0% found this document useful (0 votes)
18 views105 pages

IS Chapter1

Uploaded by

yppl2003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
18 views105 pages

IS Chapter1

Uploaded by

yppl2003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 105

CHAPTER 1

INTRODUCTION
Reference Book

1. Atul Kahate – Cryptography and Network Security

2. Cryptography and Information Security, V.K. Pachghare


3. Kaufman C, Perlman R and Speciner - “Network Security”, Privtae
Communication in a public world

4. William Stallings – Cryptography and Network Security: Applications


and standards

5. Network Security and Cryptography: Bernard Menezes


BACKGROUND

• Information security requirements have been changed nowadays.

• Traditionally organizations was provided with physical and


administrative means

• With the introduction of computers, the need for automated tools for
protecting information's and files has become evident.

• Another thing that affected security is the use of networks and


communication facilities for carrying information between different
users.
Information is an asset to all individuals and businesses.

Information Security refers to the protection of these assets

Information Security is the practice of preventing


unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction
of information.
• It is the protection of information and its critical
elements, including the systems and hardware that
use, store, and transmit that information.

• It is an arena where the primary mission is to


ensure things stay the way they are.
Need for information security

• Information security performs four important


functions for an organization:

1.Protects the organization’s ability to function


2.Enables the safe operation of applications
implemented
3.Protects the data the organization collects and uses
4.Safeguards the technology assets in use at the
organization
Services, Mechanisms and Attacks

• In that we have to consider three aspects of


information security

• They are
Security Attack

Security Mechanism

Security Service
Service

It is a service that enhances the security of the data


processing systems and the information transfers of an
organization

They will counter security attacks

It make use of one or more security mechanisms to


provide the service
Eg: Most of the activities such as military, foreign
policy etc depend on the use of documents.
These documents have signatures and dates. It
should be protected from disclosure, tampering
or destruction
• Now electronic information takes many of the
roles performed by paper documents
• Several aspects of electronic document makes
its services challenging
• Now electronic information takes many of the
roles performed by paper documents

• Several aspects of electronic document makes


its services challenging
1. Since electronic document is a sequence of bits there is
no difference between original and any number of copies

2. Altering bits in a computer memory leaves no physical


traces

3. Proof of authenticity of electronic document is not based


on the physical characteristics of the document
Mechanisms

• It is a mechanism that is designed to detect, prevent or


recover from a security attack.

• No single mechanism will support all the functions.

• Encryption is the most common technique used in


providing security.

• Techniques like cryptography underlies many of the security


mechanisms in use
Attacks

• It is any action that compromises the security of


information owned by an organization

• Information security is about how to prevent attacks, or to


detect attacks on information-based systems

• wide range of attacks are available

• Nature of attacks varies from one circumstances to another


Principles of security

• Objective of information security includes


protection of information from theft,
corruption or natural disaster

• It will also allow information to remain


accessible to its intended users.
• Principles of security includes
Confidentiality
Authentication
Integrity
Non-repudiation
Access control
Availability
Confidentiality

• It specifies that only the sender and intended


recipient should be able to access the contents of a
message

• It gets compromised if an unauthorized person is


able to access a message
Loss of confidentiality
• This type of attack is known as interception

• Interception causes loss of message


confidentiality
Authentication

• Authentication mechanism helps to establish the


proof of identity

• It is concerned with assuring that a service is


authentic

• It ensures that the origin of a message is correctly


documented
Absence of authentication
• This type of attack is called fabrication
Integrity

• If the contents of a message are changed after the


sender sends it and before the receiver receives it, then
it is said the integrity of message is lost
• Two types of integrity services are available

Connection oriented integrity services


Connectionless integrity services
Connection oriented integrity service
• It deals with a stream of messages
• It assures that the messages are received as
sent with no duplication, insertion or
modification
• It addresses both message stream
modification and denial of services
Connectionless integrity service
• It deals with individual messages

• It provides protection against message


modification only

• If violation of integrity is reported service will


only report the violation
Loss of integrity
• This type of attack is called modification

• Modification causes loss of integrity


Non-repudiation

• It prevents the sender and receiver from


denying a transmitted message

• It does not allow the sender to refute the


claim of not sending that message
Establishing non-repudiation
Access Control

• It is the ability to limit and control the access


to host systems and applications via
communication line

• It determines who should be able to access


what
• Access control is related to two areas

- role management
- rule management
• Role management- focuses on user side
- Which user can do what

• Rule management –focuses on resource side


- which resource is accessible and under
what circumstances
• Based on the decision, access-control matrix is
prepared

• It lists users against a list of items they can


access
Availability

• Principle of availability states that resources


should be available to authorized parties at all
times

• Variety of attacks can result in the loss of or


reduction in availability

• Such an attack is called interruption


Types of attacks

• Attacks can be classified with respect to two


views

1. General view
2. Technical view
Attacks :General view

• Classified in to three

1. Criminal attacks
2. Publicity attacks
3. Legal attacks
Criminal attacks

• Aim of the attacker is to maximize financial gain by


attacking computer systems
• Some forms of criminal attacks are
- fraud
- scams
- destruction
- identity theft
- intellectual property theft
- brand theft
Publicity attacks

• Occurs because the attackers wants to see their


names appear on newspapers and media

• Eg: damaging the web pages of a site by attacking it


Legal attacks

• attacker tries to make the jury doubtful about the


security of a computer system

• Aim is to exploit the weakness of the jury in


technological matters
Attacks :Technical view

• Generally the information will flow from the


source to the destination.

• It is know as Normal Flow


• Four general categories of attacks
• They are
Interruption
Interception
Modification
Fabrication
Interruption

• It is an attack on availability

• In this an asset of the system is destroyed or


become unavailable or unusable

E.g. destruction of a piece of hardware, such as


hard disk, cutting of communication line or
disabling of the file management system
Interception
• It is an attack on confidentiality

• In this attack an unauthorized party gains


access to an asset.

• The unauthorized party may be a person,


program or a computer
Eg: unauthorized copying of files, wiretapping
to capture data in a network
Modification
• This is an attack on integrity

• In this an unauthorized party will be able to


access the asset and he can tamper it also

Eg: Changing values in a data file, altering a


program, modifying the contents of messages
Fabrication

• This is an attack on authenticity

• In this an unauthorized party inserts


counterfeit objects into the system

Eg: Addition of records to a file, insertion of


unwanted messages in a network
• Attacks are also classified into two

• They are
Passive attacks
Active attacks
Passive Attacks

• It do not involve any alteration of data


• It involves reading the contents of messages
• It is in the nature of eavesdropping on or
monitoring of transmissions
• They are very difficult to detect
• But we can prevent them successfully
• The main goal is to obtain information that is
being transmitted
• Two types of passive attacks are there

Release of message content


Traffic Analysis
Release of message contents

• It is easy to understand

• A telephone conversation, electronic mail


message, transferred file may contain
confidential information. We should prevent
learning the contents of these transmissions
Traffic Analysis

• If we have a way of masking the contents of


messages or information traffic, the
opponents could not extract the information
from the captured message

• Encryption is the common technique for


masking the contents
• Even if encryption protection is available, an
opponent might be able to observe the pattern
of the message, determine the location,
identify the communication host, observe the
frequency and length of message being
exchanged

• This information might be useful in guessing


the nature of communication that was taking
place
Active Attacks

• This attack involves some modification of data


stream or the creation of false stream
• It is very difficult to prevent active attacks
• For preventing active attack we need complete
protection of all communication facilities and
paths
• The main goal is to detect them and recover from
any delays caused by them
• They are divided into four categories

Masquerade
Replay
Modification of messages
Denial of services
Masquerade

• This takes place when one entity pretends to


be a different entity

Eg: Authentication sequence can be captured


and replayed after a valid authentication
sequence has taken place

It will enable an authorized entity with few


privileges to obtain extra privilege
Replay

• It involves the passive capture of data unit and


its subsequent retransmission to produce an
unauthorized effect
Modification of messages

• It means that some portion of the message is


altered or the messages are delayed or
reordered to produce an unauthorized effect
Eg: “Allow John Smith to read confidential file
accounts” can be modified as “Allow Fred
Brown to read confidential file accounts”
Denial of service

• It prevents the normal use or management of


communication facilities
Eg: An entity may suppress all messages directed
to a particular destination(eg: security audit
service)
Disruption of an entire network, either by
disabling the network or by overloading the
network with messages
Digital Signature

• It is a Electronic Signature

• It is a mathematical scheme for demonstrating the


authenticity of a digital message or document.

• A valid digital signature assures the recipient that


the message was created by a known sender, and
that it was not altered in transit.
• Digital signatures are commonly used for
software distribution, financial transactions
etc

• It uses public key algorithm


• digital signatures provide the ability to:

– verify author, date & time of signature


– authenticate message contents
– verifies integrity of data
– be verified by third parties to resolve disputes
• Digital signatures are
- easily transportable
- cannot be imitated by someone else
- can be automatically time-stamped.

• It can be used with any kind of message, whether it is


encrypted or not, so that the receiver can be sure of
the sender's identity and that the message arrived
intact
• Consider two persons A and B
If A wants to send a message to B and if A
wants B to be certain that the message is
indeed from A he can use digital signature

In that case
- A uses his own private key to encrypt the message.
- When B receives the message he can decrypt it with
A’s public key.
• A’s private key is kept secret
• So no one else can create a message that can be
decrypted by A’s public key
• Therefore the entire encrypted message serve as
digital signature
• It is impossible to alter the message without A’s
private key and thus the message is secure
• The signature depends on the contents of the
message and if the content is modified the signature
will not match
• Digital signature provide two functions

1. They prove who generated the


information
2. They prove that the information has
not been modified
Properties
• It must verify the author and the date and time of
the signature

