Cryptography and Network Security-2

1. What are Security Policies? Explain military security policy.

A security policy is a statement of

the security we expect the system

to enforce. Each piece of information in military is ranked at a

particular sensitivity level, such as unclassified, restricted, confidential,
secret, or top secret. Military

security policy is based on protecting

classified information The ranks or

levels form a hierarchy, and they

reflect an increasing order of sensitivity, as

shown in figure

That is, the information at a given level is less sensitive

than the

information in the level above it and more sensitive than the level
below it. For example, restricted information is more sensitive than
unclassified but more sensitive than confidential. We can denote the
sensitivity of an object O by rank o. In the rest of this unit we
assume these

five sensitivity levels. Information access is limited by

the need-to-know rule:

The subjects who

need the sensitive data to perform their jobs are

only allowed to access the

sensitive data. Each piece of classified

information may be associated with

one or more projects, called

compartments, describing the subject matter of

the information. For

example, the alpha project may use secret information,

as may the

beta project, but staff on alpha do not need access to the

information on beta. In other words, both projects use secret
information, but

each is restricted to only the secret information

needed for its particular

project. In this way, compartments help

enforce need-to-know restrictions so

that people obtain access only

to information

that is relevant to their jobs. A

compartment may cover information

at only one sensitivity level, or it may

sensitivity levels.

include information at several

The relationship between

compartments and

sensitivity levels is shown in figure

2. Explain Chinese wall Security Policy.

Chinese Wall Security Policy is

builds on three levels of abstraction.

Objects: At the lowest level are elementary objects, such as files.

Each file contains information concerning only one company.
Company groups: At the next level, all objects concerning a
particular

company are grouped together.

 Conflict classes: At the highest level, all groups of objects for

competing companies are clustered.
With this model, each object belongs to a unique company group, and
each company group is contained in a unique conflict class. A conflict
class may contain one or more company groups

Using the Chinese Wall hierarchy, you would form six company groups
(one for each company)

and three conflict classes:

{Suchard, Cadbury}, {Citicorp, Deutsche Bank, Credit Lyonnais}, and

{SAS}. The hierarchy guides a simple access control policy: A person
can access any information as long as that person has never accessed
information from a different company in the same conflict class. That
is, access is allowed if either the object requested is in the same
company group as an object that has previously been accessed or the
object requested belongs to a conflict class that has never before
been accessed. In our example, initially you can access any objects.
Suppose you read from a file on Suchard. A subsequent request for
access to any bank or to SAS would be granted, but
a request to access Cadbury files would be denied. Your next access,
of SAS data, does not affect future accesses. But if you then access
a file on Credit Lyonnais, you will be blocked from future accesses to
Deutsche Bank or Citicorp

The Chinese Wall is a commercially inspired confidentiality

policy. It is unlike most other commercial policies, which focus on
integrity. It is also interesting because access permissions change
dynamically: As a subject accesses some objects, other objects that
would previously have been accessible are subsequently denied.

3. Write a short note on Impersonation.

Impersonation is a more significant threat in a wide area network than
in a local one. Local individuals often have better ways to obtain
access as another user; they can, for example, simply sit at an
unattended workstation. Still, impersonation attacks should not be
ignored even on local area networks, because local area networks are
sometimes attached to wider area networks without anyone's first
thinking through the security implications.
In an impersonation, an attacker has several choices
like guess the identity and authentication details of the target, pick
up the identity and authentication details of the target from a

previous communication or from wiretapping, circumvent or disable the

authentication mechanism at the target computer, use a target that
will not be authenticated, use a target
whose authentication data are known.

