1. Cryptography and Network Security
Jayash Sharma
Assistant Professor
Department of computer Science & Engineering
Hindustan Institute of Technology & Management, Agra
Mob:

2. Introduction
Network and Information Security consists of measures to Deter, Prevent, Detect, Correct security violations that involve the transmission of information.
Covers lots of possibilities in real life scenario.

3. Examples of Network Security Violations
Case-1
User A transmits a file to user B. The file contains sensitive information (e.g., payroll records) that is to be protected from disclosure.
User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.

4. Examples of Network Security Violations
Case-1
User A B
Sensitive information being transmitted on channel C
Sender
Receiver
Intruder
(Not Authorized to view sensitive information)
Able to monitor transmission and capture / read files being transmitted

5. Examples of Network Security Violations
Case-2
A network manager, D, transmits a message to a computer E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer.
User F intercepts the message, alters its contents to add or delete entries, and then forwards the message to computer E, which accepts the message as coming from manager D and updates its authorization file accordingly.

6. Examples of Network Security Violations
Case-2
Message Interception
Transmission of altered Message
Network Manager D
Computer E
Message (M) to update authorization File
Ex: Allow FTP Access to User-A
User F
Sender
Receiver
Intruder
Alter Message (M1)
Allow FTP Access to ALL
Computer E executes altered message M1 X

7. Examples of Network Security Violations
Case-3
A network manager, D, transmits a message to a computer, E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer.
User F intercepts the message and constructs its own message with the desired entries and transmits that message to computer E as if it had come from manager D. Computer E accepts the message as coming from manager D and updates its authorization file accordingly.

8. Examples of Network Security Violations
Case-3
Message Interception
Transmission of new Message
Network Manager D
Computer E
Message (M) to update authorization File
Ex: Allow FTP Access to User-A
User F
Sender
Receiver
Intruder
New Message (M1)
Deny Print Access to ALL
Computer E executes altered message M1 X

9. Examples of Network Security Violations
Case-4
An employee is fired without warning. The personnel manager sends a message to a server system to invalidate the employee’s account. When the invalidation is accomplished, the server is to post a notice to the employee’s file as confirmation of the action.
The employee is able to intercept the message and delay it long enough to make a final access to the server to retrieve sensitive information. The message is then forwarded, the action taken, and the confirmation posted. The employee’s action may go unnoticed for some considerable time.

10. Examples of Network Security Violations
Case-4 X
Message Interception
Retransmission of M
Network
Manager D
Computer E
Invalidate account and update file
Message (M)
Invalidate Employee Account (Emp-1)
Activity gets unnoticed
User
Emp-1
Sender
Receiver
Intruder
Delay transmission of M
And retrieve sensitive information 1 2 3
Retrieve Information

11. Examples of Network Security Violations
Case-5
A message is sent from a customer to a stockbroker with instructions for various transactions.
Subsequently, the investments lose value and the customer denies sending the message.

12. Examples of Network Security Violations
Case-5
User A B
Time (t1): Sends Message
Sender
Receiver
Time (t2): Denial about previous message

13. What is Computer Security?
Computer security can be defined as follows:
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information / data, and telecommunications).
Three key objectives are heart of computer security:
Confidentiality, Integrity, Availability

14. Confidentiality Confidentiality covers two related concepts
Data Confidentiality
Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
Privacy
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

15. Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
A loss of confidentiality is the unauthorized disclosure of information.

16. Integrity Integrity covers two related concepts Data Integrity
Assures that information and programs are changed only in a specified and authorized manner.
System Integrity
Assures that a system performs its intended function in an unimpaired (not damaged) manner, free from deliberate or inadvertent unauthorized manipulation of the system.

17. Integrity
Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity.
A loss of integrity is the unauthorized modification or destruction of information.

18. Availability
Assures that systems work promptly and service is not denied to authorized users.
Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or an information system.

19. CIA Triad
These three concepts form CIA triad and embody the fundamental security objectives for both data and for information and computing services.

20. More on Information Security
Although CIA triad is well established to define security objectives but two most more objectives are added to it for a complete picture.
Authenticity
Accountability

21. Authenticity
The property of being genuine and being able to be verified and trusted;
Confidence in the validity of a transmission, a message, or message originator.
This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

22. Accountability
Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

23. Levels of Impact
Three levels of impact on organization or individual are defined in case of security breach:
Low
Moderate
High

24. Levels of Impact Low Impact
The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
For example, the loss of confidentiality, integrity, or availability might :
cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced;
result in minor damage to organizational assets
result in minor financial loss or result in minor harm to individuals.

25. Levels of Impact Moderate Impact
The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
The loss might
cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced;
result in significant damage to organizational assets;
result in significant financial loss; or result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.

26. Levels of Impact High Impact
The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
The loss might:
cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions;
result in major damage to organizational assets;
result in major financial loss; or result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.

27. Assignment-1
Analysis of Student Grading System in terms of Confidentiality and level of security breach.
Analysis of Patient / Hospital Information System in terms of Integrity and level of security breach.
Analysis of Authentication Service in terms of Availability and level of security breach.

