CRYPTOGRAPHY AND NETWORK

1 Introduction to Network Security

LEARNING OBJECTIVES:

• To understand the definitions of Cryptography and Network Security

• To understand the need for Cryptography
• To know the basic terms related with Cryptography
• To know the importance of cryptography in various fields.

1.1 Introduction to Network Security

Security is the state of being free from danger or threat. In other words, Security is the
ability of a system to protect information or data and system resources with respect to
confidentiality and integrity.

The main objective of security is to increase the reliability of system by preventing

breaches. The measures are taken to protect computers and their contents from unauthorized
use.

Good Security Standards follow the “90 / 10” Rule explain as 10% of security safeguards
are technical and 90% of security safeguards rely on the computer user to adhere to good
computing practices.

1.2 Need for Security

To prevent unauthorised access and protect the information from the attackers

Different Types of Security:

The security required for protecting the information can be categorised as the following:

Ø Data security -Data security is the means of ensuring that data is kept safe from
corruption and that access to it is suitably controlled.

Ø Computer Security– The objective of computer security includes protection of

information and property from theft, corruption, or natural disaster, while allowing the
information and property to remain accessible and productive to its intended
users. Malware:Malicious Software includes computer viruses, worms, trojan horses, most
rootkits, spyware, dishonest adware.
 Ø Network Security– protect the network and the network-accessible resources from
unauthorized access, consistent and continuous monitoring and measurement of its
effectiveness.

1.3 Various Aspects of Security

Computer Security – generic name for the collection of tools designed to protect data and
to thwart hackers.

It ensures that only authorized personnel have access to computer files.

Computer facilities have been physically protected for three reasons:

1) To prevent theft of or damage to the hardware.

2) To prevent theft of or damage to the information.
3) To prevent disruption of service.

Computer security: Cybersecurity is the protection of computing systems and the data
that they store or access.

Network Security – Measures to protect data during their transmission. Which means
protection of computer network and its services from unauthorised modification, destruction
or disclosure. Network security targets a variety of threats and stops them from entering or
spreading on your network.
Internet Security – Measures to protect data during their transmission over a collection of
interconnected networks.It encompasses browser security and protects against attacks over
the internet(internet based threats). Example – Ecommerce Website in which transaction
happens.

1.3 Cryptography

Cryptography (from Greek kryptós, “hidden”, and gráphein, “to write”) is, traditionally,
the study of means of converting information from its normal, comprehensible form into an
incomprehensible format, rendering it unreadable without secret knowledge — the art of
encryption.

Cryptography helped ensure secrecy in important communications, such as those of spies,

military leaders, and diplomats. In recent decades, cryptography has expanded its remit in
two ways mechanisms for more than just keeping secrets: schemes like digital signatures and
digital cash, for example in widespread use by many civilians, and users are not aware of it.

Cryptography means art of Secret Writing The process of writing or reading secret
messages or codes. The art of protecting information (plain text) by transforming it
(encrypting it) into an unreadable format, called cipher text(unintelligible text).Science of
encoding messages so that only the sender and receiver can understand them.

1.3.1 Need for Cryptography

 In today’s world thousands of people interact electronically every day by different means
like e-mails, ATM machines, e-commerce or cellular phones. The rapid increase of
information transmitted electronically resulted to an increased reliance on cryptography. The
main aim of cryptographic feature designed to detect, prevent, or recover from a security
attack.

The security attacks may either deliberately or unknowingly a particular person tries to
gain the control of particular system or particular network. There are no single mechanism
that will support all security required, however one particular element underlies many of the
security mechanisms in use cryptographic techniques.

1.4 Network Security Trends

The current trend in security threats are shown in the figure 1.1.Threat are nothing but the
danger or harm that exploits the system or network in the aspect of data or services. Spyware
is a piece of software that are used to gather information from your system without your
knowledge.

1.5 Network Security Applications

The network; Security may be applied in various fields as given:

Ø Web contents – Content which deals with user experience on websites. It may be a text/
images/ video/animation/sound.
 Ø Emails communication – Electronic mail communication is an effective way of
communication which helps in day today communication.

Ø E- Commerce application – Trading (Buying/Selling) over internet.

Ø Remote login – Connecting to a system from remote location through internet

connection.(VPN)
Ø Database storage – Cloud storage, Google Drive where data is stored online.
Ø Banking transaction – online banking activities need to be protected

1.6 Key Security Concepts

The main objectives of the network security are confidentiality, integrity,an availability as
shown in the figure 1.2. These are the three key objectives and heart of security.

1.6.1 Types of Services

1.6.1.1 Confidentiality

Confidentiality assures that private or confidential information is not made available or

disclosed to unauthorized individuals. It is an integral component of security.

For example when banking online user-IDs and passwords that uniquely identify data
systems’ users and control access to data systems, resources, hence achieves the goal of
confidentiality.

1.6.1.2 Privacy
 Most Web users want to understand that personal information they share will not be shared
with anyone else without their permission. Message privacy, particularly for e-commerce
transactions, requires encryption.

1.6.1.3 Integrity

Is the assurance that information can only be accessed or modified by those authorized to
do so. For example, if you were sending an online money transfer for Rs.10,000,but the
receiver is received only Rs.100 due to the tampered information.

Data integrity – The integrity is the way to assurance that data received are exactly as sent
by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Integrity
assures that information and programs are changed only in authorized manner.If the data
received isn’t the same as the data sent, you’ve got a problem! Much of networking involves
working to improve data integrity.

