Master of Science in Cybercrimes and Digital Evidences Analysis, PTUK

Applied Cryptography
17022522
-Introduction to Network Security-
Lecture slides by
Dr. Eman Daraghmi
Associate Professor
PTUK

Eman Yaser Daraghmi, Ph.D

1
[email protected]
Topics to be covered …

vNetwork security definition

vSecurity attacks, Security services and Security mechanism

vNetwork Security Model

vTechniques

2
Part I: Network Security Definition

3
Background

• Information Security requirements have changed in recent times:

§ Traditionally provided by physical and administrative mechanisms

§ Computer use requires automated tools to protect files and other stored
information. “computer security”

§ Use of networks and communications links requires measures to protect data

during transmission. “network security”

4
 ????
Computer Security vs. Network Security

5
Definitions

vComputer Security - generic name for the collection of tools

designed to protect data and to thwart hackers

vNetwork Security - measures to protect data during their

transmission

6
Security Goals

7
Security Goals

8
Security Goals

9
Security Goals

• Confidentiality is probably the most common aspect of

information security. We need to protect our confidential
information. An organization needs to guard against those
malicious actions that endanger the confidentiality of its
information.

• Information needs to be changed constantly. Integrity means that

changes need to be done only by authorized entities and through
authorized mechanisms.

• The information created and stored by an organization needs to be

available to authorized entities. Information needs to be constantly
changed, which means it must be accessible to authorized entities.

10
Part II: Security Attacks, Services and
Mechanisms

11
OSI Security Architecture

vITU-T X.800 recommendation “Security Architecture for OSI”

üdefines a systematic way of defining and providing security requirements
üit provides a useful, if abstract, overview of network security concepts

vThe OSI security architecture considers 3 aspects of information

security:
üsecurity attack
üsecurity mechanism
üsecurity service

12
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

13
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Snooping refers to unauthorized

access to or interception of data.

14
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Traffic analysis refers to obtaining

some other type of information by
monitoring online traffic.

15
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing
Modification means that the attacker
intercepts the message and changes it.

16
Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Masquerading or spoofing happens

when the attacker impersonates
somebody else. 17
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Replaying means the attacker obtains a copy

of a message sent by a user and later tries to
replay it.
18
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Repudiation means that sender of the message

might later deny that she has sent the message; the
receiver of the message might later deny that he
has received the message. 19
 Security Attack

• Any action that compromises the security of information owned by an

organization
• Information security is about how to prevent attacks, or to detect
attacks on information-based systems.
• Often threat & attack used to mean same thing

Denial of service (DoS) is a very common attack.

It may slow down or totally interrupt the service of
a system. 20
Security attacks

Categorization of passive and active attacks

1.21
 Passive Attack
vPassive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted. A passive attack attempts to learn or make use of information from
the system but does not affect system resources

vPassive attacks are very difficult to detect because they do not involve any
alteration of the data.

vTypically, the message traffic is sent and received in an apparently normal fashion
and neither the sender nor receiver is aware that a third party has read the
messages or observed the traffic pattern.

vIt is feasible to prevent the success of these attacks, usually by means of

encryption.

vThe emphasis in dealing with passive attacks is on prevention rather than

detection.

22
Active Attacks

Active attacks involve some modification of the data

stream or the creation of a false stream

vActive attacks present the opposite characteristics of

passive attacks.
vpassive attacks are difficult to detect, measures are
available to prevent their success, while the goal is to
detect active attacks and to recover from any disruption or
delays caused by them.

23
Security Services

X.800 defines a security service as a service that ensures adequate

security of the systems or of data transfers. It is a processing or
communication service that is provided by a system to give a specific kind
of protection to system resources

1- Data Confidentiality –protection of data from unauthorized disclosure

2- Data Integrity - assurance that data received is as sent by an authorized
entity

24
Security Services

X.800 defines a security service as a service that ensures adequate

security of the systems or of data transfers. It is a processing or
communication service that is provided by a system to give a specific kind
of protection to system resources

3- Authentication - assurance that the communicating entity is the one claimed

- Peer entity authentication: Provides for the corroboration of the identity of a peer
entity in an association. Used in association with a logical connection to provide
confidence in the identity of the entities connected.
- Data origin authentication: Provides for the corroboration of the source of a data
unit. In a connectionless transfer, provides assurance that the source of received 25
data is as claimed.
Security Services

X.800 defines a security service as a service that ensures adequate

security of the systems or of data transfers. It is a processing or
communication service that is provided by a system to give a specific kind
of protection to system resources

4-Non-Repudiation Provides protection against denial by one of the entities involved in a

communication of having participated in all or part of the communication.

üNonrepudiation, Origin Proof that the message was sent by the specified party.
üNonrepudiation, Destination Proof that the message was received by the
specified party.
26
Security Services

X.800 defines a security service as a service that ensures adequate

security of the systems or of data transfers. It is a processing or
communication service that is provided by a system to give a specific kind
of protection to system resources

5- Access Control - The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and
what those accessing the resource are allowed to do).

27
Security Mechanisms

28
 Security Mechanisms (X.800)
vEncipherment
üThe use of mathematical algorithms to transform data into a form that is not
readily intelligible. The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
vDigital Signature
üData appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the recipient).

29
Security Mechanisms (X.800)

vAccess Control
üA variety of mechanisms that enforce access rights to resources.
vData Integrity
üA variety of mechanisms used to assure the integrity of a data unit or stream
of data units.
vAuthentication Exchange
üA mechanism intended to ensure the identity of an entity by means of
information exchange.

30
Security Mechanisms (X.800)

vTraffic Padding
üThe insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
vRouting Control
üEnables selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspected.
vNotarization
üThe use of a trusted third party to assure certain properties of a data exchange.

31
Relation between Services and Mechanisms

Relation between security services and mechanisms

32
Model for Network Security

v using this model requires us to:

1. design a suitable algorithm for the security transformation
2. generate the secret information (keys) used by the algorithm
3. develop methods to distribute and share the secret information
4. specify a protocol enabling the principals to use the transformation and
secret information for a security service 34
Model for Network Access Security

v using this model requires us to:

1. select appropriate gatekeeper functions to identify users
2. implement security controls to ensure only authorised users access
designated information or resources

35
Part IV: Other Techniques

Mechanisms discussed in the previous sections are only

theoretical recipes to implement security. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.

Topics discussed in this section:

- Cryptography
- Steganography

1.36
Cryptography & Steganography

Cryptography, a word with Greek origins, means

“secret writing.” However, we use the term to refer to
the science and art of transforming messages to make
them secure and immune to attacks.

The word steganography, with origin in Greek, means

“covered writing,” in contrast with cryptography,
which means “secret writing.”

37