Posts: 41
Threads: 18
Joined: Aug 2009
Reputation:
0
[attachment=1415]
CRYPTOGRAPHY AND NETWORK SECURITY
Abstract
Network security is a complicated subject, historically only tackled by
well-trained and experienced experts. However, as more and more people
become wired'', an increasing number of people need to understand the
basics of security in a networked world. This document was written with
the basic computer user and information systems manager in mind,
explaining the concepts needed to read through the hype in the
marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to
TCP/IP and internetworking . We go on to consider risk management,
network threats, firewalls, and more special-purpose secure networking
devices.
This is not intended to be a frequently asked questions'' reference,
nor is it a hands-on'' document describing how to accomplish specific
functionality.
It is hoped that the reader will have a wider perspective on security
in general, and better understand how to reduce and manage risk
personally, at home, and in the workplace.
Cryptography and Network Security
Does security provide some very basic protections that we
are naive to believe that we don't need? During this time when the
Internet provides essential communication between tens of millions of
people and is being increasingly used as a tool for commerce, security
becomes a tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
Communications and protecting passwords. One essential
aspect for
Secure communications is that of cryptography.
Cryptography is the science of writing in secret code and is an ancient
art. The first documented use of cryptography in writing dates back to
circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs
in an inscription.
In data and telecommunications, cryptography is necessary when
communicating over any untrusted medium, which includes just about any
network, particularly the Internet.
Within the context of any application-to-application communication,
there are some specific security requirements, including:
Authentication: The process of proving one's identity. (The
primary forms of host-to-host authentication on the Internet today are
name-based or address-based, both of which are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the
message except the intended receiver.
Integrity: Assuring the receiver that the received message has
not been altered in any way from the original.
Non-repudiation: A mechanism to prove that the sender really
sent this message. Cryptography, then, not only protects data from
theft or alteration, but can also be used for user authentication.
The three types of cryptographic algorithms that will be discussed are
(Figure 1):
Secret Key Cryptography (SKC): Uses a single key for both
encryption and decryption
Public Key Cryptography (PKC): Uses one key for encryption and
another for decryption
Hash Functions: Uses a mathematical transformation to
irreversibly "encrypt" information
1. Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption
and decryption.
As shown in Figure the sender uses the key (or some set of rules) to
encrypt the plain text and sends the cipher text to the receiver. The
receiver applies the same key (or rule set) to decrypt the message and
recover the plain text. Because a single key is used for both
functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver; that, in fact, is the
secret. The biggest difficulty with this approach, of course, is the
distribution of the key.
Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer
word) at a time and implement some form of feedback mechanism so that
the key is constantly changing. A block cipher is so- called because
the scheme encrypts one block of data at a time using the same key on
each block. In general, the same plain text block will always encrypt
to the same cipher text when using the same key in a block cipher
whereas the same plaintext will encrypt to different cipher text in a
stream cipher.
2. Public key cryptography
Modern PKC was first described publicly by Stanford
University professor Martin Hellman and graduate student Whitfield
Diffie in 1976. Their paper described a two-key crypto system in which
two parties could engage in a secure communication over a non-secure
communications channel without having to share a secret key.
Generic PKC employs two keys that are
mathematically
related although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the cipher
text. The
important point here is that it does not matter which key
is applied
first, but that both keys are required for the process to
work (Figure
1B). Because a pair of keys are required, this approach is
also called
asymmetric cryptography
3. Hash Functions
Hash functions, also called message digests and one-way
encryption, are algorithms that, in some sense, use no key (Figure
1C). Instead, a fixed-length hash value is computed based upon the
plaintext that makes it impossible for either the contents or length of
the plaintext to be recovered. Hash algorithms are typically used to
provide a digital fingerprint of a file's contents often used to ensure
that the file has not been altered by an intruder or virus. Hash
functions are also commonly employed by many operating systems to
encrypt passwords. Hash functions, then, help preserve the integrity of
a file.