28. Assignment-1
Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.
Repeat Problem 4 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller.

29. Assignment-1
Consider a desktop publishing system used to produce documents for various organizations.
Give an example of a type of publication for which confidentiality of the stored data is the most important requirement.
Give an example of a type of publication in which data integrity is the most important requirement.
Give an example in which system availability is the most important requirement.

30. Assignment-1
For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers.
An organization managing public information on its Web server.
A law enforcement organization managing extremely sensitive investigative information.
Consider a desktop publishing system used to produce documents for various organizations.

31. Assignment-1
A financial organization managing routine administrative information (not privacy related information).
An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.

32. Assignment-1
A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.

33. Challenges of Computer Security
Not simple (Requirements may be straightforward like integrity but implementation mechanisms are complex).
Must consider potential attacks on security features.
Because of point-02, procedures are counterintuitive (Contrary to what common sense would suggest)
Must decide where to deploy security measures including physical placement (Ex: Where to place in network) and logical placement (In which layer of TCP)

34. Challenges of Computer Security
Security mechanism typically involve more than one algorithm, protocol and accordingly use secret information.
battle of wits (The basic human power of intelligent thought and perception) between attacker / admin. No scope for weakness. The designer must find and eliminate all weaknesses to achieve perfect security.
Tendency to perceive little benefits from security investments until a security failure occurs.

35. Challenges of Computer Security
Requires regular monitoring (Difficult in short term and overloaded environment)
Too often an after thought (To be incorporated in system after the design is complete rather than being an integral part of the system)
Regarded as impediment (Something immaterial that interferes with or delays action or progress) to using system.

36. OSI Security Architecture
To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements.
This is difficult enough in a centralized data processing environment; with the use of local and wide area networks, the problems are compounded.

37. OSI Security Architecture
ITU-T (International Telecommunication Union- Telecommunication Standardization Sector) recommends X.800 Security Architecture for OSI.
The OSI security architecture is useful to managers as a way of organizing the task of providing security.
The OSI security architecture focuses on
Security attacks
Mechanisms
Services

38. OSI Security Architecture
Security Attacks : Any action that compromises the security of information owned by an organization.
Mechanism : A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
Services : A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

39. Security Attacks
Any action that compromises the security of information owned by an organization.
Categorized as Passive attacks and Active attacks.
Passive Attacks : attempt to learn or make use of information from the system but does not affect system resources.
Active Attacks : attempt to alter system resources or affect their operation.

40. Passive Attacks
Attempt to learn or make use of information from the system but does not affect system resources.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are:
The release of message contents
Traffic analysis.

41. Release of Message Contents

42. Release of Message Contents
One would like to prevent an opponent from learning the contents of transmissions
Telephonic conversation
Transferred file on network

43. Traffic Analysis

44. Traffic Analysis
Why?
In case we have a way of masking the contents (Encryption) then opponent may not be able to read actual data.
In such cases opponents will try to read the traffic and analyze the patterns to understand the communication.

45. Remarks on Passive Attacks
Difficult to detect.
Do not alter any data.
Message traffic is sent and received in normal fashion. So receiver and sender are not aware that a third part has read the message or traffic pattern.
Feasible to prevent such attacks usually by means of good encryption approach
Prevention is possible rather than detection.

46. Active Attacks
Involve some modification of the data stream or the creation of false data stream.
Active attacks can be categorized as:
Masquerade
Replay
Modification of messages
Denial of service

47. Masquerade

48. Masquerade One entity pretends to be a different entity.
A masquerade attack usually includes one of the other forms of active attacks.
Example : Authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
Example: Fake messages on behalf of Banks

49. Replay
Passive capture of a data and its subsequent retransmission

50. Modification of Messages

51. Modification of Messages
Some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
Example : A message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”

52. Denial of Service (DoS)

53. Denial of Service (DoS)
Prevents or inhibits the normal use or management of communications facilities.
This attack may have a specific target
Example-1 : An entity may suppress all messages directed to a particular destination
Example-2 : Disruption of an entire network either by disabling the network or by overloading it with messages so as to degrade performance.

54. Remarks on Active Attacks
Active attacks have opposite characteristics of passive attacks.
Difficult to prevent active attacks because of wide variety of potential physical, software and network vulnerabilities.
Goal is to detect active attacks and recover from disruption and delays caused by them.

55. Security Services
Security service is a processing or communication service that is provided by a system to give a specific kind of protection to system resources
Security services implement security policies and are implemented by security mechanisms.
X.800 divides these services in 05 categories and 14 specific services.

56. Security Services… Security Service Categories Authentication
Access Control
Data Confidentiality
Data Integrity
Non-repudiation

57. Security Services… Authentication
The assurance that the communicating entity is the one that it claims to be.
In the case of a single message (warning signal), authentication service assures the recipient that the message is from the source that it claims to be from.