System integrity-This assures that a system performs its intended function free from
deliberate or inadvertent unauthorized manipulation.

1.6.1.4 Availability

Availability are mainly needs to ensure the services are available to the end user whenever
it is required.

1.6.1.5 Nonrepudiation

Provides protection against denial by one of the entities involved in a communication of

having participated in all or part of the communication.

1.6.1.6 Authentication

Entity authentication

the assurance that a given entity is involved and currently active in a communication
session (sometimes referred to as identification).

Data integrity the assurance that data has not been altered in an unauthorised (or
accidental) manner since the time that the data was last created, transmitted or stored by an
authorised user.

Data origin authentication

the assurance that a given entity was the original source of some data (sometimes referred
to as message authentication).

1.7 Example for types of Services

 • confidentiality – student grades
• integrity – patient information
• availability – authentication service
• authenticity – admission ticket
• non-repudiation – stock sell order

1.8 Aspects of Security

The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as

1.8.1 Security attack

If any actions that compromise the system in related to security components.

1.8.2 Security mechanism

A process (or a device incorporating such a process) that is designed to detect, prevent, or
recover from a security attack.

1.8.2 Security service

A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. The services are intended to counter
security attacks, and they make use of one or more security mechanisms to provide the
service.

1.9 Threats and Attacks (RFC 2828)

1.9.1 Threat

The threats are a potential for violation of security, which exists in the circumstance,
capability, action, or event that could breach security and causes harmful to the system.
Hence, a threat is a possible danger that might exploit a vulnerability of the system.

1.9.2Attack

An attack on system security is actually derives from an intelligent threat mechanism. The
goal of the attacker is to deliberate attempt to evade security services and violate the security
policy of a system.

1.9.2.1 Security Attack

Any action that tries to compromises the security of information owned by an organization
information security is about how to prevent attacks, or failing that, to detect attacks on
information-based systems often threat & attack used to mean same thing have a wide range
of attacks can focus of generic types of attacks.

1.9.2.1 Passive attack

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
attacker attempting to break the system solely based upon observed data as shown in figure
1.3 (i.e. the ciphertext)

Interception –The attacker routinely monitors network traffic. Intercept missions can
occur for years without the knowledge of the intercept parties.

Traffic Analysis – A passive attack is a network attack in which a system is monitored and
sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain
information about the target and no data is changed on the target.

Interruption – An unauthorized party gains access to an asset. This is an attack on

confidentiality. Unauthorized party could be a person, a program or a computer. e.g.,
wiretapping to capture data in the network, illegal copying of files.

1.9.2.2 Active attack

These attacks involve some modification of the data stream or the creation of a false
stream as shown in figure 1.4. The hacker attempts to make changes to data on the target or
data via route to the target.
 Fabrication – This sort of attack usually inserts new information, or records extra
information on a file. It is mainly used to gain access to data or a service.

Replay- Replay attacks are the network attacks in which an attacker spies the conversation
between the sender and receiver and takes the authenticated information e.g. sharing key and
then contact to the receiver with that key. In Replay attack the attacker gives the proof of his
identity and authenticity. For example: Suppose in the communication of two parties A and
B; A is sharing his key to B to prove his identity but in the meanwhile Attacker C eavesdrop
the conversation between them and keeps the information which are needed to prove his
identity to B. Later C contacts to B and prove its authenticity.

Modification – If the legitimate messages are altered or deleted during the transmission in
real time, then it needs a “man in the middle”.

1.10 Handling Attacks

List of merits and demerits of passive and active attacks

Passive attacks – focus on Prevention

• More dangerous
• Easy to stop
• Hard to detect
• Hard to stop
• Easy to detect

1.11 Security Service

It enhances security of data processing systems and information transfers of an

organization intended to counter security attacks. Using one or more security mechanisms
often replicates functions normally associated with physical documents which, for example,
have signatures, dates; need protection from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed

1.12 Symmetric and public key algorithms

Encryption/Decryption methods fall into two categories.

a. Symmetric key and

b. Public key

In symmetric key algorithms, the encryption and decryption keys are known both to sender
and receiver. The encryption key is shared and the decryption key is easily calculated from it.
In many cases, the encryption and decryption keys are the same.
In public key cryptography, encryption key is made public, but it is computationally
infeasible to find the decryption key without the information known to the receiver.

1.13 Model for Network Security

A message is to be transferred from one party to another across some sort of internet. The
two parties, who are the principals in this transaction, must cooperate for the exchange to take
place. A logical information channel is established by defining a route through the internet
from source to destination and by the cooperative use of communication protocols (e.g.,
TCP/IP) by the two principals

Using this model requires us to:

1. design a suitable algorithm for the security transformation.

2. generate the secret information (keys) used by the algorithm.
3. develop methods to distribute and share the secret information.
4. specify a protocol enabling the principals to use the transformation and secret
information for a security service.

Using this model requires us to:

• select appropriate gatekeeper functions to identify users

• implement security controls to ensure only authorised users access designated
information or resources
 • trusted computer systems may be useful to help implement this model

1.14 Various Areas- Importance of Security

• Cloud Computing
• Wireless Networks
• Data Analytics
• Social Networking
• Internet of Things

Summary

 Outlined the different definitions of Cryptography.

 Explained the various attacks and need for security.
 Discussed different applications of Network security.
 Models for network (access) security.
 Explored the role of cryptography in the various fields.

you can view video on Introduction to Network Security