Network Security
Network Security
Malaka Pathirana
MSc in IT – Cyber Security(Reading), BSc (Hons) in IT | Cisco Certified CCNA Instructor
Outline
▪ Security inside Networks
▪ Security Threats
▪ Cryptography
▪ Security Services
References :
Data Communications and Networking By Behrouz A.Forouzan (5th Edition)
Guide to Computer Network Security by Joseph Migga Kizza (4th Edition)
Security inside Networks
▪ Computer networks are distributed networks of computers that
are connected to share many resources.
▪ Network security is not about protecting individual computers
but an entire network.
▪ Network security involves creating an environment in which a
computer network and all its users are secure.
▪ Network security issues include,
▪ protecting data from unauthorized access
▪ protecting data from damage and development
▪ implementing policies and procedures for recovery from
breaches and data losses.
▪ Broader and more complex field of study/research.
Network Security
The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources
(including hardware, software, firmware, information/data, and
telecommunications).
-NIST Computer Security Handbook
Integrity
Information remains accurate and trustworthy throughout its lifecycle.
This involves protecting data from unauthorized modification, deletion, or
corruption. Techniques such as digital signatures, checksums, and version
control help maintain data integrity.
Availability
Information and resources are accessible and usable when needed by
authorized users.
This involves measures to prevent or mitigate disruptions such as denial-of-
service (DoS) attacks, hardware failures, or natural disasters. Redundancy,
failover systems, and disaster recovery plans are key components of
ensuring availability.
Security Threats
Sources
▪ Weaknesses in network infrastructure (Vulnerability)
▪ Rapid growth of cyberspace
▪ Growth of Hacker Community, etc.
Motives
▪ Terrorism
▪ Military Espionage - information gathering from non-disclosed
sources/ spying on potential enemies
▪ Economic Espionage - unlawful targeting and theft of critical
economic intelligence, such as trade secrets and intellectual
property
▪ Revenge, Hate, Greed etc.
Cryptography
▪ An encryption algorithm transforms the plaintext into ciphertext.
▪ To encrypt a message, we need an encryption algorithm, an
encryption key, and the plaintext. These create the ciphertext.
▪ A decryption algorithm transforms the cipher-text back into
plaintext.
▪ To decrypt a message, we need a decryption algorithm, a
decryption key, and the cipher-text. These reveal the original
plaintext.
Cryptography
▪ Plaintext
The original message, before being transformed, is called plaintext.
▪ Cipher-text
After the message is transformed, it is called ciphertext.
▪ Cipher
Refer to encryption and decryption algorithms.
▪ Key
A key is a number/set of numbers that the cipher operates on.
Cryptology
Cryptology
Cryptography Cryptanalysis
Oscar
(bad guy)
Unsecure
channel
(e.g.Internet)
Alice Bob
(good) x x
(good)
• Problem Statement:
1)Alice and Bob would like to communicate via an unsecured channel (e.g.,
WLAN or Internet).
2)A malicious third party, Oscar (the bad guy), has channel access but should
not be able to understand the communication.
Symmetric Cryptography
Solution: Encryption with symmetric cipher.
Oscar
Oscar obtains only ciphertext y, that looks
(bad guy)
y Unsecure
like random bits channel
(e.g. Internet)
K K
Key Generator
Secure Channel
• x is the. plaintext
• y is the ciphertext
• K is the key
• Set of all keys {K1, K2, ...,Kn} is the key space
• Encryption equation y = eK(x)
• Decryption equation x = dK(y)
• Important: The key must be transmitted between Alice and Bob via a
secure channel.
• The secure channel can be realized, e.g., by manually installing the
key for the Wi-Fi Protected Access (WPA) protocol or a human courier.
• However, the system is only secure if an attacker does not learn the
key K!
The problem of secure communication is reduced to secure
transmission and storage of the key K.
Shift (or Caesar) Cipher
▪ Ancient cipher, allegedly used by Julius Caesar
▪ Each letter in the Plaintext is replaced with some other letter.
▪ That replacing letter is obtained by moving down a fixed
number of positions in the Alphabet, beginning from the
original letter.
E.g. Shifted by 3 positions.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
e.g. SHA-1
Digest (or called Modification Detection Code - MDC) should be sent
secretly.
3.Message Authentication
▪ The receiver needs to be sure of the sender's identity and that an
imposter has not sent the message.
For example, when Alice sends a message to Bob, Bob
needs to know if the message is coming from Alice or Eve.
▪ A hash function guarantees that the message has not been changed.
But does not authenticate the sender of the message.
▪ Message Authentication Code (MAC) can provide message
integrity and message authentication.
▪ A common approach to creating a MAC was to use block cyphers like
Data Encryption Standard (DES), but hash-based MACs (HMACs),
which use a secret key in conjunction with a cryptographic hash
function to produce a hash, have become more widely used.
• Similar to digital signatures, MACs append an authentication tag
to a message
• MACs use a symmetric key 'k' for generation and verification
• Computation of a MAC: m = MACk(x)
Hash vs MAC?
▪ Hashes are used to guarantee the integrity of data, a MAC guarantees
integrity AND authentication.
▪ A MAC instead uses a private key as the seed to the hash function it
uses when generating the code: this should assure the receiver
that, not only the message hasn't been modified, but also who sent
it is what we were expecting: otherwise an attacker couldn't know
the private key used to generate the code.
4.Message Nonrepudiation
▪ A sender must not be able to deny sending a message that he or she,
in fact, did send.
▪ The burden of proof falls on the receiver.
For example, when a customer sends a message to transfer
money from one account to another, the bank must prove that the
customer requested this transaction.
12.00 00
Letter frequencies in English
10.00 00
8.00 00
Frequencyin%
6.00 00
4.00 00
2.00 00
0.00 00
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
Letters
Breaking the Substitution Cipher with
Letter Frequency Attack
• Let‘s return to our example and identify the most frequent letter:
iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr
bnnb hcc hwwhbsqvqbre hwq vhlq