Professional Documents
Culture Documents
Network Security
19ECS305
Module I
Computer Security
1. Confidentiality:
▪ Data confidentiality
▪ Privacy
2. Integrity:
• Data integrity
• System integrity
3. Availability:
The Challenges of Computer Security ?
Why Cryptography is important?
Hacker
Hi Ramana send
me Rs. 10000
please.
Hi Ramana,
how are
you?
Sanjeev Ramana
OSI Security Architecture
34567843
Cipher Text
Hi, How
are you? Key
Plain Text Decryption
How Cryptography works?
Hacker
34568798
Error /
Hi Ramana, Original Text
how are
you?
Sanjeev Ramana
Cryptanalysis
• Interception
1. This is an attack on confidentiality.
2. An unauthorized party gains access to an
asset.
Eg: wire tapping to capture data in the
network, illicit copying of files
Passive Attacks : Passive attacks are in the nature
of eavesdropping on, or monitoring of,
transmissions.
• Release of Message Contents.
• Interruption
1. This is an attack on availability.
2. An asset of the system is destroyed or
becomes unavailable or unusable.
Eg : destruction of piece of hardware, cutting
of a communication line
• Modification
1. This is an attack on integrity.
2. An unauthorized party not only gains access to
but tampers with an asset.
Eg: changing values in data file, altering a program,
modifying the contents of messages being
transmitted in a network.
• Fabrication
1. This is an attack on authenticity
2. An unauthorized party inserts counterfeit
objects into the system
Eg: Insertion of spurious message in a network
or addition of records to a file.
Active Attack: These attacks involve some
modification of the data stream or the creation
of a false stream.
• Masquerade – One entity pretends to be a
different entity.
• Replay – involves passive capture of a data
unit and its subsequent transmission to
produce an unauthorized effect.
• Modification of messages – Some portion of
message is altered or the messages are delayed
or recorded, to produce an unauthorized effect.
• Denial of service – Prevents or inhibits the normal use or
management of communication facilities. Another form of
service denial is the disruption of an entire network, either by
disabling the network or overloading it with messages so as to
degrade performance.
Recalling the previous class topics
SECURITY SERVICES (X.800)
A processing or communication service that
enhances the security of the data processing
systems and the information transfers of an Confidentiality
organization.
These services are intended to counter security Integrity
attacks, and they make use of one or more
security mechanisms to provide the service.
Authentication
Messages
Non repudiation
Availability
Entity
Authentication
Security Services Security Mechanisms
Data Confidentiality Encipherment and Routing
Protocol
Data Integrity Encipherment, digital
signature and data integrity
Authentication Encipherment, digital
signature and authentication
exchange
Non repudiation Digital signature, data
integrity and notarization
Access Control Access control mechanism.
-> Data Confidentiality:
• Protects data from unauthorized disclosure.
• Ensures that the information in a computer
system and transmitted information are
accessible only for reading by authorized
parties.
-> Integrity:
• The assurance that data received are exactly
as sent by an authorized entity. (i.e., contain
no modification, insertion, deletion, or
replay).
• Modification includes writing, changing
status, deleting, creating and delaying or
replaying of transmitted messages.
-> Authentication:
-> Authorization:
• Authorization provides permission to perform a
security function or activity.
• Authorization is generally granted after the
successful execution of a source authentication
service.
Security Mechanisms
Feature designed to detect, prevent or recover
from a security attack.
Security Mechanisms
Access Control
Mechanisms
Data Integrity
Authentication Exchange
Traffic Padding
Routing Control
Notarization
Encipherment
The use of mathematical algorithms to transform data
into a form that is not readily intelligible.
Digital Signature
Data appended to, or a cryptographic transformation
of a data unit that allows a recipient of the data unit to
prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access rights to
resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a
data unit or stream of data units.
Truthful
Verifiable Accurate
Data
Integrity
Retrievable Complete
Authentication Exchange
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.
Pervasive Security Mechanisms
• Trusted Functionality
That which is perceived to be correct with respect to some
criteria (e.g., as established by a security policy).
• Security Label
The marking bound to a resource (which may be a data unit)
that names or designates the security attributes of that
resource.
• Event Detection
Detection of security-relevant events.
• Security Audit Trail
Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of
system records and activities.
• Security Recovery
Deals with requests from mechanisms, such as event
handling and management functions, and takes recovery
actions.
Relationship Between Security Services and
Mechanisms
Recalling the previous class topics
Model of Network Security
• The two parties, who are the principals in this
transaction.
• Must cooperate for the exchange to take
place.
• A logical information channel is established by
defining a route through the internet from
source to destination and by the cooperative
use of communication protocols (e.g., TCP/IP)
by the two principals.
Four basic tasks in designing a particular
security service:
• Design a suitable algorithm for the security
transformation.
• Generate the secret information (keys) used
by the algorithm.
• Develop methods to distribute and share the
secret information.
• Specify a protocol enabling the principals to
use the transformation and secret information
for a security service.
Programs can present two kinds of threats:
Substitution Techniques
Replaces the plaintext characters with other characters,
numbers and symbols.
Transposition Techniques
Rearranges the position of the characters of the plaintext.
Substitution techniques: A substitution technique
is one in which the letters of plaintext are
replaced by other letters or by numbers or
symbols.
Different types of Substitution techniques are:
1. Caesar Cipher
2. Monoalphabetic Ciphers
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
Caesar Cipher
The Caesar Cipher technique is one of the earliest and
simplest method of encryption technique.
1-A
2-B
Formula: Ciphertext(C):E(k,p)=(p+k)mod26 3-C
17-Q
Plaintext(p):D(k,C)=(C-k)mod26 4-D
18-R
19-S
5-E
20-T
⮚ For Example,key=3 6-F
21-U
plaintext: hello how are you 7-G
22-V
8-H
ciphertext: KHOOR KRZ DUH BRX 9-I
23-W
24-X
10-J
25-Y
11-K
26-Z
12-L
13-M
14-N
15-O
16-P
The Caesar cipher involves replacing each letter
of the alphabet with the letter standing 3 places
further down the alphabet.
Eg: Plain text: pay more money
Cipher text: SDB PRUH PRQHB
• plain: A B C D E F G H I J K L M N O P Q R S T U
VWXYZ
• cipher: D E F G H I J K L M N O P Q R S T U V W
XYZABC
• C = E(p) = (p+3) mod 26
• A shift may be any amount,
• so that general Caesar algorithm is
• C = E (p) = (p+k) mod 26
• Where k takes on a value in the range 1 to 25.
• The decryption algorithm is simply
• P = D(C) = (C-k) mod 26
Example:
Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
Playfair cipher
• The best known multiple letter encryption
cipher is the playfair.
• The plaintext as single units and translates
these units into cipher text diagrams.
• The playfair algorithm is based on the use
of 5x5 matrix of letters constructed using a
keyword.
Example : monarchy
Plaintext = Hide the gold in the tree stump
Splitting two letters as a unit => Hi de th eg ol di nt he tr
ex es tu mp ("X" used to separate the repeated "E"s)
• Plaintext letters that fall in the same row of the matrix are
each replaced by the letter to the right, with the first
element of the row following the last.
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
Thank you
yo u !
h an k
T