1502543 - Network Security

and Cryptography
Dr. Ala Altaweel
University of Sharjah

1
Course Description

• This course covers theory and practice of

cryptographic techniques used in computer security.
Topics include Encryption (secret-key and public-key)
and privacy, Secure authentication, Network and
Internet Security, Key management, Cryptographic
hashing and data integrity (Digital signatures),
Wireless network security.
• Through study of theory and exploration and more practical
application of technologies and techniques

2
Basic Course Information and Students’ Assessment:
• Instructor:
• Dr. Ala Altaweel
• Office Hours: TBA @ M5 222
• Email: [email protected]
• Make an appointment if necessary
• Textbook:
- William Stallings, “Cryptography and Network Security: Principles and Practices”, Prentice-Hall, 2017.
- Security in Computing 5th Edition, by Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies
2015.

Assessment Tool(s)** Date Weight (%)

Class participation Through the term 5
Assignments Through the term 10
Mid semester evaluation Week8 25
Final project presentation (group) Week 15 20
Written final evaluation Week16 40
Total 100

3
Networking Review: roadmap
Lecture goal: Overview/roadmap:
• Get “feel,” “big picture,” • What is the Internet? What is a
“Refresh” protocol?
• more depth, already • Network edge: hosts, access network,
covered during computer physical media
network course! • Network core: packet/circuit switching,
internet structure
• Protocol layers, service models

4
The Internet: a “nuts and bolts” view
Billions of connected mobile network
computing devices:
national or global ISP
 hosts = end systems
 running network apps at
Internet’s “edge”

Packet switches: forward

packets (chunks of data) local or
Internet
regional
ISP
 routers, switches
home network content
Communication links provider
network
 fiber, copper, radio, satellite datacenter
network

 transmission rate: bandwidth

Networks enterprise
 collection of devices, routers, links: network
managed by an organization

5
“Fun” Internet-connected devices
Tweet-a-watt:
monitor energy use

bikes

Pacemaker & Monitor

Amazon Echo Web-enabled toaster +

IP picture frame
weather forecaster
Internet
refrigerator
Slingbox: remote cars
control cable TV
Security Camera AR devices
sensorized, scooters
bed
mattress

Gaming devices
Others?
Internet phones Fitbit

6
 The Internet: a “nuts and bolts” view

mobile network
4G
• Internet: “network of networks” national or global ISP

• Interconnected ISPs
 protocols are everywhere Skype
IP
Streaming
video
• control sending, receiving of
messages local or
regional
• e.g., HTTP (Web), streaming video, ISP
Skype, TCP, IP, WiFi, 4G, Ethernet home network content
provider
HTTP network
 Internet standards datacenter
network
Ethernet
• RFC: Request for Comments
TCP
• IETF: Internet Engineering Task enterprise
Force network

WiFi

7
The Internet: a “services” view

• Infrastructure that provides mobile network

services to applications: national or global ISP

• Web, streaming video, multimedia

teleconferencing, email, games, e- Streaming
commerce, social media, inter- Skype video
connected appliances, … local or

 provides programming interface regional

ISP
to distributed applications: home network content
provider
• “hooks” allowing HTTP network datacenter

sending/receiving apps to
network

“connect” to, use Internet

transport service
enterprise
• provides service options, network

analogous to postal service

8
What’s a protocol?

Human protocols: Network protocols:

 “what’s the time?”  computers (devices) rather than humans
 “I have a question”  all communication activity in Internet
governed by protocols
 introductions

Rules for:
Protocols define the format, order of
… specific messages sent
messages sent and received
… specific actions taken among network entities, and
when message received,
or other events actions taken on message
transmission, receipt

9
What’s a protocol?

A human protocol and a computer network protocol:

Hi TCP connection
request
Hi TCP connection
response
Got the
time?
GET http://sharjah.ac.ae/en/Pages/default.aspx
2:00
<file>
time

Q: other human protocols?

