Network Security

ASIM SHARIF SATTI

The art of war teaches us to rely not on the
likelihood of the enemy's not coming, but on
our own readiness to receive him; not on the
chance of his not attacking, but rather on the
fact that we have made our position
unassailable.
—The Art of War, Sun Tzu
 Course Introduction
• Section 1:
– Introduction
• Section 2:
– The Threat Environment: Attackers & Their Attacks
• Section 3:
– Cryptography: An Introduction
• Section 4:
– Network Security Topics
 Section 1: Introduction
• Course Introduction
• History Of Cryptography
Section 2: The Threat Environment
• The threat environment—attackers and their
attacks
• Basic security terminology
• Employee and ex-employee threats
• Traditional external attackers
 Section 3: Introduction To
Cryptography…
Definitions & concepts
• Steganography (concealment of information within computer files)
• ciphers: substitution and transposition
– Block and stream ciphers
• Symmetric vs. asymmetric algorithms
• Message integrity
• Digital signatures
 …Section 3: Introduction To
Cryptography
• Concept of keys- public private
– Key management
• Email security (S/MIME, PGP)
• Quantum cryptography
• Internet security
– Secure shell (SSH)
– IPSEC
Section 4: Network Security Topics
• Enterprise network architecture
• Firewalls
• Intrusion detection & prevention systems
(IDPS/IPS)
• System & server security
• Web application security
• Database security
• Vulnerability assessment & penetration testing
• NAC, DLP, 2FA, & other security measures
 Aim of Course
• Our focus is on Internet Security
– Internet = network of networks
• Consists of measures to prevent, detect, and
correct security violations that involve the
transmission of information
 BASICS
• Introduction to the environment.
 Why information Security
• The past decade has seen an explosion in the
concern for the security of information
– Malicious codes (viruses, worms, etc.) caused over $28
billion in economic losses in 2003, and will grow to
over $75 billion by 2007
• Jobs and salaries for technology professionals
have lessened in recent years. BUT …
• Security specialists markets are expanding !
– “ Full-time information security professionals will rise
almost 14% per year around the world, going past 2.1
million in 2008” (IDC report)
 Why information Security (cont’d)
• Internet attacks are increasing in frequency,
severity and sophistication
• Denial of service (DoS) attacks
– Cost $1.2 billion in 2000
– 1999 CSI/FBI survey 32% of respondents detected
DoS attacks directed to their systems
– Thousands of attacks per week in 2001
– Yahoo, Amazon, eBay, Microsoft, White House, etc.,
attacked
 The History of Computing
• For a long time, security was largely ignored in the
community
– The computer industry was in “survival mode”,
struggling to overcome technological and economic
hurdles
– As a result, a lot of comers were cut and many
compromises made
– There was lots of theory, and even examples of systems
built with very good security, but were largely ignored
or unsuccessful
• E.g., ADA language vs. C (powerful and easy to use)
 Computing Today is Very Different
• Computers today are far from “survival mode”
– Performance is abundant and the cost is very cheap
– As a result, computers now ubiquitous at every
facet of society
• Internet
– Computers are all connected and interdependent
– This codependency magnifies the effects of any
failures
 Biological Analogy
• Computing today is very homogeneous.
– A single architecture and a handful of OS dominates
• In biology, homogeneous populations are in danger
– A single disease or virus can wipe them out overnight
because they all share the same weakness
– The disease only needs a vector to travel among hosts
• Computers are like the animals, the Internet
provides the vector.
– It is like having only one kind of cow in the world, and
having them drink from one single pool of water!
 The Warhol Worm
• A properly designed worm can infect every
vulnerable host on the Internet within 15 minutes
– “How to own the Internet in your spare time”
(Staniford, Paxon and Weaver, Usenix Security 2002)
– Exploit many vectors such as P2P file sharing,
intelligent scanning, hitlists, etc.
– Referred to as Warhol worm after Andy Warhol’s
quote “In the future, everyone will have 15 minutes
of fame”
 The Definition of Information Security
• Security is a state of well-being of information
and infrastructures in which the possibility of
successful yet undetected theft, tampering, and
disruption of information and services is kept
low or tolerable
• Security rests on confidentiality, authenticity,
integrity, and availability
 Definitions
• Computer Security - generic name for
the collection of tools designed to
protect data and to prevent hackers
• Network Security - measures to protect
data during their transmission
• Internet Security - measures to protect
data during their transmission over a
collection of interconnected networks
 The Basic Components
• Confidentiality is the concealment of information
or resources.
– E.g., only sender, intended receiver should
“understand” message contents
• Authenticity is the identification and assurance of
the origin of information.
• Integrity refers to the trustworthiness of data or
resources in terms of preventing improper and
unauthorized changes.
• Availability refers to the ability to use the
information or resource desired.
 Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and operation.
• An attack is any action that violates security.
– Active adversary
• An attack has an implicit concept of “intent”
– Router mis-configuration or server crash can also
cause loss of availability, but they are not attacks
 Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• have a wide range of attacks
• can focus of generic types of attacks
• note: often threat & attack mean same
 Security Attacks
• Interruption:
– This is an attack on availability
• Interception:
– This is an attack on confidentiality
• Modification:
– This is an attack on integrity
• Fabrication:
– This is an attack on authenticity

Henric Johnson 23
Security Attacks

Henric Johnson 24
Eavesdropping - Message Interception
(Attack on Confidentiality)
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs

A B

Eavesdropper
Integrity Attack - Tampering With Messages

• Stop the flow of the message

• Delay and optionally modify the message
• Release the message again

A B

Perpetrator
 Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
identity

A B

Masquerader: from A
 Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit

A B

• Blatant denial of service (DoS):

– Crashing the server
– Overwhelm the server (use up its resource)
 Classify Security Attacks as
• Passive attacks - eavesdropping on, or monitoring
of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• Active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
• The major difference between active and
passive attacks is that
– in active attacks the attacker intercepts the
connection and modifies the information.
– in a passive attack, the attacker intercepts the
transit information with the intention of reading
and analysing the information, not for altering it.
 Passive Attacks
Are difficult to detect because they do not
involve any alteration of the data.
Active Attacks
Henric Johnson 33
 Security Goals

Confidentiality

Integrity
Avaliability

Henric Johnson 34
 Confidentiality
• Confidentiality refers to the protection of
information from unauthorized access or
disclosure.
• Ensuring confidentiality is ensuring that those
who are authorized to access information are
able to do so and those who are not
authorized are prevented from doing so.
 Integrity
• Integrity refers to the protection of
information from unauthorized modification
or destruction.
• Ensuring integrity is ensuring that information
and information systems are accurate,
complete and uncorrupted.
 Availability
• Availability refers to the protection of
information and information systems from
unauthorized disruption.
• Ensuring availability is ensuring timely and
reliable access to and use of information and
information systems.
 Security Trends
Growth in sophistication of
attacks contrasting with
decrease in skill & knowledge
needed to mount an attack.
 Methods of Defense
• Encryption
• Software Controls (access limitations in
a data base, in operating system protect
each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of
passwords)
• Physical Controls

Henric Johnson 39
 Security Policy and Mechanism
• Policy: a statement of what is, and is not allowed.
• Mechanism: a procedure, tool, or method of
enforcing a policy.
• Security mechanisms implement functions that
help prevent, detect, and respond to recovery from
security attacks.
• Security functions are typically made available to
users as a set of security services through APIs or
integrated interfaces.
• Cryptography underlies many security
mechanisms.
 OSI Security Architecture
• ITU-T X.800 Security Architecture for OSI
• defines a systematic way of defining and
providing security requirements
• for us it provides a useful, if abstract, overview
of concepts we will study
 Security Service
– is something that enhances the security of the
data processing systems and the information
transfers of an organization
– intended to counter security attacks
– make use of one or more security mechanisms to
provide the service
– replicate functions normally associated with
physical documents
• eg. have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized or
witnessed; be recorded or licensed
 Security Services
• X.800 defines it as:
– a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers
• RFC 2828 defines it as:
– a processing or communication service provided
by a system to give a specific kind of protection to
system resources
• X.800 defines it in 5 major categories
 Security Services (X.800)
• Authentication –
– assurance that the communicating entity is the one claimed
• Access Control –
– prevention of the unauthorized use of a resource
• Data Confidentiality –
– protection of data from unauthorized disclosure
• Data Integrity –
– assurance that data received is as sent by an authorized
entity
• Non-Repudiation –
– protection against denial by one of the parties in a
communication
 Security Mechanism
• a mechanism that is designed to detect,
prevent, or recover from a security attack
• no single mechanism that will support all
functions required
– however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques
 Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery
 Security Mechanisms (X.800)
• Specific security • Pervasive security
mechanisms:
– Encipherment
mechanisms:
– Digital signatures
– Trusted
functionality
– Access controls
– Security labels
– Data integrity
– Event detection
– Authentication
exchange – Security audit trails
– Traffic padding – Security recovery
– Routing control
– Notarization
Model for Network Security
 Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security
transformation
– generate the secret information (keys) used by the
algorithm
– develop methods to distribute and share the
secret information
– specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Model for Network Access Security
 Model for Network Access Security
• using this model requires us to:
– select appropriate gatekeeper functions to identify
users
– implement security controls to ensure only
authorised users access designated information or
resources
• trusted computer systems can be used to
implement this model
 How to Make a System Trustworthy
• Specification
– A statement of desired functions
• Design
– A translation of specifications to a set of components
• Implementation
– Realization of a system that satisfies the design
• Assurance
– The process to insure that the above steps are carried
out correctly
– Inspections, proofs, testing, etc.
 The Security Life Cycle
• The iterations of
– Threats
– Policy
– Specification
– Design
– Implementation
– Operation and maintenance
 History Of Cryptography

Wikipedia
http://en.wikipedia.org/wiki/History_of_cryptography
 Objectives
• Provide a perspective on how cryptography
has evolved over thousands of years
• Understand the cryptographic tools and
techniques that have formed the basis for
modern cryptographic developments
• Establish a foundation for the rest of the
course
 1.2.1 Classical Cryptography
• The history of cryptography begins thousands
of years ago. Until recent decades, it has been
the story of what might be called
classic cryptography — that is, of methods of
encryption that use pen and paper, or perhaps
simple mechanical aids.
 Egypt’s Old Kingdom
• The earliest known use of cryptography is
found in non-standard hieroglyphs carved into
monuments from Egypt's Old Kingdom
( 4500+ years ago).
• These are not thought
to be serious attempts
at secret
communications,
however, but rather to
have been attempts at
mystery, intrigue, or
even amusement for
literate onlookers.
• Some clay tablets from
Mesopotamia somewhat
later are clearly meant to
protect information—they
encrypt recipes, presumably
commercially valuable.
 1.2.2 A Scytale – an early device for
encryption
• One of the oldest known examples is the
Spartan scytale (scytale /skɪtəli/, rhymes with
Italy, a baton). The scytale was first mentioned
by the Greek poet Archilochus who lived in the
7th century B.C. (over 2500 years ago).
 Scytale
• The ancient Greeks, and the Spartans in particular, are
said to have used this cipher to communicate during
military campaigns.
• Sender and recipient each had a cylinder
(called a scytale) of exactly the same radius. The sender
wound a narrow ribbon of parchment
around his cylinder, then wrote on it lengthwise.
• After the ribbon is unwound, the writing
could be read only by a person who had a cylinder of
exactly the same circumference.
 Scytale encryption example

Original message: Kill king tomorrow midnight

k i l l k i n g
t o m o r r o w
m i d n i g h t

Encoded Message: ktm ioi lmd lon kri irg noh gwt
 1.2.3 Greek and Roman Use Of
Cryptography