58. Security Services… Authentication
In the case of an ongoing interaction (connection of a terminal to a host), two aspects are involved.
First, at the time of connection initiation, the service assures that the two entities are authentic (each is the entity that it claims to be).
Second, the service must assure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception

59. Security Services… Authentication
Two specific authentication services are used in X.800
Peer Entity Authentication
Data Origin Authentication

60. Security Services… Authentication : Peer Entity Authentication
Two entities are peers if they implement to same protocol in different systems; e.g. two TCP modules in two communicating systems.
Peer entity authentication is used at the establishment of, or at times during the data transfer phase of, a connection.
Attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection.

61. Security Services… Authentication : Data Origin Authentication
In a connectionless transfer, provides assurance that the source of received data is as claimed.
It does not provide protection against the duplication or modification of data units.
This type of service supports applications like Electronic Mail, where there are no prior interactions between the communicating entities.

62. Security Services… Access Control
Ability to limit and control the access to host systems and applications via communications links.
To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual.

63. Security Services… Data Confidentiality
Protection of transmitted data from passive attacks / unauthorized disclosure.
Four specific data confidentiality services are used in X.800
Connection Confidentiality
Connectionless Confidentiality
Selective field Confidentiality
Traffic Flow Confidentiality

64. Security Services… Data Confidentiality : Connection Confidentiality
The protection of all user data on a connection.
Data Confidentiality : Connectionless Confidentiality
The protection of all user data in a single data block.

65. Security Services…
Data Confidentiality : Selective Field Confidentiality
The confidentiality of selected fields within the user data on a connection or in a single data block.
Data Confidentiality : Traffic Flow Confidentiality
The protection of the information that might be derived from observation of traffic flows.

66. Security Services… Data Integrity
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
Five specific data integrity services are used in X.800
Connection Integrity with Recovery
Connection Integrity without Recovery
Selective Field Connection Integrity
Connectionless Integrity
Selective Field Connectionless Integrity

67. Security Services… Data Integrity : Connection Integrity with Recovery
Provides integrity of all user data on a connection and detects any modification, insertion, deletion, replay of any data within an entire data sequence, with recovery attempted.
Recovery : If a violation of integrity is detected, then the service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. There are mechanisms available to recover from the loss of integrity of data.

68. Security Services…
Data Integrity : Connection Integrity without Recovery
Provides integrity of all user data on a connection and detects any modification, insertion, deletion, replay of any data within an entire data sequence, without recovery attempted.
Data Integrity : Selective Field Connection Integrity
Provides integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted or replayed.

69. Security Services… Data Integrity : Connectionless Integrity
Provides integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided.
Data Integrity : Selective Field Connectionless Integrity
Provides integrity of selected fields within a single connectionless data block and takes the form of determination of whether the selected fields have been modified.

70. Security Services… Non-repudiation
Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
Two specific non-repudiation services are used in X.800
Non-repudiation, Origin
Non-repudiation, Destination

71. Security Services… Non-repudiation, Origin
Proof that the message was sent by the specified party.
Non-repudiation, Destination
Proof that the message was received by the specified party.

72. Security Mechanism
Security mechanisms are incorporated into the appropriate protocol layer in order to provide some of the OSI security services.
Security mechanisms are divided into those
that are implemented in a specific protocol layer(TCP or an application-layer protocol)
that are not specific to any particular protocol layer or security service.

73. Security Mechanism : Layer Dependent
Encipherment : The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
Digital Signature : Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient).

74. Security Mechanism : Layer Dependent
Access Control: A variety of mechanism that enforce access rights to resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

75. Security Mechanism : Layer Dependent
Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data exchange.

76. Security Mechanism : Layer Independent
Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy)
Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource.
Event Detection: Detection of security-relevant events.

77. Security Mechanism : Layer Independent
Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.

78. Security Mechanism & Services

79. Encipherment
Reversible Encipherment: An encryption algorithm that allows data to be encrypted and subsequently decrypted.
Irreversible Encipherment: This mechanism include has algorithms and message authentication codes, which are used in digital signatures and message authentication applications.

80. A Model for Network Security

81. A Model for Network Security…
Includes two parties (Sender / source and Receiver / destination)
A logical information channel is establish by defining a route through Internet from source to destination.
Security aspects come into play when it is necessary to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity etc.

82. A Model for Network Security…
All security techniques have two components:
A security related transformation on the information to be sent.
Example : Encryption of the message
Some secret information shared by both the parties and it is hoped, unknown to the opponent.
Example : Encryption key

83. A Model for Network Security…
A trusted third party may be needed :
To achieve secure transmission
For distributing secret information to the parties and keeping it away from opponent
To handle disputes between the parties.

84. A Model for Network Security…
According to general security model there are four basic tasks in designing a particular security service:
Design an algorithm for performing the security-related transformation.
Generate the secret information to be used with the algorithm.
Develop methods for the distribution and sharing of the secret information.
Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.

85. Network Access Security Model

86. Network Access Security Model…
Reflect concern for protecting an information system from unwanted access.
Opponents attempt to penetrate the system.
Opponents
Human Opponent-Hackers, Intruders
Software Opponents-Virus, worms

87. Network Access Security Model…
Security mechanism needed to cope with unwanted access fall into two categories
Gatekeeper Function : Includes password based login procedures, screening logic to detect virus, worms, and other similar attacks.
A variety of internal controls that monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders.