Cryptography and Network

Security
Overview

Fifth Edition
by William Stallings
The art of war teaches us to rely not on the
likelihood of the enemy's not coming, but on our
own readiness to receive him; not on the chance
of his not attacking, but rather on the fact that we
have made our position unassailable.

The Art of War, Sun Tzu

 Standards / Organizations
 National Institute of Standards & Technology
(NIST)
 Internet Society (ISOC)
 International Telecommunication Union
Telecommunication Standardization Sector (ITU-T)
 International Organization for Standardization
(ISO)
 RSA Labs (de facto)
 Computer Security
 The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources (includes hardware, software,
firmware, information / data, and
telecommunications)
Three key objectives that are at the heart of computer
security are:
Confidentiality
 Data confidentiality: Assures that private or
confidential information is not made available or
disclosed to unauthorized individuals.
 Privacy: Assures that individuals control or
influence what information related to them may be
collected and stored and by whom and to whom
that information may be disclosed.
Integrity
 Data integrity: Assures that information and
programs are changed only in a specified and
authorized manner.
 System integrity: Assures that a system performs
its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized
manipulation of the system.
Availability: Assures that systems work promptly
and service is not denied to authorized users.
Key Security Concepts / Goals
 Levels of Impact
 FIPS PUB 199 define 3 levels of impact from a
security breach:
 Low

 Moderate

 High
 Low Impact
 The loss could be expected to have a limited
adverse effect on organizational operations,
organizational assets, or individuals.
 A limited adverse effect might
Eg: the loss of confidentiality, integrity, or availability
(i) cause a degradation in mission capability to an extent
and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions
is noticeably reduced;
(ii) result in minor damage to organizational assets;
(iii) result in minor financial loss; or
(iv) result in minor harm to individuals.
 Moderate Impact
 The loss could be expected to have a serious
adverse effect on organizational operations,
organizational assets, or individuals.
 the loss might:
(i) cause a significant degradation in mission capability
to an extent and duration that the organization is able to
perform its primary functions, but the effectiveness of
the functions is significantly reduced;
(ii) result in significant damage to organizational assets;
(iii) result in significant financial loss; or
(iv) result in significant harm to individuals that does not
involve loss of life or serious, life-threatening injuries.
 High Impact
 The loss could be expected to have a severe or
catastrophic adverse effect on organizational
operations, organizational assets, or individuals.
 The loss might
(i) cause a severe degradation in or loss of mission
capability to an extent and duration that the organization
is not able to perform one or more of its primary
functions;
(ii) result in major damage to organizational assets;
(iii) result in major financial loss; or
(iv) result in severe or catastrophic harm to individuals
involving loss of life or serious life threatening injuries.
 Examples of Security
Requirements
 confidentiality – student grades

 integrity – patient information

 availability – authentication service

 authenticity – admission ticket

 non-repudiation – stock sell order

 OSI Security Architecture
 ITU-T X.800 “Security Architecture for OSI”
defines a systematic way of defining the
requirements for security and characterizing the
approaches to satisfying those requirements.
 The OSI security architecture is useful to managers as a
way of organizing the task of providing security.
 Because this architecture was developed as an
international standard, computer and communications
vendors have developed security features for their
products and services that relate to this structured
definition of services and mechanisms.
 Aspects of Security
 The OSI security architecture focuses on 3 aspects of
information security:
1. security attack : Any action that compromises the
security of information owned by an organization.
2. security mechanism (control): A process or a
device that is designed to detect, prevent, or recover
from a security attack.
3. security service: A processing or communication
service that enhances the security of the data
processing systems and the information transfers of
an organization.
Definitions taken from RFC 2828, Internet Security
Glossary.
 Threat – possible danger that might exploit a
vulnerability.
 vulnerability – a way by which loss can happen
 Attack –An assault on system security that derives
from an intelligent threat.
 an intelligent act that is a deliberate attempt
(especially in the sense of a method or technique)
to evade security services and violate the security
policy of a system.
 SECURITY ATTACKS
A useful means of classifying security attacks,
used both in X.800 and RFC 2828, is
1. passive attacks
2. active attacks
 A passive attack attempts to learn or make use of
information from the system but does not affect
system resources.
 An active attack attempts to alter system resources
or affect their operation.
Passive Attack - Interception
Passive Attack: Traffic Analysis

Observe traffic pattern

 Passive attacks are very difficult to detect,
 they do not involve any alteration of the data.
 Typically, the message traffic is sent and received
in an apparently normal fashion, and neither the
sender nor receiver is aware that a third party has
read the messages or observed the traffic pattern.

 However, it is feasible to prevent the success of

these attacks, by means of encryption.

 Thus, the emphasis in dealing with passive attacks

is on prevention rather than detection.
 Active Attacks
 Active attacks involve some modification of the
data stream or the creation of a false stream and
can be subdivided into four categories:
1. masquerade,
2. replay,
3. Modification of messages, and
4. denial of service.
 Active Attack: masquerade
A masquerade takes place when one entity
pretends to be a different entity
 A masquerade attack usually includes one of the
other forms of active attack.
Eg: authentication sequences can be captured and
replayed after a valid authentication sequence has
taken place, thus enabling an authorized entity with
few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
Masquerading
 Active Attack: Replay
 Replay involves the passive capture of a data unit
and its subsequent transmission to produce an
unauthorized effect.
 Active Attack: Modification
• Modification of messages : some portion of a
legitimate message is altered, or that messages are
delayed or reordered, to produce an unauthorized effect.

Modify message
 Active Attack: DoS
 The denial of service prevents or inhibits the
normal use or management of communications
facilities .
 Denial of service attacks do profit from
fundamental weaknesses of TCP/IP protocols, as
well as from incorrect implementations of TCP/IP
protocol stacks.
 This attack may have a specific target.
Eg: an entity may suppress all messages directed to a
particular destination
 Handling Attacks
 Passive attacks – focus on Prevention
• Easy to stop
• Hard to detect
 Active attacks – focus on Detection and
Recovery
• Hard to stop due to vulnerabilities
• Easy to detect
 Security Service
 Enhances security of data processing systems and
information transfers of an organization
 intended to counter security attacks
 use one or more security mechanisms
 often replicates functions normally associated with
physical documents
• Eg: have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized
or witnessed; be recorded or licensed
 Security Services
 X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

 RFC 2828:
“a processing or communication service provided
by a system to give a specific kind of protection
to system resources”
 X.800 divides the security services into 5
categories and 14 specific services.
1. Authentication
2. Access control
3. Data confidentiality
4. Data integrity
5. Nonrepudiation
6. Availability service
 Authentication
 Concerned with assuring that a communication is
authentic:
 The recipient of the message should be sure that the
message came from the source that it claims to be -
Peer Entity Authentication
 All communicating parties should be sure that the
connection is not interfered with by unauthorized
party- Data-Origin Authentication
Eg: consider a person, using online banking service.
Both the user and the bank should be assured in
identities of each other
 Access control
This service controls :

 who can have access to a resource;

 under what conditions access can occur;

 what those accessing are allowing to do.

Eg: in online banking a user may be allowed to see

his balance, but not allowed to make any
transactions for some of his accounts
 Data confidentiality
 The protection of data from unauthorized disclosure
(from passive attacks).
 Connection confidentiality : The protection of all
user data on a connection.
 Connectionless confidentiality: The protection of all
user data in a single data block
 Selective field confidentiality: The confidentiality of
selected fields within the user data on a connection
or in a single data block.
 Traffic -Flow Confidentiality : The protection of the
information that might be derived from observation
of traffic flows.
 Data Integrity
• The assurance that data received are exactly as sent
by an authorized entity, i.e.
 no modification
 no insertion
 no deletion
 no replay
 Protection from active attacks
1. Connection Integrity with Recovery : Provides for
the integrity of all user data on a connection and
detects any modification, insertion, deletion, or replay
of any data within an entire data sequence, with
recovery attempted.
2. Connection Integrity without Recovery : As
above, but provides only detection without
recovery.
3. Selective-Field Connection Integrity: Provides for
the integrity of selected fields within the user data
of a data block transferred over a connection and
takes the form of determination of whether the
selected fields have been modified, inserted,
deleted, or replayed.
4. Connectionless Integrity : Provides for the
integrity of a single connectionless data block and
may take the form of detection of data
modification.
5. Selective-Field Connectionless Integrity :
Provides for the integrity of selected fields within
a single connectionless data block; takes the form
of determination of whether the selected fields
have been modified.
 Nonrepudiation
 Protection against denial by one of the entities
involved in a communication of having participated
in the communication.
 Nonrepudiation can be related to:
 Origin: proof that the message was sent by the
specified party
 Destination: proof that the message was received by
the specified party
Eg: Imagine a user of online banking who has made a
transaction, but later denied that. How the bank can
protect itself in a such situation?
 Availability service
 Protects a system to ensure its availability
 Particularly, it addresses denial-of-service attacks
 Depends on other security services: access control,
authentication, etc
 Both X.800 and RFC 2828 define availability to be
the property of a system or a system resource
being accessible and usable upon demand by an
authorized system entity, according to
performance specifications for the system.
 Security Mechanism
 Control features designed to detect, prevent, or
recover from a security attack
 no single mechanism that will support all services
required
 however one particular element underlies many of
the security mechanisms in use:
 cryptographic techniques
 our focus on this topic
 Security Mechanisms (X.800)
 The mechanisms are divided into :
 those that are implemented in a specific protocol
layer and
 those that are not specific to any particular protocol
layer or security service.
 specific security mechanisms:
 encipherment, digital signatures, access controls,

data integrity, authentication exchange, traffic

padding, routing control, notarization
 pervasive security mechanisms:
 trusted functionality, security labels, event
detection, security audit trails, security recovery
 Homework
1. Consider an automated teller machine (ATM) in
which users provide a personal identification
number (PIN) and a card for account access.
 Give examples of confidentiality, integrity,
and availability requirements associated with that
system.
2. Relationship Between Security Services and
Mechanisms
Model for Network Security
 Model for Network Security
 using this model requires us to:
1. design a suitable algorithm for the security related
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Model for Network Access
Security
 Model for Network Access Security
 using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated information or
resources
 note that model does not include:
1. monitoring of system for successful penetration
2. monitoring of authorized users for misuse
3. audit logging for forensic uses, etc.
 Summary
 topicroadmap & standards organizations
 security concepts:
 confidentiality, integrity, availability
 X.800 security architecture
 security attacks, services, mechanisms
 models for network (access) security
CLASSICAL ENCRYPTION
TECHNIQUES
 Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key
 all classical encryption algorithms are private-
key
 was only type prior to invention of public-key
in 1970’s
 and by far most widely used (still)
 is significantly faster than public-key crypto
 Basic Terminologies
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to
ciphertext
 key - info used in cipher known only to
sender/receiver
 encipher (encrypt) - converting plaintext to
ciphertext
 decipher (decrypt) - recovering plaintext from
ciphertext
 cryptography - study of encryption principles/
methods
 cryptanalysis (codebreaking) - study of
principles/ methods of deciphering ciphertext
without knowing key
 cryptology - field of both cryptography and
cryptanalysis
Symmetric Cipher Model
 Requirements for secure use of symmetric
encryption:
1. a strong encryption algorithm
 At a minimum, an opponent who knows the algorithm
and has access to one or more ciphertexts would be
unable to decipher the ciphertext or figure out the key.
 In a stronger form, the opponent should be unable to
decrypt ciphertexts or discover the key even if he or
she has a number of ciphertexts together with the
plaintext for each ciphertext
2. a secret key known only to sender / receiver
 Sender and receiver must have obtained copies of the
secret key in a secure fashion and must keep the key
secure. If someone can discover the key and knows the
algorithm, all communication using this key is
readable.
 assume encryption algorithm is known
 Kerckhoff’s Principle: security in secrecy of
key alone, not in obscurity of the encryption
algorithm
 implies a secure channel to distribute key
 Central problem in symmetric cryptography
 Model of Symmetric
Cryptosystem
 The essential elements of a symmetric encryption scheme
is described here: