PAPER

ON

Network Security & cryptography

PRESENTED
TO
STEPCONE ‘06
(A NATIONAL LEVEL TECHNICAL SYMPOSIUM)

SUBMITTED
BY
V.Suneetha
P.S.P.V.Santhi
Department of computer science & engineering
Shri Vishnu engineering college for women.

BHIMAVARAM

EMAIL ID’S:
vsuneethabtech@yahoo.co.in
siri_beautiful@yahoo.com
Abstract

Network security is a complicated subject, historically only tackled by well-

trained and experienced experts. However, as more and more people become
``wired'', an increasing number of people need to understand the basics of security
in a networked world. This document was written with the basic computer user
and information systems manager in mind, explaining the concepts needed to read
through the hype in the marketplace and understand risks and how to deal with
them.

Some history of networking is included, as well as an introduction to TCP/IP and

internetworking. We go on to consider, networkthreats,firewalls, and
more special-purpose secures networking devices.

Contents

• Introduction to Networking
o What is a Network?
o What are some Popular Networks?
 UUCP
 The Internet
• TCP/IP: The Language of the Internet
o IP
o TCP
o UDP
• Types And Sources Of Network Threats
o Loss of privacy
o Loss of data integrity
o Identity spooling
o Denial of service

• Cryptography
• Conclusions

• References
 Introduction to Networking

A basic understanding of computer networks is requisite in order to

understand the principles of network security. In this section, we'll cover some
of the foundations of computer networking, then move on to an overview of
some popular networks. Following that, we'll take a more in-depth look at
TCP/IP, the network protocol suite that is used to run the Internet and many
intranets.

What is a Network?

A “network” has been defined as any set of interlinking lines resembling

a net, a network of roads || an interconnected system, a network of
alliances.'' This definition suits our purpose well: a computer network is
simply a system of interconnected computers. How they're connected is
irrelevant, and as we'll soon see, there are a number of ways to do this.

What are some Popular Networks?

Over the last 25 years or so, a number of networks and network protocols
have been defined and used. We're going to look at two of these networks, both of
which are ``public'' networks. Anyone can connect to either of these networks, or
they can use types of networks to connect their own hosts (computers) together,
without connecting to the public networks. Each type takes a very different
approach to providing network services.

UUCP

UUCP (Unix-to-Unix Copy) was originally developed to connect UNIX

(surprise!) hosts together. UUCP has since been ported to many different
architectures, including PCs, Macs, Amiga’s, Apple IIs, VMS hosts, everything
else you can name, and even some things you can't. Additionally, a number of
systems have been developed around the same principles as UUCP.
Batch-Oriented- Processing.
Implementation of Environment.
Popularity.
Security.
The Internet
This is a word that I've heard way too often in the last few years. Movies, books,
newspapers, magazines, television programs, and practically every other sort of
media imaginable has dealt with the Internet recently.

What is the Internet & Intranet?

The Internet is the world's largest network of networks. When you want to access
the resources offered by the Internet, you don't really connect to the Internet; you
connect to a network that is eventually connected to the Internet backbone, a
network of extremely
fast (and incredibly overloaded!) network components. This is an important point:
the Internet is a network of networks -- not a network of hosts.

It is a LAN or wan the use TCP/IP protocol but belongs exclusively to a

corporation, school or organization. The intranet is accessible only to the
organization’s workers. If the intranet is connect to the internet, then it is secured
by a fire wall to prevent unauthorized users from gaining access to it.

TCP/IP: The Language of the Internet

TCP/IP (Transport Control Protocol/Internet Protocol) is the ``language'' of the

Internet. Anything that can learn to ``speak TCP/IP'' can play on the Internet. This
is functionality that occurs at the Network (IP) and Transport (TCP) layers in the
ISO/OSI Reference Model. Consequently, a host that has TCP/IP functionality
(such as UNIX, OS/2, Marcos, or Windows NT) can easily support an application
(such as Netscape’s Navigator) that uses the network.

IP

As noted, IP is a ``network layer'' protocol. This is the layer that allows the hosts
to actually ``talk'' to each other. Such things as carrying data grams, mapping the
Internet address to a physical network address, and routing, which takes care of
making sure that all of the devices that have Internet connectivity can find the
way to each other.
 TCP

TCP is a transport-layer protocol. It needs to sit on top of a network-layer

protocol, and was designed to ride atop IP. (Just as IP was designed to carry,
among other things, TCP packets.) Because TCP and IP were designed together
and wherever you have one, you typically have the other, the entire suite of
Internet protocols are known collectively as ``TCP/IP.'' TCP itself has a number
of important features that we'll cover briefly.
UDP
UDP (User Datagram Protocol) is a simple transport-layer protocol. It does not
provide the same features as TCP, and is thus considered ``unreliable.'' Again,
although this is unsuitable for some applications, it does have much more
applicability in other applications than the more reliable and robust TCP.

Threat to Internet security

The Internet provides amazing opportunities but not with out some risk. With out
the proper control your data is subjects to several types of attacks. These problem
areas are discussed in the section that follows:

Loss of privacy
A perpetrator may observe confidential data as it transfers the internet. This
ability is probably the largest inhibitor business_to_business communications.
Today with out encryption an unauthorized party as shown in the fig.a1: may read

Figure 4: A Wider View of Internet-connected Networks

every messagesent.
 My password dap

banker.ban.org
User name. Ban
Password:

Loss of data integrity

Even for data that that is not confidential, one must still take measures to ensure
data integrity.
Eg: If you were able to securely identify your self to bank using digital
certificates, you would still want to ensure that the transaction itself is not
modified in some way, such as changing the amount of the deposit as shown in
fig:
Deposit $1000 Deposit$100
$$$$ $$$

Customer Bank

Identity Spooling
Moving beyond the protection of data itself, you must also be careful to protect
your identity on the internet.

Denial of service
An organization take advantage of the Internet, they must take measure to ensure
that their systems are available. Over the last several years’ attackers have found
deficiencies in the TCP/IP protocol suite that allows then to arbitrarily cause
computer systems to crash.
 Disk crash
Disk crash

Network problems can be divided roughly into four internet wined areas:
Secrecy
It has to do with keeping information out of unauthorized users.
Authentication
It deals with determining whom you are taking to before revealing sensitive
information or entering into a business deal.
Non-repudiation
It deals with signatures secrecy and integrity are achieved by using register mail
and locking documents up.

Cryptography is the science of writing in secret code and is an ancient art; the
first documented use of cryptography in writing dates back to circa 1900 B.C. In
data and telecommunications, cryptography is necessary when communicating
over any untrusted medium, which includes just about any network, particularly
the Internet.

Within the context of any application-to-application communication, there are

some specific security requirements, including:

• Authentication: The process of proving one's identity. (The primary forms

of host-to-host authentication on the Internet today are name-based or
address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except
the intended receiver.
• Integrity: Assuring the receiver that the received message has not been
altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this
message.

Cryptography, then, not only protects data from theft or alteration, but can also be
used for user authentication. There are, in general, three types of cryptographic
schemes typically used to accomplish these goals: secret key (or symmetric)
cryptography, public-key (or asymmetric) cryptography, and hash functions, each
of which is described below. In all cases, the initial unencrypted data is referred to
as plaintext. It is encrypted into ciphertext, which will in turn (usually) be
decrypted into usable plaintext.

3. TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms and they will be
categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The three types of
algorithms that will be discussed are (Figure 1):

• Secret Key Cryptography (SKC): Uses a single key for both encryption
and decryption
• Public Key Cryptography (PKC): Uses one key for encryption and another
for decryption
• Hash Functions: Uses a mathematical transformation to irreversibly
"encrypt" information

Why Three Encryption Techniques?

So, why are there so many different types of cryptographic schemes? Why can't
we do everything we need with just one?

The answer is that each scheme is optimized for some specific application(s).
Hash functions, for example, are well-suited for ensuring data integrity because
any change made to the contents of a message will result in the receiver
calculating a different hash value than the one placed in the transmission by the
sender. Since it is highly unlikely that two different messages will yield the same
hash value, data integrity is ensured to a high degree of confidence.

Secret key cryptography, on the other hand, is ideally suited to encrypting

messages. The sender can generate a session key on a per-message basis to
encrypt the message; the receiver, of course, needs the same session key to
decrypt the message.

Key exchange, of course, is a key application of public-key cryptography (no pun

intended). Asymmetric schemes can also be used for non-repudiation; if the
receiver can obtain the session key encrypted with the sender's private key, then
only this sender could have sent the message. Public-key cryptography could,
theoretically, also be used to encrypt messages although this is rarely done
because secret-key cryptography operates about 1000 times faster than public-key
cryptography.
FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.

FIGURE 2: Sample application of the three cryptographic techniques for secure communication.

Figure 2 puts all of this together and shows how a hybrid cryptographic scheme

Conclusions

Security is a very difficult topic. Everyone has a different idea of what ``security''
is, and what levels of risk are acceptable. The key for building a secure network is
to define what security means to your organization. Once that has been defined,
everything that goes on with the network can be evaluated with respect to that
policy. Projects and systems can then be broken down into their components, and
it becomes much simpler to decide whether what is proposed will conflict with
your security policies and practices. The irony is that today, secrecy is not the key
to the goodness of a cryptographic algorithm. Regardless of the mathematical
theory behind an algorithm, the best algorithms are those that are well-known and
well-documented because they are also well-tested and well-studied! In fact, time
is the only true test of good cryptography; any cryptographic scheme that stays in
use year after year is most likely a good one. The strength of cryptography lies in
the choice (and management) of the keys; longer keys will resist attack better than
shorter keys
References

1. The New Lexicon Webster's Encyclopedic Dictionary of the English

Language. New York: Lexicon.

2. R.T. Morris, 1985. A Weakness in the 4.2BSD UNIX TCP/IP Software.

Computing science Technical Report No. 117, AT&T Bell Laboratories, Murray
Hill, New Jersey.