• It must authenticate the contents at the time of the


signature

• It must be verifiable by third parties, to resolve


disputes
Requirements
• It must be easy to produce the digital signature

• It must be easy to recognize and verify the digital


signature

• It must be practical to retain a copy of digital


signature in storage

• It must be a bit pattern that depends on the message


being signed
• They are divided in to two

Direct digital signature


Arbitrated digital signature
Direct Digital Signatures

• It involve only sender & receiver

• It is assumed receiver has sender’s public-key

• digital signature is made by encrypting the entire


message with sender’s private-key or by encrypting
a hash code of the message with sender’s private key
• It provides only authentication and integrity, will not
provide confidentiality

• For providing confidentiality in addition to


signature encrypt the message with the receiver’s
public key
• It is important to perform the signature
function first and then encrypt the message
• Some times a third party may view the
message and signature
• If signature is calculated on encrypted message
then third party also access the decryption key
to read the message
• So do signature first and then encrypt the
message
• The major disadvantages

1. security depends on sender’s private key


2. private key may be stolen from the sender and it can be
used by other third parties
Arbitrated Digital Signatures

• The problems associated with direct digital signature can be


solved by the use of arbiter

• In this every file from the sender will first go to an arbiter

• The arbiter will check the content and origin of the


message

• Then the message is dated and send to the receiver


• It requires suitable level of trust in arbiter

• It can be implemented with either private or public-key


algorithms

• Arbiter may or may not see message

• Different techniques are available in arbitrated digital


signature
• it includes

- conventional encryption in which arbiter sees the


message
- conventional encryption in which arbiter does not
see the message
- public key encryption in which arbiter does not
see message
• Let X be the source, Y is the destination and A is the
arbiter
• Consider conventional encryption in which
arbiter sees the message
X constructs a message M. computes its hash
value H(M) and then transmit the message
along with a signature to A
The signature consists of an identifier IDx of X
plus the hash value
This is encrypted using Kxa
where Kxa is the secret key shared by A
and X
A decrypts the signature and checks the hash
value to validate the message
Then A transmit the message to Y, encrypted
with Kay
This message includes IDx, the original message
from X, the signature and the time stamp
Y can decrypt this to the original message and
signature
Time stamp indicate Y that the message is
timely
Consider conventional encryption in which arbiter
does not see the message
In this case X and Y share a secret key Kxy
X transmits an identifier, copy of message encrypted
with Kxy and a signature to A. signature consists of
identifier and hash value of encrypted message,
encrypted using kxa
A decrypt the signature, check the hash value and
transmit it to Y along with the time stamp
All these are encrypted with Kay
Here A is working with the encrypted portion of the
message and thus it is prevented from reading the
message
Consider public key encryption in which arbiter does
not see message
X double encrypts the message with X’s private key KRx
and with Y’s public key KUy
It is signed and the signed message together with X’s
identifier is encrypted with KRx and together with IDx
it is sent to A
A decrypt the outer encryption and assure that the
message has come from X
Then A transmit a message to Y, encrypted with KRa
Authentication

• Authentication is the process of reliably verifying the


identity of something or somebody.

• There are many ways to authenticate the users –


– Using user-ids and passwords.
– Certificate based authentication.
– Biometrics based authentication.
It is the act of establishing or confirming something as
authentic , that is, that claims made by or about the thing
are true.

Strong authentication means some one can prove


knowledge of a secret without revealing it

Authentication is the first step in cryptographic solution


• Consider two systems a and b

- Before initializing communication they must


authenticate with each other

- They share a common key Kab


• First the source will pick a random number and send it to
the destination

• This is known as Challenge

• The value will be encrypted with the key and is send back
to the source

• This is known as Response

• Then the destination will also do the same process


Integrity check

• Check sum is a simple way to protect the integrity of


the data

• An ordinary checksum protest against accidental


corruption of a message

• Checksum means the operation of breaking a


message into fixed length blocks and adding them
up.
• This sum is send along the message

• The receiver will break the received message and then


add them up and check the sum

• If the sum matches means the message is not


corrupted

• If the sum is not matching, the message is corrupted


and then it will be rejected
The simplest form of checksum will simply add up the
asserted bits and so it cannot detect errors like
reordering of bytes in a message

To overcome such problems more complex checksums


like CRCs (cyclic redundancy checks) were devised

It will consider not only the value of each byte but


also its position
• They provide no security against a malicious agent

• To provide protection against malicious changes a


secret checksum algorithm is needed.

• In this if the attacker doesn’t know the algorithm, he


cannot compute the right checksum for the message

• In this one secret key and common algorithm will be


available
• When the key and the message is given algorithm will
produce a fixed length message authentication code
(MAC)

• This MAC is send along with the message

• MAC is often known as MIC (Message Integrity Code)


References

✔ Principles of security, types of attacks – Atul


Kahate

✔ Services, Mechanisms and Attacks, Digital


Signature : Network security essentials, William
Stallings

✔ Integrity check, Authentication : Network


Security, Kaufmann
Questions

1. What is information security.? What are key


principles of security?
2. Differentiate between active attacks and passive
attacks.
3. Explain digital signature
4. What is security attacks and discuss different types
of security attacks.
5. Write short note on integrity check

You might also like