Network Security Protocols

CST 434

Overview of Security
Background
 AGENDA
• What is security
• Need for security
• Security definition
• Security Principles/Goals
• Security attacks
• Attack on security goals
• Model for network security
• Methods of Defense
• Cryptography
• Symmetric Vs Public Key Cryptography
 Overview

• What is security?
• Why do we need security?
• Who is vulnerable?
 What is “Security”

Security is state of having

1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear
Definition:
Security is the protection of assets. Three main aspects of security
are
1. Protection
2. Detection
3. Reaction.
 Why do we need security?

• Protect vital information while still allowing access to those who

need it
– Trade secrets, medical records, etc.
• Provide authentication and access control for resources
– Ex: Bank Identity Card, ATM Card
• Guarantee availability of resources
– Must be available all the time
 Need for Security

• The Information Age- Internet Highway

• Digital Assets- emails, documents
• Static Assets- pictures, databases
• Assets on Transit- emails(Comm. Networks)
 Who is vulnerable?

• Financial institutions and banks

• Internet service providers
• Pharmaceutical companies
• Government and defense agencies
• Internet users
• Multinational corporations
• ANYONE ON THE NETWORK
 Different Types of Security-Definitions

• Computer Security - generic name for the collection of tools

designed to protect hardware or software modules.
• Network Security - measures to protect data during their
transmission
• Internet Security - measures to protect data during their
transmission over a collection of interconnected network
• Information Security- All the three areas
 Basic Terminologies

• Cryptography
– Study of mathematical techniques related to aspects of
information security (Set of techniques)
• Cryptanalysis
– The process of breaking the security policies
• Cryptology
- Cryptography + cryptanalysis
• Cryptosystems are computer systems used to encrypt data for
secure transmission and storage
 Vulnerability Vs Threat
• Vulnerability and threat are fundamental concepts in cybersecurity,
and they refer to distinct aspects of the security landscape.
• Vulnerability: A vulnerability is a weakness or flaw in a system,
application, or network that can be exploited by a threat to
compromise its security. It's a gap in security measures that, if
exploited, could lead to unauthorized access, data breaches, or other
negative consequences. Vulnerabilities can arise due to coding errors,
misconfigurations, design flaws, or other factors. Identifying and
patching vulnerabilities is essential to prevent potential threats from
exploiting them.
• Threat: A threat is a potential danger or harmful action that could
exploit vulnerabilities and cause harm to an organization's assets,
systems, or data. Threats can be either internal or external and
encompass a wide range of actors, such as hackers, malware,
disgruntled employees, or natural disasters. Threats exploit
vulnerabilities to carry out attacks, and they can vary in severity and
impact. Threats can be intentional (malicious) or unintentional
(accidental).
 Launching the attack
Steps are
1. Vulnerability - a flaw in a system’s design, security procedures, or
internal controls
2. Discovery of Vulnerability-Trace
3. Threat - a malicious act that seeks to steal or damage data or
discompose the digital network or system
4. Exploitation of Vulnerability-Utilize
5. Attack-Make Damage/Impact
 Scenario: Hospital Ransomware Attack
• Vulnerability
• Flaw: A hospital's computer system runs outdated software, lacking the latest
security patches. This creates a vulnerability in their network's security.
• Discovery of Vulnerability
• Trace: Cybercriminals use automated scanning tools and discover that the hospital's
network is using vulnerable, outdated software.
• Threat
• Malicious Act: The attackers plan a ransomware attack, intending to encrypt the
hospital's data and demand payment for its release, thereby causing significant
disruption to hospital operations.
• Exploitation of Vulnerability
• Utilize: The attackers exploit the identified vulnerability by using a known exploit
(malicious code) that takes advantage of the outdated software to gain unauthorized
access to the hospital’s network.
• Attack
• Make Damage/Impact: Once inside the network, the attackers deploy ransomware,
which encrypts critical data, including patient records and administrative
information. They demand a ransom in exchange for the decryption key. This attack
leads to disrupted medical services, delayed patient care, and potential risk to patient
safety.
 Attacks, Services and Mechanisms

