CHAPTER 1

INTRODUCTION
 Reference Book

1. Atul Kahate – Cryptography and Network Security

2. Cryptography and Information Security, V.K. Pachghare

3. Kaufman C, Perlman R and Speciner - “Network Security”, Privtae
Communication in a public world

4. William Stallings – Cryptography and Network Security: Applications

and standards

5. Network Security and Cryptography: Bernard Menezes

 BACKGROUND

• Information security requirements have been changed nowadays.

• Traditionally organizations was provided with physical and

administrative means

• With the introduction of computers, the need for automated tools for
protecting information's and files has become evident.

• Another thing that affected security is the use of networks and

communication facilities for carrying information between different
users.
Information is an asset to all individuals and businesses.

Information Security refers to the protection of these assets

Information Security is the practice of preventing

unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction
of information.
• It is the protection of information and its critical
elements, including the systems and hardware that
use, store, and transmit that information.

• It is an arena where the primary mission is to

ensure things stay the way they are.
 Need for information security

• Information security performs four important

functions for an organization:

1.Protects the organization’s ability to function

2.Enables the safe operation of applications
implemented
3.Protects the data the organization collects and uses
4.Safeguards the technology assets in use at the
organization
Services, Mechanisms and Attacks

• In that we have to consider three aspects of

information security

• They are
Security Attack

Security Mechanism

Security Service
 Service

It is a service that enhances the security of the data

processing systems and the information transfers of an
organization

They will counter security attacks

It make use of one or more security mechanisms to

provide the service
Eg: Most of the activities such as military, foreign
policy etc depend on the use of documents.
These documents have signatures and dates. It
should be protected from disclosure, tampering
or destruction
• Now electronic information takes many of the
roles performed by paper documents
• Several aspects of electronic document makes
its services challenging
• Now electronic information takes many of the
roles performed by paper documents

• Several aspects of electronic document makes

its services challenging
1. Since electronic document is a sequence of bits there is
no difference between original and any number of copies

2. Altering bits in a computer memory leaves no physical

traces

3. Proof of authenticity of electronic document is not based

on the physical characteristics of the document
 Mechanisms

• It is a mechanism that is designed to detect, prevent or

recover from a security attack.

• No single mechanism will support all the functions.

• Encryption is the most common technique used in

providing security.

• Techniques like cryptography underlies many of the security

mechanisms in use
 Attacks

• It is any action that compromises the security of

information owned by an organization

• Information security is about how to prevent attacks, or to

detect attacks on information-based systems

• wide range of attacks are available

• Nature of attacks varies from one circumstances to another

 Principles of security

• Objective of information security includes

protection of information from theft,
corruption or natural disaster

• It will also allow information to remain

accessible to its intended users.
• Principles of security includes
Confidentiality
Authentication
Integrity
Non-repudiation
Access control
Availability
 Confidentiality

• It specifies that only the sender and intended

recipient should be able to access the contents of a
message

• It gets compromised if an unauthorized person is

able to access a message
Loss of confidentiality
• This type of attack is known as interception

• Interception causes loss of message

confidentiality
 Authentication

• Authentication mechanism helps to establish the

proof of identity

• It is concerned with assuring that a service is

authentic

• It ensures that the origin of a message is correctly

documented
Absence of authentication
• This type of attack is called fabrication
 Integrity

• If the contents of a message are changed after the

sender sends it and before the receiver receives it, then
it is said the integrity of message is lost
• Two types of integrity services are available

Connection oriented integrity services

Connectionless integrity services
Connection oriented integrity service
• It deals with a stream of messages
• It assures that the messages are received as
sent with no duplication, insertion or
modification
• It addresses both message stream
modification and denial of services
 Connectionless integrity service
• It deals with individual messages

• It provides protection against message

modification only

• If violation of integrity is reported service will

only report the violation
Loss of integrity
• This type of attack is called modification

• Modification causes loss of integrity

 Non-repudiation

• It prevents the sender and receiver from

denying a transmitted message

• It does not allow the sender to refute the

claim of not sending that message
Establishing non-repudiation
 Access Control

• It is the ability to limit and control the access

to host systems and applications via
communication line

• It determines who should be able to access

what
• Access control is related to two areas

- role management
- rule management
• Role management- focuses on user side
- Which user can do what

• Rule management –focuses on resource side

- which resource is accessible and under
what circumstances
• Based on the decision, access-control matrix is
prepared

• It lists users against a list of items they can

access
 Availability

• Principle of availability states that resources

should be available to authorized parties at all
times

• Variety of attacks can result in the loss of or

reduction in availability

• Such an attack is called interruption

 Types of attacks

• Attacks can be classified with respect to two

views

1. General view
2. Technical view
 Attacks :General view

• Classified in to three

1. Criminal attacks
2. Publicity attacks
3. Legal attacks
 Criminal attacks

• Aim of the attacker is to maximize financial gain by

attacking computer systems
• Some forms of criminal attacks are
- fraud
- scams
- destruction
- identity theft
- intellectual property theft
- brand theft
 Publicity attacks

• Occurs because the attackers wants to see their

names appear on newspapers and media

• Eg: damaging the web pages of a site by attacking it

 Legal attacks

• attacker tries to make the jury doubtful about the

security of a computer system

• Aim is to exploit the weakness of the jury in

technological matters
 Attacks :Technical view

• Generally the information will flow from the

source to the destination.

• It is know as Normal Flow

• Four general categories of attacks
• They are
Interruption
Interception
Modification
Fabrication
 Interruption

• It is an attack on availability

• In this an asset of the system is destroyed or

become unavailable or unusable

E.g. destruction of a piece of hardware, such as

hard disk, cutting of communication line or
disabling of the file management system
 Interception
• It is an attack on confidentiality

• In this attack an unauthorized party gains

access to an asset.

• The unauthorized party may be a person,

program or a computer
Eg: unauthorized copying of files, wiretapping
to capture data in a network
 Modification
• This is an attack on integrity

• In this an unauthorized party will be able to

access the asset and he can tamper it also

Eg: Changing values in a data file, altering a

program, modifying the contents of messages
 Fabrication

• This is an attack on authenticity

• In this an unauthorized party inserts

counterfeit objects into the system

Eg: Addition of records to a file, insertion of

unwanted messages in a network
• Attacks are also classified into two

• They are
Passive attacks
Active attacks
 Passive Attacks

• It do not involve any alteration of data

• It involves reading the contents of messages
• It is in the nature of eavesdropping on or
monitoring of transmissions
• They are very difficult to detect
• But we can prevent them successfully
• The main goal is to obtain information that is
being transmitted
• Two types of passive attacks are there

Release of message content

Traffic Analysis
 Release of message contents

• It is easy to understand

• A telephone conversation, electronic mail

message, transferred file may contain
confidential information. We should prevent
learning the contents of these transmissions
 Traffic Analysis

• If we have a way of masking the contents of

messages or information traffic, the
opponents could not extract the information
from the captured message

• Encryption is the common technique for

masking the contents
• Even if encryption protection is available, an
opponent might be able to observe the pattern
of the message, determine the location,
identify the communication host, observe the
frequency and length of message being
exchanged

• This information might be useful in guessing

the nature of communication that was taking
place
 Active Attacks

• This attack involves some modification of data

stream or the creation of false stream
• It is very difficult to prevent active attacks
• For preventing active attack we need complete
protection of all communication facilities and
paths
• The main goal is to detect them and recover from
any delays caused by them
• They are divided into four categories

Masquerade
Replay
Modification of messages
Denial of services
 Masquerade

• This takes place when one entity pretends to

be a different entity

Eg: Authentication sequence can be captured

and replayed after a valid authentication
sequence has taken place

It will enable an authorized entity with few

privileges to obtain extra privilege
 Replay

• It involves the passive capture of data unit and

its subsequent retransmission to produce an
unauthorized effect
 Modification of messages

• It means that some portion of the message is

altered or the messages are delayed or
reordered to produce an unauthorized effect
Eg: “Allow John Smith to read confidential file
accounts” can be modified as “Allow Fred
Brown to read confidential file accounts”
 Denial of service

• It prevents the normal use or management of

communication facilities
Eg: An entity may suppress all messages directed
to a particular destination(eg: security audit
service)
Disruption of an entire network, either by
disabling the network or by overloading the
network with messages
 Digital Signature

• It is a Electronic Signature

• It is a mathematical scheme for demonstrating the

authenticity of a digital message or document.

• A valid digital signature assures the recipient that

the message was created by a known sender, and
that it was not altered in transit.
• Digital signatures are commonly used for
software distribution, financial transactions
etc

• It uses public key algorithm

• digital signatures provide the ability to:

– verify author, date & time of signature

– authenticate message contents
– verifies integrity of data
– be verified by third parties to resolve disputes
• Digital signatures are
- easily transportable
- cannot be imitated by someone else
- can be automatically time-stamped.

• It can be used with any kind of message, whether it is

encrypted or not, so that the receiver can be sure of
the sender's identity and that the message arrived
intact
• Consider two persons A and B
If A wants to send a message to B and if A
wants B to be certain that the message is
indeed from A he can use digital signature

In that case
- A uses his own private key to encrypt the message.
- When B receives the message he can decrypt it with
A’s public key.
• A’s private key is kept secret
• So no one else can create a message that can be
decrypted by A’s public key
• Therefore the entire encrypted message serve as
digital signature
• It is impossible to alter the message without A’s
private key and thus the message is secure
• The signature depends on the contents of the
message and if the content is modified the signature
will not match
• Digital signature provide two functions

1. They prove who generated the

information
2. They prove that the information has
not been modified
 Properties
• It must verify the author and the date and time of
the signature

