Submitted By

:
Akshat Jain (imb2011031) Aniruddha Guha Biswas (imb2011010) Raveesh Tandon (imb2011020) Saurabh Bharti (imb2011016) Shaurabh Singh (imb2011005)

What Is Network Security
Network Security is the authorization of access to data in a network, which is controlled by the network administrator.  network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources

Need for Network Security
Increasing online transactions.  Personal and sensitive information shared over network.  Protect our confidential data.

Security Attacks

Interruption:
 Attack on availability

S

D

Interception:
 Attack on confidentiality

S

D

I

4

Modification:
 Attack on integrity

S

D

I

Fabrication:
 Attack on authenticity

S

D

I

5

Types Of Attack
1) Passive attacks:
 Obtain information that is being transmitted.

Two types:
○ Release of message contents:

○ Traffic analysis:- The opponent can determine

the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.
 Very difficult to detect.

2) Active attacks:
 Involve some modification of the data stream

or the creation of a false stream.  Three categories:
○ Replay:- Passive capture of a data unit and its

subsequent retransmission to produce an unauthorized effect. ○ Modification:- Some portion of a legitimate message is altered. ○ Denial of service:- Prevents the normal use of communication facilities.

Issues in Network Security
Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)

Encryption Algorithms
Data Encryption Standard (DES)  IDEA  Advanced Encryption Standard (AES)  RSA Algorithm

Encryption using Public Key System
B’s public key KUB B’s private key KRB

RSA Algorithm
Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P

A

B

10

Applications

Three categories:
a) Encryption/decryption: ○ The sender encrypts a message with the recipient’s public key. b) Digital signature / authentication: ○ The sender signs a message with its private key.
c) Key exchange: ○ Two sides cooperate to exhange a session key.

11

Network Security Principles
Authentication Application- KERBEROS
      

Created by MIT to address various security issues Implements a client-server model and provides mutual authentication to each other. Every user has a password Every application server has a password Passwords are kept only in Kerberos Database No unauthorized user has access to servers(physically) The user requires ticket for each access

Electronic Mail Security: Pretty Good Privacy (PGP)

PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.

IP Security :: IPSec
IP protocol is responsible for routing packets over the Internet.  For security in packet transmission, we use IPSec.  Provides two modes of protection

 Tunnel Mode  Transport Mode

16

Applications:
 Secure branch office connectivity over the

Internet.  Secure remote access over the Internet.  Establsihing extranet and intranet connectivity with partners.  Enhancing electronic commerce security.

SSL (Secure Socket Layer)
transport layer security service  originally developed by Netscape  version 3 designed with public input  subsequently became Internet standard known as TLS (Transport Layer Security)  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols

SSL Architecture

SSL Architecture

SSL session
   

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

SSL connection
 a transient, peer-to-peer, communications

link  associated with 1 SSL session

SSL Handshake Protocol

allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used

comprises a series of messages in phases
 Establish Security Capabilities  Server Authentication and Key Exchange

 Client Authentication and Key Exchange
 Finish

SSL Handshake Protocol

Reference:
Computer Networks, 4th Edition (Prentice Hall) - Andrew S Tanenbaum.  Network Security and Cryptography by William Stalling.  Wikipedia.

Thank You