Network Security - Lecture notes 1 PDF

Preview

Summary

sdf...

Description

NETWORK SECURITY P. ANU RADHA 17BC1A0532 DEPT OF COMPUTER SCIENCE AND ENGINEERING KORMCE

Abstract: As the usage of computers and data networks go on increasing, the security of data in the network is becoming more and more critical. As information has almost become one of the most valuable resources in all walks of life, error tolerance is much lesser and thus it becomes necessary to give the network proper security and protect the data. This paper first analyzed network security and its various components, and then extends the same concepts to the OSI model. Next is the basic principles of cryptography and its classification along with basic terminology, followed by some of the widely used algorithms for block ciphers along with their working principles and logical algorithms. The advantages of the currently existing methods have been analyzed and various techniques described. .

1. INTRODUCTION “SECURITY” in this contemporary scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders, eavesdroppers, hackers, hijackers, etc. The intruders would first have a panoramic view of the victims network and then start digging the holes. Information Security has continuously been changing and tends to become more demanding. Information is a strategic resource, and a significant part of the organizational budgets is dedicated towards managing it. The growing usage of computers implies more protection of files and information. Computers need tools to protect the stored files while communication links need to protect the information while being transferred. Network security is thus needed to protect the information rather data, during transmission. Security of information may have different objectives such as confidentiality, integrity and availability. Confidentiality implies secrecy and in synonymous to the protection of information value. Integrity is basically ensuring the accuracy

of data and availability is its proper delivery. Three aspects of such security include attacks, mechanisms and services. A security service is something that enhances the security of the data processing systems and the information transfers of an organization. They are intended to counter security attacks. In general, they make use of one or more security mechanisms to provide the service or replicate functions normally associated with physical documents. A mechanism that is designed to detect, prevent, or recover from a security attack. No single mechanism that will support all functions required however one particular element underlies many of the security mechanisms in use which is cryptographic techniques. Thus the focus on it. Any action that compromises the security of information owned by an organization is called a security attack. Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems. Today the illicit activities of the hackers are growing by leaps and bounds, viz., “The Recent Attack On The Dns Servers Has Caused A Lot Of Hullabaloo All Over The World”. However, fortunately, the antagonists reacted promptly and resurrected the Internet world from the brink of prostration.

Name : P. ANU RADHA Reg.No. 17BC1A0532 , Branch: CSE Year: IV

Since the inception of conglomerating Computers with Networks the consequence of which shrunk the communication world,hitherto, umpteen ilks of security breaches took their origin. Tersely quoting some security ditherers – Eavesdropping, Hacking, Hijacking, Mapping, Packet Sniffing, 1Spoofing, DoS & DDoS attacks, etc. Newton’s law says “Every action has got an equal but opposite reaction”. So is the case with this. Nevertheless the security breaches and eavesdroppers, the technological prowess has been stupendously developed to defy against each of the assaults. Our paper covers the ADVANCED technical combats that have been devised all through the way, thus giving birth to the notion of “NETWORK -SECURITY”. Various antidotes that are in fact inextricable with security issues are – Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc. To satiate the flaws in the network security more and more advanced security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz. Introduction: Network security deals with the problems of legitimate messages being captured and replayed. Network security is the effort to create a secure computing platform. The action in question can be reduced to operations of access, modification and deletion. Many people pay great amounts of lip service to security but do not want to be bothered with it when it gets in their way. It’s important to build systems and networks in such a way that the user is not constantly reminded of the security system. Users who find security policies and systems to restrictive will find ways around them. It’s important to get their feed back to understand what can be improved, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organizations exposure to them. Network security problems can be divided roughly into four intertwined areas: Secrecy, Authentication, Nonrepudation, and Integrity control.

 Authentication deals with whom you are talking to before revealing sensitive information or entering into a business deal.  Nonrepudation deals with signatures.  Integrity control deals with long enterprises like banking, online networking. These problems can be handled by using cryptography, which provides means and methods of converting data into unreadable from, so that valid User can access Information at the Destination.  Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the internet) So that it cannot be read by anyone expect the intended recipient. While cryptography is the science of securing data, cryptanalysts are also called attackers. Cryptology embraces both cryptography and cryptanalysis.  2. OSI SECURITY ARCHITECTURE ITU-T X.800 Security Architecture for OSI defines a systematic way of defining and providing security requirements. A. Security Services The OSI architecture categorizes services under five major categories: • Authentication - assurance that the communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation - protection against denial by one of the parties in a communication B. Security Mechanisms Classified broadly into two types:

