Network

Security

1
 INTRODUCTION

We are living in the information age. We need to keep information about every
aspect of our lives.
In other words, information is an asset that has a value like any other asset.
As an asset, information needs to be secured from attacks. To be secured,
information needs to be
• hidden from unauthorized access (confidentiality),
• protected from unauthorized change (integrity),
• available to an authorized entity when it is needed (availability).

2
 Security Goals

Confidentiality
• Confidentiality is probably the most common aspect of information security. We
need to protect our confidential information. An organization needs to guard
against those malicious actions that endanger the confidentiality of its
information.
• Confidentiality not only applies to the storage of the information, it also
applies to the transmission of information.

3
 Security Goals

Integrity
Information needs to be changed constantly. In a bank, when a customer deposits or
withdraws money, the balance of her account needs to be changed.
Integrity means that changes need to be done only by authorized entities and through
authorized mechanisms.

4
 Security Goals
Availability
• The information created and stored by an organization needs to be available to
authorized entities.
• Information is useless if it is not available.
• The unavailability of information is just as harmful for an organization as the lack
of confidentiality or integrity.
• Imagine what would happen to a bank if the customers could not access their
accounts for transactions.

5
 Attacks
Our three goals of security confidentiality, integrity, and availability can be threatened
by security attacks. Although the literature uses different approaches to categorizing the
attacks, we divide them into three groups related to the security goals.
Attacks Threatening Confidentiality: Snooping, Traffic Analysis
Attacks Threatening Integrity: modification, masquerading, replaying, and
repudiation
Attacks Threatening Availability: denial of service.

6
Taxonomy of attacks with relation to security goals

7
 Attacks Threatening Confidentiality
Snooping refers to unauthorized access to or interception of data. For example, a file
transferred through the Internet may contain confidential information. An unauthorized entity
may intercept the transmission and use the contents for its own benefit. To prevent snooping,
the data can be made nonintelligible to the interceptor by using encryption techniques.

Traffic Analysis Although encipherment of data may make it nonintelligible for the
intercepter, it can obtain some other type information by monitoring online traffic.
For example, it can find the electronic address of the sender or the receiver. to guess the
nature of the transaction.

8
 Attacks Threatening Integrity
The integrity of data can be threatened by several kinds of attacks: modification, masquerading,
replaying, and repudiation.
Modification: After intercepting or accessing information, the attacker modifies the information to
make it beneficial to herself. For example, a customer sends a message to a bank to do some
transaction. The attacker intercepts the message and changes the type of transaction to benefit herself.
Masquerading: Masquerading, or spoofing, happens when the attacker impersonates somebody
else. For example, an attacker might steal the bank card and PIN of a bank customer and pretend that
she is that customer.

9
 Attacks Threatening Integrity
Replaying: Replaying is another attack. The attacker obtains a copy of a message sent by a user and later tries
to replay it. For example, a person sends a request to her bank to ask for payment to the attacker, who has done
a job for him. The attacker intercepts the message and sends it again to receive another payment from the bank.

Repudiation: This type of attack is different from others because it is performed by one of the two parties in
the communication: the sender or the receiver. The sender of the message might later deny that she has sent the
message; the receiver of the message might later deny that he has received the message. An example of denial
by the sender would be a bank customer asking her bank to send some money to a third party but later denying
that she has made such a request.
An example of denial by the receiver could occur when a person buys a product from a manufacturer and pays
for it electronically, but the manufacturer later denies having received the payment and asks to be paid.

10
 Attacks Threatening Availability
Denial of Service Denial of service (DoS) is a very common attack. It may slow down or
totally interrupt the service of a system. The attacker can use several strategies to achieve
this.
• It might send so many bogus requests to a server that the server crashes because of the
heavy load.
• The attacker might intercept and delete a server’s response to a client, making the client
believe that the server is not responding.
• The attacker may also intercept requests from the clients, causing the clients to send
requests many times and overload the system.

11
 Cryptography and Steganography
Cryptography
Some security services can be implemented using cryptography. Cryptography, a word with
Greek origins, means “secret writing.” However, we use the term to refer to the science and
art of transforming messages to make them secure and immune to attacks.
Steganography
The word steganography, with origin in Greek, means “covered writing,” in contrast with
cryptography, which means “secret writing.” Cryptography means concealing the contents of
a message by enciphering; steganography means concealing the message itself by covering it
with something else.

12
 Plain text and cipher text
Plaintext can refer to anything which humans can understand and/or relate to. This may be
as simple as English sentences, a script, or Java code. If you can make sense of what is
written, then it is in plaintext.

Ciphertext, or encrypted text, is a series of randomized letters and numbers which humans
cannot make any sense of. An encryption algorithm takes in a plaintext message, runs the
algorithm on the plaintext, and produces a ciphertext. The ciphertext can be reversed through
the process of decryption, to produce the original plaintext.

13
 TRADITIONAL CIPHERS

We now look at the first goal of security, confidentiality. Confidentiality can be

achieved using ciphers. Traditional ciphers are called symmetric-key ciphers (or
secret-key ciphers) because the same key is used for encryption and decryption and
the key can be used for bidirectional communication.
Types:

• Substitution Ciphers
• Transposition Ciphers
• Stream and Block Ciphers
14
General idea of traditional cipher

15
Symmetric-key: locking and unlocking with the same key

16
 Substitution Ciphers
A substitution cipher replaces one symbol with another. If the symbols in the plaintext are
alphabetic characters, we replace one character with another.
For example, we can replace letter A with letter D, and letter T with letter Z.
If the symbols are digits (0 to 9), we can replace 3 with 7, and 2 with 6.
Substitution ciphers can be categorized as
• Monoalphabetic ciphers
• Polyalphabetic ciphers.

17
Note

A substitution cipher replaces one symbol

with another.

18
 Monoalphabetic Ciphers
Monoalphabetic Ciphers
In a monoalphabetic cipher, a character (or a symbol) in the plaintext is always changed to the same character
(or symbol) in the ciphertext regardless of its position in the text.
For example, if the algorithm says that letter A in the plaintext is changed to letter D, every letter A is changed
to letter D. In other words, the relationship between letters in the plaintext and the ciphertext is one-to-one.
The simplest monoalphabetic cipher is the additive cipher (or shift cipher).
Additive ciphers are sometimes referred to as the Caesar cipher.

19
Note

In additive cipher, the plaintext, ciphertext,

and key are integers in modulo 26.

20
Representation of characters in modulo 26

21
Example
Use the additive cipher with key = 15 to encrypt the message “hello”.

Solution
We apply the encryption algorithm to the plaintext, character by
character. The result is “WTAAD”. Note that the cipher is
monoalphabetic because two instances of the same plaintext character
(ls) are encrypted as the same character (A).

22
Example
Use the additive cipher with key = 15 to decrypt the message
“WTAAD”.

Solution
We apply the decryption algorithm to the plaintext character by
character. The result is “hello”. Note that the operation is in modulo
26, which means that we need to add 26 to a negative result (for
example −15 becomes 11).

23
An example key for mono-alphabetic substitution cipher

24
Example
We can use the key to encrypt the message

The ciphertext is

25
 Polyalphabetic Ciphers
Polyalphabetic Ciphers
In polyalphabetic substitution, each occurrence of a character may have a different substitute. The relationship
between a character in the plaintext to a character in the ciphertext is one-to-many. For example, “a” could be
enciphered as “D” in the beginning of the text, but as “N” at the middle.
To create a polyalphabetic cipher, we need to make each ciphertext character dependent on both the
corresponding plaintext character and the position of the plaintext character in the message.

This implies that our key should be a stream of subkeys, in which each subkey depends somehow on the
position of the plaintext character that uses that subkey for encipherment. In other words, we need to have a key
stream k = (k1, k2, k3, …) in which ki is used to encipher the ith character in the plaintext to create the ith
character in the ciphertext.