• The
Greeks of Classical times are
said to have known of
ciphers (e.g., the scytale
transposition cipher
claimed to have been used
by the Spartan military).
• Another Greek method
was developed by
Polybius (now called the
"Polybius Square").
• Each letter is represented
by its coordinates in the
grid. For example, "BAT"
becomes "12 11 44“
• Developed for telegraphy
e.g. pairs of torches
• The Romans knew something of cryptography
(e.g., the Caesar cipher and its variations).
• The method is named after Julius Caesar, who
used it to communicate with his generals.
 1.2.4 Ceasar Cipher
• The Ceasar Cipher is an example of what is
called a shift cipher. To encode a message,
letters are replaced with a letter that is a fixed
number of letters beyond the current letter.
• Later still, Hebrew scholars made use of simple
monoalphabetic substitution ciphers (such as the
Atbash cipher) beginning perhaps around 500 to 600 BC
• The Atbash cipher is a very specific case of a
substitution cipher where the letters of the alphabet are
reversed. In otherwords, all As are replaced with Zs, all
Bs are replaced with Ys, and so on.
• Example
Plaintext: This is a secret message
Ciphertext: Gsrh rh z hvxivg nvhhztv
Abū Yūsuf Yaʻqūb ibn Isḥāq al-Kindī
801–873 CE
 1.2.5 Cryptography From Muslim History
(Medieval Cryptography)
• Al- Kindi, wrote a book on cryptology, the
"Risalah fi Istikhraj al-Mu'amma" (Manuscript
for the Deciphering Cryptographic Messages),
circa 850CE.
• This book apparently antedates Western
European cryptography works by 300 years
and predates writings on probability and
statistics by Pascal and Fermat by nearly 800
years.
The first page of al-Kindi's manuscript On Deciphering Cryptographic Messages,
containing the oldest known description of cryptanalysis by frequency analysis
• In mathematics, al-Kindi played an important
role in introducing Arabic numerals to the
Islamic and Christian world.
• He was a pioneer in cryptanalysis and cryptology
, and devised new methods of breaking ciphers,
including the frequency analysis method.
• Using his mathematical and medical expertise,
he developed a scale to allow doctors to
quantify the potency of their medication.
Relative frequencies of letters in the English language
• In his book entitled Risalah fi Istikhraj al-Mu'amma
(Manuscript for the Deciphering Cryptographic
Messages), Al-Kindi described the first cryptanalysis
techniques, including some for polyalphabetic ciphers
, cipher classification, Arabic phonetics and syntax,
and, most importantly, gave the first descriptions on
frequency analysis.
• He also covered methods of encipherments,
cryptanalysis of certain encipherments, and statistical
analysis of letters and letter combinations in Arabic.
 1.2.6 Cryptography In The Renaissance Period
• Essentially all ciphers
remained vulnerable to the
cryptanalytic technique of
frequency analysis until the
development of the
polyalphabetic cipher, and
many remained so
thereafter.
• The polyalphabetic cipher
was most clearly explained
by Leon Battista Alberti
around the year 1467, for
which he was called the
"father of Western
cryptology".
• In Europe, cryptography became (secretly) more
important as a consequence of political competition
and religious revolution. For instance, in Europe
during and after the Renaissance, citizens of the
various Italian states—the Papal States and the
Roman Catholic Church included—were responsible
for rapid proliferation of cryptographic techniques.
• Outside of Europe, after the end of the Muslim
Golden Age at the hand of the Mongols,
cryptography remained comparatively undeveloped.
 1.2.7 Cryptography from 1800 to World
War II
• Although cryptography has a long and complex
history, it wasn't until the 19th century that it
developed anything more than ad hoc approaches
to either encryption or cryptanalysis (the science
of finding weaknesses in crypto systems).
• Understanding of cryptography at this time
typically consisted of rules of thumb; for example,
Auguste Kerckhoffs' cryptographic writings in the
latter 19th century.
• Edgar Allan Poe used
systematic methods to
solve ciphers in the 1840s.
In particular he placed a
notice of his abilities in the
Philadelphia paper
Alexander's Weekly
(Express) Messenger,
inviting submissions of
ciphers, of which he
proceeded to solve almost
all.
• His success created a public
stir for some months. He
later wrote an essay on
methods of cryptography
which proved useful as an
introduction for novice
British cryptanalysts
attempting to break German
codes and ciphers during
World War I, and a famous
story, The Gold-Bug, in which
cryptanalysis was a
prominent element.
• In World War I the Admiralty's Room 40 broke
German naval codes and played an important
role in several naval engagements during the
war, notably in detecting major German
sorties into the North Sea that led to the
battles of Dogger Bank and Jutland as the
British fleet was sent out to intercept them.
• In 1917, Gilbert Vernam proposed a teletype cipher in
which a previously-prepared key, kept on paper tape, is
combined character by character with the plaintext
message to produce the cyphertext. This led to the
development of electromechanical devices as cipher
machines.
• Mathematical methods proliferated in the period prior to
World War II (notably in William F. Friedman's application