4. TRUST MODELS
Secure use of cryptography requires trust. While secret key
cryptography can ensure message confidentiality and hash codes can
ensure integrity, none of this works without trust. In SKC, PKC solved
the secret distribution problem. There are a number of trust models
employed by various cryptographic schemes.
The web of trust employed by Pretty Good Privacy (PGP) users,
who hold their own set of trusted public keys.
Kerberos, a secret key distribution scheme using a trusted
third party.
Certificates, which allow a set of trusted third parties to
authenticate each other and, by implication, each other's users.
Each of these trust models differs in complexity, general
applicability, scope, and scalability.
Types of authority
Establish identity: Associate, or bind, a public key to an
individual, organization, corporate position, or other entity.
Assign authority: Establish what actions the holder may or may
not take based upon this certificate.
Secure confidential information (e.g., encrypting the session's
symmetric key for data confidentiality).
--
--
Todays latest used cryptographic techniques:
Hash algorithms that are in common use today include:
Message Digest (MD) algorithms
Secure Hash Algorithm (SHA)
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs. PGP can be used to sign or encrypt e-mail
messages with mere click of the mouse.
Depending upon the version of PGP, the software uses SHA or MD5 for
calculating the message hash; CAST, Triple-DES, or IDEA for encryption;
and RSA or DSS/Diffie-Hellman for key exchange and digital signatures.
And much more techniques used.
Time is the only true test of good cryptography; any cryptographic
scheme that stays in use year after year is most likely a good one. The
strength of cryptography lies in the choice (and management) of the
keys; longer keys will resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution
ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.
Different types of threats to network:
Application backdoors - Some programs have special
features that allow for remote access . Others contain bugs
that provide a backdoor , or hidden access , that provides some
level of control of the program.
SMTP session hijacking - SMTP is the most common
method of Sending e-mail over the Internet . By gaining access
to a list of e- mail Addresses , a person can send
unsolicited junk e-mail ( spam ) to thousands of users . This
is done quite often by redirecting the e-mail through the SMTP
server of an unsuspecting host , making the actual sender of
the spam difficult to trace.
Operating system bugs - Like applications , some operating
systems Have backdoors . Others provide remote access with
insufficient security controls or have bugs that an
experienced hacker can take advantage of .
Denial of service - You have probably heard this phrase
used in news reports on the attacks on major Web sites . This
type of attack is nearly Impossible to counter . What happens
is that the hacker sends a request to the server to connect
to it . When the server responds with an acknowledgement and
tries to establish a session , it cannot find the system
that made the request . By inundating a server with these
unanswerable session requests , a hacker causes the server to
slow to a crawl or eventually crash.
E-mail bombs - An e-mail bomb is usually a personal
attack . Someone sends you the same e-mail hundreds or
thousands of times until your e-mail system cannot accept
any more messages .
Macros - To simplify complicated procedures , many
applications allow you to create a script of commands that
the application can run . This script is known as a macro .
Hackers have taken advantage of this to create their own
macros that , depending on the application , can destroy your
data or crash your computer .
Viruses - Probably the most well-known threat is computer
viruses . A virus is a small program that can copy itself to
other computers . This way it can spread quickly from one
system to the next. Viruses range from harmless messages to
erasing all of your data .
Spam - Typically harmless but always annoying , spam is
the electronic equivalent of junk mail . Spam can be
dangerous though . Quite often it contains links to Web sites
. Be careful of clicking on these because you may
accidentally accept a cookie that provides a backdoor to your
computer.
Redirect bombs - Hackers can use ICMP to change (
redirect ) the Path information takes by sending it to a
different router . This is one of the ways that a denial of
service attack is set up.
Network security can be done by various methods.
1. Virtual Private Network:
A virtual private network ( VPN ) is a way to use a public
telecommunication infrastructure , such as the Internet , to
provide remote offices or individual users with secure access to
their organization's network. A virtual private network can be
contrasted with an expensive system of owned or leased lines
that can only be used by one organization. The goal of a VPN is
to provide the organization with the same capabilities , but at a
much lower cost
Implementation of network security by VPN.
