Introduction to Network Security

1
Introduction to Network Security

• ???
• ???? ???

2
Why Need Security?

• Computers store a wide range of information --
  medical, credit card, or financial data
• Computer networks get popular
• Misuse computer systems or alter the data.

3
Why secure a computer/network is hard?

• Error-free software?
• Security is added/considered at late stage.
• Security add-on cost.
• People who use/administer the system/network do
  not follow security guidelines.
• Social engineering

4
Security Plan

• To define your security needs
• Understands potential attackers
• Provides the security services
• Determine the level of security needed
• Find out the vulnerabilities

5
Security Attack

• Categories
• interruption -- attack on availability
• interception -- attack on confidentiality
• modification -- attack on integrity
• fabrication -- attack in authentication
• Passive attack
• eavesdropping
• monitoring
• transmission
• Active attack
• modification of message
• masquerade
• replay
• denial of service

6
(No Transcript)
7
Attacking Classification

• Attacks against design
• as strong as the encryption algo
• random number generator
• Attacks against implementation
• Attacks against hardware
• Attacks against trust models
• Attacks on users
• Attacks against failure recovery
• default to insure mode
• version rollback attack
• upgrade without shutting down
• Attacks against cryptography

8
Security Services

• Confidentiality
• Integrity
• Availability
• Authentication
• Authorization
• Non-repudiation

9
Tasks for Designing of a security service

• Design an algorithm for performing
  security-related transformation
• Create secret info used with the algorithm
• Develop methods for distribution and sharing
  secret info.
• Specify a protocol for two parties
• model from Fig 1-3

10
(No Transcript)
11
Network Access Security Model

• Information access threats
• intercept/modify data
• Service threats
• exploit service flaws
• Cases that not fit in model in Fig 1-3

12
(No Transcript)
13
Cryptography

• Classified in 3 dimensions
• type of operations used for transformation
• substitution
• transposition
• number of keys used
• way in which the plaintext processed
• block cipher on blocks (normally 64 bits) of
  plain or cipher text
• stream cipher convert the plaintext one bit at
  a time.

14
Cryptanalysis

• ciphertex-only- attack
• the most difficult for cryptanalysis
• the easiest to defend
• unconditionally secure
• ciphertext not contain enough info to uniquely
  determine plaintext
• one-time pad
• computational secure
• cost of breaking cipher gt informations value
• time for breaking gt informations lifetime
• Next table gt DES not computational secure

15
Avg time for Exhaustive search
16
Steganography

• Plaintext can be hidden by
• Steganoraphy conceal existence of message
• cryptography
• Table 2.3
• Techniques of steganography
• Character marking
• Invisible ink
• Pin punctures
• Typewrite correction ribbon
• Drawbacks
• Large overhead
• Worthless if discovered

17
Conventional encryption

• Data Encryption Standard (DES), 1977, NIST
• Encrypt data in 64 bit blocks with 56 bit key
• International Data Encryption Algorithm (IDEA),
  Swiss Federal Institute of Techonolgy, 1990
• Replace DES
• Encrypt data in 64 bit blocks with 128-bit key
• Strength
• Block length
• Key length
• Confusion
• Diffusion

18
DES encryption algo
19
IDEA encryption algo
20
Triple DES

• Encrypt-decrypt-encrypt (EDE) sequence with two
  keys.
• E with k1, then D with k2, and then E with k1.
• Is the more times the block encrypted, the more
  secure it is?
• Encryption twice with the same key is not more
  secure than single encryption.
• Double encryption (encryption twice with two
  keys) is not as secure as encryption using a
  double-len secret key.
• Meet-in-the-middle attack

21
Substitution Techniques

• Replace each char with another char.
• Caesar Cipher
• Replace each letter with one three to the right
  in alphabetical order.
• A -gt D, B -gt E, and so on.
•  ROT13
• Used by some UNIX systems.
• Replace each letter with one 13 to the right in
  alphabetical order.
• Same transformation function for both encryption
  and decryption.
• Substitution Cipher Variations
• Random sequence order of letters.
• Some letters are more frequently used than
  others.
• Vigenere Ciphers
• To break up the natural frequency of occurrence
  for letters and groups of letters.
• Change the substitution key during the message.

22
Transposition Ciphers

• Change the order in which the letters appear in
  the message.
• Won si eht emit rof lla doog nem
•  
• Use various geometric patterns to transcribe the
  message.
• Nowis
• theti
• mefor
• allgo
• odmen
• Spiral pattern in a counter-clockwise direction.
• Ntmaodmenorisiwohellgotef

23
Encrypting a Large Message

• 4 Modes of operation
•    EBC (Electronic Code Book)
•    CBC (Cipher Block Chaining)
•    CFB (Cipher Feedback)
•    OFB (Output Feedback )

24
EBC Electronic Code Book

• Seeing the ciphertext can gain information from
  repeated blocks.
• Someone can rearrange blocks or modify blocks to
  his own advantages.
• Rarely used.

25
EBC
26
CBC Cipher Block Chaining

• Plain block i1 XOR cipher block Ci.
• A randomly chosen IV (initialization vector)
  guarantees ciphertext will be different each time
  even if the same msg is sent repeatedly.
• Use message digest to prevent attack.

27
CBC
28
    OFB Output Feedback

• Like a pseudorandom number generator (one-time
  pad).
• cleartext XOR pseudorandom number ? ciphertext.
• one-time pad can created in advance.
• j-bit OFB

29
OFB
30
       CFB Cipher Feedback

• Similar to OFB, except shifting j-bits of
  ciphertext.
• One-time pad cannot be generated in advance.

31
CFB