26
 Polyalphabetic Ciphers
To see the position dependency of the key, let us discuss a simple polyalphabetic cipher
called the autokey cipher. In this cipher, the key is a stream of subkeys, in which each subkey
is used to encrypt the corresponding character in the plaintext.

27
 Transposition Ciphers
A transposition cipher does not substitute one symbol for another, instead it changes the
location of the symbols. A symbol in the first position of the plaintext may appear in the
tenth position of the ciphertext. A symbol in the eighth position in the plaintext may appear
in the first position of the ciphertext. In other words, a transposition cipher reorders
(transposes) the symbols.

28
Note

A transposition cipher reorders symbols.

29
Transposition cipher

30
 Stream and Block Ciphers
In a stream cipher, encryption and decryption are done one symbol (such as a character or a
bit) at a time.
In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted together,
creating a group of ciphertext of the same size. Based on the definition, in a block cipher, a
single key is used to encrypt the whole block even if the key is made of multiple values. In a
block cipher, a ciphertext block depends on the whole plaintext block.

31
 MODERN CIPHERS

The traditional symmetric-key ciphers that we have studied so far are character-oriented
ciphers. With the advent of the computer, we need bit-oriented ciphers. This is because
the information to be encrypted is not just text; it can also consist of numbers, graphics,
audio, and video data. It is convenient to convert these types of data into a stream of bits,
to encrypt the stream, and then to send the encrypted stream. A modern block cipher can
be either a block cipher or a stream cipher.

32
 Modern Block Ciphers
A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts an n-bit block of
ciphertext. The encryption or decryption algorithm uses a k-bit key. The decryption algorithm must be the
inverse of the encryption algorithm, and both operations must use the same secret key.
Main components of modern block ciphers are:
• A P-box (permutation box)
• An S-box (substitution box)
Other components are
• circular shift operation.
• swap operation
• Split Operation
• Combine operation
Example DES (Data encryption standard)
33
A modern block cipher

34
Components of a modern block cipher

35
Example
We choose a random plaintext block, a random key, and a computer
program to determine what the ciphertext block would be (all in
hexadecimal):

36
 Modern Stream Ciphers
In a modern stream cipher, encryption and decryption are done r bits at a time. We have a
plaintext bit stream P, a ciphertext bit stream C, and a key bit stream K, in which pi , ci , and
ki are r-bit words. Encryption is ci = E (ki, pi), and decryption is pi = D (ki, ci). Stream
ciphers are faster than block ciphers.
The hardware implementation of a stream cipher is also easier. When we need to encrypt
binary streams and transmit them at a constant rate, a stream cipher is the better choice to
use. Stream ciphers are also more immune to the corruption of bits during transmission.
The simplest and the most secure type of synchronous stream cipher is called the one-time
pad, which was invented and patented by Gilbert Vernam.

37
One-time pad

38
 29-4 ASYMMETRIC-KEY CIPHERS

There are some other aspects of security besides encipherment that need
asymmetric-key cryptography.
The conceptual differences between the two systems are based on how these systems
keep a secret.
In symmetric-key cryptography, the secret must be shared between two persons. In
asymmetric-key cryptography, the secret is personal (unshared); each person creates
and keeps his or her own secret.

39
Note

Symmetric-key cryptography is based on

sharing secrecy;
asymmetric-key cryptography is based on
personal secrecy.

40
Note

In symmetric-key cryptography, symbols

are permuted or substituted;
in asymmetric-key cryptography, numbers
are manipulated.

41
Locking and unlocking in asymmetric-key cryptosystem

42
Note

Asymmetric-key ciphers are sometimes

called public-key ciphers.

43
General idea of asymmetric-key cryptosystem

44
Example
For the sake of demonstration, let Bob choose 7 and 11 as p and q and
calculate n = 7 × 11 = 77. The value of φ(n) =
(7 − 1)(11 − 1), or 60. If he chooses e to be 13, then d is 37. Note
that e × d mod 60 = 1. Now imagine that Alice wants to send the
plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. This
system is not safe because p and q are small.

45