• Security Attack: Any action that compromises the security of

information.
• Security Mechanism: A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service: A service that enhances the security of data processing
systems and information transfers. A security service makes use of one or
more security mechanisms.
 Security Attacks

• Security Attacks: These are deliberate actions intended to

compromise the confidentiality, integrity, or availability of
network resources.
• Security attacks are categorized into active attacks and
passive attacks.
• Active attacks involve unauthorized actions, such as
data modification or data destruction,
• passive attacks focus on intercepting information
without altering it, like eavesdropping.
Passive Attacks
Active Attacks
 Security Attacks

• Interruption: This is an attack on availability (Denial of Service-

DoS)
• Interception: This is an attack on confidentiality ( Eavesdropping)
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity (Masquerading)
Different Types of Security Attacks
 Various Security Attacks

• Brute-force Attack • Authentication attacks

• Spoofing Attack I. Dictionary Attack
• Denial of Service attack(DoS) II. Replay Attack- aquestic
• Distributed DoS Attack(DDoS) attack
III. Password Sniffing
 Brute-Force Attacks
• A brute-force attack is a cybersecurity technique in which an attacker
systematically tries all possible combinations of passwords or
encryption keys until the correct one is found.
• This method is used to gain unauthorized access to systems, accounts,
or encrypted data.
• Brute-force attacks can be time-consuming and resource-intensive,
but they can be effective against weak or easily guessable passwords.
 Spoofing Attacks
• Spoofing attacks are a type of cybersecurity threat where attackers
disguise their identity to deceive systems, users, or networks.
• These attacks involve masquerading as a legitimate source by
manipulating data packets, IP addresses, or domain names.
• Common types of spoofing attacks include email spoofing, where
emails appear to be from a trusted sender, and ARP spoofing, which
redirects network traffic. Spoofing attacks can lead to data breaches,
malware distribution, and other malicious activities.
 DoS and DDoS Attacks
• Denial of Service (DoS) and Distributed Denial of Service (DDoS)
attacks are malicious efforts aimed at overwhelming a target system,
service, or network with excessive traffic, rendering it inaccessible to
legitimate users.
 Replay Attacks
• A replay attack is a form of cyberattack where an attacker intercepts
and maliciously retransmits valid data transmission between two
parties.
• This type of attack aims to deceive a system into accepting duplicated
or unauthorized data, potentially leading to unauthorized access or
manipulation of sensitive information
 Security Mechanisms

• Security Mechanisms: These mechanisms are the tools

and techniques employed to provide the security services.
They can be divided into two categories:
• Cryptographic Mechanisms: Use cryptographic
techniques to protect data confidentiality, integrity,
and authentication. Examples include encryption
algorithms, digital signatures, and hashing functions.
• Non-Cryptographic Mechanisms: Implement security
measures without relying on cryptographic techniques.
Examples include access control lists, firewalls,
intrusion detection systems, and secure protocols.
 Security Services
• Enhances the security of the data processing systems and the
information transfers of an organization.
• Services are intended to counter security attacks,
• Make use of one or more security mechanisms to provide the service.

• Security Attributes (CI5A)

– Confidentiality
– Integrity
– Availability
– Authentication
– Authorization
– Accounting
– Anonymity
Confidentiality
Integrity
Availability
Authentication
Authorization
Non-Repudiation
Accountability
 Anonymity

• Anonymity refers to the state of being concealed

or hidden from view, and in the context of
security services, it refers to the protection of an
individual's personal information and identity.
• Anonymity is important because it helps to
prevent sensitive information from being linked
to an individual, thereby protecting their privacy.
•
Example: Pseudonyms, virtual private networks (VPNs),
anonymous proxies
 Who Attacks Networks

