15.

Detailed Notes
UNIT –I
Attacks on Computers and Computer Security: Introduction, The need of Security,
Security approaches, Principles of Security, Types of Security Attacks, Security Services,
Security Mechanisms, A model for Network Security.
Cryptography: Concepts and Techniques: Introduction, Plain text and Cipher Text,
Substitution Techniques, Transposition Techniques, Encryption and Decryption, Symmetric
and Asymmetric Cryptography, Steganography, Key Range and Key Size, Possible types of
Attacks.

Introduction:
This is the age of universal electronic connectivity, where the activities like
hacking, viruses, electronic fraud are very common. Unless security measures are taken,
a network conversation or a distributed application can be compromised easily.

Some simple examples are:

Online purchases using a credit/debit card.
A customer unknowingly being directed to a false website.
A hacker sending a message to a person pretending to be someone else.

Network Security has been affected by two major developments over the last
several decades. First one is introduction of computers into organizations and the second
one being introduction of distributed systems and the use of networks and
communication facilities for carrying data between users & computers. These two
developments lead to ‘computer security’ and ‘network security’, where the computer
security deals with collection of tools designed to protect data and to thwart hackers.
Network security measures are needed to protect data during transmission. But keep in
mind that, it is the information and our ability to access that information that we are
really trying to protect and not the computers and networks.

Why We Need Information Security?

Because there are threats
Threats
A threat is an object, person, or other entity that represents a constant danger to an asset
28
The 2007 CSI survey
 494 computer security practitioners
 46% suffered security incidents
 29% reported to law enforcement
 Average annual loss $350,424
 1/5 suffered ‗targeted attack‘
 The source of the greatest financial losses?
 Most prevalent security problem
 Insider abuse of network access
 Email
Threat Categories
 Acts of human error or failure
 Compromises to intellectual property
 Deliberate acts of espionage or trespass
 Deliberate acts of information extortion
 Deliberate acts of sabotage or vandalism
 Deliberate acts of theft
 Deliberate software attack
 Forces of nature
 Deviations in quality of service
 Technical hardware failures or errors
 Technical software failures or errors
 Technological obsolesce

Definitions
 Computer Security - generic name for the collection of tools designed to protect
data and to thwart hackers

 Network Security - measures to protect data during their transmission

 Internet Security - measures to protect data during their transmission over a

collection of interconnected networks

 our focus is on Internet Security

29
  which consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission & storage of information

ASPECTS OF SECURITY
 consider 3 aspects of information security:

 Security Attack

 Security Mechanism

 Security Service

SECURITY ATTACK
 any action that compromises the security of information owned by an
organization

 information security is about how to prevent attacks, or failing that, to detect

attacks on information-based systems

 often threat & attack used to mean same thing

 have a wide range of attacks

 can focus of generic types of attacks

 Passive
 Active

30
Passive Attack

Active Attack

INTERRUPTION
An asset of the system is destroyed or becomes unavailable or unusable. It is an
attack on availability.
Examples:

Destruction of some hardware

Jamming wireless signals

Disabling file management systems
INTERCEPTION
An unauthorized party gains access to an asset. Attack on confidentiality.

Examples:

Wire tapping to capture data in a network.

Illicitly copying data or programs

Eavesdropping
MODIFICATION
31
 When an unauthorized party gains access and tampers an asset. Attack is on
Integrity.
Examples:

Changing data file
 Altering a program and the contents of a message

FABRICATION
An unauthorized party inserts a counterfeit object into the system. Attack on
Authenticity. Also called impersonation

Examples:

Hackers gaining access to a personal email and sending message

Insertion of records in data files

Insertion of spurious messages in a network

SECURITY SERVICES
It is a processing or communication service that is provided by a system to give a
specific kind of production to system resources. Security services implement security
policies and are implemented by security mechanisms.
Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. It is used

to prevent the disclosure of information to unauthorized individuals or systems. It has
been defined as “ensuring that information is accessible only to those authorized to have
access”.
32
The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A
credit card number has to be secured during online transaction.

