Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Network Connection Process: Identification, System Discovery, and Exchange of Certificates, Lecture notes of Network security

Manipur UniversityNetwork security

The process of establishing a connection in a mobile or ad-hoc network, including network identification through broadcasts, system discovery, and certificate exchange for authentication and security purposes. Wi-fi and wired networks are discussed, with a focus on wi-fi protected access (wpa) and ipsec for secure communication.

Typology: Lecture notes

2018/2019

Uploaded on 11/15/2019

manish-mishra-2
manish-mishra-2 🇮🇳

5 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Broadcast: -
The fist step for a mobile or ad-hoc connection is for the network to identify
itself to the node. This is done through some sort of network broadcast that
identifies the transmitter, the it represents its address. For Wi-Fi example a
dummy message is sent 100 times per second with this type of information. In
some cases this function is disabled or limited. For Wi-Fi the Service Set
Identifier(SSID) can be hidden so that nodes that explicitly request the Proper
ID are allowed to connect. These are more difficult to implement on wireless
networks because the communications are broadcast to an entity in the vicinity
making replay attacks possible. In general security protocols are a more robust
method of limiting access than simple message-content formatting, or timing-
based methods. Wi-Fi Protected Access(WPA) for Wi-Fi and IpSec for Ip based
network layer communications. For wired networks senurity is often minimal
allowing anyone with physical access and connectivity to use available network
services.
System Discovery
After the network identifies itself if it chooses to do so the mobile node must
discover what is available and how to connect. With current systems many
possible network connections are available such as satellites, Wi-Fi, Military
Link Systems, broadband and others. The networks provide information about
different connections and node must make sense of this and discover which
networks are accessble, which protocols and sufficient to meet policy
requirements and which supports high-layer applications. The mobile node,
though some internal logic, determines which network to join and intiates a
“request to join” handshake. This may involve the exchange of identification
information, it may include security parameter negotiations and it may include
protocol .Link systems use device profiles to set the message formats and
protocols. In any case, this is where node is established along with any required
parameters.
As part of the request to join, physical layer attributes may be collected such as
signal strength, noise level, signal quality multi-path parameters location
information supports formats such as Wi-Fi 802.11n and 802.11ai support
beamforming allowing the multiple antennas at the transmitter and receiver to
be used to determine the direction of transmission which can boost the signal in
the vicinity of the communicating entities and reduce it elsewhere. This allows
reduced power slightly increased security and potentially better use of available
network resource by reducing interference with other transmissions.
Other important part of the request to join includes the exchange of certificates.
The certificates are assigned to devices and allow the use of enhance channel
pf2

Partial preview of the text

Download Network Connection Process: Identification, System Discovery, and Exchange of Certificates and more Lecture notes Network security in PDF only on Docsity!

Network Broadcast: -

The fist step for a mobile or ad-hoc connection is for the network to identify itself to the node. This is done through some sort of network broadcast that identifies the transmitter, the it represents its address. For Wi-Fi example a dummy message is sent 100 times per second with this type of information. In some cases this function is disabled or limited. For Wi-Fi the Service Set Identifier(SSID) can be hidden so that nodes that explicitly request the Proper ID are allowed to connect. These are more difficult to implement on wireless networks because the communications are broadcast to an entity in the vicinity making replay attacks possible. In general security protocols are a more robust method of limiting access than simple message-content formatting, or timing- based methods. Wi-Fi Protected Access(WPA) for Wi-Fi and IpSec for Ip based network layer communications. For wired networks senurity is often minimal allowing anyone with physical access and connectivity to use available network services.

System Discovery

After the network identifies itself if it chooses to do so the mobile node must discover what is available and how to connect. With current systems many possible network connections are available such as satellites, Wi-Fi, Military Link Systems, broadband and others. The networks provide information about different connections and node must make sense of this and discover which networks are accessble, which protocols and sufficient to meet policy requirements and which supports high-layer applications. The mobile node, though some internal logic, determines which network to join and intiates a “request to join” handshake. This may involve the exchange of identification information, it may include security parameter negotiations and it may include protocol .Link systems use device profiles to set the message formats and protocols. In any case, this is where node is established along with any required parameters.

As part of the request to join, physical layer attributes may be collected such as signal strength, noise level, signal quality multi-path parameters location information supports formats such as Wi-Fi 802.11n and 802.11ai support beamforming allowing the multiple antennas at the transmitter and receiver to be used to determine the direction of transmission which can boost the signal in the vicinity of the communicating entities and reduce it elsewhere. This allows reduced power slightly increased security and potentially better use of available network resource by reducing interference with other transmissions.

Other important part of the request to join includes the exchange of certificates. The certificates are assigned to devices and allow the use of enhance channel

security quality power efficiency and data rates. The transmitter sends quality power efficiency and data rates. The transmitter sends a test signal to the receiver.

Exchange of Certificates

One important part of the request to join includes the exchange of certificates. The certificates are assigned to devices and allow authentication based on a trusted certificate authority. For ELS, certificates are stored in hardware such as a Hardware Security Module(HSM) or PIV card. For lower layer exchange the device Trusted Platform Module(TPM) is the preferred location. Each device is equipped with a TPM or TPM like hardware certificate and key store, which is used ot authenticate to the network or to the mobile node when required.

For mobile devices without hardware stores, a derived credential may be used for the certificate exchange. This derived credential is issued by a trusted registration authority(RA) in the enterprise. The derived without hardware stores, a derived credential uses the same original certification as the primary credential. If the primary is revoked for reasons relating to certification the derived credential is also revoked as its certification is no longer secure.