• It must authenticate the contents at the time of the

signature

• It must be verifiable by third parties, to resolve

disputes
 Requirements
• It must be easy to produce the digital signature

• It must be easy to recognize and verify the digital

signature

• It must be practical to retain a copy of digital

signature in storage

• It must be a bit pattern that depends on the message

being signed
• They are divided in to two

Direct digital signature

Arbitrated digital signature
 Direct Digital Signatures

• It involve only sender & receiver

• It is assumed receiver has sender’s public-key

• digital signature is made by encrypting the entire

message with sender’s private-key or by encrypting
a hash code of the message with sender’s private key
• It provides only authentication and integrity, will not
provide confidentiality

• For providing confidentiality in addition to

signature encrypt the message with the receiver’s
public key
• It is important to perform the signature
function first and then encrypt the message
• Some times a third party may view the
message and signature
• If signature is calculated on encrypted message
then third party also access the decryption key
to read the message
• So do signature first and then encrypt the
message
• The major disadvantages

1. security depends on sender’s private key

2. private key may be stolen from the sender and it can be
used by other third parties
 Arbitrated Digital Signatures

• The problems associated with direct digital signature can be

solved by the use of arbiter

• In this every file from the sender will first go to an arbiter

• The arbiter will check the content and origin of the

message

• Then the message is dated and send to the receiver

• It requires suitable level of trust in arbiter

• It can be implemented with either private or public-key

algorithms

• Arbiter may or may not see message

• Different techniques are available in arbitrated digital

signature
• it includes

- conventional encryption in which arbiter sees the

message
- conventional encryption in which arbiter does not
see the message
- public key encryption in which arbiter does not
see message
• Let X be the source, Y is the destination and A is the
arbiter
• Consider conventional encryption in which
arbiter sees the message
X constructs a message M. computes its hash
value H(M) and then transmit the message
along with a signature to A
The signature consists of an identifier IDx of X
plus the hash value
This is encrypted using Kxa
where Kxa is the secret key shared by A
and X
A decrypts the signature and checks the hash
value to validate the message
Then A transmit the message to Y, encrypted
with Kay
This message includes IDx, the original message
from X, the signature and the time stamp
Y can decrypt this to the original message and
signature
Time stamp indicate Y that the message is
timely
Consider conventional encryption in which arbiter
does not see the message
In this case X and Y share a secret key Kxy
X transmits an identifier, copy of message encrypted
with Kxy and a signature to A. signature consists of
identifier and hash value of encrypted message,
encrypted using kxa
A decrypt the signature, check the hash value and
transmit it to Y along with the time stamp
All these are encrypted with Kay
Here A is working with the encrypted portion of the
message and thus it is prevented from reading the
message
 Consider public key encryption in which arbiter does
not see message
X double encrypts the message with X’s private key KRx
and with Y’s public key KUy
It is signed and the signed message together with X’s
identifier is encrypted with KRx and together with IDx
it is sent to A
A decrypt the outer encryption and assure that the
message has come from X
Then A transmit a message to Y, encrypted with KRa
 Authentication

• Authentication is the process of reliably verifying the

identity of something or somebody.

• There are many ways to authenticate the users –

– Using user-ids and passwords.
– Certificate based authentication.
– Biometrics based authentication.
It is the act of establishing or confirming something as
authentic , that is, that claims made by or about the thing
are true.

Strong authentication means some one can prove

knowledge of a secret without revealing it

Authentication is the first step in cryptographic solution

• Consider two systems a and b

- Before initializing communication they must

authenticate with each other

- They share a common key Kab

• First the source will pick a random number and send it to
the destination

• This is known as Challenge

• The value will be encrypted with the key and is send back
to the source

• This is known as Response

• Then the destination will also do the same process

 Integrity check

• Check sum is a simple way to protect the integrity of

the data

• An ordinary checksum protest against accidental

corruption of a message

• Checksum means the operation of breaking a

message into fixed length blocks and adding them
up.
• This sum is send along the message

• The receiver will break the received message and then

add them up and check the sum

• If the sum matches means the message is not

corrupted

• If the sum is not matching, the message is corrupted

and then it will be rejected
The simplest form of checksum will simply add up the
asserted bits and so it cannot detect errors like
reordering of bytes in a message

To overcome such problems more complex checksums

like CRCs (cyclic redundancy checks) were devised

It will consider not only the value of each byte but

also its position
• They provide no security against a malicious agent

• To provide protection against malicious changes a

secret checksum algorithm is needed.

• In this if the attacker doesn’t know the algorithm, he

cannot compute the right checksum for the message

• In this one secret key and common algorithm will be

available
• When the key and the message is given algorithm will
produce a fixed length message authentication code
(MAC)

• This MAC is send along with the message

• MAC is often known as MIC (Message Integrity Code)

 References

✔ Principles of security, types of attacks – Atul

Kahate

✔ Services, Mechanisms and Attacks, Digital

Signature : Network security essentials, William
Stallings

✔ Integrity check, Authentication : Network

Security, Kaufmann
 Questions

1. What is information security.? What are key

principles of security?
2. Differentiate between active attacks and passive
attacks.
3. Explain digital signature
4. What is security attacks and discuss different types
of security attacks.
5. Write short note on integrity check