Authentication
This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from intended
source. For an ongoing interaction two aspects are involved. First, during connection
initiation the service assures the authenticity of both parties. Second, the connection
between the two hosts is not interfered allowing a third party to masquerade as one of
the two parties. Two specific authentication services defines in X.800 are

Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of connection establishment and during data
transmission. Provides confidence against a masquerade or a replay attack
Data origin authentication: Assumes the authenticity of source of data unit, but does
not provide protection against duplication or modification of data units. Supports
applications like electronic mail, where no prior interactions take place between
communicating entities.
Integrity
Integrity means that data cannot be modified without authorization. Like
confidentiality, it can be applied to a stream of messages, a single message or selected
fields within a message. Two types of integrity services are available. They are
Connection-Oriented Integrity Service: This service deals with a stream of
messages, assures that messages are received as sent, with no duplication, insertion,
modification, reordering or replays. Destruction of data is also covered here. Hence, it
attends to both message stream modification and denial of service.
Connectionless-Oriented Integrity Service: It deals with individual messages
regardless of larger context, providing protection against message modification only.

An integrity service can be applied with or without recovery. Because it is related

to active attacks, major concern will be detection rather than prevention. If a violation is

33
detected and the service reports it, either human intervention or automated recovery
machines are required to recover.
Non-repudiation
Non-repudiation prevents either sender or receiver from denying a transmitted
message. This capability is crucial to e-commerce. Without it an individual or entity can
deny that he, she or it is responsible for a transaction, therefore not financially liable.
Access Control
This refers to the ability to control the level of access that individuals or entities
have to a network or system and how much information they can receive. It is the ability
to limit and control the access to host systems and applications via communication links.
For this, each entity trying to gain access must first be identified or authenticated, so that
access rights can be tailored to the individuals.
Availability
It is defined to be the property of a system or a system resource being accessible
and usable upon demand by an authorized system entity. The availability can significantly
be affected by a variety of attacks, some amenable to automated counter measures i.e
authentication and encryption and others need some sort of physical action to prevent or
recover from loss of availability of elements of a distributed system.

SECURITY MECHANISMS
According to X.800, the security mechanisms are divided into those implemented
in a specific protocol layer and those that are not specific to any particular protocol layer
or security service. X.800 also differentiates reversible & irreversible encipherment
mechanisms. A reversible encipherment mechanism is simply an encryption algorithm
that allows data to be encrypted and subsequently decrypted, whereas irreversible
encipherment include hash algorithms and message authentication codes used in digital
signature and message authentication applications
Specific Security Mechanisms
Incorporated into the appropriate protocol layer in order to provide some of the
OSI security services,
Encipherment: It refers to the process of applying mathematical algorithms for
converting data into a form that is not intelligible. This depends on algorithm used and

34
encryption keys.
Digital Signature: The appended data or a cryptographic transformation applied to any
data unit allowing to prove the source and integrity of the data unit and protect against
forgery.
Access Control: A variety of techniques used for enforcing access permissions to the
system resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
Authentication Exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
Routing Control: Enables selection of particular physically secure routes for certain data
and allows routing changes once a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data
exchange
Pervasive Security Mechanisms
These are not specific to any particular OSI security service or protocol layer.
Trusted Functionality: That which is perceived to b correct with respect to some criteria
Security Level: The marking bound to a resource (which may be a data unit) that names
or designates the security attributes of that resource.
Event Detection: It is the process of detecting all the events related to network security.
Security Audit Trail: Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system records and activities.
Security Recovery: It deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.

35
MODEL FOR NETWORK SECURITY

Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place. A logical information channel is established by
defining a route through the internet from source to destination by use of communication
protocols by the two parties. Whenever an opponent presents a threat to confidentiality,
authenticity of information, security aspects come into play. Two components are present
in almost all the security providing techniques.
A security-related transformation on the information to be sent making it unreadable
36
by the opponent, and the addition of a code based on the contents of the message, used to
verify the identity of sender.
Some secret information shared by the two principals and, it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception
A trusted third party may be needed to achieve secure transmission. It is
responsible for distributing the secret information to the two parties, while keeping it
away from any opponent. It also may be needed to settle disputes between the two parties
regarding authenticity of a message transmission. The general model shows that there
are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service
Various other threats to information system like unwanted access still exist. The
existence of hackers attempting to penetrate systems accessible over a network remains
a concern. Another threat is placement of some logic in computer system affecting various
applications and utility programs. This inserted code presents two kinds of threats.
Information access threats intercept or modify data on behalf of users who should
not have access to that data
Service threats exploit service flaws in computers to inhibit use by legitimate users
Viruses and worms are two examples of software attacks inserted into the system by
means of a disk or also across the network. The security mechanisms needed to cope with
unwanted access fall into two broad categories.

Some basic terminologies used

 CIPHER TEXT - the coded message

 CIPHER - algorithm for transforming plaintext to ciphertext

 KEY - info used in cipher known only to sender/receiver

 ENCIPHER (ENCRYPT) - converting plaintext to ciphertext

37