Sei sulla pagina 1di 10



Network Security & cryptography


U.Ajay Kumar
Department of computer science & engineering




Network security is a complicated subject, historically only tackled by

well-trained and experienced experts. However, as more and more people become
``wired'', an increasing number of people need to understand the basics of security
in a networked world. This document was written with the basic computer user
and information systems manager in mind, explaining the concepts needed to read
through the hype in the marketplace and understand risks and how to deal with

Some history of networking is included, as well as an introduction to

TCP/IP and internetworking. We go on to consider,
networkthreats,firewalls, and more special-purpose secures networking


• Introduction to Networking
o What is a Network?
o What are some Popular Networks?
 The Internet
• TCP/IP: The Language of the Internet
o IP
• Types And Sources Of Network Threats
o Loss of privacy
o Loss of data integrity
o Identity spooling
o Denial of service

• Cryptography
• Conclusions

• References
Introduction to Networking

A basic understanding of computer networks is requisite in order to

understand the principles of network security. In this section, we'll cover some
of the foundations of computer networking, then move on to an overview of
some popular networks. Following that, we'll take a more in-depth look at
TCP/IP, the network protocol suite that is used to run the Internet and many

What is a Network?

A “network” has been defined as any set of interlinking lines resembling

a net, a network of roads || an interconnected system, a network of
alliances.'' This definition suits our purpose well: a computer network is
simply a system of interconnected computers. How they're connected is
irrelevant, and as we'll soon see, there are a number of ways to do this.

What are some Popular Networks?

Over the last 25 years or so, a number of networks and network protocols
have been defined and used. We're going to look at two of these networks, both of
which are ``public'' networks. Anyone can connect to either of these networks, or
they can use types of networks to connect their own hosts (computers) together,
without connecting to the public networks. Each type takes a very different
approach to providing network services.


UUCP (Unix-to-Unix Copy) was originally developed to connect UNIX

(surprise!) hosts together. UUCP has since been ported to many different
architectures, including PCs, Macs, Amiga’s, Apple IIs, VMS hosts, everything
else you can name, and even some things you can't. Additionally, a number of
systems have been developed around the same principles as UUCP.

Batch-Oriented- Processing.
Implementation of Environment.

The Internet
This is a word that I've heard way too often in the last few years. Movies, books,
newspapers, magazines, television programs, and practically every other sort of
media imaginable has dealt with the Internet recently.

What is the Internet & Intranet?

The Internet is the world's largest network of networks. When you want to
access the resources offered by the Internet, you don't really connect to the
Internet; you connect to a network that is eventually connected to the Internet
backbone, a network of extremely
fast (and incredibly overloaded!) network components. This is an important point:
the Internet is a network of networks -- not a network of hosts.

It is a LAN or wan the use TCP/IP protocol but belongs exclusively to a

corporation, school or organization. The intranet is accessible only to the
organization’s workers. If the intranet is connect to the internet, then it is secured
by a fire wall to prevent unauthorized users from gaining access to it.

TCP/IP: The Language of the Internet

TCP/IP (Transport Control Protocol/Internet Protocol) is the ``language'' of

the Internet. Anything that can learn to ``speak TCP/IP'' can play on the Internet.
This is functionality that occurs at the Network (IP) and Transport (TCP) layers in
the ISO/OSI Reference Model. Consequently, a host that has TCP/IP functionality
(such as UNIX, OS/2, Marcos, or Windows NT) can easily support an application
(such as Netscape’s Navigator) that uses the network.


As noted, IP is a ``network layer'' protocol. This is the layer that allows the
hosts to actually ``talk'' to each other. Such things as carrying data grams,
mapping the Internet address to a physical network address, and routing, which
takes care of making sure that all of the devices that have Internet connectivity
can find the way to each other.

TCP is a transport-layer protocol. It needs to sit on top of a network-layer

protocol, and was designed to ride atop IP. (Just as IP was designed to carry,
among other things, TCP packets.) Because TCP and IP were designed together
and wherever you have one, you typically have the other, the entire suite of
Internet protocols are known collectively as ``TCP/IP.'' TCP itself has a number
of important features that we'll cover briefly.


UDP (User Datagram Protocol) is a simple transport-layer protocol. It does

not provide the same features as TCP, and is thus considered ``unreliable.'' Again,
although this is unsuitable for some applications, it does have much more
applicability in other applications than the more reliable and robust TCP.

Threat to Internet security

The Internet provides amazing opportunities but not with out some risk. With
out the proper control your data is subjects to several types of attacks. These
problem areas are discussed in the section that follows:

Loss of privacy
A perpetrator may observe confidential data as it transfers the internet. This

Figure 4: A Wider View of Internet-connected Networks

ability is probably the largest inhibitor business_to_business communications.

Today with out encryption an unauthorized party as shown in the fig.a1: may read
every messagesent.
My password dap
User name. Ban

Loss of data integrity

Even for data that that is not confidential, one must still take measures to
ensure data integrity.
Eg: If you were able to securely identify your self to bank using digital
certificates, you would still want to ensure that the transaction itself is not
modified in some way, such as changing the amount of the deposit as shown in

Deposit $1000 Deposit$100
$$$$ $$$

Customer Bank

Identity Spooling
Moving beyond the protection of data itself, you must also be careful to
protect your identity on the internet.

Denial of service
An organization take advantage of the Internet, they must take measure to
ensure that their systems are available. Over the last several years’ attackers have
found deficiencies in the TCP/IP protocol suite that allows then to arbitrarily
cause computer systems to crash.
Disk crash
Disk crash

Network problems can be divided roughly into four internet wined areas:
It has to do with keeping information out of unauthorized users.
It deals with determining whom you are taking to before revealing sensitive
information or entering into a business deal.
It deals with signatures secrecy and integrity are achieved by using register
mail and locking documents up.

Cryptography is the science of writing in secret code and is an ancient art;

the first documented use of cryptography in writing dates back to circa 1900 B.C.
In data and telecommunications, cryptography is necessary when communicating
over any untrusted medium, which includes just about any network, particularly
the Internet.

Within the context of any application-to-application communication, there

are some specific security requirements, including:

• Authentication: The process of proving one's identity. (The primary forms

of host-to-host authentication on the Internet today are name-based or
address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except
the intended receiver.
• Integrity: Assuring the receiver that the received message has not been
altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this

Cryptography, then, not only protects data from theft or alteration, but can
also be used for user authentication. There are, in general, three types of
cryptographic schemes typically used to accomplish these goals: secret key (or
symmetric) cryptography, public-key (or asymmetric) cryptography, and hash
functions, each of which is described below. In all cases, the initial unencrypted
data is referred to as plaintext. It is encrypted into ciphertext, which will in turn
(usually) be decrypted into usable plaintext.

There are several ways of classifying cryptographic algorithms and they will be
categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The three types of
algorithms that will be discussed are (Figure 1):

• Secret Key Cryptography (SKC): Uses a single key for both encryption
and decryption
• Public Key Cryptography (PKC): Uses one key for encryption and another
for decryption
• Hash Functions: Uses a mathematical transformation to irreversibly
"encrypt" information

Why Three Encryption Techniques?

So, why are there so many different types of cryptographic schemes? Why
can't we do everything we need with just one?

The answer is that each scheme is optimized for some specific

application(s). Hash functions, for example, are well-suited for ensuring data
integrity because any change made to the contents of a message will result in the
receiver calculating a different hash value than the one placed in the transmission
by the sender. Since it is highly unlikely that two different messages will yield the
same hash value, data integrity is ensured to a high degree of confidence.

Secret key cryptography, on the other hand, is ideally suited to encrypting

messages. The sender can generate a session key on a per-message basis to
encrypt the message; the receiver, of course, needs the same session key to
decrypt the message.

Key exchange, of course, is a key application of public-key cryptography (no pun

intended). Asymmetric schemes can also be used for non-repudiation; if the
receiver can obtain the session key encrypted with the sender's private key, then
only this sender could have sent the message. Public-key cryptography could,
theoretically, also be used to encrypt messages although this is rarely done
because secret-key cryptography operates about 1000 times faster than public-key
FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.

FIGURE 2: Sample application of the three cryptographic techniques for secure communication.
Figure 2 puts all of this together and shows how a hybrid cryptographic scheme


Security is a very difficult topic. Everyone has a different idea of what ``security''
is, and what levels of risk are acceptable. The key for building a secure network is
to define what security means to your organization. Once that has been defined,
everything that goes on with the network can be evaluated with respect to that
policy. Projects and systems can then be broken down into their components, and
it becomes much simpler to decide whether what is proposed will conflict with
your security policies and practices. The irony is that today, secrecy is not the key
to the goodness of a cryptographic algorithm. Regardless of the mathematical
theory behind an algorithm, the best algorithms are those that are well-known and
well-documented because they are also well-tested and well-studied! In fact, time
is the only true test of good cryptography; any cryptographic scheme that stays in
use year after year is most likely a good one. The strength of cryptography lies in
the choice (and management) of the keys; longer keys will resist attack better than
shorter keys

1. The New Lexicon Webster's Encyclopedic Dictionary of the English
Language. New York: Lexicon.

2. R.T. Morris, 1985. A Weakness in the 4.2BSD UNIX TCP/IP Software.

Computing science Technical Report No. 117, AT&T Bell Laboratories, Murray
Hill, New Jersey.