Professional Documents
Culture Documents
1.Access Control
is a service the system uses, together with a user pre-provided
identification
information such as a password, to determine who uses what of its
services. Let us
look at some forms of access control based on hardware and software.
1.1 Hardware Access Control Systems
Access control tools falling in this category include the following:
•Access terminal.
These activities can be done in a variety of ways including fingerprint
verification and real-time anti-break-in sensors.
• Visual event monitoring. This is a combination of many
technologies into one very useful and rapidly growing form of access
control using a variety of real time technologies including video and
audio signals, aerial photographs, and global positioning system
(GPS) technology to identify locations.
• Identification cards. Sometimes called proximity cards, these cards
have become very common these days as a means of access control in
buildings, financial institutions, and other restricted areas.
The cards come in a variety of forms, including magnetic, bar coded,
contact chip, and a combination of these.
• Biometric identification. This is perhaps the fastest growing form
of control access tool today. Some of the most popular forms include
fingerprint, iris, and voice recognition. However, fingerprint
recognition offers a higher level of security.
• Video surveillance. This is a replacement of CCTV of yester year,
and it is gaining popularity as an access control tool. With fast
networking technologies and digital cameras, images can now be
taken and analyzed very quickly, and action taken in minutes.
1.2 Software Access Control Systems
Software access control falls into two types:
a. point of access monitoring (POA), personal activities can be
monitored by a PC-based application. The application can even be
connected to a network or to machines.
b. In remote mode, the terminals can be linked in a variety of ways,
including the use of modems, telephone lines, and all forms of
wireless connections.
2.Authentication
Authentication is a service used to identify a user. User identity,
especially of remote users.
This service provides a system with the capability to verify that a user
is the very one he or she claims to be based on what the user is,
knows, and has.
Physically, we can authenticate users based on checking one or more
of the following user items:
• User name (sometimes screen name)
• Password
• Retinal images: The user looks into an electronic device that maps
his or her eye retina image; the system then compares this map with a
similar map stored on the system.
• Fingerprints: The user presses on or sometimes inserts a particular
finger into a device that makes a copy of the user fingerprint and then
compares it with a similar image on the system user file.
• Physical location: The physical location of the system initiating an
entry request is checked to ensure that a request is actually originating
from a known and authorized location. In networks, to check the
authenticity of a client’s location a network or Internet protocol (IP)
address of the client machine is compared with the one on the system
user file.
This method is used mostly in addition to other security measures
because it alone cannot guarantee security. If used alone, it provides
access to the requested system to anybody who has access to the client
machine.
• Identity cards: Increasingly, cards are being used as authenticating
documents.
Whoever is the carrier of the card gains access to the requested
system.
card authentication is usually used as a second-level authentication
tool because whoever has access to the card
automatically can gain access to the requested system.
3. Confidentiality
The confidentiality service protects system data and information from
unauthorized disclosure.
This service uses encryption algorithms to ensure that nothing of the
sort(such as third party like a cryptanalysis or a man-in-the middle has
eavesdropped on the data) happened while the data was in the
network.
Encryption protects the communications channel from sniffers.
Sniffers are programs written for and installed on the communication
channels to eavesdrop on network traffic, examining all traffic on
selected network segments. Sniffers are easy to write and install and
difficult to detect. The encryption algorithm can either be symmetric
or asymmetric.
*Symmetric encryption or secret key encryption, as it is usually
called, uses a common key and the same cryptographic algorithm to
scramble and unscramble the message.
* Asymmetric encryption commonly known as public key encryption
uses two different keys: a public key known by all and a private key
known by only the sender and the receiver.
Both the sender and the receiver each has a pair of these keys, one
public and one private.
To encrypt a message, a sender uses the receiver’s public key which
was published. Upon receipt, the recipient of the message decrypts it
with his or her private key.
4. Integrity
The integrity service protects data against active threats such as those
that may alter it. Just like data confidentiality, data in transition
between the sending and receiving parties is susceptible تتعرضto
many threats from hackers, eavesdroppers, and cryptanalysts whose
goal is to intercept the data and alter it based on their motives.
