B. Tech.

(CSE) VII SEMESTER

Professional Elective - VI
CRYPTOGRAPHY AND NETWORK SECURITY (PE4106CS)

UNIT I

Security Attacks: Interruption, Interception, Modification and Fabrication, Security Services:

Confidentiality, Authentication, Integrity, Non-repudiation, Access Control and Security Mechanisms, A
model for Network Security
Security: Interruption vs. Interception vs. Modification vs. Fabrication
Introduction
Security Attack

- An attack is an information security threat that involves an attempt to obtain, alter, destroy,
remove, implant or reveal information without authorized access or permission.

- Attacks are typically categorized based on the action performed by the attacker. An attack,
thus, can be passive or active.

Passive Attack:

- A passive attack make use of information from the system but doesn’t affect the system
resources.

- The goal of attacker is to obtain the information that is being transmitted.

- Passive attacks are difficult to detect because they do not involve any alteration of data.

Two types of passive attacks:

Ø Releases of message content: In this type, an attacker attempts to learn the contents of
transmission.

Ø Traffic analysis: Traffic analysis is the process of intercepting and examining message
in order to deduce information from patterns in communication.

Active Attack:

- These attacks attempts to alter system resources or affect their operations.

- It involves some modification of the data stream or creation of false stream.

1
- It can be subdivided into four categories:

Ø Masquerade: A masquerade is a type of attack where the attacker acts as an authorized

user of a system to gain access to it or to gain greater privileges than they are
authorized for.

Ø Replay: It involves passive captures of data unit and its subsequent retransmission to
produce an unauthorized effect.

Ø Modification of message: In a message modification attack, some portion of message

altered or that message are delayed or reordered to produce an unauthorized effect.

Ø Denial of Service (DOS): In a DOS attack, users are deprived of access to a network
or web resources. This is generally accomplished by overwhelming the target with
more traffic than it can handle

Four categories of cybersecurity attacks: interruption, interception, modification, and

fabrication. .

Interception
First category of attacks, interception. Usually, data communication occurs when two connected
entities exchange a message over the Internet:

In the case of an interception attack, a malicious actor can access private or confidential
information with no legitimate authorization.
Eavesdropping attacks are a typical example of this category of attack. Namely, an intruder
can refer to several techniques, such as packet sniffing and man-in-the-middle (MITM).

2
Generally, he aims to obtain critical information such as passwords and credit card numbers or to
disturb data exchanges on the network. When effectively executed, it can be very hard to identify
traces of the attack:

This category of attacks is mainly a threat to data confidentiality. We can mitigate it by

encrypting communications, avoiding untrusted Wi-Fi networks, and regularly updating our
software.

Interruption
second category of attacks, interruption. This form of attack manifests when a network
service or a system asset is disrupted or destroyed:

As a result, legitimate users can no longer reach it, either permanently or temporarily.
For example, an attacker may steal or damage a hardware/software component. He can also
overwhelm a server host with requests so that it can’t respond, causing a DoS
attack. Another example is using malware, such as viruses or trojans, to delete data or disable a
system’s functioning.
This type of attack is a threat to data availability.
To protect against interruption attacks, we need appropriate precautions such as firewalls and
system backups. Moreover, we can use cloud-based solutions and Content Delivery Networks
(CDN) to boost security against these attacks and keep our system and network operable.
3
Modification
The third category is modification. This one involves not only gaining access to the asset but
also manipulating it:

The man-in-the-middle attack (MITM) is a notable example. After intercepting data, the
attacker can reconfigure the system hardware, remove a message in a network or modify its
content. Cross-Site Scripting (XSS) attack is a second example where the hacker injects
malicious script into a web application to alter its content or to obtain sensitive data illicitly.
Modification is primarily an attack on integrity. However, it can also manifest as an attack on
availability. For example, let’s say the target is a configuration file that controls how a service is
delivered. When manipulating its content, that service will no longer be available.
We can implement several techniques to prevent a modification attack, including Intrusion
Detection Systems (IDS), data encryption, and Access Controls.

Fabrication
Last category of cyber-attacks, fabrication.
Fabrication occurs when an intruder injects bogus data or creates a false trail in the
system. For example, a hacker can execute identity spoofing by creating a fake version of a
legitimate user. Then, he can attempt to commit fraud or hijack a bank account:

4
Further, there are other techniques to carry out a fabrication attack, such as SQL
injection and phishing attacks.
Fabrication attacks mainly affect data authentication. That’s the case when the intruder
creates a spoofing attack and impersonates a user’s identity or IP address.
Meanwhile, fabrication can also threaten the availability objective of the CIA triad; for
instance, injecting an overdose of traffic into a network can block a service.
We can mitigate fabrication attacks by using digital signatures and data encryption or by
implementing firewalls in the network.

SECURITY SERVICES AND MECHANISMS:

1. Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle
specifies that only the sender and receiver will be able to access the information shared
between them. Confidentiality compromises if an unauthorized person is able to access a
message.
For example, let us consider sender A wants to share some confidential information with
receiver B and the information gets intercepted by the attacker C. Now the confidential
information is in the hands of an intruder C.

5
2. Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the
identity of the person trying to access the information. The authentication is mostly secured by
using username and password. The authorized person whose identity is preregistered can
prove his/her identity and can access the sensitive information.

3. Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the content
of the message is changed after the sender sends it but before reaching the intended receiver,
then it is said that the integrity of the message is lost.
 System Integrity: System Integrity assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the
system.
 Data Integrity: Data Integrity assures that information (both stored and in transmitted packets)
and programs are changed only in a specified and authorized manner.

4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent
through a network. In some cases the sender sends the message and later denies it. But the non-
repudiation does not allow the sender to refuse the receiver.

5. Access control:
The principle of access control is determined by role management and rule management.
Role management determines who should access the data while rule management determines up
to what extent one can access the data. The information displayed is dependent on the person
who is accessing it.

6. Availability:

The principle of availability states that the resources will be available to authorize party at
all times. Information will not be useful if it is not available to be accessed. Systems should have
sufficient availability of information to satisfy the user request.

6
NETWORK SECURITY

• A security-related transformation on the information to be sent. Examples

include the encryption of the message, which scrambles the message so that it is
unreadable by the opponent, and the addition of a code based on the contents of the
message, which can be used to verify the identity of the sender.

•
Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in conjunction
with the transformation to scramble the message before transmission and
unscramble it on reception.6

A trusted third party may be needed to achieve secure transmission. For example, a
third party may be responsible for distributing the secret information to the two
principals while keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the authenticity of a
message transmission.

This general model shows that there are four basic tasks in designing a particular
security service:

1. Design an algorithm for performing the security-related

transformation. The algorithm should be such that an opponent cannot defeat its
purpose.

7
2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret

information.

4. Specify a protocol to be used by the two principals that makes use of

the security algorithm and the secret information to achieve a particular security
service.

(e.g., obtaining credit card numbers or performing illegal money transfers).

Another type of unwanted access is the placement in a computer system of logic

that exploits vulnerabilities in the system and that can affect application pro-grams
as well as utility programs, such as editors and compilers. Programs can pre-sent
two kinds of threats:

• Information access threats: Intercept or modify data on behalf of users

who should not have access to that data.

• Service threats: Exploit service flaws in computers to inhibit use by

legitimate users.

Viruses and worms are two examples of software attacks. Such attacks can be into
the system by means of a disk that contains the unwanted logic should calculated.