10
Networking Review: roadmap
• What is the Internet?
• What is a protocol?
• Network edge: hosts, access
network, physical media
• Network core: packet/circuit
switching, internet structure

11
A closer look at Internet structure
mobile network

Network edge: national or global ISP

• hosts: clients and servers

• servers often in data centers
local or
regional
ISP
home network content
provider
network datacenter
network

enterprise
network

12
A closer look at Internet structure
mobile network

Network edge: national or global ISP

• hosts: clients and servers

• servers often in data centers
local or
Access networks, physical regional
ISP

media: home network content

provider
• wired, wireless communication network datacenter
network

links
enterprise
network

13
A closer look at Internet structure
mobile network

Network edge: national or global ISP

• hosts: clients and servers

• servers often in data centers
local or
Access networks, physical media: regional
ISP
• wired, wireless communication links home network content
provider
network
Network core: datacenter
network

 interconnected routers
 network of networks
enterprise
network

14
Access networks and physical media
Q: How to connect end systems to mobile network

edge router? national or global ISP

• residential access nets

• institutional access networks (school,
company)
• mobile access networks (WiFi, 4G/5G) local or
regional
ISP
home network content
provider
network datacenter
network

enterprise
network

15
Access networks: home networks
Wireless and wired
devices

to/from headend or
central office
often combined
in single box

cable or DSL modem

WiFi wireless access router, firewall, NAT

point (54, 450
Mbps) wired Ethernet (1 Gbps)

16
Access networks: enterprise networks

Enterprise link to
ISP (Internet)
institutional router
Ethernet institutional mail,
switch web servers

 companies, universities, etc.

 mix of wired, wireless link technologies, connecting a mix of switches
and routers
 Ethernet: wired access at 100Mbps, 1Gbps, 10Gbps
 WiFi: wireless access points at 11, 54, 450 Mbps

17
 Access networks: data center networks
mobile network
 high-bandwidth links (10s to 100s national or global ISP
Gbps) connect hundreds to thousands
of servers together, and to Internet

local or
regional
ISP
home network content
provider
network datacenter
network

Courtesy: Massachusetts Green High Performance Computing enterprise

Center (mghpcc.org) network

18
Host: sends packets of data
host sending function:
 takes application message
 breaks into smaller chunks, two packets,
known as packets, of length L bits L bits each

 transmits packet into access

network at transmission rate R 2 1

• link transmission rate, aka link host

capacity, aka link bandwidth R: link transmission rate

packet time needed to L (bits)

transmission = transmit L-bit =
delay packet into link R (bits/sec)

19
Links: physical media
 bit: propagates between Twisted pair (TP)
transmitter/receiver pairs
 two insulated copper wires
 physical link: what lies • Category 5: 100 Mbps, 1 Gbps Ethernet
between transmitter & • Category 6: 10Gbps Ethernet
receiver
 guided media:
• signals propagate in solid
media: copper, fiber, coax
 unguided media:
• signals propagate freely,
e.g., radio

20
Links: physical media
Coaxial cable: Fiber optic cable:
 two concentric copper conductors  glass fiber carrying light pulses, each
pulse a bit
 bidirectional
 high-speed operation:
 broadband: • high-speed point-to-point
• multiple frequency channels on cable transmission (10’s-100’s Gbps)
• 100’s Mbps per channel  low error rate:
• repeaters spaced far apart
• immune to electromagnetic noise

21
Networking Review: roadmap
• What is the Internet?
• What is a protocol?
• Network edge: hosts, access
network, physical media
• Network core: packet/circuit
switching, internet structure
• Protocol layers, service models

22
The network core
• mesh of interconnected routers mobile network
national or global ISP
• packet-switching: hosts break
application-layer messages into
packets
• network forwards packets from one local or
router to the next, across links on regional
ISP

path from source to destination home network content

provider
network datacenter
network

enterprise
network

23
 Two key network-core functions

routing algorithm Routing:

Forwarding: local forwarding table
 global action:
header value output link determine source-
• aka “switching” 0100
0101
3
2 destination paths
• local action: move 0111 2
taken by packets
arriving packets 1001 1

from router’s  routing algorithms

input link to 1
appropriate router
output link 3 2

destination address in arriving

packet’s header

24
routing

25
 forwarding
forwarding

26
Packet-switching: store-and-forward

L bits
per packet
3 2 1
source destination
R bps R bps

• packet transmission delay: takes L/R seconds to

transmit (push out) L-bit packet into link at R bps
• store and forward: entire packet must arrive at
router before it can be transmitted on next link

27
Packet-switching: queueing
R = 100 Mb/s
A C

D
B R = 1.5 Mb/s
E
queue of packets
waiting for transmission
over output link

Queueing occurs when work arrives faster than it can be serviced:

Packet loss?!

28
Alternative to packet switching: circuit switching
end-end resources allocated to,
reserved for “call” between source
and destination
• in diagram, each link has four circuits.
• call gets 2nd circuit in top link and 1st
circuit in right link.
• dedicated resources: no sharing
• circuit-like (guaranteed) performance
• circuit segment idle if not used by call (no
sharing)
 commonly used in traditional telephone networks

29
Networking Review: roadmap
• What is the Internet?
• What is a protocol?
• Network edge: hosts, access
network, physical media
• Network core: packet/circuit
switching, internet structure
• Protocol layers, service models

30
Protocol “layers” and reference models
Networks are complex, Question: is there any
with many “pieces”: hope of organizing
 hosts structure of network?
 routers and/or our discussion
 links of various media of networks?
 applications
 protocols
 hardware, software

31
Example: organization of air travel
end-to-end transfer of person plus baggage
ticket (purchase) ticket (complain)
baggage (check) baggage (claim)
gates (load) gates (unload)
runway takeoff runway landing
airplane routing airplane routing
airplane routing

How would you define/discuss the system of airline travel?

 a series of steps, involving many services

32
Example: organization of air travel

ticket (purchase) ticketing service ticket (complain)

baggage (check) baggage service baggage (claim)
gates (load) gate service gates (unload)
runway takeoff runway service runway landing
airplane routing routing service
airplane routing airplane routing

layers: each layer implements a service

 via its own internal-layer actions
 relying on services provided by layer below

33
Why layering?
Approach to designing/discussing complex systems:
 explicit structure allows identification,
relationship of system’s pieces
• layered reference model for discussion
 modularization eases maintenance,
updating of system
• change in layer's service implementation:
transparent to rest of system
• e.g., change in gate procedure doesn’t
affect rest of system

34
Layered Internet protocol stack
 application: supporting network applications
• HTTP, IMAP, SMTP, DNS
application
application
 transport: process-process data transfer
• TCP, UDP transport
transport
 network: routing of datagrams from source to
destination network
• IP, routing protocols
link
 link: data transfer between neighboring
network elements (i.e., 1-hop) physical
• Ethernet, 802.11 (WiFi), PPP
 physical: bits “on the wire”

35
 Services, Layering and Encapsulation
M
application Application exchanges messages to application
implement some application service
transport using services Ht of
M transport layer
transport
Transport-layer protocol transfers M
(e.g., reliably) from one process to
network another, using services of network layer network
 transport-layer protocol encapsulates
link application-layer message, M, with link
transport layer-layer header Ht to
create a transport-layer segment
physical • Ht used by transport layer protocol physical
to implement its service
source destination

