Network Security & cryptography

30
Network Security and Cryptography Lecture 1 Uday Prakash Pethakamsetty Lecturer, JNTUHCEH [email protected]

description

Introduction to Network Security and cryptoscience

Transcript of Network Security & cryptography

Page 1: Network Security & cryptography

Network Security and

Cryptography

Lecture 1

Uday Prakash Pethakamsetty

Lecturer, JNTUHCEH

[email protected]

Page 2: Network Security & cryptography

The art of war teaches us to rely not on the

likelihood of the enemy's not coming, but on our

own readiness to receive him; not on the chance of

his not attacking, but rather on the fact that we

have made our position unassailable.

—The Art ofWar, SunTzu

Prevention is better than Cure.

12/13/2012 2Dept. of ECE Network Security & Cryptography

Page 3: Network Security & cryptography

Timeline: Art of WAR

12/13/2012Dept. of ECE Network Security &

Cryptography3

Page 4: Network Security & cryptography

Information Security

• Computer Security - generic name

for the collection of tools designed toprotect data and to thwart hackers.

• Network Security - measures to

protect data during their transmission.

• Internet Security - measures to

protect data during their transmission over acollection of interconnected networks.

12/13/2012Dept. of ECE Network Security &

Cryptography4

Page 5: Network Security & cryptography

Computer Security

• Protection to an automated information system.

• Objective: security with preserving Information system

Resource with

Integrity

Availability

Confidentiality

12/13/2012 5Dept. of ECE Network Security & Cryptography

Page 6: Network Security & cryptography

Levels of Impact

There are 3 levels of impact from a

security breach

1. Low

2. Moderate

3. High

12/13/2012 6Dept. of ECE Network Security & Cryptography

Page 7: Network Security & cryptography

Low Impact

• Security Breach may have a limited adverse effect on

organizational operations, organizational assets, or individuals.

• Ex: loss of confidentiality, integrity, or availability might

1. cause a degradation in mission capability to an extent and duration

that the organization is able to perform its primary functions, but the

effectiveness of the functions is noticeably reduced;

2. result in minor damage to organizational assets;

3. result in minor financial loss; or

4. result in minor harm to individuals.

12/13/2012 7Dept. of ECE Network Security & Cryptography

Page 8: Network Security & cryptography

Moderate Impact

• May have a serious adverse effect on organizational operations,

organizational assets, or individuals.

• Ex:The loss might

1. cause a significant degradation in mission capability to an extent

and duration that the organization is able to perform its primary

functions, but the effectiveness of the functions is significantly

reduced;

2. result in significant damage to organizational assets;

3. result in significant financial loss; or

4. result in significant harm to individuals that does not involve loss of

life or serious, life-threatening injuries.

12/13/2012 8Dept. of ECE Network Security & Cryptography

Page 9: Network Security & cryptography

High Impact

• May have a severe or catastrophic adverse effect on

organizational operations, organizational assets, or individuals.

• Ex: The loss might

1. cause a severe degradation in or loss of mission capability to an

extent and duration that the organization is not able to perform one

or more of its primary functions;

2. result in major damage to organizational assets;

3. result in major financial loss; or

4. result in severe or catastrophic harm to individuals involving loss of

life or serious life threatening injuries.

12/13/2012 9Dept. of ECE Network Security & Cryptography

Page 10: Network Security & cryptography

Examples of Security Requirements

• Confidentiality – student grades

• Integrity – patient information

• Availability – authentication service

• Authenticity (Origin Integrity)-admission

Ticket

• Non-Repudiation-stock sell order

12/13/2012 10Dept. of ECE Network Security & Cryptography

Page 11: Network Security & cryptography

HACKING Ex: exploiting Browser Vulnerability

12/13/2012Dept. of ECE Network Security &

Cryptography11

Page 12: Network Security & cryptography

Computer Security Challenges

1. Not simple – easy to get it wrong

2. Must consider potential attacks

3. Procedures used counter-intuitive

4. Involve algorithms and secret info

5. Must decide where to deploy mechanisms

6. “Unusable security is not secure”

12/13/2012 12Dept. of ECE Network Security & Cryptography

Page 13: Network Security & cryptography

Standards Organizations

• National Institute of Standards & Technology (NIST)

• Internet Society (ISOC)

• International Telecommunication Union Telecommunication

Standardization Sector (ITU-T)

• International Organization for Standardization (ISO)

• RSA Labs (de facto)

12/13/2012 13Dept. of ECE Network Security & Cryptography

Page 14: Network Security & cryptography

Security Aspects

• There are THREE aspects of information security:

I. SECURITY ATTACK

II. SECURITY MECHANISM (CONTROL)

III. SECURITY SERVICE

• Difference Between Threat, Vulnerability and an Attack?– Threat – a potential for violation of security

– Vulnerability – a way by which loss can happen

– Attack – an assault on system security, a deliberate attempt to evade security

services

12/13/2012 14Dept. of ECE Network Security & Cryptography

Page 15: Network Security & cryptography

Dept. of ECE Network Security & Cryptography 15

Classify Security Attacks

• PASSIVE ATTACKS - eavesdropping on, or monitoring of, transmissions to:

– obtain message contents, or

– monitor traffic flows

• ACTIVE ATTACKS – modification of data stream to:

– masquerade of one entity as some other

– replay previous messages

– modify messages in transit

– denial of service

12/13/2012

Page 16: Network Security & cryptography

Passive Attack - Interception

12/13/2012 16Dept. of ECE Network Security & Cryptography

Page 17: Network Security & cryptography

Passive Attack: Traffic Analysis

Observe traffic pattern

12/13/2012 17Dept. of ECE Network Security & Cryptography

Page 18: Network Security & cryptography

Active Attack: Interruption

Block delivery of message

12/13/2012 18Dept. of ECE Network Security & Cryptography

Page 19: Network Security & cryptography

Active Attack: Fabrication

Fabricate message

12/13/2012 19Dept. of ECE Network Security & Cryptography

Page 20: Network Security & cryptography

Active Attack: Replay

12/13/2012 20Dept. of ECE Network Security & Cryptography

Page 21: Network Security & cryptography

Active Attack: Modification

Modify message

12/13/2012 21Dept. of ECE Network Security & Cryptography

Page 22: Network Security & cryptography

Handling Attacks

Passive attacks – focus on Prevention

– Easy to stop

– Hard to detect

Active attacks – focus on Detection

and Recovery

– Hard to stop

– Easy to detect

12/13/2012 22Dept. of ECE Network Security & Cryptography

Page 23: Network Security & cryptography

Dept. of ECE Network Security & Cryptography 23

Security Services

• X.800: a service provided by a protocol layer of

communicating open systems, which ensures adequate

security of the systems or of data transfers

• RFC 2828 : a processing or communication service

provided by a system to give a specific kind of

protection to system resources

• X.800 defines it in 5 major categories

12/13/2012

Page 24: Network Security & cryptography

Security Service

– enhance security of data processing systems

and information transfers of an organization

– intended to counter security attacks

– using one or more security mechanisms

– often replicates functions normally

associated with physical documents

• which, for example, have signatures, dates; need

protection from disclosure, tampering, or

destruction; be notarized or witnessed; be

recorded or licensed

12/13/2012 24Dept. of ECE Network Security & Cryptography

Page 25: Network Security & cryptography

OSI Security Architecture

• ITU-T X.800 “Security Architecture for

OSI”

• defines a systematic way of defining and

providing security requirements

• for us it provides a useful, if abstract,

overview of concepts we will study

12/13/2012 25Dept. of ECE Network Security & Cryptography

Page 26: Network Security & cryptography

Dept. of ECE Network Security & Cryptography 26

Security Services (X.800)• AUTHENTICATION - assurance that the communicating entity is the one

claimed

• ACCESS CONTROL - prevention of the unauthorized use of a resource

• DATA CONFIDENTIALITY –protection of data from unauthorized

disclosure

• DATA INTEGRITY - assurance that data received is as sent by an

authorized entity

• NON-REPUDIATION - protection against denial by one of the parties in

a communication.

• AVAILABILITY – resource accessible/usable

12/13/2012

Page 27: Network Security & cryptography

Dept. of ECE Network Security & Cryptography 27

Security Mechanisms (X.800)

• specific security mechanisms:

– encipherment, digital signatures, access controls, data integrity,

authentication exchange, traffic padding, routing control,

notarization

• pervasive security mechanisms:

– trusted functionality, security labels, event detection, security

audit trails, security recovery

12/13/2012

Page 28: Network Security & cryptography

Security Mechanisms (X.800)

• a.k.a. control

• feature designed to detect, prevent, orrecover from a security attack

• no single mechanism that will support allservices required

• however one particular elementunderlies many of the securitymechanisms in use:– cryptographic techniques

• hence our focus on this topic

12/13/2012 28Dept. of ECE Network Security & Cryptography

Page 29: Network Security & cryptography

Security Mechanisms (X.800)

• specific security mechanisms:

– encipherment, digital signatures, access

controls, data integrity, authentication exchange,

traffic padding, routing control, notarization

• pervasive security mechanisms:

– trusted functionality, security labels, event

detection, security audit trails, security recovery12/13/2012 29Dept. of ECE Network Security & Cryptography

Page 30: Network Security & cryptography

References• William Stallings, “Cryptography and Network

Security-Principles and Practices”, 4e, Pearson-

Printice Hall publications,ISBN 81-7758-774-9.

• Behrouz A. Forouzan, Debdeep Mukhopadhyay,

“Cryptography and Network Security” 2e,

McGrawHill Publications, ISBN 978-0-07-070208-0.

12/13/2012Dept. of ECE Network Security &

Cryptography30