• Specific security mechanisms: (encipherment,  Secrecy has to do with keeping information digital signatures, access controls, data integrity, out of the hands of unauthorized users. authentication exchange, traffic padding, routing Name : P. ANU RADHA Reg.No. 17BC1A0532 , Branch: CSE Year: IV

control, notarization) substitution/transposition respectively. The resultant • Pervasive security mechanisms: (trusted cipher of many ciphers joined together is called the functionality, security labels, event detection, product cipher. security audit trails, security recovery) Considering security of the cipher key from being discovered (not considering methods such as C. Security Attacks brute force technique) there is unconditional According to the effect of attack on the data, they security and computational security. Unconditional can be either passive or active. security is when no matter how much computer power is available, the cipher cannot be broken • Passive attacks - eavesdropping on, or since the ciphertext provides insufficient monitoring of, transmissions to: information to uniquely determine the corresponding plaintext. Computational security is – Obtain message contents, or given limited computing resources (time, tools, – Monitor traffic flows processing etc), the cipher cannot be broken. – • Active attacks – modification of data stream to: Over the past couple of year’s Steganography has been the source of a lot of discussion. – Masquerade of one entity as some other Steganography is one of the fundamental ways by – Replay previous messages which data can be kept confidential. Steganography – Modify messages in transit hides the existence of a message by transmitting – Denial of service information through various carriers. Its goal is to prevent the detection of secret message. Steganography uses techniques to communicate 3. CRYPROGRAPHY information in a way that is a hidden. The most Cryptography literally translates to the common use of Steganography is hiding study of secret writing. It can be defined as the art information image or sound within the information or science encompassing the principles and of another file by using a stegokey such as methods of transforming an intelligible message password is additional information to further into one that is unintelligible, and then conceal a message. There are many reasons why retransforming that message back to its original Srteganography is used, and is often used in form. The original intelligible message is known significant fields. It can be used to communicate as plaintext while the transformed message is with complete freedom even under conditions that called ciphertext. The algorithm used for such are censured or monitored. The Steganography is an conversion is called cipher and is associated with a effective means of hiding data, there by protecting key which provides critical information only to the the data from unauthorized or unwanted viewing. sender and receiver for the same. Conversion from But stego is simply one of many ways to protect plaintext to ciphertext is known as enciphering and confidentiality of data. Digital image steganography the reverse process is known as deciphering. is growing in use and application. In areas where cryptography and strong encryption are being Two basic methodologies of classic outlawed, people are using steganography to avoid cryptography include substitution and these policies and to send these messages secretly. transposition. Substitution is replacing of say Although steganography is become very popular in letters, with other letters while transposition is the near future. arranging them in a different way (if plaintext is viewed as a sequence of bits, then substitution CRYPTOGRAPHIC TECHNOLOGIES involves replacing plaintext bit patterns with Based on layers: ciphertext bit patterns) Combination of both can be used. Ciphers can further be either monoalphabetic  Link layer encryption or polyalphabetic, implying only one  Network layer encryption  IPSEC, VPN, SKIP substitution/transposition or more than one Name : P. ANU RADHA Reg.No. 17BC1A0532 , Branch: CSE Year: IV

       

Transport layer SSL, PCT (private Communication Technology) Application layer PEM (Privacy Enhanced Mail) PGP (Pretty Good Privacy) SHTTP

 Systems  Access control  Computational Security APPLICATIONS OF NETWORK SECURITY

Computer networks were primarily used by university researchers for sending email, and by corporate employees for sharing printers. Under Cryptographic process can be implemented these conditions, security did not get a lot of at various at various layers starting from the link attention. But now, as millions of ordinary citizens layer all the way up to the application layer. The are using networks for: most popular encryption scheme is SSL and it is implemented at the transport layer. If the  Banking encryption is done at the transport layer. If the  Shopping  Filling their tax returns encryption is done at the transport layer, any  application that is running on the top of the transport layer can be protected. Block ciphers process messages in into blocks, each of which is then encrypted or decrypted. It is like a substitution on very big characters (64-bits or more) 4. NETWORK SECURITY TYPES It is different from stream ciphers process messages Based on algorithms: a bit or byte at a time when encrypting or decrypting. Majority of the current ciphers are block ciphers.  Secret-key encryption algorithms (symmetric algorithms)  DES (Data Encryption Standard)— A. Claude Shannon and SubstitutionPermutation Ciphers 56bitkey  Triple DES— 112bitkey In 1949, Claude Shannon introduced the idea of  IDEA (International Data Encryption Algorithm)— 128bitkey substitution-permutation (S-P) networks which  Public-key encryption algorithms form the basis of modern block ciphers. The (Asymmetric algorithms) substitution and permutation are introduced in such a way as to provide confusion and diffusion of Diffie-Hellman (DH): Exponentiation is easy but message. Diffusion dissipates the statistical computing discrete algorithms from the resulting structure of plaintext over bulk of ciphertext while value is practically impossible. confusion makes relationship between ciphertext and key as complex as possible. These together RSA: Multiplication of two large prime numbers make the original text obscure and thus provide is easy but factoring the resulting product is computational security. practically impossible. B. Feistel Cipher Structure APPLICATIONS OF CRYPTOGRAPHY It is based on concept of invertible product cipher It first partitions the input block into two halves and  Defense service then: process through multiple rounds which  Secure Data Manipulation  E-Commerce perform a substitution on left data half based on  Business Transactions round function of right half & subkey then have permutation swapping halves  Internet Payment Systems  Pass Phrasing Secure  Internet Comm.  User Identification Name : P. ANU RADHA Reg.No. 17BC1A0532 , Branch: CSE Year: IV

C. Data Encryption Standard DES is the most widely accepted and used block code in the world. It encrypts 64 bit data using a 56 bit key. The first step is initial permutation. It reorders the input data bits by assigning the even bits to left half and odd bits to right half. It then applies Feistal Cipher on the two 32 bit halves. The ith bit of left is assigned the (i-1)th bit of right. And the ith bit of right is the (i-1)th bit of left XORed with the ith bit of key. Then eight substitution boxes are used which map the 6 bits to 4. The outer two bit select a row and the inner four are substituted.

number theory and relatively prime numbers are used. Eulers Function is used to compute the relatively prime numbers lesser than a given number. Ron Rivet gave an algorithm to compute the keys as natural numbers. Two prime numbers p and q are chosen and their product is N. Eulers function say E(N) is then computed. A random integer e is selected such that gcd of E and e is 1. Then d is calculated as mod(E)/e. Where mod() is the modulus function. The public key is a function of N and e while the private of N and d. (Something of the sort M^e*mod(N). where M is the message data). 6. CONCLUSIONS

DES supports avalanche effect which is a desirable property for encryption keys. A change in one input or key bit results in the change of approximately half the output keys which makes it extremely difficult to guess keys by some technique. Further, as it is a 56 bit key there are 2^56 different possible permutations which makes brute force search hard. Even if it does succeed, due to initial permutation making sense of plaintext would not be obvious. Yet for critical applications the keysize is considered small and thus insecure. A variation to the method is TDES where the algorithms is used three times, each with a different key. This increases the security.

Network Security is of critical importance and to provide the same cryptology with the study of various encryption and decryption methods is necessary. Various algorithms are available for this purpose, and selection should be based on factors and parameters such as fault tolerance, type of data, amount of data and other system constraints or requirements. Block ciphers are more favorable for the purpose of computational ease. Within block ciphers there are various conceptually diverse methods. Each method has its own limitations and thus the one should be chosen in which its advantages weigh out the disadvantages. Public key cryptology is one method which doesn’t have most Cipher Block chaining is another method used. of the disadvantages of other methods and thus has The message is broken in blocks which are linked been popular since long. to each other in the encryption process. It uses an initial value to start the process. This is an REFERENCES advantageous method as change in a block affects the rest plus security it increased by the fact that [1] Dr. Bill Figg. “Data Networks and along with key, knowledge of the initial value is Cryptography,”Dakota State University, 2000. necessary to decrypt. Electronic Code Book uses [2] William Stallings “Cryptography and an opposite process where each block is encrypted Internet Security," Upper Saddle River,NJ,Prentice independently. Security is less and thus it is used Hall, 1999 only when few blocks are to be transmitted. [3] William Stallings, “Network Security Essentials: Applications and Standards,3e 5. METHODS OF SECURITY “Computer Networks ”, by Andrew S.Tanunbaum Two keys are used for the encryption and [4] “Fighting Steganography detection” by Fabian decryption of the data or message. One is public Hansmann and the other is private. Though both of them are [5] “Network security” by Andrew S.Tanenbaum related to each other mathematically, the private [6] “Cryptography and Network Security” by key cannot be derived from the public key. William Stallings Message encrypted by the public key can only be decrypted by a private key. Usually concepts of Name : P. ANU RADHA Reg.No. 17BC1A0532 , Branch: CSE Year: IV...