Al-Madina Higher institute for

engineering and technology

Network Security
(COMM 520)
Fourth Level

DR. AHMED ZAKARIA

ELECTRONICS AND COMMUNICATIONS
ENGINEERING DEPT.

DR AHMED ZAKARIA 1
Course Timeline
Week 1 Introduction to computer and network security
Week 2 Methods of defense

Week 3 secure encryption systems

(Symmetric and Asymmetric encryption)
Week 4
Week 5 encryption algorithms
AES
Week 6 RSA

Week 7 Introduction to Security protocols

Week 8 Mid-Term Exams

Week 9 key distribution, authentication, and digital signature schemes

Week 10 Software security ,viruses and similar programs

Week 11 Database security

Week 12 Design of secure operating system

Week 13 IP security and the IPSec protocol.

Week 14 firewalls, web security, and electronic mail security

Week 15 Revision and Open Discussion DR AHMED ZAKARIA 2

Network Security

Topic LOs
Network security (OSI Security Architecture) 3.1

secure encryption systems 3.2

(Symmetric and Asymmetric encryption)

DR AHMED ZAKARIA 3
Network Security

OSI Security Architecture

◦ Security services
◦ Security Mechanism

Encryption Techniques
◦ Learn the difference between symmetric and Asymmetric encryption techniques
◦ Symmetric Cipher Model

DR AHMED ZAKARIA 4
OSI Security Architecture

DR AHMED ZAKARIA 5
OSI Security Architecture
Security service (X.800)
◦ X.800 defines a security service as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the systems or
of data transfers.

◦ a processing or communication service that is provided by a system to give a specific

kind of protection to system resources (RFC 4949).

◦ A Request for Comments (RFC) is a formal document from the Internet Engineering
Task Force (IETF)

DR AHMED ZAKARIA 6
OSI Security Architecture
Security service (X.800)
◦ A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization.

◦ The services are aim to counter security attacks

◦ using one or more security mechanisms

DR AHMED ZAKARIA 7
OSI Security Architecture
Security service (X.800)
◦ divided into five categories:
◦ 1- Authentication
◦ 2- Access Control
◦ 3- Data Confidentiality
◦ 4- Data Integrity
◦ 5- Non-Repudiation

DR AHMED ZAKARIA 8
Security service (X.800)
Authentication
◦ The authentication service is concerned with assuring that a communication is
authentic.
◦ The assurance that the communicating entity is the one that it claims to be.
◦ It have two specific authentication services:
◦ 1- Peer entity authentication: Provides in determining the identity of the sender or
receiver in the case of Connection-oriented communication
◦ 2- Data-Origin Authentication : provides assurance that the source of received data
is as claimed (Connectionless communication)

DR AHMED ZAKARIA 9
Security service (X.800)
Access Control
◦ The ability to limit and control the access to host systems and applications via
communications links.
◦ To achieve this, each entity trying to gain access must first be identified, or
authenticated
Data Confidentiality
◦ Protection of data from unauthorized disclosure
◦ The protection of transmitted data from passive attacks.

DR AHMED ZAKARIA 10
Security service (X.800)
Data Integrity
◦ assurance that data received is as sent by an authorized entity
◦ integrity can apply to a stream of messages, a single message, or selected fields within
a message.
◦ A connection-oriented integrity service, one that deals with a stream of messages,
assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays.

Nonrepudiation
◦ prevents either sender or receiver from denying a transmitted message.
◦ Thus, when a message is sent, the receiver can prove that the alleged sender in fact
sent the message.

DR AHMED ZAKARIA 11
OSI Security Architecture
Security mechanism
◦ A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack.

◦ No single mechanism that will support all services required

DR AHMED ZAKARIA 12
OSI Security Architecture
Security mechanism
◦ 1- Encipherment (Encryption)
◦ 2- Digital Signature
◦ 3- Access Control
◦ 4-Data Integrity
◦ 5- Authentication Exchange
◦ 6- Traffic Padding
◦ 7- Routing Control
◦ 8- Notarization

DR AHMED ZAKARIA 13
 Security mechanism
Encipherment (Encryption)
◦ The use of mathematical algorithms to transform data into a form that is not readily
intelligible.
◦ The transformation and subsequent recovery of the data depend on an algorithm and
zero or more encryption keys

Digital Signature
◦ is a mathematical scheme for verifying the authenticity of digital messages or
documents

DR AHMED ZAKARIA 14
Security mechanism
Access Control
◦ A variety of mechanisms that enforce access rights to resources.

Data Integrity
◦ assurance that data received is as sent by an authorized entity

Authentication Exchange
◦ A mechanism intended to ensure the identity of an entity by means of information
exchange.

DR AHMED ZAKARIA 15
Security mechanism
Traffic Padding
◦ The insertion of bits into gaps in a data stream to frustrate (defeat) traffic analysis
attempts.

Routing Control
◦ Enables selection of particular physically secure routes for certain data and allows
routing changes, especially when a breach of security is suspected.

Notarization
◦ The use of a trusted third party to assure certain properties of a data exchange.

DR AHMED ZAKARIA 16
Relationship Between Security Services and Mechanisms

DR AHMED ZAKARIA 17
Relationship Between Security Services and Mechanisms

DR AHMED ZAKARIA 18
Model for Network Security

DR AHMED ZAKARIA 19
 Model for Network Security
using this model requires us to
◦ 1- Design a suitable algorithm for the security transformation
◦ 2- Generate the secret information (keys) used by the algorithm
◦ 3- Develop methods to distribute and share the secret information
◦ 4- Specify a protocol enabling the principals to use the transformation and secret
information for a security service

DR AHMED ZAKARIA 20
Encryption Techniques

DR AHMED ZAKARIA 21
Encryption Techniques

Encryption
◦ The process of converting from plaintext to cipher text is known as enciphering or
encryption
◦ restoring the plaintext from the cipher text is deciphering or decryption

DR AHMED ZAKARIA 22
Encryption Techniques

Symmetric Cipher

Asymmetric Cipher

DR AHMED ZAKARIA 23
Encryption Techniques
Symmetric Cipher
◦ Referred to as single-key encryption
◦ the message is encrypted by using a key and the same key is used to decrypt the
message which makes it easy to use but less secure.
◦ It also requires a safe method to transfer the key from one party to another.

Asymmetric Cipher
◦ It uses two different key to encrypt and decrypt the message.
◦ It is more secure than the symmetric key encryption technique but is much slower.

DR AHMED ZAKARIA 24
Symmetric Cipher

DR AHMED ZAKARIA 25
 Symmetric Cipher
Symmetric Cipher Model

Plaintext
◦ This is the original intelligible message or data that is fed into the algorithm as input.

DR AHMED ZAKARIA 26
Symmetric Cipher
Symmetric Cipher Model

◦ The encryption algorithm performs various substitutions and transformations on the

plaintext.

DR AHMED ZAKARIA 27
Symmetric Cipher

◦ Secret key: The secret key is also input to the encryption algorithm.
◦ The algorithm will produce a different output depending on the specific key being
used at the time.
◦ The exact substitutions and transformations performed by the algorithm depend on
the key
DR AHMED ZAKARIA 28
Symmetric Cipher

◦ Ciphertext: This is the scrambled message produced as output.

◦ It depends on the plaintext and the secret key.
◦ For a given message, two different keys will produce two different ciphertexts.

DR AHMED ZAKARIA 29
Symmetric Cipher

◦ Decryption algorithm: It takes the ciphertext and the secret key and produces the
original plaintext.

DR AHMED ZAKARIA 30
Symmetric Cipher

DR AHMED ZAKARIA 31
Encryption Techniques
Source
◦ A source produces a message in plaintext, X = [X1, X2, c , XM]
Key source
◦ a key of the form K = [K1, K2, ….. , KJ] is generated.
◦ If the key is generated at the message source, then it must also be provided to the
destination by means of some secure channel.
Encryption algorithm
◦ the encryption algorithm forms the ciphertext Y = [Y1, Y2, …. , YN]. We can write this as
◦ Y = E(K, X)
Decryption algorithm
◦ The intended receiver, in possession of the key, is able to invert the transformation:
◦ X = D(K, Y)

DR AHMED ZAKARIA 32
Encryption Techniques
Cryptanalyst
◦ An opponent, observing Y but not having access to K or X
◦ may attempt to recover X or K or both X and K.
◦ It is assumed that the opponent knows the encryption (E) and decryption (D)
algorithms.
◦ If the opponent is interested in only this particular message, then the focus of the
෡.
effort is to recover X by generating a plaintext estimate 𝑿
◦ The opponent is interested in being able to read future messages as well, in which
෡
case an attempt is made to recover K by generating an estimate 𝑲.

DR AHMED ZAKARIA 33
Thank You
DR AHMED ZAKARIA 34