NETWORKSECURITY & CRYPTOGRAPHY

SANTOSH.U 2RD B.TECH C.S.E [email protected] P.NAVYA 2RD B.TECH C.S.E

BANDARI SRINIVAS INSTITUTE OF TECHNOLOGY

Some history of networking is included, as well as an introduction to TCP/IP and internetworking . We go on to consider risk security is a management, network threats, firewalls, and more special-purpose

Abstract
Network complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.

secure networking devices. This is not intended to be a ``frequently asked questions'' reference, nor is it a ``hands-on'' document describing how to accomplish specific functionality. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace. Does security provide some very basic protections that we are naive to believe

Cryptography Network Security

and

that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, Ranging from secure commerce and payments to private Communications and protecting passwords. One essential aspect for Secure communications is that of cryptography. Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. In when communicating over any data and

prrivacy/confidentiality: Ensuring that

no one can read the message except the intended receiver.

Integrity: Assuring the receiver that the

received message has not been altered in any way from the original.

Non-repudiation: A mechanism to prove

the sender really sent this message.

that

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.

The three types of cryptographic algorithms

that will be discussed are (Figure 1):

Secret Key Cryptography (SKC): Uses a

single key for both encryption and decryption

Public Key Cryptography (PKC): Uses one

key for encryption and another for decryption

telecommunications,cryptography is necessary untrusted medium, which includes just about any network, particularly the Internet.Within the context of any application-to-application communication, there are some specific security requirements, including:

Hash Functions: Uses a mathematical

transformation to irreversibly "encrypt" information

Authentication: The process of proving one's

identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)

With secret key cryptography, a single key is used for both encryption and decryption. As shown in Figure the sender uses the key (or some set of rules) to encrypt the plain text and sends the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so- called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plain text block will always

1. Secret Key Cryptography

encrypt to the same cipher text when using the same key in a block cipher

whereas

the

same

plaintext

will

based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, help preserve the integrity of a file.

encrypt to different cipher text in a stream cipher.

2. Public key cryptography

Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key. Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the cipher text. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work (Figure 1B). Because a pair of keys are required, this approach is also called asymmetric cryptography 3. Hash Functions Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed

4. TRUST MODELS
Secure use of cryptography requires trust. While secret key cryptography can ensure message confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC, PKC solved the secret distribution problem. There are a number of trust models employed by various cryptographic schemes.

The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.

Kerberos, a secret key distribution scheme using a trusted third party.

common use today include:Message Digest (MD) algorithms Secure Hash Algorithm (SHA)

Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse. Depending upon the version of PGP, the

Each of these trust models differs in complexity, general applicability, scope, and scalability.

Types of authority

software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/DiffieHellman for key exchange and digital signatures. And much more techniques used. Time is the only true test of good

Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.

Assign authority: Establish what actions the holder may or may not take based upon this certificate.

cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys Encrypt and decrypt messages using any of the classical substitution ciphers discussed, both by hand and with the assistance of programs. understand the concepts of language redundancy and unicity distance.

Secure confidential information (e.g., encrypting key the for session's data symmetric

confidentiality).

--------------------------------------------------------------------------Todays latest used cryptographic techniques:Hash algorithms that are in

Different types of threats to network:

news reports on the attacks on Application backdoors Some major Web sites . This type of attack is nearly Impossible to counter . What happens is that the hacker sends a request to the server connect to it . When the to server programs have special features that allow for remote access . Others contain bugs that provide a backdoor , or hidden access , that provides some level of control of the program. SMTP session hijacking is the most common - SMTP method of

responds with an acknowledgement and tries to establish a session , it cannot find the system that made the request . By inundating a server with these a unanswerable hacker session the requests , causes

Sending e-mail over the Internet . By gaining access to a list of email Addresses , a person can send unsolicited junk e-mail ( spam ) to thousands of users . This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host , making the actual sender of the spam difficult trace. Operating system Have remote an backdoors . access bugs Others with hacker Like applications , some operating systems provide insufficient can take to

server to slow to eventually crash.

a crawl or

E-mail bombs - An e-mail bomb is mail times usually a personal or attack . of Someone sends you the same ehundreds until thousands e-mail your system

cannot accept any more messages . Macros - To simplify complicated procedures , allow many applications you to create a script of script is known as a Hackers have taken

security controls or have bugs that experienced advantage of . Denial of service You have

commands that the application can run . This macro .

advantage of this to create their own macros that , depending on the

probably heard this phrase used in

application , can destroy your data or crash your computer .

1.

Virtual

Private

Network:

A virtual private network ( VPN ) is a way to Viruses - Probably the most wellknown threat is computer viruses . A virus is a small program that can copy itself to other computers . quickly use a public telecommunication infrastructure , such as the Internet , to provide remote offices Spam always Typically annoying , harmless spam is but the or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of provide the organization a VPN with the is to same This way it can spread

from one system to the next. Viruses range from harmless messages to erasing all of your data .

electronic equivalent of junk mail . Spam can be dangerous though . Quite often it contains links to Web sites . Be careful of clicking on these because you may accidentally accept a cookie that provides backdoor to your computer. Redirect bombs - Hackers can use ICMP to change ( redirect ) the Path information takes by sending it to a different router . This is one of the ways that a denial of service attack is set up. a

capabilities , but at a much lower cost

Implementation of network security by VPN.

Step 1. - The remote user dials into their local ISP and logs into the ISPs network as usual.

Network security can be done by various methods.

Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection.

Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server authenticates the user and creates the other end of tunnel.

Step 4. - The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to

Fig : a) A leased private line

network virtual private network

b)

the Remote user is also encrypted before being sent over the Internet.

2.Firewalls:

A firewall

provides a strong barrier between the Internet . You

packet

while

transport

only

encrypts

the

your private network and

payload. Only systems that are IPSec compliant can take advantage of this Protocol . Also , all devices similar must use a security common key up. and IPSec the can firewalls of each network must have very policies set

can set firewalls to restrict the number of open ports , what type of packets are passed through and which protocols are allowed through . You should already have a good firewall in place before you implement a VPN , but a firewall can also be used to terminate the VPN sessions . EMBED PBrush

encrypt data between various devices , such as : Router to router Firewall to router PC to router PC to server
A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it point of access provides between the only your home

network and the Internet .

4. AAA Server -

AAA

(authentication ,

authorization and accounting)

Fig2: A fire wall consisting of two packet filters and an application gateway

servers are used for more secure access in a remote-access VPN environment . When a request to establish a session comes in from a dial up client , the Request is proxies to the AAA

3.IPSec Internet better Protocol Security Protocol and (IPSec) more provides enhanced encryption security features such as algorithms

server . AAA then checks the following : Who you are (authentication) What you are allowed to do (authorization) What you actually do (accounting) The accounting information is especially useful for tracking

comprehensive authentication . IPSec has two encryption modes : tunnel and transport . Tunnel encrypts the header and the payload of each

client. Use for security auditing , billing or reporting purposes .

-

1.The

New

Lexicon

Webster's

Encyclopedic

Dictionary of the English Language. New York: Lexicon.

1.Cryptography And Network Security -- William Stallings 2.R.T. Morris, 1985. A Weakness in the 4.2BSD

Unix TCP/IP Software. Computing Technical Report No. 117, AT&T Bell Laboratories,
3.COMPUTER TENAUNBAUM

& Science Jersey .

S.

Murray

Hill,

New

NETWORKS

---ANDREW

4.S.M. Bellovin. Security Problems in the TCP/IP

REFRERNCES

Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.