Step 1. - The remote user dials into their local ISP and logs into the
ISP s network as usual.
Step 2. - When connectivity to the corporate network is desired, the
user initiates a tunnel request to the destination Security server on
the corporate network. The security server authenticates the user and
creates the other end of tunnel.
Fig : a) A leased line private
network b) A virtual private network
Step 3. - The user then sends data through the tunnel which encrypted
by the VPN software before being sent over the ISP connection.
Step 4. - The destination Security server receives the encrypted data
and decrypts. The Security server then forwards the decrypted data
packets onto the corporate network. Any information sent back to the
Remote user is also encrypted before being sent over the Internet.
2.Firewalls:
A firewall provides a strong barrier between your private
network and the Internet . You can set firewalls to
restrict the number of open ports , what type of packets are
passed through and which protocols are allowed through . You
should already have a good firewall in place before you
implement a VPN , but a firewall can also be used to
terminate the VPN sessions .
Fig2: A fire wall consisting of two
packet filters and an application gateway
3.IPSec -
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms
and more comprehensive authentication . IPSec has two encryption
modes : tunnel and transport . Tunnel encrypts the header and
the payload of each packet while transport only encrypts the
payload. Only systems that are IPSec compliant can take advantage
of this Protocol . Also , all devices must use a common
key and the firewalls of each network must have very
similar security policies set up. IPSec can encrypt data
between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server
A software firewall can be installed on the computer in your
home that has an Internet connection . This computer is
considered a gateway because it provides the only point
of access between your home network and the Internet .
4. AA Server - AA (authentication , authorization and
accounting)
servers are used for more secure access in a remote-access VPN
environment . When a request to establish a session comes in
from a dial up client , the Request is proxies to the AA
server . AA then checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking
client. Use for security auditing , billing or reporting
purposes .
REFRERNCES
--
1. The New Lexicon Webster's Encyclopedic Dictionary of the
English Language. New York: Lexicon.
2. Cryptography And Network Security -- William Stallings
3. R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP
Software. Computing Science Technical Report No. 117, AT&T Bell
Laboratories, Murray Hill, New Jersey.
4. COMPUTER NETWORKS --ANDREW S. TENAUNBAUM
5. S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite.
Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
6. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear,
Address Allocation for Private Internets.'' RFC 1918.
7. J.P. Holbrook, J.K. Reynolds. Site Security Handbook.'' RFC
1244.
8. M. Curtin, Snake Oil Warning Signs: Encryption Software to
Avoid.'' USENET <sci.crypt> Frequently Asked Questions File.
CONTENTS
What is Cryptography?
Types of Cryptography
1. Secret(symmetric) Key Cryptography.
2. Public(asymmetric) Key Cryptography.
3. Hash Functions.
4. Trust Models.
Todays latest used cryptographic techniques
Different types of threats to network
Network Security can be done by various methods
1. VPN ( Virtual Private Networks)
2. Firewalls
3. IPSec.
4. AA Server.
Posts: 45
Threads: 19
Joined: Mar 2009
Reputation:
0
[attachment=3471]
CRYPTOGRAPHY
NETWORK SECURITY
CONTENTS
What is Cryptography?
Types of Cryptography
1. Secret(symmetric) Key Cryptography.
2. Public(asymmetric) Key Cryptography.
3. Hash Functions.
4. Trust Models.
Todays latest used cryptographic techniques
Different types of threats to network
Network Security can be done by various methods
1. VPN ( Virtual Private Networks)
2. Firewalls
3. IPSec.
4. AA Server.
Abstract
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP and internetworking . We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices.
This is not intended to be a frequently asked questions'' reference, nor is it a hands-on'' document describing how to accomplish specific functionality.
It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.
Cryptography and Network Security
Does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
Communications and protecting passwords. One essential aspect for
Secure communications is that of cryptography.
Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription.
In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.
