Security in Network Communications

1
Security in Network Communications

• Deepti Reddy
• Suphannee Sae chai
• Sarah Summers

2
Presentation Overview

• Motivation
• Communication Security Issues
• Security Tools
• Secure Network Communications

3
Motivation

• Network Communications are a fact of every day
  life.
• Need to protect sensitive information.
• Need to control access.

4
Communication Security Issues

• Confidentiality
• Authentication
• Integrity
• Non-repudiation

5
Types of Attack

• Access Attacks
• Snooping
• Eavesdropping/Interception
• Authentication
• Impersonation

6
Types of Attack

• Integrity
• Changes
• Insertion
• Deletion
• Non-repudiation
• Masquerading
• Denying an event

7
Security Tools

• Communications security predominantly based on
  some form of cryptography.
• Symmetric Key Algorithms (Private Key)
• DES (Data Encryption Standard)
• AES (Advanced Encryption Standard)
• IDEA (International Data Encryption Algorithm)
• Asymmetric Key Algorithms (Public Key)
• Diffie-Hellman
• RSA

8
Security Tools (continued)

• Digital Signatures
• DSA (Digital Signature Algorithm)
• Message Digests
• MD5
• SHA1

9
Security Protocols

• Security protocols can be divided into several
  categories.
• General Communications Security
• Email Security
• Web Security

10
General Communications Security

• IPSec
• Extension to IP protocol that provides security
  for protocol stack
• Authentication, data integrity and
  confidentiality
• Two protocols Authentication Header and
  Encapsulating Security Payload
• Two modes Transport and Tunneling
• Does not need applications to be modified to use
  it.
• Complex
• RADIUS
• Centralized method for user administration
• Embedded applications make use of RADIUS server
  for authentication
• Utlilizes MD5
• Easy to implement
• Kerberos
• Distributed authentication service for networks
• Utilizes DES
• Not effective against password guessing
• Applications must be modified for Kerberos
  authentication

11
Email Security

• PGP (Pretty Good Privacy)
• Hybrid cryptosystem featuring symmetric and
  asymmetric cryptography.
• Complete email security package providing
  confidentiality, authentication, digital
  signatures and compression
• Utilizes IDEA, RSA and MD5
• S/MIME
• version of the MIME protocol that provides
  security services, confidentiality,
  authentication, message integrity and
  non-repudiation for messaging applications.
• Utilizes RSA, DSA and Triple DES

12
Web Security

• SSL
• Provides secure access of a web browser to a web
  server.
• Allows authentication and data integrity through
  the use of digital signatures and encryption for
  confidentiality
• Utilizes a combination of symmetric and
  asymmetric key encryption and message digests
• SSH
• Enables the establishment of a secure channel
  between a local and remote computer
• Provides strong authentication and secure
  communications over insecure channels.
• Uses a variety of algorithms

13
Future Work

• Staying ahead of attackers by developing stronger
  algorithms and security techniques.
• Modification of current protocols.
• Creation of new protocols.

14
Conclusions

• Network Communications security is a broad and
  complex subject.
• Cryptographic methods are the solution.
• Security mechanisms will always be attacked and
  eventually broken.

15
Questions ?Under Pain of Death!
16
References

• 1 Communication Security available
  techniques, AXIS Communications White Paper,
  http//www.axis.com/documentation/whitepaper/secur
  ity.pdf
• 2 Network Security A Beginners Guide, Eric
  Maiwald, McGraw Hill, 2001, ISBN
• 3 Computer Networks, Andrew S. Tanenbaum, 4th
  Edition, Prentice Hall, 2003, ISBN 0-13-066102-3
• 4 IDEA (International Data Encryption
  Algorithm) http//www.quadibloc.com/crypto/co04030
  2.htm
• 5 International Data Encryption Algorithm
  Technical Description,
• http//www.mediacrypt.com/_pdf/IDEA_Technical_Des
  cription_0105.pdf
• 6 Diffie-Hellman Protocol, David Terr
  http//mathworld.wolfram.com/Diffie-HellmanProtoco
  l.html
• 7 Security in Computing, Charles P. Pfleeger
  and Shari Lawrence Pfleeger, Third Edition,
  Prentice Hall, ISBN 0-13-035548-8

17
References (continued)

• 8 Digital Signature Standard, Federal
  Information Processing Standards Publication 186,
  May 1994, http//www.itl.nist.gov/fipspubs/fip186.
  htm
• 9 Securing Data in Transit with IPSec, Deb
  Shinder, July 2004, http//www.windowsecurity.com/
  articles/Securing_Data_in_Transit_with_IPSec.html
• 10 An illustrated guide to IPSec, Steve Friedl,
  http//www.unixwiz.net/techtips/iguide-ipsec.html
• 11 SSL/TLS Strong Encryption An Introduction,
  http//httpd.apache.org/docs/2.0/ssl/ssl_intro.htm
  l
• 12 Introducing SSL and Certificates using
  SSLeay, Frederick J. Hirsch, Web Security A
  Matter of Trust. World Wide Web Journal, Volume
  2, Issue 3, Summer 1997 0-07-213324-4
  http//www.uth.tmc.edu/netcenter/middleware/digita
  l-id/PKI-101.ppt1

18
References (continued)

• 13 How PGP Works, http//www.pgpi.org/doc/pgpint
  ro
• 14 S/MIME Secure Email - A Beginners Guide,
  Mark Noble, http//www.marknoble.com/tutorial/smim
  e/smime.aspx
• 15 http//csrc.nist.gov/publications/nistpubs/8
  00-49/sp800-49.pdf
• 16 http//en.wikipedia.org/wiki/Advanced_Encrypt
  ion_Standard
• 17
• 18 Keberos An authentication service for
  Computer Networks, B. Clifford Neuman and
  Theodore Tso, http//gost.isi.edu/publications/ke
  rberos-neuman-tso.html
• 19 The History of Kerberos Authentication,
  Daniel Calloway, http//www.theworldjournal.com/sp
  ecial/nettech/new/kerberos.htm
• 20 http//www.untruth.org/josh/security/radius/
  radius-auth.html
• 21 http//www.faqs.org/rfcs/rfc1321.html
• 22 http//www.iusmentis.com/technology/hashfunct
  ions/md5/
• 23 http//www.irnis.net/gloss/md5-digest.shtml