4. Explain link and end-to-end encryption.

Encryption plays a major role
in network security. It is powerful tool in
providing privacy, authenticity, integrity, and limited access to data.
Because networks often involve even greater risks, they often secure
data with encryption, perhaps in combination with other controls
In network applications, encryption can be applied either between two
hosts

(called link encryption) or between two applications (called

end-to-end encryption). We consider each below. With either form

of encryption, key distribution is always a problem. Encryption keys
must be delivered to the sender and receiver in a secure manner.
Link encryption
In link encryption, data are encrypted just before the system places
them on the physical communications link. In this case, encryption
occurs at layer 1 or 2 in the OSI model. (A similar situation occurs
with TCP/IP protocols.) Similarly, decryption occurs just as the
communication arrives at and enters the receiving computer. A model
of link encryption is shown in Figure 9.4.
Encryption protects the message in transit between two computers,
but the message is in plaintext inside the hosts. (A message in
plaintext is said to be "in the clear.") Notice that because the
encryption is added at the bottom protocol layer, the message is

exposed in all other layers of the sender and receiver. If we have

good physical security, we may not be too concerned about this
exposure; the exposure occurs on the sender's or receiver's host or
workstation, protected by alarms or locked doors, for example.
Nevertheless, you should notice that the message is exposed in two
layers of all intermediate hosts through which the message may pass.
This exposure occurs because routing and addressing are not read at
the bottom layer, but only at higher layers. The message is in the
clear in the intermediate hosts, and one of these hosts may not be
especially
trustworthy.

Link encryption is especially appropriate when the

transmission line is the point of greatest vulnerability. If all hosts on

a network are reasonably

secure but the communications medium is

shared with other users or is not secure, link encryption is an easy

control to use.

As its name implies, end-to-end encryption provides security from

one end of a transmission to the other. The encryption can be
applied by a hardware device between the user and the host.
Alternatively, the encryption can be done by software running on the
host computer. In either case, the encryption is performed at the
highest levels (layer 7, application, or perhaps at layer 6,
presentation) of the OSI model. A model of end-to-end encryption
is shown in Figure

Since the encryption precedes all the routing and transmission

processing ofthe layer, the

essage is transmitted in encrypted form

throughout thenetwork. The encryption addresses potential flaws in

lower layers in thetransfer model. If a lower layer should fail to
preserve security and revealdata it has received, the data
confidentiality is not endangered. Figure

shows a typical message with

end-to-end encryption, again with the encrypted field shaded.

When end-to-end encryption is used, messages sent through several

hostsare protected. The data content of the message is still
encrypted, as shown in Figure , and the message is encrypted
(protected against disclosure)while in transit. Therefore, even though
a message must pass throughpotentially insecure nodes (such as C
through G) on the path between Aand B, the message is protected
against disclosure while in transit.

5. Explain in detail, the Security Association.

IPSec provides connectionless, best-effort delivery of datagrams
through a

network by protecting it from snooping or modification.

IPSec protects IP datagrams by defining a method of specifying the

traffic to protect, how that traffic is to be protected, and to whom
the traffic is sent. IPSec can protect packets between hosts, between
network security gateways, or between hosts and security gateways.
Since an IPSec-protected datagram is itself just another IP packet it
is possible to nest security services and provide, for example, endto-end authentication between hosts and send that IPSecprotected
data through a tunnel, which is itself protected by security
gateways using IPSec.

In order to communicate each pair of hosts using IPSec, it

must establish a security association with one another. The security
association connects the

security services and a key, with the traffic

to be protected, and the remote peer with whom IPSec traffic is

being exchanged. The security association that applies to a given
IPSec header is determined by the packets destination IP address and
the security parameter index (SPI) in the packet header. SAs reside
in the security association database (SADB).
The SAs are one way, i.e., simplex. If two hosts, A and B, are
communicating securely using ESP, then the host A will have an SA, SA
,for processing outbound packets and will have a different SA, SA ,
for processing the inbound pack ets. The host B will also create two
SAs for processing its packets. The SA out
SA

of the host A and the

of the host B will share the same cryptographic parameters such

as keys. Similarly, SA in

of the host A and the SA

of the host B

will share the same cryptographic parameters. As SAs are

unidirectional, a separate table is maintained for
SAs used for outbound and inbound processing.