Within the context of any application-to-application communication, there are some specific security requirements, including:
Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this message. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.
The three types of cryptographic algorithms that will be discussed are (Figure 1):
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
1. Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption and decryption.
As shown in Figure the sender uses the key (or some set of rules) to encrypt the plain text and sends the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so- called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plain text block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher.
2. Public key cryptography
Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
Generic PKC employs two keys that are mathematically
related although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the cipher text. The
important point here is that it does not matter which key is applied
first, but that both keys are required for the process to work (Figure
1B). Because a pair of keys are required, this approach is also called
asymmetric cryptography
3. Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, help preserve the integrity of a file.
4. TRUST MODELS
Secure use of cryptography requires trust. While secret key cryptography can ensure message confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC, PKC solved the secret distribution problem. There are a number of trust models employed by various cryptographic schemes.
The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
Kerberos, a secret key distribution scheme using a trusted third party.
Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
Each of these trust models differs in complexity, general applicability, scope, and scalability.
Types of authority
Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.
Assign authority: Establish what actions the holder may or may not take based upon this certificate.
Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality).
--
Todays latest used cryptographic techniques:
Hash algorithms that are in common use today include:
Message Digest (MD) algorithms
Secure Hash Algorithm (SHA)
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse.
Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures. And much more techniques used.
Time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.
Different types of threats to network:
Application backdoors - Some programs have special features that allow for remote access . Others contain bugs that provide a backdoor , or hidden access , that provides some level of control of the program.
SMTP session hijacking - SMTP is the most common method of Sending e-mail over the Internet . By gaining access to a list of e- mail Addresses , a person can send unsolicited junk e-mail ( spam ) to thousands of users . This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host , making the actual sender of the spam difficult to trace.
Operating system bugs - Like applications , some operating systems Have backdoors . Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of .
Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites . This type of attack is nearly Impossible to counter . What happens is that the hacker sends a request to the server to connect to it . When the server responds with an acknowledgement and tries to establish a session , it cannot find the system that made the request . By inundating a server with these unanswerable session requests , a hacker causes the server to slow to a crawl or eventually crash.
E-mail bombs - An e-mail bomb is usually a personal attack . Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages .
Macros - To simplify complicated procedures , many applications allow you to create a script of commands that the application can run . This script is known as a macro . Hackers have taken advantage of this to create their own macros that , depending on the application , can destroy your data or crash your computer .
Viruses - Probably the most well-known threat is computer viruses . A virus is a small program that can copy itself to other computers . This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data .
Spam - Typically harmless but always annoying , spam is the electronic equivalent of junk mail . Spam can be dangerous though . Quite often it contains links to Web sites . Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
Redirect bombs - Hackers can use ICMP to change ( redirect ) the Path information takes by sending it to a different router . This is one of the ways that a denial of service attack is set up.
Network security can be done by various methods.
1. Virtual Private Network:
A virtual private network ( VPN ) is a way to use a public telecommunication infrastructure , such as the Internet , to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities , but at a much lower cost
Implementation of network security by VPN.
Step 1. - The remote user dials into their local ISP and logs into the ISP s network as usual.
Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server authenticates the user and creates the other end of tunnel.
Fig : a) A leased line private network b) A virtual private network
Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection.
Step 4. - The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote user is also encrypted before being sent over the Internet.
2.Firewalls:
A firewall provides a strong barrier between your private network and the Internet . You can set firewalls to restrict the number of open ports , what type of packets are passed through and which protocols are allowed through . You should already have a good firewall in place before you implement a VPN , but a firewall can also be used to terminate the VPN sessions .
Fig2: A fire wall consisting of two packet filters and an application gateway
3.IPSec -
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms and more comprehensive authentication . IPSec has two encryption modes : tunnel and transport . Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this Protocol . Also , all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server
A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it provides the only point of access between your home network and the Internet .
4. AA Server - AA (authentication , authorization and accounting)
servers are used for more secure access in a remote-access VPN environment . When a request to establish a session comes in from a dial up client , the Request is proxies to the AA server . AA then checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking client. Use for security auditing , billing or reporting purposes .
