whom that information may be
disclosed.

13

Three Key Objectives

Integrity
Data integrity : Assures that information and programs are
changed only in a specified and authorized manner.
System integrity : Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of
the system.
Availability : Assures that systems work promptly and service
is not denied to authorized users.

14

Examples of Security
Requirements
confidentiality student grades
integrity patient information
availability authentication service

15

Computer Security Challenges

not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. having designed various security mechanisms
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system
1.

16

Classifying Security Attacks

passive attacks :
attempts to learn or make use of
information from the system but does not
affect system resources.

active attacks

attempts to alter system resources or

affect their operation.

17

Passive Attacks
Passive attacks do not affect system resources
Eavesdropping, monitoring

Two types of passive attacks

Release of message contents
Traffic analysis

Passive attacks are very difficult to detect

Message transmission apparently normal
No alteration of the data

Emphasis on prevention rather than detection

By means of encryption

18

Passive Attacks (1)

Release of Message Contents

sensitive or confidential information

- voip, email, file transfer, etc

prevent an opponent from

learning the contents

19

Passive Attacks (2)

Traffic Analysis

masking the contents:

encryption

20

Active Attacks
Active attacks try to alter system resources or affect
their operation
Modification of data, or creation of false data

Four categories

Masquerade
Replay
Modification of messages
Denial of service: preventing normal use
A specific target or entire network

Difficult to prevent
The goal is to detect and recover

21

Active Attacks (1)

Masquerade

22

Active Attacks (2)

Replay

23

Active Attacks (3)

Modification of Messages

24

Active Attacks (4)

Denial of Service

25

http://idsirtii.or.id

26

http://www.acad-csirt.or.id

27