Cryptography and Network Security Jayash Sharma Assistant Professor Department of computer Science & Engineering Hindustan Institute of Technology & Management, Agra Email: jayash.sharma@gmail.com Mob: 9639325975
Introduction Network and Information Security consists of measures to Deter, Prevent, Detect, Correct security violations that involve the transmission of information. Covers lots of possibilities in real life scenario.
Examples of Network Security Violations Case-1 User A transmits a file to user B. The file contains sensitive information (e.g., payroll records) that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.
Examples of Network Security Violations Case-1 User A B Sensitive information being transmitted on channel C Sender Receiver Intruder (Not Authorized to view sensitive information) Able to monitor transmission and capture / read files being transmitted
Examples of Network Security Violations Case-2 A network manager, D, transmits a message to a computer E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message, alters its contents to add or delete entries, and then forwards the message to computer E, which accepts the message as coming from manager D and updates its authorization file accordingly.
Examples of Network Security Violations Case-2 Message Interception Transmission of altered Message Network Manager D Computer E Message (M) to update authorization File Ex: Allow FTP Access to User-A User F Sender Receiver Intruder Alter Message (M1) Allow FTP Access to ALL Computer E executes altered message M1 X
Examples of Network Security Violations Case-3 A network manager, D, transmits a message to a computer, E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message and constructs its own message with the desired entries and transmits that message to computer E as if it had come from manager D. Computer E accepts the message as coming from manager D and updates its authorization file accordingly.
Examples of Network Security Violations Case-3 Message Interception Transmission of new Message Network Manager D Computer E Message (M) to update authorization File Ex: Allow FTP Access to User-A User F Sender Receiver Intruder New Message (M1) Deny Print Access to ALL Computer E executes altered message M1 X
Examples of Network Security Violations Case-4 An employee is fired without warning. The personnel manager sends a message to a server system to invalidate the employee’s account. When the invalidation is accomplished, the server is to post a notice to the employee’s file as confirmation of the action. The employee is able to intercept the message and delay it long enough to make a final access to the server to retrieve sensitive information. The message is then forwarded, the action taken, and the confirmation posted. The employee’s action may go unnoticed for some considerable time.
Examples of Network Security Violations Case-4 X Message Interception Retransmission of M Network Manager D Computer E Invalidate account and update file Message (M) Invalidate Employee Account (Emp-1) Activity gets unnoticed User Emp-1 Sender Receiver Intruder Delay transmission of M And retrieve sensitive information 1 2 3 Retrieve Information
Examples of Network Security Violations Case-5 A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message.
Examples of Network Security Violations Case-5 User A B Time (t1): Sends Message Sender Receiver Time (t2): Denial about previous message
What is Computer Security? Computer security can be defined as follows: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information / data, and telecommunications). Three key objectives are heart of computer security: Confidentiality, Integrity, Availability
Confidentiality Confidentiality covers two related concepts Data Confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.
Integrity Integrity covers two related concepts Data Integrity Assures that information and programs are changed only in a specified and authorized manner. System Integrity Assures that a system performs its intended function in an unimpaired (not damaged) manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Integrity Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
Availability Assures that systems work promptly and service is not denied to authorized users. Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
CIA Triad These three concepts form CIA triad and embody the fundamental security objectives for both data and for information and computing services.
More on Information Security Although CIA triad is well established to define security objectives but two most more objectives are added to it for a complete picture. Authenticity Accountability
Authenticity The property of being genuine and being able to be verified and trusted; Confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
Accountability Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Levels of Impact Three levels of impact on organization or individual are defined in case of security breach: Low Moderate High
Levels of Impact Low Impact The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. For example, the loss of confidentiality, integrity, or availability might : cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; result in minor damage to organizational assets result in minor financial loss or result in minor harm to individuals.
Levels of Impact Moderate Impact The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The loss might cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; result in significant damage to organizational assets; result in significant financial loss; or result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.
Levels of Impact High Impact The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The loss might: cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; result in major damage to organizational assets; result in major financial loss; or result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.
Assignment-1 Analysis of Student Grading System in terms of Confidentiality and level of security breach. Analysis of Patient / Hospital Information System in terms of Integrity and level of security breach. Analysis of Authentication Service in terms of Availability and level of security breach.
Assignment-1 Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement. Repeat Problem 4 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller.
Assignment-1 Consider a desktop publishing system used to produce documents for various organizations. Give an example of a type of publication for which confidentiality of the stored data is the most important requirement. Give an example of a type of publication in which data integrity is the most important requirement. Give an example in which system availability is the most important requirement.