REFRERNCES
--
1. The New Lexicon Webster's Encyclopedic Dictionary of the English Language. New York: Lexicon.
2. Cryptography And Network Security -- William Stallings
3. R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey.
4. COMPUTER NETWORKS --ANDREW S. TENAUNBAUM
5. S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
6. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, Address Allocation for Private Internets.'' RFC 1918.
7. J.P. Holbrook, J.K. Reynolds. Site Security Handbook.'' RFC 1244.
8. M. Curtin, Snake Oil Warning Signs: Encryption Software to Avoid.'' USENET <sci.crypt> Frequently Asked Questions File.
Posts: 63
Threads: 29
Joined: Jul 2009
Reputation:
0
[attachment=3294]
Abstract
This paper aims to provide a broad review of network security and cryptography. Network security and cryptography is a subject too wide ranging to coverage about how to protect information in digital form and to provide security services. However, a general overview of network security and cryptography is provided.
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. When many systems are connected in a network it is very important to safeguard the data in each system.However, as more and more people becomewired'', an increasing number of people need to understand the basics of security in a networked world. Our paper covers different kinds of threats & firewalls in the network by implementation of different security services using various security mechanisms. Generally, the logical conclusion is to use both kind of algorithms and their combinations to achieve optimal speed and security levels. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally.
Contents
Introduction
Popular networks
Security services
Security threats
Where do they come from
Preventing security disasters
Firewalls
Types of firewalls
Point of failure
Security mechanisms
Cryptography
Types of cryptography
Secret key cryptography
Public key cryptography
Hash algorithms
Conclusion
Bibliography
Introduction
A basic understanding of computer networks is requisite in order to understand the principles of network security. In this section, we'll cover some of the foundations of computer networking, then move on to an overview of some popular networks. The impressive development of computer networks has reached the point, where security becomes essential. Users want to exchange data in a secure way. The problem of network security is a complex issue. Network security means a protection of the network assets.
Popular networks:
UUCP: (Unix-to-Unix Copy) was originally developed to connect UNIX hosts together.
Internet: The Internet is the world's largest network of networks.
Services for security:
The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
1. Confidentiality: Ensure that the information in a computer system and transmitted information are accessible only for reading by authorized parties. This type of access includes printing displaying and other forms of disclosure, including simply revealing the existence of an object.
2. Authentication: Ensure that the origin of a message or electronic document is correctly with an assurance that the identity is not false;
3. Integrity: Ensures that only authorized parties are able to modify computer systems assets and transmitted information. Modification includes writing, changing, changing status, deleting, creating and delaying or replaying of transmitted messages.
4. Non-repudiation: Requires that neither the sender nor the receiver of a message is able to deny the transmission.
5. Access control: Require that access to information resources may be controlled by or for the target system.
6. Availability: Require that computer systems assets be available to authorized parties when needed.
Attacks:
Attacks on the security of a computer system or network are best characterized by viewing the function of a computer system as provided information. This normal flow is depicted in figure:
Security threats
Categorization of these attacks is passive attacks and active attacks.
Passive attacks: In this the goal of the attacker is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.
Active attacks:. These attacks involve some modification of the data stream or the creation of false stream and can be sub divided into 4 categories: Masquerade, Replay, Modification of messages, and denial of service.
Denial of service: DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular. Some things that can be done to reduce the risk of being stung by a denial of service attack include
Not running your visible-to-the-world servers at a level too close to capacity
Using packet filtering to prevent obviously forged packets from entering into your network address space.
Keeping up-to-date on security-related patches for your hosts' operating systems.
Unauthorized Access :
Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. These can take the form of a virus, worm, or Trojan horse. One of the most publicized threats to security is intruder. Generally referred to as a hacker or cracker, and some other threats are executing commands illicitly, confidential breaches, destructive behavior.
Where do the attacks come from How, though, does an attacker gain access to your equipment Through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physical access.
