Unit-VI

Network Security

By,
Prof. Pradnya K. Bachhav
Outline

Introduction, Security services

Need of Security, Key Principles of Security

Threats and Vulnerabilities, Types of Attacks

ITU-T X.800 Security Architecture for OSI

Security Policy and mechanisms, Operational Model of Network Security

Symmetric and Asymmetric Key Cryptography.

Security in Network, Transport and Application: Introduction of IPSec

SSL, HTTPS

S/MIME, Overview of IDS and Firewalls.

Background
 Information Security requirements have changed
in recent times
 traditionally provided by physical and administrativ
e mechanisms
 computer use requires automated tools to protect
files and other stored information
 use of networks and communications links
requires measures to protect data during transmis
sion
Definitions
 Computer Security - generic name for the collecti
on of tools designed to protect data and to thwart
hackers
 Network Security - measures to protect data duri
ng their transmission
 Internet Security - measures to protect data durin
g their transmission over a collection of interconne
cted networks
What is Network Security?

 Protection of networks and their services from

unauthorized modification, destruction, or disclosure, and
provision of assurance that the network performs its
critical functions correctly and there are no harmful side-
effects.
Outline

Introduction, Security services

Need of Security, Key Principles of Security

Threats and Vulnerabilities, Types of Attacks

ITU-T X.800 Security Architecture for OSI

Security Policy and mechanisms, Operational Model of Network Security

Symmetric and Asymmetric Key Cryptography.

Security in Network, Transport and Application: Introduction of IPSec

SSL, HTTPS

S/MIME, Overview of IDS and Firewalls.

OSI Security Architecture

 ITU-T X.800 “Security Architecture for OSI”

 defines a systematic way of defining and
providing security requirements
 for us it provides a useful, if abstract, overview of
concepts we will study
Aspects of Security

 consider 3 aspects of information security:

– security attack
– security mechanism
– security service
 terms
– threat – a potential for violation of security
– attack – an assault on system security, a deliberate
attempt to evade security services
Security Attack

 any action that compromises the security of

information owned by an organization
 information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
 often threat & attack used to mean same thing
 have a wide range of attacks
 can focus of generic types of attacks
– passive
– active
Passive Attacks
Passive Attacks (1)
Release of Message Contents
Passive Attacks (2)
Traffic Analysis
 Passive attacks do not affect system resources
– Eavesdropping, monitoring
 Two types of passive attacks
– Release of message contents
– Traffic analysis
 Passive attacks are very difficult to detect
– Message transmission apparently normal
 No alteration of the data
– Emphasis on prevention rather than detection
 By means of encryption
Active Attacks
Active Attacks (1)
Masquerade
Active Attacks (2)
Replay
Active Attacks (3)
Modification of Messages
Active Attacks (4)
Denial of Service
 Active attacks try to alter system resources or
affect their operation
– Modification of data, or creation of false data
 Four categories
– Masquerade
– Replay
– Modification of messages
– Denial of service: preventing normal use
 A specific target or entire network
 Difficult to prevent
– The goal is to detect and recover
Outline

Introduction, Security services

Need of Security, Key Principles of Security

Threats and Vulnerabilities, Types of Attacks

ITU-T X.800 Security Architecture for OSI

Security Policy and mechanisms, Operational Model of Network Security

Symmetric and Asymmetric Key Cryptography.

Security in Network, Transport and Application: Introduction of IPSec

SSL, HTTPS

S/MIME, Overview of IDS and Firewalls.

Security Service

– enhance security of data processing systems and

information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated with
physical documents
 which, for example, have signatures, dates; need protection
from disclosure, tampering, or destruction; be notarized or wit
nessed; be recorded or licensed
Security Services

 X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data transfers”

 RFC 2828:
“a processing or communication service provided by a
system to give a specific kind of protection to system
resources”
Security Services (X.800)
 Authentication - assurance that the
communicating entity is the one claimed
 Access Control - prevention of the unauthorized
use of a resource
 Data Confidentiality –protection of data from
unauthorized disclosure
 Data Integrity - assurance that data received is as
sent by an authorized entity
 Non-Repudiation - protection against denial by
one of the parties in a communication
Security Mechanism

 feature designed to detect, prevent, or recover

from a security attack
 no single mechanism that will support all services
required
 however one particular element underlies many of
the security mechanisms in use:
– cryptographic techniques
Security Mechanisms (X.800)

 specific security mechanisms:

– encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
 pervasive security mechanisms:
– trusted functionality, security labels, event detection,
security audit trails, security recovery
Model for Network Security
Model for Network Security
 using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principles to use the
transformation and secret information for a security
service
Model for Network Access Security
Model for Network Access Security
 using this model requires us to:
1. select appropriate gatekeeper functions to identify
users
2. implement security controls to ensure only authorised
users access designated information or resources
 trusted computer systems may be useful to help
Implement this model
Outline

Introduction, Security services

Need of Security, Key Principles of Security

Threats and Vulnerabilities, Types of Attacks

ITU-T X.800 Security Architecture for OSI

Security Policy and mechanisms, Operational Model of Network Security

Symmetric and Asymmetric Key Cryptography.

Security in Network, Transport and Application: Introduction of IPSec

SSL, HTTPS

S/MIME, Overview of IDS and Firewalls.

Need for Security
 Some people who cause security problems and w
hy.
Cryptography
• Cryptography comes from the Greek words for
''secret writing.'‘
Encryption + Decryption = Cryptography.

• Types:
– Cipher : cipher is a character-for-character or bit-for-bit
transformation, without regard to the linguistic structure of the
message.
– Code : a code replaces one word with another word or symbol.
Cryptography
• Used with U.S. Armed forces during World War II in Pacific against
Japan.
• U.S broke Japanese code but the Japanese never broke Navajo code(
Cipher and Code) which played a crucial role in American victories in
Pacific.
• Four group of people contributed to cryptography: the military, the
diplomatic corps, diarists, and lovers.    
Cryptography
• The messages to be encrypted, known as the plaintext, are
transformed by a function that is parameterized by a key.
• The output of the encryption process, known as the cipher-text, is then
transmitted, often by messenger or radio.
• We assume that the enemy, or intruder, hears and accurately copies
down the complete cipher-text.
• But, he does not know what the decryption key is and so cannot
decrypt the ciphertext easily.
• Intruder is needed to break this code.
• The art of breaking ciphers, called cryptanalysis, and the art devising
them (cryptography) is collectively known as cryptology.
Cryptography

• What is the relation between plaintext, cipher text, and keys? See next
fig.
• We will use C = EK(P) to mean that the encryption of the plaintext P
using key K gives the ciphertext C.
• Similarly, P = DK(C) represents the decryption of C to get the plaintext
again.
Dk(Ek(P)) = P
Cryptography components

Sender
Receiver
Plaintext
Cipher text
Encryption
Decryption
Categories of cryptography
Symmetric-key cryptography

In symmetric-key cryptography, the

same key is used by the sender
(for encryption)
and the receiver (for decryption).
The key is shared.
Asymmetric-key cryptography
Keys used in cryptography
Comparison between two categories of cryptography
Encryption Model
 The encryption model (for a symmetric-key cipher)
.
Traditional ciphers
Note

A substitution cipher replaces one

symbol with another.
 Example
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic? Key = +3

Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.
 Example
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character.
The first L is encrypted as N; the second as Z.
Note

The shift cipher is sometimes referred to

as the Caesar cipher.
 Example

Use the shift cipher with key = 15 to encrypt the message

“HELLO.”

Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A.
The second L is also encrypted to A. And O is encrypted to
D. The cipher text is WTAAD.
 Example

Use the shift cipher with key = 15 to decrypt the message

“WTAAD.”

Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H.
Letter T is decrypted to E. The first A is decrypted to L.
The second A is decrypted to L. And, finally, D is
decrypted to O. The plaintext is HELLO.