Out The SAs are

also protocol specific. There is an SA for each protocol. If two hosts

A and B are communicating securely using both AH and ESP, then each
host builds a separate SA for each protocol.
Security Policy Database (SPD) is also a component in the IPSec
architecture. The SPD works in conjunction with the SADB in
processing packets. The policy is an extremely important component
of IPSec architecture. The policy defines the security communications
characteristics between the two entities. It defines what protocols to
use in what modes and the transforms to be used. It also defines
how the IP packets are treated.

6. Describe the Authentication Header.

Authentication Header (AH) is one of the two core security protocols

in

IPSec protocol suite. AH provides data integrity, data source

authentication, and protection against replay attacks. It does not

provide confidentiality. This makes AH header much simpler than ESP.
It is merely a header and not a header plus trailer. The figure
shows the AH protected IP packet.

It provides authentication of either all or part of the contents of a

datagramthrough the addition of a header that is calculated based on
the values in the datagram. What parts of the datagram are used for
the calculation, and the placement of the header, depends on the
mode (tunnel or transport) and the version of IP. The figure

shows

the AH protocol structure.

The fields comprising the AH header are:

Next Header: The next header field identifies the protocol type of
the

next packet header after the AH packet header.

 Payload Length: The length field states the length of the AH

header

information.

Reserved field: It is for future extensions of the AH protocol.

SPI field: shows to which SA the packet belongs.
Sequence number: It is an incrementing value that prevents
against replay attacks.
The authentication data:

contains the information for

authenticating the
packet.
The operation of the AH protocol is simple especially for any protocol
that

has anything to do with network security. It can be considered

analogous to the algorithms used to calculate checksums or perform

CRC checks for error detection. In those cases, a standard algorithm
is used by the sender to compute a checksum or CRC code based on
the contents of a message. This computed result is transmitted along
with the original data to the destination, which repeats the calculation
and discards the message if any discrepancy is found between its
calculation and the one done by the source.
This is the same idea behind AH, except that instead of using a
simple algorithm known to everyone, it uses a special hashing algorithm
and a specific key known

only to the source and the destination. SA

between two devices is set up that specifies these particulars so that

the source and destination know how to perform the computation, but
nobody else can. On the source device, AH performs the computation
and puts the result (called the Integrity Check Value or ICV) into a
special header with other fields for transmission. The destination
device does the same calculation using the key the two devices share,
which enables it to see immediately if any of the fields in the original
datagram were modified either due to error or malice.

It's

important to point here that just as a checksum doesn't change the

original data, neither does the ICV calculation change it. The

presence of the AH header allows us to verify the integrity of the

message, but doesn't encrypt it. Thus, AH provides authentication but
not privacy.

7. Explain in detail, the Secure Socket layer.

SSL is a security protocol that was developed by Netscape
Communications Corporation, along with RSA Data Security, Inc. The
primary goal of the SSL protocol is to provide a private channel
between communicating applications, which ensures privacy of data,
authentication of the partners, and integrity.

SSL

provides an alternative to the standard TCP/IP socket API that has

security implemented within it. Therefore, in theory, it is possible to
run any
TCP/IP application in a secure way without changing the application.
In
practice, SSL is only widely implemented for HTTP connections, but
Netscape Communications Corp, has stated an intention to employ it
for
other application types, such as NNTP and Telnet, and there are
several
such implementations freely available on the Internet. IBM, for
example,

uses SSL to enhance security for TN3270 sessions in the IBM

WebSphere
Host On-Demand and eNetwork Communications Server products.
SSL is composed of two layers:

At the lower layer, a protocol for transferring data using a

variety of
predefined cipher and authentication combinations, called the SSL
Record Protocol. Figure 11.1 illustrates this and contrasts it with
a
standard HTTP socket connection. Note that this diagram shows
SSL as
providing a simple socket interface on which other applications can
be
layered. In reality, current implementations have the socket
interface
embedded within the application and do not expose an API that
other
applications can use.

On the upper layer, a protocol for initial authentication and

transfer of
encryption keys, called the SSL Handshake Protocol.