This service, through encryption and hashing algorithms, ensures that
the integrity of the transient data is intact.
A hash function takes an input message M and creates a code from it.
The code is commonly referred to as a hash or a message digest.
A one-way hash function is used to create a signature of the message –
just like a human fingerprint.
System Interconnect) model in 1982 for computer network connection. The OSI
Figure(3).
message. Figure (4) shows a typical message that has been acted upon by the
seven layers to prepare it for transmission. Layer 6 breaks the original message
data into blocks. At the layer 5, a session header is added to show the sender,
concerning the logical connection between the sender and receiver. At the
layer 3 routing information is added, it also divides the message into unties
message blocks, and to detect and correct transmission errors. The individual
bits of the message and the control information are transmitted on the physical
medium by level 1.
**All the additions to the message are checked and removed by the
The TCP/IP four-layer model is created with reference to the seven-layer OSI
model,as shown in Figure (5). Both the OSI model and the TCP/IP layered
model are based on many similarities, but there are philosophical and practical
computers.
communication network.
2. Internet Layer:
The Internet layer provides a routing function. This layer consists of the Internet
The transport layer delivers data between two processes on different host
computers. This layer contains the Transmission Control Protocol (TCP) and the
4. Application Layer:
This layer provides a direct interface with users or applications. Some of the
important application protocols are File Transfer Protocol (FTP) for file
transfers,Hypertext Transfer Protocol (HTTP) for the World Wide Web, Simple
Mail Transport Protocol (SMTP), Post Office Protocol (POP), Internet Mail
Access Protocol (IMAP), Internet Control Message Protocol (ICMP) for email,
Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP) and Secure
========================================================
IP Addresses:
services) and server device (defined as the provider of services) must have a
unique IP address.
Client workstations have either a static address or a dynamic address which
Ports:
two or more computers. For the computer acting as the client, the destination
port number will typically identify the type of application/service being hosted
by the server.
For example:
TCP port 21 is the destination port number used when communicating with an FTP server.
TCP port 22 is the destination port number used when communicating with an SSH server.
TCP port 23 is the destination port number used when communicating with an Telnet server.
TCP port 25 is the destination port number used when communicating with an SMTP server.
TCP port 80 is the destination port number used when communicating with an HTTP server.
TCP port 110 is the destination port number used when communicating with a POP3 server.
TCP port 5190 is the destination port number used when communicating with an AOLIM server.
TCP port 6667 is the destination port number used when communicating with an IRC server.
The above is a small selection from a possible 65,535 (64K) port numbers.
The port numbers are divided into three ranges: the Well Known Ports (from 0
through 1023), the Registered Ports (from 1024 through 49151), and the
consists of more than one computing system) not block users from continuing
to computer. If similar systems exist, users can move their computing tasks to
nodes.
=========================================================
owned by an organization.
organization. The services are intended to counter security attacks, and they
** the terms threat and attack are commonly used to mean more or less the
same thing. provides definitions taken from RFC 2828, Internet Security
Glossary.
Threat
capability, action, or event that could breach ينتهكsecurity and cause harm.
Attack
An assault اعتداءon system security that derives from an intelligent threat; that
policy of a system.
Security Mechanisms
Table 1.3 lists the security mechanisms defined in X.800. As can be seen the
mechanisms are divided into those that are implemented in a specific protocol
some sort of internet. The two parties, who are the principals(headmaster ) in
this transaction, must cooperate for the exchange to take place. A logical
Security aspects come into play when it is necessary or desirable to protect the
confidentiality, authenticity, and so on. All the techniques for providing security
include the encryption of the message, which scrambles the message so that it
contents of the message, which can be used to verify the identity of the sender
● Some secret information shared by the two principals and, it is hoped,
third party may be needed to arbitrate disputes between the two principals
This general model shows that there are four basic tasks in designing a
3. Develop methods for the distribution and sharing of the secret information.
4.Specify a protocol to be used by the two principals that makes use of the
service.
KEY DISTRIBUTION AND USER AUTHENTICATION
Solution
So, use an authentication server (AS) that knows the passwords of all
users and stores these in a centralized database. In addition, the AS shares
aAS shares a unique secret key unique secret key with each server with
each server. These keys have been distributed physically or in some other
secure manner.
The heart of the first problem is the lifetime associated with the ticket-
granting ticket.
If this lifetime is very short (e.g., minutes), then the user will be repeatedly
asked for a password. If the lifetime is long (e.g., hours), then an opponent
has a greater opportunity فرصةfor replay. An opponent could eavesdrop on
the network and capture a copy of the ticket-granting ticket TGT and then
wait for the legitimate user to log out.
Then the opponent could forge صياغةthe legitimate user’s network address
and send the message of step (3) to the TGS. This would give the opponent
unlimited access to the resources and files available to the legitimate user.
*In this scenario, the user logs on to a workstation and requests access to server V.
The client module C in the user’s workstation requests the user’s password
and then sends a message to the AS that includes the user’s ID, the server’s
ID, and the user’s password.
**The AS checks its database to see if the user has supplied the proper
password for this user ID and whether this user is permitted access to
server V . If both If both tests are tests are passed, passed, the AS accepts
the user as authentic and must now convince إقناعthe server that this user is
authentic.
C =client
AS =authentication server
V = server
ID
C = identifier of user on C
IDV = identifier of V
PC =password of user on C
ADC =network address of C
key shared by AS and V
To do so, the AS creates a ticket that contains the user’s ID and network
address and the server’s ID. This ticket is encrypted using the secret key
shared by the AS and this server. This ticket is then sent back to C.
**Because the ticket is encrypted, it cannot be altered by C or by an
opponent.
With this ticket, C can now apply to V for service. C sends a message to V
containing C’s ID and the ticket.
V decrypts the ticket and verifies that the user ID in the ticket is the same as
the unencrypted user ID in the message. If these two match, the server
considers the user authenticated and grants منحthe requested service.
Kerberos Realms العوالم : A full-service Kerberos environment
consisting of a Kerberos server, a number of clients, and a number of
application servers requires the following:
1. The Kerberos server must have the user ID and hashed passwords of all
participating users in its database. All users are registered with the
Kerberos server.
2. The Kerberos server must share a secret key with each server. All servers
are registered with the Kerberos server.
A Kerberos realm is a set of managed nodes that share the same Kerberos
database. The Kerberos database resides on the Kerberos master
computer system, which should be kept in a physically secure room. A
read-only copy of the Kerberos database might also reside on other
Kerberos computer systems.
**However, all changes to the database must be made on the master
computer system. Changing or accessing the contents of a Kerberos
database requires the
Kerberos master password. For two realms to support interrealm
authentication, a third requirement is added:
3. The Kerberos server in each interoperating realm shares a secret key
with the server in the other realm. The two Kerberos servers are registered
with each other.
Kerberos Version 5
environmental shortcomings.
1-Public-Key Certificates
public-key encryption is that the public key is public. Thus, if there is
some broadly accepted public-key algorithm, such as RSA, any
participant can send his or her public key to any other participant or
broadcast the key to the community at large. Although this approach is
convenient, it has a major weakness.
Anyone can forge such a public announcement. That is, some user
could pretend to be user A and send a public key to another participant
or broadcast such a public key. Until such time as user A discovers the
forgery and alerts other participants, the forger is able to read all
encrypted messages intended for A and can use the forged keys for
authentication.
The solution to this problem is the public-key certificate. a certificate
consists of a public key plus a user ID of the key owner, with the
whole block signed by a trusted third party.
*Typically, the third party is a certificate authority (CA) that is trusted
by the user community, such as a government agency or a financial
institution.
* A user can present his or her public key to the authority in a secure
manner and obtain a certificate. The user can then publish the
certificate.
*Anyone needing this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature. Figure
4.3 illustrates the process.
One scheme has become universally accepted for formatting لصياغة
public-key certificates: the X.509 standard. X.509 certificates are
used in most network security applications, including IP security,
secure sockets layer (SSL), secure electronic transactions (SET), and
S/MIME.
2-Public-Key Distribution of Secret Keys
❑To introduce the idea of Internet security at the network layer and the IPSec protocol
that implements that idea in two modes: transport and tunnel.
❑ To discuss two protocols in IPSec, AH and ESP, and explain the security services
each provide.
❑ To introduce the idea of Internet security at the transport layer and the SSL protocol
that implements that idea.
❑ To show how SSL creates six cryptographic secrets to be used by the client and the
server.
❑ To discuss four protocols used in SSL and how they are related to each other.
❑ To introduce Internet security at the application level and two protocols, PGP and
S/MIME, that implement that idea.
❑ To show how PGP and S/MIME can provide confidentiality and message
authentication.
We start with the discussion of security at the network layer. Although in the next two
sections we discuss security at the transport and application layers, we also need
security at the network layer for three reasons. First, not all client/server programs
are protected at the application layer. Second, not all client/server programs at the
application layer use the services of TCP to be protected by the transport layer security
that we discuss for the transport layer; some programs use the service of UDP.
Third, many applications, such as routing protocols, directly use the service of IP;
they need security services at the IP layer.
Task Force (IETF) to provide security for a packet at the network level. IPSec helps
create authenticated and confidential packets for the IP layer.
Two Modes
IPSec operates in one of two different modes: transport mode or tunnel mode.
Transport Mode
In transport mode, IPSec protects what is delivered from the transport layer to the
network layer. In other words, transport mode protects the payload to be encapsulated
in the network layer, as shown in Figure 30.1.
Note that transport mode does not protect the IP header. In other words, transport
mode does not protect the whole IP packet; it protects only the packet from the
transport layer (the IP layer payload). In this mode, the IPSec header (and trailer) are
added to the information coming from the transport layer. The IP header is added later.
Transport mode is normally used when we need host-to-host (end-to-end) protection
of data.
The sending host uses IPSec to authenticate and/or encrypt the payload delivered from
the transport layer. The receiving host uses IPSec to check the authentication and/or
decrypt the IP packet and deliver it to the transport layer. Figure 30.2 shows this
concept.
Tunnel Mode
In tunnel mode, IPSec protects the entire IP packet. It takes an IP packet, including
the header, applies IPSec security methods to the entire packet, and then adds a new IP
header, as shown in Figure 30.3.
The new IP header, has different information than the original IP header. Tunnel mode
is normally used between two routers, between a host and a router, or between a router
and a host, as shown in Figure 30.4. The entire original packet is protected from
intrusion between the sender and the receiver, as if the whole packet goes through an
imaginary tunnel.
Comparison
In transport mode, the IPSec layer comes between the transport layer and the network
layer. In tunnel mode, the flow is from the network layer to the IPSec layer and then
back to the network layer again. Figure 30.5 compares the two modes.
Two Security Protocols
IPsec defines two protocols
the Authentication Header (AH) Protocol and the Encapsulating Security Payload
(ESP) Protocol.
to provide authentication and/or encryption for packets at the IP level.
Access Control
IPSec provides access control indirectly using a Security Association Database
(SAD), as we will see in the next section. When a packet arrives at a destination,
and there is no Security Association already established for this packet, the packet
is discarded.
Message Integrity
Message integrity is preserved الحفاظin both AH and ESP. A digest of data is
created and sent by the sender to be checked by the receiver.
Entity Authentication
The Security Association and the keyed-hash digest of the data sent by the sender
authenticate the sender of the data in both AH and ESP.
Confidentiality
The encryption of the message in ESP provides confidentiality. AH, however, does not
provide confidentiality. If confidentiality is needed, one should use ESP instead of AH.
Replay Attack Protection
In both protocols, the replay attack is prevented by using sequence numbers and a
sliding receiver window. Each IPSec header contains a unique sequence number when
the Security Association is established. The number starts from 0 and increases until
the value reaches 232 − 1. When the sequence number reaches the maximum, it is reset
to 0 and, at the same time, the old Security Association (see the next section) is deleted
and a new one is established.