CRYPTOGRAPHY AND NETWORK SECURITY

ABSRACT

Cryptography and Network security are two complicated subjects.As people become “wired”, an
increasing number of people need to understand the basics of security in a networked
world.Cryptography helps in making the data to be secure over an insecure network. Network
security helps in maintaining the network to be in secured mode.We discussed on to consider risk
management, network threats, firewalls, and more special-purpose secure networking devices.

1
1. INTRODUCTION TO CRYPTOGRAPHY
Cryptography has been employed for keeping secrets since the time of Caesar. From
the simplest ciphers of shifting letters, to mathematically provably secure ciphers of
today, cryptography has progressed a long way. Cryptography makes it possible to
keep data secure over an insecure network. The basic idea of cryptography is to take a
plaintext message, combine it with a key, and get ciphertext output. The process of
encrypting plaintext messages is encryption. Getting the plaintext back from the
ciphertext is decryption. The process of trying to break a cryptosystem is
cryptanalysis.

2.FOUNDATIONS OF CRYPTOGRAPHY
The earliest use of cryptography was used by Caesar to transmit vital commands to
and from his officers. The method he use was simple, but highly effective for the
time. The idea was to take each letter, and shift it by a number of characters. So for a
shift of 2, A would become C, E would become G, M would become O, and so on.
Another variant of the same scheme is just to randomly replace one letter for another,
or the transposition cipher. The advantage here is that instead of 25 possible ways to
permute the text, there are 25! .The primary method used to transposition ciphers on
language text is to use a frequency table.
The beginning of modern cryptography is the use of the XOR digital operation. XOR
is an invertible bit level manipulation. It is defined by the following table.
Input1 Input2 Output
0 0 0
0 1 1
1 0 1
1 1 0

2
If a key of length equal to the message you want to encrypt is used and securely
transmitted, then the encrypted message is perfectly secure. The use of a very long
key in a set of repeated XOR operations is called a One Time Pad (OTP).

2.1 Encryption modes and Techniques

The two principle modes of operation for ciphers are stream and block ciphers. You
put in a bit, and a bit comes out. Incoming cipher text should ideally produce what
appears to be random output. Although stream ciphers have their uses, the more
common mode of operation is the block cipher. In this mode a block of bits is
operated on as a whole and results in a block of cipher text.The most famous block
cipher is DES, or the Data Encryption Standard. Other common ones are Blowfish,
IDEA, and the new AES.

2.1.1 ECB, CBC, and CTR modes

The way to use a block cipher is to fill the block with plaintext, and then to run the
cipher on it. When using this method, Electronic Codebook (ECB). To solve this
undesirable property, two other modes are used. The most common oneis the Cipher
Block Chaining, or CBC. In this process the previous cipher text is XOR'ed with the
plaintext block before it is encrypted.
A flow of ECB, CBC, and CTR modes

ECB: Plaintext-> |Encryptor| -> Ciphertext

CBC: Plaintext -> |XOR| -> |Encryptor| -> Ciphertext
Past block ---^

3
CTR: Plaintext -> |Combine| -> |Encryptor| -> Ciphertext
Counter -------^

3. KEY DISTRIBUTION
The problem with the crypto-systems of past was keeping the key secure, and
securely communicating the key to the other party. The general problem of this is key
distribution.Public key has solved the problem of key distribution. In a public key
cryptography system, there are two keys. One is for encrypting, and the other is for
decrypting.

4. KEY SERVICES
The only problem with public key cryptography is ensuring that the person who is
giving you their key, is really them, and it is their key.

5. USE OF CRYPTOSYSTEMS
The most commonly used is the hash function. The idea is that a small message can
be created to determine if a message is the same as the one that was used to generate
the hash. The most common message hash algorithm is MD5, and is used for many
distributors of programs as their hash algorithm of choice for their packages.Thus
Cryptography helps in making the data to be secure over an insecure network.

6. INTRODUCTION TO NETWORKING
A “network” is defined as “any set of interlinking lines resembling a net, a network of
roads or an interconnected system, a network of alliances.” This definition suits our
purpose well: a computer network is simply a system of interconnected computers.

6.1.Some Popular Networks

We're going to look at two of these networks, both of which are “public” networks.
Anyone can connect to either of these networks, or they can use types of networks to
connect their own hosts (computers) together, without connecting to the public
networks. Each type takes a very different approach to providing network services.

4
6.2.UUCP
UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix hosts together.
UUCP has since been ported to many different architectures, including PCs, Macs,
Amigos, Apple IIs, VMS hosts, everything else you can name.

6.3.Batch - Oriented Processing

UUCP and similar systems are batch-oriented systems: everything that they have to
do is added to a queue, and then at some specified time, everything in the queue is
processed.

7. TCP/IP LANGUAGE OF INTERNET

TCP/IP (Transport Control Protocol/Internet Protocol) is the “language” of the
Internet. Anything that can learn to “speak TCP/IP” can play on the Internet. This is
functionality that occurs at the Network (IP) and Transport (TCP) layers in the
ISO/OSI Reference Model. Consequently, a host that has TCP/IP functionality (such
as Unix, OS/2, Mac OS, or Windows NT) can easily support applications (such as
Netscape's Navigator) that uses the network.

7.1.Open Design
One of the most important features of TCP/IP isn't a technological one: The protocol
is an “open” protocol , and anyone who wishes to implement it may do so freely.
Engineers and scientists from all over the world participate in the IETF (Internet
Engineering Task Force) working groups that design the protocols that make the
Internet work. Their time is typically donated by their companies, and the result is
work that benefits everyone.

8. INTERNET PROTOCOL

5
As noted, IP is a “network layer” protocol. This is the layer that allows the hosts to
actually “talk” to each other. Such things as carrying datagram, mapping the Internet
address (such as 10.2.3.4) to a physical network address (such as 08:00:69:0a:ca:8f),
and routing, which takes care of making sure that all of the devices that have Internet
connectivity can find the way to each other.[1]

8.1 Understanding IP
IP has a number of very important features which make it an extremely robust and
flexible protocol. For our purposes, though, we're going to focus on the security of IP,
or more specifically, the lack thereof.

8.2 Attacks against IP

A number of attacks against IP are possible. Typically, these exploit the fact that IP
does not perform a robust mechanism for authentication, which is proving that a
packet came from where it claims it did. A packet simply claims to originate from a
given address, and there isn't a way to be sure that the host that sent the packet is
telling the truth. This isn't necessarily a weakness, but it is an important point,
because it means that the facility of host authentication has to be provided at a higher
layer on the ISO/OSI Reference Model. Today, applications that require strong host
authentication (such as cryptographic applications) do this at the application layer.

8.2.1.IP Spoofing
This is where one host claims to have the IP address of another. Since many systems
(such as router access control lists) define which packets may and which packets may
not pass based on the sender's IP address, this is a useful technique to an attacker: he
can send packets to a host, perhaps causing it to take some sort of action.

6
Additionally, some applications allow login based on the IP address of the person
making the request (such as the Berkeley r-commands). These are both good
examples how trusting non-trustable layers can provide security that is -- at best --
weak.

8.2.2.IP Session Hijacking

This is a relatively sophisticated attack, first described by Steve Bellovin. This is very
dangerous, however, because there are now toolkits available in the underground
community that allow otherwise unskilled bad-guy-wannabes to perpetrate this attack.
IP Session Hijacking is an attack whereby a user's session is taken over, being in the
control of the attacker. If the user was in the middle of email, the attacker is looking at
the email, and then can execute any commands he wishes as the attacked user. The
attacked user simply sees his session dropped, and may simply login again, perhaps
not even noticing that the attacker is still logged in and doing things.
For the description of the attack, let's return to our large network of networks. In this
attack, a user on host A is carrying on a session with host G. Perhaps this is a telnet
session, where the user is reading his email, or using a Unix shell account from home.
Somewhere in the network between A and B sits host H, which is run by a naughty
person. The naughty person on host H watches the traffic between A and G, and runs
a tool which starts to impersonate A to G, and at the same time tells A to shut up,
perhaps trying to convince it that G is no longer on the net (which might happen in the
event of a crash, or major network outage).

After a few seconds of this, if the attack is successful, naughty person has ``hijacked''
the session of our user. Anything that the user can do legitimately can now be done by
the attacker, illegitimately. As far as G knows, nothing has happened.
This can be solved by replacing standard telnet-type applications with encrypted
versions of the same thing. In this case, the attacker can still take over the session, but
he'll see only ``gibberish'' because the session is encrypted. The attacker will not have

7
the needed cryptographic key(s) to decrypt the data stream from G, and will,
therefore, be unable to do anything with the session.

8.3 TCP
TCP is a transport-layer protocol. It needs to sit on top of a network-layer protocol,
and was designed to ride atop IP. ( Just as IP was designed to carry, among other
things, TCP packets.) Because TCP and IP were designed together and wherever you
have one, you typically have the other, the entire suite of Internet protocols is known
collectively as “TCP/IP”. TCP itself has a number of important features that we'll
cover briefly.

8.3.1.Guaranteed Packet Delivery

Probably the most important is guaranteed packet delivery. Host A sending packets to
host B expects to get acknowledgments back for each packet. If B does not send an
acknowledgment within a specified amount of time, A will resend the packet.
Applications on host B will expect a data stream from a TCP session to be complete,
and in order. As noted, if a packet is missing, it will be resent by A, and if packets
arrive out of order, B will arrange them in proper order before passing the data to the
requesting application.

This is suited well toward a number of applications, such as a telnet session. A user
wants to be sure that the remote host receives every keystroke, and that it gets every
packet sent back, even if this means occasional slight delays in responsiveness while a
lost packet is resent, or while out-of-order packets are rearranged.

It is not suited well toward other applications, such as streaming audio or video,
however. In these, it doesn't really matter if a packet is lost (a lost packet in a stream
of 100 won't be distinguishable) but it does matter if they arrive late (i.e., because of a
host resending a packet presumed lost), since the data stream will be paused while the
lost packet is being resent. Once the lost packet is received, it will be put in the proper
slot in the data stream, and then passed up to the application.

8
8.4 UDP
UDP (User Datagram Protocol) is a simple transport-layer protocol. It does not
provide the same features as TCP, and is thus considered “unreliable.” Again,
although this is unsuitable for some applications, it does have much more
applicability in other applications than the more reliable and robust TCP.

8.4.1.Lower Overhead than TCP

One of the things that make UDP nice is its simplicity. Because it doesn't need to
keep track of the sequence of packets, whether they ever made it to their destination,
etc., it has lower overhead than TCP. This is another reason why it's more suited to
streaming-data applications: there's less screwing around that needs to be done with
making sure all the packets are there, in the right order, and that sort of thing.

Figure 1. A sample UUCP network.

8.5 Implementation Environment

Building a UUCP network is a simple matter of configuring two hosts to recognize each other, and
know how to get in touch with each other. Adding on to the network is simple; if hosts called A and B
have a UUCP network between them, and C would like to join the network, then it must be configured
to talk to A and/or B. Naturally, anything that C talks to must be made aware of C's existence before

9
any connections will work. Now, to connect D to the network, a connection must be established with
at least one of the hosts on the network, and so on.

In a UUCP network, users are identified in the format host!Userid. The “!” character
(pronounced “bang” in networking circles) is used to separate hosts and users.

9. POPULARITY
UUCP connections are typically made hourly, daily, or weekly, there is a fair bit of delay in getting
data from one user on a UUCP network to a user on the other end of the network. UUCP isn't very
flexible, as it's used for simply copying files Interactive protocols.

10. SESURITY
UUCP has security tradeoffs. Some strong points for its security is that it is fairly
limited in what it can do, and it's therefore more difficult to trick into doing something
it shouldn't; it's been around a long time, and most its bugs have been discovered,
analyzed, and fixed;.UUCP works by having a system-wide UUCP user account and
password. Any system that has a UUCP connection with another must know the
appropriate password for the UUCP or NUUCP account.[1]

10.1 Risk Management-The Game of Security

It's very important to understand that in security, one simply cannot say “what's the
best firewall?” There are two extremes: absolute security and absolute access.

10.2 Types and Sources of Networks Threats

The types of threats there are against networked computers, and then some things that
can be done to protect you against various threats are:

10.2.1.Denial-of-Service

10
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to
address. These are the nastiest, because they're very easy to launch, difficult to track,
and it isn't easy to refuse the requests of the attacker.

Some things that can be done to reduce the risk of being stung by a denial of service
attack include.

Not running your visible-to-the-world servers at a level too close to capacity using
packet filtering to prevent obviously forged packets from entering into your network
address space.

Keeping up-to-date on security-related patches for your host’s operating systems.

10.2.2.Unauthorized Access
“Unauthorized access” is a very high-level term that can refer to a number of different
sorts of attacks. The goal of these attacks is to access some resource that your
machine should not provide the attacker.

10.2.3.Executing Commands Illicitly

There are two main classifications of the severity of this problem: normal user access,
and administrator access. A normal user can do a number of things on a system that
an attacker should not be able to do. This might, then, be all the access that an
attacker needs.

11. DESTRUCTIVE BEHAVIOR

Among the destructive sorts of break-ins and attacks, there are two major categories:
Data Diddling
Data Destruction[3]

11.1 Data Diddling.

11
The data fiddler is likely the worst sort, since the fact of a break-in might not be
immediately obvious. Perhaps he's toying with the numbers in your spreadsheets, or
changing the dates in your projections and plans.

11.2 Data Destruction.

Some of those perpetrate attacks are simply twisted jerks who like to delete things.

11.2.1.They Come From

How, though, does an attacker gain access to your equipment?
Through any connection that you have to the outside world .
In order to be able to adequately address security, all possible avenues of entry must
be identified and evaluated. The security of that entry point must be consistent with
your stated policy on acceptable risk levels.

12. FIREWALLS
In order to provide level of separation between an organization's intranet and the
Internet, firewalls have been employed. A firewall is simply a group of components
that collectively form a barrier between two networks.
A number of terms specific to firewalls and networking are:

12.1 Bastion host

A general-purpose computer used to control access between the internal network and
the Internet.

12.2 Router
A special purpose computer for connecting networks together. Routers also handle
certain functions, such as routing, or managing the traffic on the networks they
connect.

12.3 Access Control List (ACL)

12
Many routers now have the ability to selectively perform their duties, based on a
number of facts about a packet that comes to it. This includes things like origination
address, destination address, destination service port.

12.4 Demilitarized Zone (DMZ).

The DMZ is a critical part of a firewall: it is a network that is neither part of the un-
trusted network, nor part of the trusted network. But, this is a network that connects
the un trusted to the trusted. The importance of a DMZ is tremendous: someone who
breaks into your network from the Internet should have to get through several layers
in order to successfully do so.

12.5 Proxy
This is the process of having one host act in behalf of another. A host that has the
ability to fetch documents from the Internet might be configured as a proxy server ,
and host on the intranet might be configured to be proxy clients
.
13. TYPES OF FIREWALLS
There are three basic types of firewalls, and we'll consider each of them.[2]

13.1 Application Gateways

The first firewalls were application gateways, and are sometimes known as proxy
gateways. These are made up of bastion hosts that run special software to act as a
proxy server.

13.2 Packet Filtering

Packet filtering is a technique whereby routers have ACL (Access Control Lists)
turned on. By default, a router will pass all traffic sent it, and will do so without any
sort of restrictions. Employing ACL is a method for enforcing your security policy
with regard to what sorts of access you allow the outside world to have to your
internal network.

13
13.3 Hybrid Systems
In some systems, new connections must be authenticated and approved at the
application layer. Once this has been done, the remainder of the connection is passed
down to the session layer.

14. Secure and Network Devices

It's important to remember that the firewall only one entry point to your network.

14.1 Secure Modems: Dial-Back Systems

If modem access is to be provided, this should be guarded carefully. The terminal
server, or network device that provides dial-up access to your network needs to be
actively administered, and its logs need to be examined for strange behavior. Its
password need to be strong -- not ones that can be guessed.

14.2 Crypto-Capable Routers

A feature that is being built into some routers is the ability to session encryption
between specified routers. Because traffic traveling across the Internet can be seen by
people in the middle who have the resources to snoop around, these are advantageous
for providing connectivity between two sites, such that there can be secure routes.

14.3 Virtual Private Networks

VPN (Virtual Private Networks) provide the ability for two offices to communicate
with each other in such a way that it looks like they're directly connected over a
private leased line.

15.CONCLUSION

14
We discussed about the UUCP, Risk Management, Types and Sources of Threats,
Types of Fire walls, Security Network Devices.

Thus we come to know that Network Security is most useful for better way of using
the internet without any problems. Network security helps in maintaining the network
to be in secured mode.

16.REFERENCES
[1] RSA Security’s Complete Reference – Burnett
[2] www.cryptography.com
[3] IEEE Network Security Journal Vol. 32 Paper. 4
[4] Handbook of Applied Cryptography

15