SCSA1602 - NETWORK SECURITY

Syllabus
Course Outcomes
 What Is Network Security?
• Network security refers to the tools, technologies and
processes that protect an organization’s network and
critical infrastructure from unauthorized use,
cyberattacks, data loss and other security threats.
• Leverages a combination of advanced technologies and
human resources to prevent, detect, contain and
remediate a variety of cyber threats.
• It will include protection for all hardware systems,
software applications and endpoints, as well as the
network itself and its various components, including
network traffic, data and physical or cloud-based data
centers.
 What Is Network Security?
• Network security has become more important to personal
computer users, organizations, and the military.
• With the advent of the internet, security became a major
concern and the history of security allows a better
understanding of the emergence of security technology.
• The internet structure itself allowed for many security
threats to occur
• Measures to protect data during their transmission
 Security Attacks, Services And Mechanisms

• To assess the security needs of an organization effectively, the

manager responsible for security needs some systematic way of
defining the requirements for security and characterization of
approaches to satisfy those requirements.
• One approach is to consider three aspects of information security
• Security attack – Any action that compromises the security of
information owned by an organization.
• Security mechanism – A mechanism that is designed to detect,
prevent or recover from a security attack.
• Security service – A service that enhances the security of the data
processing systems and the information transfers of an organization.
The services are intended to counter security attacks and they make
use of one or more security mechanisms to provide the service.
 SECURITY SERVICES
• The classification of security services are as follows:
• Confidentiality: Ensures that the information in a computer system and
transmitted information are accessible only for reading by authorized parties. Eg.,
printing, displaying and other forms of disclosure.
• Authentication: Ensures that the origin of a message or electronic document is
correctly identified, with an assurance that the identity is not false.
• Integrity: Ensures that only authorized parties are able to modify computer
system assets and transmitted information. Modification includes writing,
changing status, deleting, creating and delaying or replaying of transmitted
messages.
• Non repudiation: Requires that neither the sender nor the receiver of a message
be able to deny the transmission.
• Access control: Requires that access to information resources may be controlled
by or the target system.
• Availability: Requires that computer system assets be available to authorized
parties when needed.
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication Used in association with a logical connection to
provide confidence in the identity of the entities connected.
Data Origin Authentication In a connectionless transfer, provides
assurance that the source of received data is as claimed.
Fundamentals
 Confidentiality
• Confidentiality is about preventing the disclosure
of data to unauthorized parties.
• It also means trying to keep the identity of
authorized parties involved in sharing and
holding data private and anonymous.
• Often confidentiality is compromised by cracking
poorly encrypted data, Man-in-the-middle
(MITM) attacks, disclosing sensitive data.
• Standard measures to establish confidentiality
include:
• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens
 Integrity
• Integrity refers to protecting information
from being modified by unauthorized
parties. Standard measures to guarantee
integrity include:
•Cryptographic checksums
•Using file permissions
•Uninterrupted power supplies
•Data backups
 Availability
• Availability is making sure that authorized
parties are able to access the information
when needed.
• Standard measures to guarantee
availability include:
• Backing up data to external drives
• Implementing firewalls
• Having backup power supplies
• Data redundancy
 AUTHENTICATION
• The confidentiality of selected fields within the user data on a connection or in a single data
block.
• Traffic Flow Confidentiality The protection of the information that might be derived from
observation of traffic flows.
• Connection Integrity with Recovery Provides for the integrity of all user data on a connection
and detects any modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.
• Connection Integrity without Recovery As above, but provides only detection without
recovery.
• Selective-Field Connection Integrity Provides for the integrity of selected fields within the
user data of a data block transferred over a connection and takes the form of determination
of whether the selected fields have been modified, inserted, deleted, or replayed.
• Connectionless Integrity Provides for the integrity of a single connectionless data block and
may take the form of detection of data modification. Additionally, a limited form of replay
detection may be provided.
• Selective-Field Connectionless Integrity Provides for the integrity of selected fields within a
single connectionless data block; takes the form of determination of whether the selected
fields have been modified.
 NONREPUDIATION
• Provides protection against denial by one of the entities
involved in a communication of having participated in all
or part of the communication. Nonrepudiation, Origin
• Proof that the message was sent by the specified party.
• Nonrepudiation, Destination
• Proof that the message was received by the specified
party.
 SECURITY ATTACKS

• Interruption: An asset of the system is destroyed or

becomes unavailable or unusable. This is an attack on
availability. e.g., destruction of piece of hardware, cutting
of a communication line or disabling of file management
system.

• Interception:An unauthorized party gains access to an

asset. This is an attack on confidentiality. Unauthorized
party could be a person, a program or a computer.e.g.,
wire tapping to capture data in the network, illicit copying
of files
 SECURITY ATTACKS
• Modification:An unauthorized party not only gains access
to but tampers with an asset. This is an attack on integrity.
e.g., changing values in data file, altering a program,
modifying the contents of messages being transmitted in a
network.

• Fabrication:An unauthorized party inserts counterfeit

objects into the system. This is an attack on authenticity.
e.g., insertion of spurious message in a network or
addition of records to a file
 Passive attack
• Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted.
• Passive attacks are of two types:
• Release of message contents: A telephone conversation, an e-mail message and
a transferred file may contain sensitive or confidential information. We would
like to prevent the opponent from learning the contents of these transmissions.
• Traffic analysis: If we had encryption protection in place, an opponent might
still be able to observe the pattern of the message. The opponent could
determine the location and identity of communication hosts and could observe
the frequency and length of messages being exchanged. This information might
be useful in guessing the nature of communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any
alteration of data. However, it is feasible to prevent the success of these
attacks.
 Active attacks
• These attacks involve some modification of the data stream or the creation of a false
stream.
• These attacks can be classified in to four categories:
• Masquerade – One entity pretends to be a different entity.
• Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.
• Modification of messages – Some portion of message is altered or the messages are
delayed or recorded, to produce an unauthorized effect.
• Denial of service – Prevents or inhibits the normal use or management of
communication facilities. Another form of service denial is the disruption of an entire
network, either by disabling the network or overloading it with messages so as to
degrade performance.

It is quite difficult to prevent active attacks absolutely, because to do so would require

physical protection of all communication facilities and paths at all times. Instead, the
goal is to detect them and to recover from any disruption or delays caused by them.
A MODEL FOR NETWORK SECURITY
 A message is to be transferred from
one party to another across some sort
of internet.
 The two parties, who are the principals
in this transaction, must cooperate for
the exchange to take place.
 A logical information channel is
established by defining a route through
the internet from source to destination
and by the cooperative use of
communication protocols (e.g., TCP/IP)
by the two principals.
 Security aspects come into play when it
is necessary or desirable to protect the
information transmission from an
opponent who may present a threat to
confidentiality, authenticity, and so on.
 A security-related transformation on
the information to be sent.
 Examples include the encryption of
the message, which scrambles the
message so that it is unreadable by
the opponent, and the addition of a
code based on the contents of the
message, which can be used to verify
the identity of the sender Some secret
information shared by the two
principals and, it is hoped, unknown to
the opponent.
 An example is an encryption key used
in conjunction with the transformation
to scramble the message before
transmission and unscramble it on
reception.
 Tasks in designing a particular security service

Design an algorithm for performing the security-related transformation.

The algorithm should be such that an opponent cannot defeat its purpose.

Generate the secret information to be used with the algorithm.

Develop methods for the distribution and sharing of the secret
information.
Specify a protocol to be used by the two principals that makes use of the
security algorithm and the secret information to achieve a particular
security service.
Network Access Security Model
 CLASSICAL ENCRYPTION TECHNIQUES
• The Process of converting from plaintext to ciphertext is known as
enciphering or encryption.
• Restoring the plaintext from the ciphetext is deciphering or decryption.
• The many schemes used for encryption constitute the area of study
known as cryptography.
• Techniques used for deciphering a message without any knowledge of the
enciphering details is known as cryptanalysis. It also known as "Breaking
the Code".
• The areas of cryptography and cryptanalysis together are called
cryptology.
• A cryptanalyst develops mathematical methods and codes that protect
data from computer hackers.
• This involves the decryption of a cipher text into plain text in order to
transmit a message over insecure channels.
 CLASSICAL ENCRYPTION
TECHNIQUES
• Symmetric Cryptography: In the symmetric cryptography
a single key is used for encrypting and decryption the
data. ...
• Asymmetric Cryptography: In the asymmetric
cryptography a pair of key, i.e., public key and private key
is used for encryption and decryption.
 Symmetric cipher model

• Symmetric encryption is a form of cryptosystem in which

encryption and decryption are performed using the same
key. It is also known as conventional encryption.
• Symmetric encryption transforms plaintext into cipher
text using a secret key and an encryption algorithm.
• Using the same key and a decryption algorithm, the
plaintext is recovered from the cipher text. A symmetric
encryption scheme has five ingredients
 Symmetric cipher model
• Plaintext: This is the original intelligible message or data that is fed
into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm.
The key is a value independent of the plaintext and of the algorithm.
• Ciphertext: This is the scrambled message produced as output. It
depends on the plaintext and the secret key. The ciphertext is an
apparently random stream of data and, as it stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption algorithm
run in reverse. It takes the ciphertext and the secret key and
produces the original plaintext.
Symmetric cipher model
Symmetric cipher model
 Symmetric cipher model
• A symmetric cipher model are broadly contains five parts.
• Plaintext: This is the original intelligible message.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext. It takes in plaintext and key and gives the cipher
text.
• Secret key: The key is a value independent of the plaintext and of the algorithm.
Different keys will yield different outputs.
• Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the secret key.
• Decryption algorithm: Runs on the cipher text and the key to produce the
plaintext.This is essentially the encryption algorithm run in reverse.
 Two basic requirements of
encryption
• Encryption algorithm should be strong. An attacker
knowing the algorithm and having any number of cipher
text should not be able to decrypt the cipher text or guess
the key.
• The key shared by the sender and the receiver should be
secret.
 Symmetric cipher model
• Let the plaintext be X = [X1, X2,…, XM], key be K = [K1, K2,…, KJ] and the cipher text
produced be Y = [Y1, Y2,…, YN]. Then, we can write 𝑌 = 𝐸(𝐾, X)
• Here E represents the encryption algorithm and is a function of plaintext X and key K.
• The receiver at the other ends decrypts the cipher text using the key. X = 𝐷(𝐾, 𝑌)
• Here D represents the decryption algorithm and it inverts the transformations of encryption
algorithm.
• An opponent not having access to X or K may attempt to recover K or X or both.
• It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms.
• If the opponent is interested in only this particular message, then the focus of the effort is to
recover by generating a plaintext estimate^X.
• If the opponent is interested in being able to read future messages as well then he will attempt
to recover the key by making an estimate ^𝐾.
 Cryptographic systems are characterized along three independent dimensions