36
 Services, Layering and Encapsulation
M
application application
Ht M
transport transport
Transport-layer protocol transfers M
(e.g., reliably) from one process to
network another, using Hservices
n Ht M of network layer network
Network-layer protocol transfers
transport-layer segment [Ht | M] from
link one host to another, using link layer link
services
physical physical
 network-layer protocol encapsulates
transport-layer segment [Ht | M] with
source network layer-layer header Hn to destination
create a network-layer datagram
• Hn used by network layer protocol to
implement its service
37
 Services, Layering and Encapsulation
M
application application
Ht M
transport transport

network Hn Ht M network
Network-layer protocol transfers
transport-layer segment [Ht | M] from
link Hl Hn Ht M
one host to another, using link layer link
Link-layer protocol transfers datagram
services
physical [Hn| [Ht |M] from host to neighboring physical
host, using physical-layer services
 link-layer protocol encapsulates
source network datagram [Hn| [Ht |M], with link- destination
layer header Hl to create a link-layer
frame

38
 Services, Layering and Encapsulation
M
application M application
message
Ht M
transport Ht M transport
segment
network Hn Ht M Hn Ht M network
datagram
link Hl Hn Ht M Hl Hn Ht M
link
frame
physical physical

source destination

39
 message
source
application
Encapsulation: an
end-end view
M
segment Ht M transport
datagram Hn Ht M network
frame Hl Hn Ht M link
physical

link
physical

switch

destination Hn Ht M network
M application Hl Hn Ht M link Hn Ht M
Ht M transport physical
Hn Ht M network
Hl Hn Ht M link router
physical

40
Chapter 1
Overview

42
Security: overview
Lecture goals:
 understand principles of network security:
• cryptography and its many uses beyond “confidentiality”
• authentication
• message integrity
 security in practice:
• firewalls and intrusion detection systems
• security in application, transport, network, link layers

43
 Computer Security

• The NIST* Computer Security Handbook defines the

term computer security as:
“the protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources” (includes
hardware, software, firmware, information/
data, and telecommunications)

* National Institute of Standards and Technology, USA

44
What is network security?
confidentiality: only sender, intended receiver should “understand”
message contents
• sender encrypts message
• receiver decrypts message
authentication: sender, receiver want to confirm identity of each
other
message integrity: sender, receiver want to ensure message not
altered (in transit, or afterwards) without detection
access and availability: services must be accessible and available to
users

46
Friends and enemies: Alice, Bob, Trudy
 well-known in network security world
 Bob, Alice (friends!) want to communicate “securely”
 Trudy (intruder) may intercept, delete, add messages

Alice channel data, control Bob

messages

secure secure
data data
sender receiver

Trudy

47
Friends and enemies: Alice, Bob, Trudy
Who might Bob and Alice be?
 … well, real-life Bobs and Alices!
 Web browser/server for electronic transactions (e.g., on-line purchases)
 on-line banking client/server
 DNS servers
 BGP routers exchanging routing table updates
 other examples?

48
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: A lot!
• eavesdrop: intercept messages
• actively insert messages into connection
• impersonation: can fake (spoof) source address in packet (or any
field in packet)
• hijacking: “take over” ongoing connection by removing sender or
receiver, inserting himself in place
• denial of service: prevent service from being used by others (e.g.,
by overloading resources)

49
most of the protocols are mixed of first two, asymmetric used to share the keys, then symmetric

Cryptographic algorithms and protocols can be

grouped into four main areas:
The key is the same for both
Symmetric encryption

• Used to conceal the contents of blocks or streams of data of any size,

including messages, files, encryption keys, and passwords
The key is not the same
Asymmetric encryption It is time costly

• Used to conceal small blocks of data, such as encryption keys and hash
function values, which are used in digital signatures

Data integrity algorithms

• Used to protect blocks of data, such as messages, from alteration

Authentication protocols

• Schemes based on the use of cryptographic algorithms designed to

authenticate the identity of entities

50
 Authentication
Impersonate

Do the same action again & authentication

Confidentiality and

Integrity

Availability
One way authentication or (data origin): like home wifi that require a password
Peer: like two factor authentication

: mutual authentication
Secret key