Preventing security disasters:
Hope you have backups
Stay current with relevant operating system patches
Don't put data where it doesn't need to be
Avoid systems with single points of failure
Watch for relevant security advisories
Firewalls:
Firewalls can be an effective means of protecting a local system or network of systems from network based security threats while at the same time, a firewall is simply a group of components that collectively form a barrier between two networks.
Types of firewalls:
Application Gateways
Packet Filtering
Hybrid systems
Best for me: Lots of options are available, and it makes sense to spend some time with an expert, either in-house, or an experienced consultant who can take the time to understand your organization's security policy, and can design and build a firewall architecture that best implements that policy.
Points of Failure: Any time there is only one component paying attention to what's going on between the internal and external networks, an attacker has only one thing to break (or fool!) in order to gain complete access to your internal networks.
Security Mechanisms: A mechanism that is designed to detect, prevent, or recover from a security attack. Cryptography and Steganographic are such two techniques. Hence we focus on development, use and management of Cryptographic techniques.
What is Cryptography
The word cryptography is derived from Greek and when literally translated, means secret writing. The study of enciphering and encoding (on the sending end), and decoding (on the receiving end) is called cryptography. Although the distinction is fuzzy, ciphers are different from codes. When you mix up or substitute existing letters, you are using a cipher.
Encryption refers to the transformation of data in plain text form into a form called cipher text, .The recovery of plain text requires the key, and this process is known as decryption. This key is meant to be secret information and the privacy of the text depends on the cryptographic strength of the key. Ciphers are broken into two main categories, substitution ciphers and transposition ciphers. Substitution ciphers replace letters in the plaintext with other letters or symbols, keeping the order in which the symbols fall the same. Transposition ciphers keep all of the original letters intact, but mix up their order.
Substitution cipher:
Plaintext letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher text letter Q W E R T Y U I O P A S D F G H J K L Z X C V B N M
You can construct a secret message from the above table. Relative substitutions can be done. So, the message Meet me after school behind the gym, would read
DTTZ DT QYZTK LEIGGS WTIOFR ZIT UND.
Five letters are customary in the spy biz, so your message comes out like this:
DTTZD TQYZT KLEIG GSWTI OFRZI TUNDM
Transposition cipher: Text chosen in one form can be enciphered choosing a different route. To decipher, you fill the in box following the zigzag route and read the message using the spiral route. The cipher text becomes:
EAMTN FTDIE EHOTE RHMEM BYESC GLOHO
Types of Cryptography:
There are three types of cryptographic algorithms:
1. Secret Key Cryptography.
2. Public Key Cryptography.
3. Hash Algorithms.
Secret Key Cryptography:
Secret key cryptography involves the use of single key. Given a message (Plain text) and the key, encryption produces cipher text, which is about the same length as the plain text was. Decryption is the reverse of encryption, and uses the same key as encryption.
Encryption
Plain text --> cipher text
Key
Cipher text--> plain text
Decryption
Secret key cryptography is sometimes referred to as symmetric cryptography or conventional cryptography. If sender and receiver agree on a shared secret key, then by using secret key cryptography we can send messages to one another on a medium that can be tapped, without worrying about eavesdroppers. All we need to do is have the sender encrypt the messages and the receiver decrypt them using the key. An eavesdropper will only see unintelligible data. Some of the secret key cryptography algorithms are - DES, 3-DES, blowfish, IDEA, AES, RC2, RC4, RC5, ECB etc.
Advantages of Secret Key Cryptography:
o Very fast relative to public key cryptography.
o Considered secure, provided the key is relatively strong.
o The cipher text is compact (i.e., encryption does not add excess Baggage to the cipher text).
o Widely used and very popular.
Disadvantages of Secret Key Cryptography:
o The administration of the keys can become extremely complicated.
o A large number of keys are needed to communicate securely with a large group of People.
o The key is subject to interception by hackers.
Public Key Cryptography:
Public key cryptography sometimes also referred to as asymmetric cryptography. The public key need not be kept secret, and, in fact, may be widely available, only its authenticity is required to guarantee that A is indeed the only party who knows the co-responding private key. A primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems. The main objective of public-key encryption is to provide privacy or confidentiality. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms such as DES.
The private key and the public key are mathematically linked.
Encryption
Plain text --> cipher text
Public key
Private key
Cipherkey --> plain text
Decryption
Public key cryptography can do anything secret key cryptography can do like- transmitting the data over an insecure channel, secure storage on insecure media, authentication purposes and digital signatures. Some Public key cryptography algorithms are RSA, Elliptic Curve Cryptography (ECC), ElGamal, DH, DSA/DSS etc.
Advantages of Public key Cryptography:
o Considered very secure, and easy to configure these systems.
o No form of secret sharing is required, thus reducing key administration to a Minimum.
o Supports non-repudiation.
o The number of keys managed by each user is much less compared to secret key Cryptography.
Disadvantages of Public key Cryptography:
o Much slower compared to secret key cryptography.
o The ciphertext is much larger than the plaintext, relative to secret key Cryptography.
Hash Algorithms:
Hash algorithms are also known as message digests or one-way transformations. A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed length number.
The following things can be done using hash algorithms.
Password Hashing: When a user types a password, the system must store the password encrypted because someone else can use it. To avoid this problem hashing is used. When a password is supplied, it computes the password hash and compares it with the stored value if they match; the password is taken to be correct.
Message Integrity: Cryptographic hash functions can be used to protect the integrity of a message transmitted over insecure media.
Message fingerprint: We can know whether some data stored has been modified from one day to the next, if we save that data structure with a hash function. We can compare the hash function data structure with the message on the message data. If the message digest has not changed, you can be sure that none of the data is changed.
Digital Signatures: can be efficiently implemented using hash functions.
Implementation Issues
Key Size:
This has major role for amount of security. If the algorithm is inherently strong, then it can be assumed that the larger the key size for the ciphers, the harder it is for a hacker to perform an attack on the cipher text. But, larger keys lead to lower levels of performance. Thus there are, trade-offs, which are traditionally made between the level of security and other factors, like performance.
Hybrid Systems:
Just one crypto-system will not solve every problem. Most systems in use today employ a hybrid system.
Conclusion:
Everyone has a different idea of what security'' is, and what levels of risk are acceptable. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. As and when new security methods are developed, breaking of these methods has increased. So measures have to be taken to fill the loopholes, of which cryptography has and is playing a major role. Cryptography is evergreen and developments in this area are a better option.
References:
o William Stallings: Cryptography and Network security: principles and practice: 2nd edition.
o J.P. Holbrook, J.K. Reynolds. Site Security Handbook.''
o Douglas R.Stinson. Cryptography: theory and practice: 2nd edition
o A.Menezes, P.van Oorschot and S.Vanstone: Handbook of Applied Cryptography.
o Smith, Laurence Dwight. Cryptography, the Science of Secret Writing.
o Speciner, M. Perlman, R: Network security, Englewood Cliffs, NJ
Posts: 57
Threads: 22
Joined: Jun 2009
Reputation:
0
[attachment=2518]
Cryptography and Network Security
Presented by:
William Stallings
Lecture slides by Lawrie Brown
Chapter 1 Introduction
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
The Art of War, Sun Tzu
Background
Information Security requirements have changed in recent times
traditionally provided by physical and administrative mechanisms
computer use requires automated tools to protect files and other stored information
use of networks and communications links requires measures to protect data during transmission
Definitions
Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a collection of interconnected networks
Aim of Course
our focus is on Internet Security
consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information
Services, Mechanisms, Attacks
need systematic way to define requirements
consider three aspects of information security:
security attack
security mechanism
security service
consider in reverse order
Security Service
is something that enhances the security of the data processing systems and the information transfers of an organization
intended to counter security attacks
make use of one or more security mechanisms to provide the service
replicate functions normally associated with physical documents
eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
Security Mechanism
a mechanism that is designed to detect, prevent, or recover from a security attack
no single mechanism that will support all functions required
however one particular element underlies many of the security mechanisms in use: cryptographic techniques
hence our focus on this area
Security Attack
any action that compromises the security of information owned by an organization
information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
have a wide range of attacks
can focus of generic types of attacks
note: often threat & attack mean same
OSI Security Architecture
ITU-T X.800 Security Architecture for OSI
defines a systematic way of defining and providing security requirements
for us it provides a useful, if abstract, overview of concepts we will study
Security Services
X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
X.800 defines it in 5 major categories
Security Services (X.800)
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication
Classify Security Attacks as
passive attacks - eavesdropping on, or monitoring of, transmissions to:
obtain message contents, or
monitor traffic flows
active attacks modification of data stream to:
masquerade of one entity as some other
replay previous messages
modify messages in transit
denial of service
Model for Network Security
using this model requires us to:
design a suitable algorithm for the security transformation
generate the secret information (keys) used by the algorithm
develop methods to distribute and share the secret information
specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
using this model requires us to:
select appropriate gatekeeper functions to identify users
implement security controls to ensure only authorised users access designated information or resources
trusted computer systems can be used to implement this model
Summary
have considered:
computer, network, internet security def s
security services, mechanisms, attacks
X.800 standard
models for network (access) security
Posts: 54
Threads: 26
Joined: Jul 2009
Reputation:
0
Fourth Edition
by William Stallings
[attachment=7838]
Chapter 14 Authentication Applications
We cannot enter into alliance with neighboring princes until we are acquainted with their designs.
The Art of War, Sun Tzu
Authentication Applications
Kerberos
trusted key server system from MIT
provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
Kerberos Requirements
its first report identified requirements as:
secure
reliable
transparent
scalable
implemented using an authentication protocol based on Needham-Schroeder
Kerberos v4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT
Kerberos v4 Dialogue
obtain ticket granting ticket from AS
once per session
obtain service granting ticket from TGT
for each distinct service required
client/server exchange to obtain service
on every service request
for more:
http://docs.googleviewer?a=v&q=cache:V7Z...tb6wxZgz1A
Posts: 48
Threads: 20
Joined: Feb 2009
Reputation:
0
Cryptography and Network Security Intro., Conventional
[attachment=16719]
Introduction
The art of war teaches us not on the likelihood
of the enemy s not coming, but on our own
readiness to receive him; not on the chance of
his not attacking, but rather on the fact that
we have made our position unassailable.
Attacks, Services and Mechanisms
Security Attacks
Action compromises the information security
Security Services
Enhances the security of data processing and
transferring
Security mechanism
Detect, prevent and recover from a security
attack
Cryptography
Cryptography is the study of
Secret (crypto-) writing (-graphy)
Concerned with developing algorithms:
Conceal the context of some message from all except
the sender and recipient (privacy or secrecy), and/or
Verify the correctness of a message to the recipient
(authentication)
Form the basis of many technological solutions to
computer and communications security problems
History
Ancient ciphers
Have a history of at least 4000 years
Ancient Egyptians enciphered some of their
hieroglyphic writing on monuments
Ancient Hebrews enciphered certain words in the
scriptures
2000 years ago Julius Caesar used a simple substitution
cipher, now known as the Caesar cipher
Roger bacon described several methods in 1200s
Posts: 49
Threads: 27
Joined: Sep 2009
Reputation:
0
Posts: 54
Threads: 21
Joined: Aug 2009
Reputation:
0
Posts: 61
Threads: 24
Joined: Aug 2009
Reputation:
0
To get full information or details of cryptography and network security full report please have a look on the pages
http://seminarsprojects.net/Thread-crypt...#pid179070
if you again feel trouble on cryptography and network security full report please reply in that page and ask specific fields in cryptography and network security full report
Posts: 55
Threads: 24
Joined: Aug 2009
Reputation:
0
|
