Submitted By

Akshat Jain (imb2011031) Aniruddha Guha Biswas (imb2011010) Raveesh Tandon (imb2011020) Saurabh Bharti (imb2011016) Shaurabh Singh (imb2011005)

What Is Network Security
Network Security is the authorization of access to data in a network, which is controlled by the network administrator.  network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources

Need for Network Security
Increasing online transactions.  Personal and sensitive information shared over network.  Protect our confidential data.

Security Attacks

 Attack on availability



 Attack on confidentiality





 Attack on integrity




 Attack on authenticity





Types Of Attack
1) Passive attacks:
 Obtain information that is being transmitted.

Two types:
○ Release of message contents:

○ Traffic analysis:- The opponent can determine

the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.
 Very difficult to detect.

2) Active attacks:
 Involve some modification of the data stream

or the creation of a false stream.  Three categories:
○ Replay:- Passive capture of a data unit and its

subsequent retransmission to produce an unauthorized effect. ○ Modification:- Some portion of a legitimate message is altered. ○ Denial of service:- Prevents the normal use of communication facilities.

Issues in Network Security
Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)

Encryption Algorithms
Data Encryption Standard (DES)  IDEA  Advanced Encryption Standard (AES)  RSA Algorithm

Encryption using Public Key System
B’s public key KUB B’s private key KRB

RSA Algorithm
Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P





Three categories:
a) Encryption/decryption: ○ The sender encrypts a message with the recipient’s public key. b) Digital signature / authentication: ○ The sender signs a message with its private key.
c) Key exchange: ○ Two sides cooperate to exhange a session key.


Network Security Principles
Authentication Application- KERBEROS
      

Created by MIT to address various security issues Implements a client-server model and provides mutual authentication to each other. Every user has a password Every application server has a password Passwords are kept only in Kerberos Database No unauthorized user has access to servers(physically) The user requires ticket for each access

Electronic Mail Security: Pretty Good Privacy (PGP)

PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.

IP Security :: IPSec
IP protocol is responsible for routing packets over the Internet.  For security in packet transmission, we use IPSec.  Provides two modes of protection

 Tunnel Mode  Transport Mode


 Secure branch office connectivity over the

Internet.  Secure remote access over the Internet.  Establsihing extranet and intranet connectivity with partners.  Enhancing electronic commerce security.

SSL (Secure Socket Layer)
transport layer security service  originally developed by Netscape  version 3 designed with public input  subsequently became Internet standard known as TLS (Transport Layer Security)  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols

SSL Architecture

SSL Architecture

SSL session
   

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

SSL connection
 a transient, peer-to-peer, communications

link  associated with 1 SSL session

SSL Handshake Protocol

allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used

comprises a series of messages in phases
 Establish Security Capabilities  Server Authentication and Key Exchange

 Client Authentication and Key Exchange
 Finish

SSL Handshake Protocol

Computer Networks, 4th Edition (Prentice Hall) - Andrew S Tanenbaum.  Network Security and Cryptography by William Stalling.  Wikipedia.

Thank You