1. Challenge – what would happen if I tried this approach or

technique? Can I defeat this network?
2. Fame
3. Money and Espionage(Spy)
4. Organized Crime
⚫ Ideology
⚫ Hacktivism – breaking into a computer system with the intent of
disrupting normal operations but not causing serious damage
⚫ Cyberterroism- more dangerous than hacktivism can cause grave harm
such as loss of life or severe economic damage
 How attackers perpetrate attacks?
1. Port Scan
For a particular IP address, the program will gather network information.
It tells an attacker which standard ports are being used, which OS is
installed on the target system, & what applications and which versions
are present.
2. Social Engineering
It gives an external picture of the network to the attacker.
3. Operating System & Application Fingerprinting
Determining what commercial application server application is running,
what version…
4. Intelligence
Gathering all the information and making a plan.
e information and making a plan.
Model for Network Security
 Methods of Defence

• Encryption
• Software Controls (access limitations in a data base, in operating
system protect each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
 Cryptographic Techniques

Cryptography
Some security services can be implemented using
cryptography. Cryptography, a word with Greek origins,
means “secret writing”.

Steganography
The word steganography, with its origin in Greek, means
“covered writing”, in contrast to cryptography, which means
“secret writing”.
 Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to
ciphertext
• key - info used in cipher known only to
sender/receiver
• encipher (encrypt) - converting plaintext to
ciphertext
• decipher (decrypt) - recovering ciphertext from
plaintext
• cryptography - study of encryption
principles/methods
• cryptanalysis (code breaking) - the study of
principles/ methods of deciphering ciphertext
without knowing key
 Basic Terminologies

• Plaintext is text that is in readable form

• Ciphertext results from plaintext by applying the
encryption key
• Notations:
• M = message, C = ciphertext, E = encryption,
D = decryption, k= key
• Encryption
Ek(M)=C
• Decryption
Dk(C)=M
 Cipher-Algorithm

• Symmetric cipher: same key used for

encryption and decryption
– Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
– Stream cipher: encrypts data one bit or one byte at
a time
• Asymmetric cipher: different keys used for
encryption and decryption
 Block Vs Stream Cipher

• A block cipher is an encryption algorithm that operates on

fixed-size blocks of data (usually 64 or 128 bits) at a time
and transforms them into ciphertext.
• E.g., AES
• A stream cipher, on the other hand, encrypts data one bit
or byte at a time and generates a stream of keystream that
is XORed with the plaintext to produce the ciphertext.
Stream ciphers are fast and highly efficient, making them
suitable for real-time encryption of data transmitted over
networks.
• E.g., RC4 (RC4 is more)
The general idea of Key based cryptography
Symmetric and Asymmetric
Encryption
Symmetric-key cryptography
(Secret key cryptography)

In symmetric-key cryptography, the same key is used

by the sender(for encryption) and the receiver (for
decryption).
The key is shared.
Algorithm: DES,3DES,AES
 Symmetric-key cryptography

• Advantages:
– Simple
– Faster
• Disadvantages:
– Key must exchanges in secure way
– Easy for hacker to get a key as it is passed in unsecure
way.
– No Authentication
Asymmetric-key cryptography
Public Key Cryptography
Public Key Infrastructure (PKI)
 Asymmetric-key cryptography
Public Key Cryptography
Public Key Infrastructure (PKI)

An asymmetric-key (or public-key) cipher uses two keys:

one private (To encrypt data) and one public(To decrypt data).
• These keys are generated together
• One is named as Public key and is distributed freely. The
other is named as Private Key and it is kept hidden.
• Both sender & recipient has to share their Public Keys for
Encryption and has to use their Private Keys for
Decryption.
How it WORKS…….?
Asymmetric Key Cryptography (Public Key Cryptography)
2 different keys are used
Users get the Key from an Certificate Authority-Trusted Third party ( VeriSign)

Merits:
• More secured
• Two parties don't need to have their private keys already shared in order to
communicate using encryption.
• Authentication and Non-Repudiation are possible. (Authentication means
that you can encrypt the message with my public key and only I can decrypt it
with my private key.
• Non-repudiation means that you can "sign" the message with your private
key and I can verify that it came from you with your public key.)
De-Merits: Asymmetric Encryption algorithms are comparatively complex.
• Time consuming process for Encryption and Decryption. Complex, resource
intensive
Thank You