Assignment-1 For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. An organization managing public information on its Web server. A law enforcement organization managing extremely sensitive investigative information. Consider a desktop publishing system used to produce documents for various organizations.
Assignment-1 A financial organization managing routine administrative information (not privacy related information). An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
Assignment-1 A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
Challenges of Computer Security Not simple (Requirements may be straightforward like integrity but implementation mechanisms are complex). Must consider potential attacks on security features. Because of point-02, procedures are counterintuitive (Contrary to what common sense would suggest) Must decide where to deploy security measures including physical placement (Ex: Where to place in network) and logical placement (In which layer of TCP)
Challenges of Computer Security Security mechanism typically involve more than one algorithm, protocol and accordingly use secret information. battle of wits (The basic human power of intelligent thought and perception) between attacker / admin. No scope for weakness. The designer must find and eliminate all weaknesses to achieve perfect security. Tendency to perceive little benefits from security investments until a security failure occurs.
Challenges of Computer Security Requires regular monitoring (Difficult in short term and overloaded environment) Too often an after thought (To be incorporated in system after the design is complete rather than being an integral part of the system) Regarded as impediment (Something immaterial that interferes with or delays action or progress) to using system.
OSI Security Architecture To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralized data processing environment; with the use of local and wide area networks, the problems are compounded.
OSI Security Architecture ITU-T (International Telecommunication Union- Telecommunication Standardization Sector) recommends X.800 Security Architecture for OSI. The OSI security architecture is useful to managers as a way of organizing the task of providing security. The OSI security architecture focuses on Security attacks Mechanisms Services
OSI Security Architecture Security Attacks : Any action that compromises the security of information owned by an organization. Mechanism : A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. Services : A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
Security Attacks Any action that compromises the security of information owned by an organization. Categorized as Passive attacks and Active attacks. Passive Attacks : attempt to learn or make use of information from the system but does not affect system resources. Active Attacks : attempt to alter system resources or affect their operation.
Passive Attacks Attempt to learn or make use of information from the system but does not affect system resources. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are: The release of message contents Traffic analysis.
Release of Message Contents
Release of Message Contents One would like to prevent an opponent from learning the contents of transmissions Email Telephonic conversation Transferred file on network
Traffic Analysis
Traffic Analysis Why? In case we have a way of masking the contents (Encryption) then opponent may not be able to read actual data. In such cases opponents will try to read the traffic and analyze the patterns to understand the communication.
Remarks on Passive Attacks Difficult to detect. Do not alter any data. Message traffic is sent and received in normal fashion. So receiver and sender are not aware that a third part has read the message or traffic pattern. Feasible to prevent such attacks usually by means of good encryption approach Prevention is possible rather than detection.
Active Attacks Involve some modification of the data stream or the creation of false data stream. Active attacks can be categorized as: Masquerade Replay Modification of messages Denial of service
Masquerade
Masquerade One entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attacks. Example : Authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Example: Fake messages on behalf of Banks
Replay Passive capture of a data and its subsequent retransmission
Modification of Messages
Modification of Messages Some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. Example : A message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
Denial of Service (DoS)
Denial of Service (DoS) Prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target Example-1 : An entity may suppress all messages directed to a particular destination Example-2 : Disruption of an entire network either by disabling the network or by overloading it with messages so as to degrade performance.
Remarks on Active Attacks Active attacks have opposite characteristics of passive attacks. Difficult to prevent active attacks because of wide variety of potential physical, software and network vulnerabilities. Goal is to detect active attacks and recover from disruption and delays caused by them.
Security Services Security service is a processing or communication service that is provided by a system to give a specific kind of protection to system resources Security services implement security policies and are implemented by security mechanisms. X.800 divides these services in 05 categories and 14 specific services.
Security Services… Security Service Categories Authentication Access Control Data Confidentiality Data Integrity Non-repudiation
Security Services… Authentication The assurance that the communicating entity is the one that it claims to be. In the case of a single message (warning signal), authentication service assures the recipient that the message is from the source that it claims to be from.
Security Services… Authentication In the case of an ongoing interaction (connection of a terminal to a host), two aspects are involved. First, at the time of connection initiation, the service assures that the two entities are authentic (each is the entity that it claims to be). Second, the service must assure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception
Security Services… Authentication Two specific authentication services are used in X.800 Peer Entity Authentication Data Origin Authentication
Security Services… Authentication : Peer Entity Authentication Two entities are peers if they implement to same protocol in different systems; e.g. two TCP modules in two communicating systems. Peer entity authentication is used at the establishment of, or at times during the data transfer phase of, a connection. Attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection.