8. Mention different possible threats to E-mail.

The threats to electronic mail are message

interception leading to either
loss of confidentiality or blocked delivery, message interception and
subsequent replay, message content modification, message origin
modification, message content forgery by outsider and recipient,
message
origin forgery by outsider and recipient, denial of message
transmission.
Confidentiality and content forgery are often handled by encryption.
Encryption can also help in a defense against replay, although we
would
also have to use a protocol in which each message contains something
unique that is encrypted. Symmetric encryption cannot protect against
forgery by a recipient, since both sender and recipient share a
common key
however, public key schemes can let a recipient decrypt but not
encrypt.
Because of lack of control over the middle points of a network,
senders or
receivers generally cannot protect against blocked delivery.

9. What is Firewall? Explain.

A
firewall is a device that act as a barrier between an authorized or
"inside"
network and a unauthorized or "outside" network. Usually a firewall
runs on

a dedicated device; which means nonfirewall functions should not be

done
on the same machine. Because a firewall is executable code, the
attacker
could compromise that code and execute from the firewall's device.
Thus,
the fewer pieces of code on the device, the fewer tools the
attacker would
have by compromising the firewall. Firewall code usually runs on a
proprietary or carefully minimized operating system.

The purpose of a firewall is to keep "bad" things outside a protected

environment. To accomplish that, firewalls implement a security policy
that
is specifically designed to address what bad things might happen. For
example, the policy might be to prevent any access from outside
(while still
allowing traffic to pass from the inside to the outside). Alternatively,
the
policy might permit accesses only from certain places, from certain
users, or
for certain activities. Part of the challenge of protecting a network
with a
firewall is determining which security policy meets the needs of the
installation.

10.

What do you mean by Planning Security policies? Explain.

In a computing system the security plan identifies and organizes the

security
activities. The plan is both a description of the current situation and
a plan
for improvement. Every security plan must address seven issues.
current state, describing the status of security at the time of the
plan
policy, indicating the goals of a computer security effort and the
willingness of the people involved to work to achieve those
goals
requirements, recommending ways to meet the security goals
recommended controls, mapping controls to the vulnerabilities
identified
in the policy and requirements
accountability, describing who is responsible for each security
activity
timetable, identifying when different security functions are to be
done
continuing attention, specifying a structure for periodically
updating the
security plan

There are many approaches for creating and updating a security plan.
Some
organizations have a formal, defined security planning process, much
as
they might have a defined and accepted development or maintenance
process. Others look to security professionals for guidance on how
to
perform security planning.
Good, effective security planning includes a careful risk analysis. A
risk is a
potential problem that the system or its users may experience. We
distinguish a risk from other project events by looking for three
things:
1. A loss associated with an event: The event must generate a
negative
effect: compromised security, lost time, diminished quality, lost
money,
lost control, lost understanding, and so on. This loss is called
the risk
impact.
2. The likelihood that the event will occur: There is a probability of
occurrence associated with each risk, measured from 0
(impossible) to
3.

1 (certain). When the risk probability is 1, we say we have a

problem.

3. The degree to which we can change the outcome: We must

determine

what, if anything, we can do to avoid the impact or at least

reduce its
effects. Risk control involves a set of actions to reduce or
eliminate the
risk. Many of the security controls we describe in this book are
examples
of risk control.
In general, there are three strategies for risk reduction:

1. avoiding the risk, by changing requirements for security or other

system
characteristics
2. transferring the risk, by allocating the risk to other systems,
people,
organizations, or assets; or by buying insurance to cover any
financial
loss should the risk become a reality
3. assuming the risk, by accepting it, controlling it with available
resources,
and preparing to deal with the loss if it occurs

Thus, costs are associated not only with the potential impact of risks
but
also with reducing it. Risk leverage is the difference in risk exposure
divided
by the cost of reducing the risk. In other words, Risk Leverage is:
(Risk Exposure before reduction) (Risk Exposure after
reduction)

(Cost of risk reduction)

If the leverage value of a proposed action is not high enough, then

we look
for alternative but less costly actions or more effective reduction
techniques.

///////////////////////////////////////////////////
///////////////////////////////////////////////////
////