of statistical techniques to cryptanalysis and cipher
development and in Marian Rejewski's initial break into the
German Army's version of the Enigma system) in 1932.
 World War II Cryptography
• By World War II, mechanical and
electromechanical cipher machines were in
wide use, although—where such machines
were impractical—manual systems continued
in use.
The Enigma machine was widely used by Nazi Germany; its cryptanalysis
by the Allies provided vital intelligence.
• Allied cipher machines used in WWII included the
British TypeX and the American SIGABA; both were
electromechanical rotor designs similar in spirit to the
Enigma, albeit with major improvements. Neither is
known to have been broken by anyone during the War.
• US troops in the field used the M-209 and the still less
secure M-94 family machines. British agents initially
used 'poem ciphers' (memorized poems were the
encryption/decryption keys), but later in the War, they
began to switch to one-time pads.
SIGABA is described in U.S. Patent 6,175,625, filed in 1944 but not issued until 2001.
 1.2.8 Modern Cryptography
• Both cryptography and cryptanalysis have
become far more mathematical since World
War II. Even so, it has taken the wide
availability of computers, and the Internet as a
communications medium, to bring effective
cryptography into common use by anyone
other than national governments or similarly
large enterprises.
 Shannon
• The era of modern cryptography
really begins with
Claude Shannon, arguably the
father of mathematical
cryptography, with the work he
did during WWII on
communications security.
• In 1949 he published
Communication Theory of Secrecy
Systems
in the
Bell System Technical Journal and
a little later the book The
Mathematical Theory of
Communication (expanding on an
earlier article "
A Mathematical Theory of Comm
Claude Elwood Shannon (1916-2001)
unication
") with Warren Weaver. Both
• These, in addition to his other
works on
information and communication t
heory
established a solid theoretical
basis for cryptography and also
for much of cryptanalysis. And
with that, cryptography more or
less disappeared into secret
government communications
organizations such as NSA, GCHQ,
and their equivalents elsewhere.
• Very little work was again made
public until the mid 1970s, when
everything changed.
 1.9 The First Encryption Standard
• The mid-1970s saw two major public (i.e., non-
secret) advances. First was the publication of the
draft Data Encryption Standard in the U.S. Federal
Register on 17 March 1975.
• The proposed DES cipher was submitted by a
research group at IBM, at the invitation of the
National Bureau of Standards (now NIST), in an
effort to develop secure electronic communication
facilities for businesses such as banks and other
large financial organizations.
• After 'advice' and modification by NSA, acting
behind the scenes, it was adopted and published
as a Federal Information Processing Standard
Publication in 1977 (currently at FIPS 46-3).
• DES was the first publicly accessible cipher to be
'blessed' by a national agency such as NSA. The
release of its specification by National Bureau of
Standards (NBS) stimulated an explosion of
public and academic interest in cryptography.
• The aging DES was officially replaced by the
Advanced Encryption Standard (AES) in 2001
when NIST announced FIPS 197. After an open
competition, NIST selected Rijndael, submitted
by two Belgian cryptographers, to be the AES.
• Regardless of DES' inherent quality, the DES
key size (56-bits) was thought to be too small
by some even in 1976, perhaps most publicly
by Whitfield Diffie. There was suspicion that
government organizations even then had
sufficient computing power to break DES
messages; clearly others have achieved this
capability.
 Public key
• The second development, in 1976, was perhaps even more
important, for it fundamentally changed the way
cryptosystems might work. This was the publication of the
paper New Directions in Cryptography by Whitfield Diffie and
Martin Hellman.
• It introduced a radically new method of distributing
cryptographic keys, which went far toward solving one of the
fundamental problems of cryptography, key distribution, and
has become known as Diffie-Hellman key exchange. The article
also stimulated the almost immediate public development of a
new class of enciphering algorithms, the
asymmetric key algorithms.
 Summary
• Course Trivia
• What is security: brief history and basic
definition
• Security policy, mechanisms and services
• Security models
• History of cryptography
 What is research?
• Is it a complex or simple thing?
• Is this impossible?
• Is it in your priority or not?
– If not, why not?
• Is it necessary for your survival in modern world and
society?

• How will you make research simpler and easier?

• Question:
– How will you be able to do so
– Answer is your teacher and your hard smart work.
 How to read a research paper
• Study abstract and conclusion first
– Have an impact of what paper is about
• Note down the complete organization of the paper
– It will help you get clear understanding of how author
is going to communicate with you
– It will help you in understanding the information flow
of the paper
• Study the paper thoroughly
– If stuck at one point, and could not understand it at this
moment, move ahead with assumption according to
the context