• The types of operations used for transforming plaintext to

ciphertext. All encryption algorithms are based on two general principles
substitution, and transposition. Basic requirement is that no information be
lost. Most systems referred to as product system, involves multiple stages of
substitutions and transpositions.
• 2. The number of keys used. If both sender and receiver use the same
key, the system is referred to as symmetric, single-key, secret-key, or
conventional encryption. If the sender and receiver use different keys the
system is referred to as asymmetric, two-key, or public-key encryption.
• 3. The way in which the plaintext is processed. A block cipher process a
block at a time and produce an output block for each input block. A stream
cipher process the input element continuously, producing output one
element at a time, as it goes along.
 Cryptanalysis and Brute-Force Attack
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the plaintext or even
some simple plaintext-ciphertext pairs. This type of attack finds characteristics
of the algorithm to find a specific plaintext or to find key.
• Brute-force attack: The attacker tries every possible key on a piece of
ciphertext until plaintext is obtained. On average, half of all possible keys must
be tried to achieve success.
• Based on the amount of information known to the cryptanalyst cryptanalytic
attacks can be categorized as:
• Cipher text Only Attack: The attacker knows only cipher text only. It is easiest
to defend.
• Known plaintext Attack: In this type of attack, the opponent has some
plaintext-cipher text pairs. Or the analyst may know that certain plaintext
patterns will appear in a message. For example, there may be a standardized
header or banner to an electronic funds transfer message and the attacker can
use that for generating plaintext-cipher text pairs.
 Cryptanalysis and Brute-Force Attack
• Chosen plaintext: If the analyst is able somehow to get the source system to
insert into the system a message chosen by the analyst, then a chosen-plaintext
attack is possible. In such a case, the analyst will pick patterns that can be
expected to reveal the structure of the key.
• o Chosen Cipher text: In this attack, the analyst has cipher text and some
plaintext-cipher text pairs where cipher text has been chosen by the analyst.
• o Chosen Text: Here, the attacker has got cipher text, chosen plaintext-cipher
text pairs and chosen cipher text-plaintext pairs.

• Chosen cipher text and chosen text attacks are rarely used.
• It is assumed that the attacker knows the encryption and decryption algorithms.
• Generally, an encryption algorithm is designed to withstand a known-plaintext
attack.
 Substitution Techniques
• It is one in which the letters of plaintext are replaced by
other letters or by numbers or symbols
• Caesar cipher

E(𝑝) = (𝑝 + 𝑘) mod (26) D(C) = (C – 𝑘) mod (26)

 Caesar cipher

• Example 1: Hello
• Example 3: sathyabama
• Example 2: Plaintext: meet me after the party

• The encryption rule is simple; replace each letter of the alphabet

with the letter standing 3 places further down the alphabet.
• The alphabet is wrapped around so that Z follows A.
• Generally Plain text is in lower case and Cipher text is Upper
Case.
 Monoalphabetic Substitution Cipher
• Instead of shifting alphabets by fixed amount as in Caesar
cipher, any random permutation is assigned to the
alphabets. This type of encryption is called
monoalphabetic substitution cipher.
• For example, A is replaced by Q, B by D, C by T etc. then it
will be comparatively stronger than Caesar cipher.
• The number of alternative keys possible now becomes 26!.
• Thus, Brute Force attack is impractical in this case.
 Monoalphabetic Substitution Cipher
• However, another attack is possible. Human languages are
redundant i.e. certain characters are used more frequently than
others. This fact can be exploited.
• In English ‘e’ is the most common letter followed by ‘t’, ‘r’, ‘n’, ’o’,
‘a’ etc. Letters like ‘q’, ‘x’, ‘j’ are less frequently used.
• Moreover, digrams like ‘th’ and trigrams like ‘the’ are also more
frequent.
• Tables of frequency of these letters exist. These can be used to
guess the plaintext if the plaintext is in uncompressed English
language.
• The most common two letter combinations are called as digrams.
e.g. th, in, er, re and an.
• The most common three letter combinations are called as
trigrams. e.g. the, ing, and, and ion