ABSTRACT:
y TRAFFIC CONFIDENTIALITY y DATA INTEGRITY y ORIGINALITY y TIMELINES y DNS y AUTHENTICATION y ACCESS CONTROL y DENIAL OF SERVICE(DOS) ATTACKS
CRYPTOGRAPHIC TOOLS:
Cryptogrpahy is providing security to the data transmitted/received over the internet through algorithms such as CIPHERS and CRYPTOGRPAHIC HASHES.
PRINCIPLES OF CIPHERS:
Applies encryption for plaintext message Ciphertext message is sent over the network Secret decryption is applied over the receiver side ,It is paramaterized by KEY. Electronic codebook(ECB) mode encryption Cipher block chaining
TYPES OF CIPHERS:
Symmetric-key ciphers Public key ciphers
Authentication protocols:
Orginality and timelines Synchronization Symmetric key authentication 1.Without sync. 2.kerberos. 3.Diffie-Hellman key agreement.
SYMMETRIC-KEY AUTHENTICATION(contd..)
This focuses mainly on the larger systems,where each entity would have its own master key shared only with a KDC. Here KDC uses the knowledge of alices and bobs master key to construct a reply from bob. This reply will not be useful to anyone except alice,because only alice can decrpyt it. After the first authentication alice and bob can perform the authentication protocol themselves. NOTE:KDC is key distribution center.
KERBEROS(NEEDHAM-SCHROEDR APPROACH):
KERBEROS(NEEDHAM-SCHROEDR APPROACH):
It is more of user friendly technique,It gives the Client to authenticate the communication with passwords. In the above example, The KDC generates a master key based on the alicess password,As soon as alice sends the password to the KDC it generates a masterkey This password information of alice is deleted from the network as soon as the key is generated. Here KDC acts as a software used by the clients.
KERBEROS:
KERBEROS APPROACH:
There are two replys in this approach, 1. Alice needs to prove her identity to the AS(authentication server). 2. The TGS(ticket-granting server) gives some sort of ticket which acts as a alice identifier. These two steps occur before establishing the Communication,Once the communication is established it generates two things,they are I. Identifier II. Encrypted message with bobs master key.
COMPUTATION:
Alice computes the following value gab mod p=(gb mod p)a mod p Bob generates the following value gab mod p=(ga mod p)b mod p When they are equal communication is established and thus the reuslting key can be easily computed. MAN IN THE MIDDLE ATTACK: Here a third person can generate the own private random variables c and d and thus intercept messages from alice and bob since both of them unknowingly share the key.
SECURE SYSTEMS:
Components used for building a secure system are
Cryptographic algorithms Key distribution mechanism Authentication protocols.
PGP:
It is basically used for providing security for the electronic-mail.This was devised by phil zimmerman which is also known as OPEN PGP .PGP supports RSA and DSS public certifications,These certificates may specify which cryptographic algorithms are supported or preferred by the key s owner. Note: MD5 and SHA-1 are the hashes used in digital signature. AES and 3DES are the ciphers used.
PGP:
SSH:
SSH provides remote login service which is intended to replace less-secure telnet and rlogin programs used in early days. The SSH server actually runs on a remote system on which users wants to login. It is widely used because of strong authentication and password protection it provides. Consider connecting a home computer to a school computer for some work,Then we will have the following issues
SSH(contd..):
y We have to send the password and data through of
number of untrusted networks which connects the school and home computer. y SSH provides a encryption for the data sent ,thus to improve the strength of the authentication mechanism used for logging in. y It consists of three protocols
SSH-TRANS. 2. SSH-AUTH. 3. SSH-CONN.
1.
SSH METHOD:
The generally used parameters in SSH are First-time risk Public key encryption Host authentication ssh~keygen ~/.ssh/known_hosts ~/.ssh/authorized_hosts ~/.ssh/identity Port forwarding
TLS,SSL,HTTPS:
Immediately after the introduction of internet some popular enterprises took interest on how to make the transactions secure over the web. Eg:A purchase done using credit card. This protocol just looks like a normal transport protocol except that it is additionally secure . This includes all normal features of TCP along with secure transport layer running on top of it. While using HTTPS it is connected to port 443 in which normal data passed through SSL/TLS protocol for encryption and decryption.
TLS,SSL,HTTPS(contd..):
Secure transport layer inserted between application and TCP layer is shown below.
APPLICATION(eg.HTTP) SECURE TRANSPORT LAYER TCP IP SUBNET
The sender can open communication and send it over network such that SSL makes sure of confidentiality,integrity and authentication.
HAND-SHAKE PROTOCOL:
A pair of TLS participants negotiate at runtime which cryptography to use.The participants negotiate the use of Data integrity hash,MD5 or SHA Symmetric key ciphers Session-key establishment approach and public key authentication protocols. The TLS delivers all of these using a one shared master-secret.
HANDSHAKE PROTOCOL:
IP security:
This is made mandatory in IPv6 owing to increased network attacks which was optional in IPv4. Ipsec provides three levels of security,They are 1. Highly modular allowing users to select the cryptographic algorithms and security protocols. 2. Provides a large menu of security properties including access control,integrity,etc 3. Protection in narrow streams or wide streams. Terms used: SA=security association SPI=security parameter index
IP security(contd..)
FORMAT OF Ipsec s ESP:
Seqnum-Protects against replay attacks Payloaddata-contains the data in next header field Paylength-describes how much padding was done using ciphers Authentication data-authenticator.
WIRELESS SECURITY(802.11i):
Wi-fi proteceted access 2(WPA2) is often used as acronym for 802.11i. 802.11i supports two modes,They are Personal mode Passphrase mode In both of these methods the master key is cryptographically derived.
WIRELESS SECURITY(802.11i):
The AS(authentication server) and AP(access-points) must be connected by a secure channel and could even share the same host. The authentication is provided by EAP. EAP-supports multiple authentication methods such as smart cards,kerberos and one-time passwords. Usage of CCMP is also possible CTR-counter mode CBC-MAC cipher block chaining with message authentication.
FIREWALLS:
A firewall is a system that is the sole point of connectivity between the site it protects and the rest of the network,It is usually implemented as a part of the router. In terms of walls,a firewall provides access Control by restricting which messages it will relay between the site and the rest of the network, It forwards the message that are allowed. It filters out the message that are dis-allowed.
FIREWALLS:
Examples:
1. (192.12.13.14,1234,18.7.6.5,80). 2. (*,*,128.7.6.5,80)
Two kinds of firewall are Stateful firewall. Stateless firewall. DISADVANTAGES: I. Viruses and worms II. Third party accessing firewall. III. Malware and spyware.
CONCLUSION:
The job of network security is to keep the network secure