Security Services… Authentication : Data Origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. It does not provide protection against the duplication or modification of data units. This type of service supports applications like Electronic Mail, where there are no prior interactions between the communicating entities.
Security Services… Access Control Ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual.
Security Services… Data Confidentiality Protection of transmitted data from passive attacks / unauthorized disclosure. Four specific data confidentiality services are used in X.800 Connection Confidentiality Connectionless Confidentiality Selective field Confidentiality Traffic Flow Confidentiality
Security Services… Data Confidentiality : Connection Confidentiality The protection of all user data on a connection. Data Confidentiality : Connectionless Confidentiality The protection of all user data in a single data block.
Security Services… Data Confidentiality : Selective Field Confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block. Data Confidentiality : Traffic Flow Confidentiality The protection of the information that might be derived from observation of traffic flows.
Security Services… Data Integrity The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Five specific data integrity services are used in X.800 Connection Integrity with Recovery Connection Integrity without Recovery Selective Field Connection Integrity Connectionless Integrity Selective Field Connectionless Integrity
Security Services… Data Integrity : Connection Integrity with Recovery Provides integrity of all user data on a connection and detects any modification, insertion, deletion, replay of any data within an entire data sequence, with recovery attempted. Recovery : If a violation of integrity is detected, then the service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. There are mechanisms available to recover from the loss of integrity of data.
Security Services… Data Integrity : Connection Integrity without Recovery Provides integrity of all user data on a connection and detects any modification, insertion, deletion, replay of any data within an entire data sequence, without recovery attempted. Data Integrity : Selective Field Connection Integrity Provides integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted or replayed.
Security Services… Data Integrity : Connectionless Integrity Provides integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Data Integrity : Selective Field Connectionless Integrity Provides integrity of selected fields within a single connectionless data block and takes the form of determination of whether the selected fields have been modified.
Security Services… Non-repudiation Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Two specific non-repudiation services are used in X.800 Non-repudiation, Origin Non-repudiation, Destination
Security Services… Non-repudiation, Origin Proof that the message was sent by the specified party. Non-repudiation, Destination Proof that the message was received by the specified party.
Security Mechanism Security mechanisms are incorporated into the appropriate protocol layer in order to provide some of the OSI security services. Security mechanisms are divided into those that are implemented in a specific protocol layer(TCP or an application-layer protocol) that are not specific to any particular protocol layer or security service.
Security Mechanism : Layer Dependent Encipherment : The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature : Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient).
Security Mechanism : Layer Dependent Access Control: A variety of mechanism that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Security Mechanism : Layer Dependent Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. Notarization: The use of a trusted third party to assure certain properties of a data exchange.
Security Mechanism : Layer Independent Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy) Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events.
Security Mechanism : Layer Independent Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.
Security Mechanism & Services
Encipherment Reversible Encipherment: An encryption algorithm that allows data to be encrypted and subsequently decrypted. Irreversible Encipherment: This mechanism include has algorithms and message authentication codes, which are used in digital signatures and message authentication applications.
A Model for Network Security
A Model for Network Security… Includes two parties (Sender / source and Receiver / destination) A logical information channel is establish by defining a route through Internet from source to destination. Security aspects come into play when it is necessary to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity etc.
A Model for Network Security… All security techniques have two components: A security related transformation on the information to be sent. Example : Encryption of the message Some secret information shared by both the parties and it is hoped, unknown to the opponent. Example : Encryption key
A Model for Network Security… A trusted third party may be needed : To achieve secure transmission For distributing secret information to the parties and keeping it away from opponent To handle disputes between the parties.
A Model for Network Security… According to general security model there are four basic tasks in designing a particular security service: Design an algorithm for performing the security-related transformation. Generate the secret information to be used with the algorithm. Develop methods for the distribution and sharing of the secret information. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.
Network Access Security Model
Network Access Security Model… Reflect concern for protecting an information system from unwanted access. Opponents attempt to penetrate the system. Opponents Human Opponent-Hackers, Intruders Software Opponents-Virus, worms
Network Access Security Model… Security mechanism needed to cope with unwanted access fall into two categories Gatekeeper Function : Includes password based login procedures, screening logic to detect virus, worms, and other similar attacks. A variety of internal controls that monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders.