Cryptography and Network Security 3/e - Biomechatronics.in

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 27 μέρες)

62 εμφανίσεις

Cryptography and Network
Security


Security Attacks


S.Neelavathy Pari

Assistant Professor

Dept of Computer Technology

MIT Campus, Anna University

neela@annauniv.edu

Introduction

The art of war teaches us to rely not on the
likelihood of the enemy's not coming

but on our own readiness to receive him;


not on the chance of his not attacking

but rather on the fact that we have made our
position unassailable.




The Art of War,
Sun Tzu


Outline


Information Security


Attacks, services and mechanisms


Security attacks


Security services


Methods of Defense


A model for Internetwork Security


Internet standards and RFCs


Background


Information Security requirements have
changed in recent times


Traditionally provided by physical and
administrative mechanisms


computer use requires
automated tools to
protect files and other stored information


use of networks and communications links
requires measures to protect data during
transmission





Definitions


Computer Security

-

generic name for
the collection of tools designed to protect
data and to thwart hackers


Network Security

-

measures to protect
data during their transmission


Internet Security

-

measures to protect
data during their transmission over a
collection of interconnected networks




We have to formulate the method which
consists of measures to


Deter



Prevent


Detect


Correct security violations



that involve the transmission of information


Attacks, Services and
Mechanisms




Security Attack:

Any action that compromises
the security of information.


Security Mechanism:

A mechanism that is
designed to detect, prevent, or recover from a
security attack.


Security Service:

A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms
.


Security Attack


any action that compromises the security
of information owned by an organization


information security is about how to
prevent attacks, or failing that, to detect
attacks on information
-
based systems


have a wide range of attacks


can focus of generic types of attacks


note: often
threat

&
attack

mean same



Security Attacks


Interruption : attack on Availability


Interception : attack on confidentiality


Modification : attack on integrity


Fabrication : attack on authenticity

Attacks / Threats


Passive Attacks

Passive and Active attacks


The information is modified or accessed


Passive Attacks


Obtain information that is being transmitted
(eavesdropping)


Two types


Release of Message Contents


Traffic analysis


(server most frequently used)

Very difficult to detect.

Active Attacks


Active Attacks


Involves some modification of the data stream
or the creation of a false stream.


Four categories


Masquerade

:One entity pretends to be a different
entity.


Replay

: Passive capture of a transaction and
subsequent replay.


Modification

: Some portions of a message is
altered on its way


Denial of Service
: prevents access to resources.

Security Goals

Integrity

Confidentiality

Availability

Security Services


Confidentiality (privacy)


Authentication (who created or sent the data)


Integrity (has not been altered)


Non
-
repudiation (the order is final)


Access control (prevent misuse of resources)


Availability (permanence, non
-
erasure)



Denial of Service Attacks



Virus that deletes files


Network Access Security Model


Access Channel

G

A

T

E

W

A

Y

Internal Network

Computers

S/W resource

Databases


Security Control

Opponent :

Human

Virus

Worm



Methods of Defence


Encryption



Software Controls (access limitations in a data
base, in operating system protect each user
from other users)



Hardware Controls (smartcard)



Policies (frequent changes of passwords)



Physical Controls

Security Service


is something that enhances the security of the
data processing systems and the information
transfers of an organization


intended to counter security attacks


make use of one or more security
mechanisms to provide the service


replicate functions normally associated with
physical documents


eg. have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized
or witnessed; be recorded or licensed



Internet standards and RFCs


The Internet society


Internet Architecture Board (IAB)


Internet Engineering Task Force (IETF)


Internet Engineering Steering Group
(IESG)

Internet RFC Publication
Process

Security Mechanism


a mechanism that is designed to detect,
prevent, or recover from a security attack


no single mechanism that will support all
functions required


however
one particular element underlies
many of the security mechanisms in use:
cryptographic techniques


hence our focus on this area


OSI

Security Architecture


ITU
-
T X.800 Security Architecture for OSI


defines a systematic way of defining and
providing security requirements


for us it provides a useful, if abstract,
overview of concepts we will study

Security Services


X.800 defines it as: a service provided by
a protocol layer of communicating open
systems, which ensures adequate security
of the systems or of data transfers


RFC 2828 defines it as: a processing or
communication service provided by a
system to give a specific kind of protection
to system resources


X.800 defines it in 5 major categories



Security Services (X.800)


Authentication

-

assurance that the
communicating entity is the one claimed


Access Control

-

prevention of the
unauthorized use of a resource


Data Confidentiality


protection of data from
unauthorized disclosure


Data Integrity

-

assurance that data received is
as sent by an authorized entity


Non
-
Repudiation

-

protection against denial by
one of the parties in a communication





Security Mechanisms (X.800)


specific security mechanisms:


encipherment, digital signatures, access
controls, data integrity, authentication
exchange, traffic padding, routing control,
notarization


pervasive security mechanisms:


trusted functionality, security labels, event
detection, security audit trails, security
recovery



Summary


have considered:


computer, network, internet security def’s


security services, mechanisms, attacks


X.800 standard


models for network (access) security


Limitation of ASCII based
cryptography


ASCII and EBCDIC code developed by
using only English character and word.


Difficult for Hebrew and Arabic


It was very difficult to represent the
language with huge number of characters.


UNICODE : 16 bit decimal code.


BC 1600

Ancient Tamil
language like
Tholkappiyam

and
Thirukural

Porulkoal

BC 1500

Egypt

Symbolic Representation



BC 500

ATBASH

in
Hebrew




Bible written in
zig

zag

of
scripts


BC 486

Spartans

Transposition cipher,
cylinder with a

strip of
leather


60
-
50 BC

Julius Caesar

Caesar cipher


shifting of
characters



20
th

Century

Modern
Cryptography

Bit level cryptography

Choice of Unicode


Devanagari


128 code values from 0900

Bengali


128 code values from 0980


Oriya


128 code values from 0B00

Gurmukhi


128 code values from 0A00

Gujarati


128 code values from 0A80

Tamil


128 code values from 0B80

Telugu


128 code values from 0C00

Kannada


128 code values from 0C80

Malayalam



128 code values from 0D00

Reliability on multi language


Multilanguage possibility for
indian

languages


Total number of Languages currently



spoken=337


Let’s Assume Number of character in each


language=100


Total Number of Character=100*337



=33700


Compare to this value total English alphabets 26
is negligible

In india there are



18 scheduled languages


114 other languages


216 mother tongues


96 non specified languages


totally up to 10000 languages speaks
by people.




Most of the languages becomes extinct as
last speaker dies.


In order to preserve the language, people
who are really interested in their mother
tongue tries to make the keyboard
available in their own language.


This is the best way of preserving the
language because now a days computers
are the one used by everyone at every
time.


Recommended Reading

Pfleeger, C.
Security in Computing.

Prentice Hall, 1997.


William Stallings cryptography and network
security , 4th edition


Mel, H.X. Baker, D.
Cryptography
Decrypted
. Addison Wesley, 2001.