Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PROGRAM BSc IT
SEMESTER FIFTH
BT0088, Cryptography and Network Security
Q. No.1
What is the need for security? Explain types of security attacks.
ANSWER: Need for Security
Computer security is required because many organizations will be damaged by hostile software or
intruders. There may be several forms of damage which are obviously interrelated. These include:
Damage or destruction of computer systems.
Damage or destruction of internal data.
Loss of sensitive information to hostile parties.
Use of sensitive information to steal elements of monitary value.
Use of sensitive information against the customers which may result in legal action by customers
against the organization and loss of customers.
Damage to the reputation of an organization.
Monitory damage, due to loss of sensitive information, destruction of data, hostile use of sensitive
data, or damage to the reputation of the organization.
The methods used to accomplish these unscrupulous objectives are many and varied depending on the
circumstances.
Types of Threats (Attacks)
Now you would see the various types of threats which a computing environment would encounter
Interception:
This type of threat occurs when an unauthorized party(outsider) has gained access. The outside party can
be a person, a program, or a computing system. Examples of this type of failure are illicit copying of
program or data files, or wiretapping to obtain data in a network. Although a loss may be discovered
fairly quickly, a silent interceptor may leave no traces by which the interception can be readily detected.
When an unauthorized party modifies or corrupts the asset, the threat is a modification. For example,
someone might change the values in a database, alter a program so that it performs an additional
computation. It is even possible to modify hardware. Only some cases are detected easily using simple
measures, but others are almost impossible to detect.
Interruption:
This occurs when an asset of the system becomes lost, unavailable, or unusable. An example is the
malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an
operating system file manager so that it cannot find a particular disk file.
The useful means of classifying security attacks is in terms of passive attacks and active attacks. A
passive attack attempts to learn or make use of information from the system but does not affect the system
resources. An active attack attempts to alter system resources or affect their operation.
Passive attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.
The release of message content is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to
prevent the opponent from learning the contents of these transmissions.
A second type of passive attack is traffic analysis. Suppose a sender is masking the content by using
encryption( will be discussed later) an attacker still be able to observe the pattern of these messages. The
attacker (Opponent) could determine the location and identify the communicating hosts and could observe
the frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that has taken place.
Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages and denial of service.
A Masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually
includes one of the other forms of active attack. Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect.
Modification of message simply means that some portion of a legitimate message is altered, or that
message are delayed or recorded, to produce an unauthorized effect. The denial of service prevents or
enhibits the normal use or management of communication facilities. This attack may have a specific
target; for example, an entity may suppress all messages directed to a particular destination.
QRSTUVWXYZ
Plaintext
defghijklmnopqrstuvw
Ciphertext
xyzabc
Block based encryption system is classified as stream and block encryption system. Stream encryption
algorithm convert one symbol of plaintext immediately into a symbol of ciphertext. (The exception is the
columnar transposition cipher.) The transformation depends only on the symbol, the key, and the control
information of the encipherment algorithm. Some kinds of errors, such as skipping a character in the key
during encryption, affect the encryption of all future characters. However, such errors can sometimes be
recognized during decryption because the plaintext will be properly recovered up to a point, and then all
following characters will be wrong. If that is the case, the receiver may be able to recover from the error
by dropping a character of the key on the receiving end. Once the receiver has successfully recalibrated
the key with the ciphertext, there will be no further effects from this error.
To address this problem and make it harder for a cryptanalyst to break the code, we can use block
encryption algorithm. A block encryption encrypts a group of plaintext symbols as one block. The
columnar transposition and other transpositions are examples of block ciphers. In the columnar
transposition, the entire message is translated as one block. The block size need not have any particular
relationship to the size of a character. Block ciphers work on blocks of plaintext and produce blocks of
ciphertext, as shown in figure 3.2. In this figure, the central box represents an encryption machine: The
previous plaintext pair is converted to po, the current one being converted is IH, and the machine is soon
to convert ES.
It provides authentication of either all or part of the contents of a datagram through the addition of a
header that is calculated based on the values in the datagram. What parts of the datagram are used for the
calculation, and the placement of the header, depends on the mode (tunnel or transport) and the version of
IP. The figure 10.5 shows the AH protocol structure.
This is the same idea behind AH, except that instead of using a simple algorithm known to everyone, it
uses a special hashing algorithm and a specific key known only to the source and the destination. SA
between two devices is set up that specifies these particulars so that the source and destination know how
to perform the computation, but nobody else can. On the source device, AH performs the computation and
puts the result (called the Integrity Check Value or ICV) into a special header with other fields for
transmission. The destination device does the same calculation using the key the two devices share, which
enables it to see immediately if any of the fields in the original datagram were modified either due to error
or malice.
It's important to point here that just as a checksum doesn't change the original data, neither does the ICV
calculation change it. The presence of the AH header allows us to verify the integrity of the message, but
doesn't encrypt it. Thus, AH provides authentication but not privacy.
Encryption can potentially yield any string as output. Many e-mail handlers expect that message traffic
will not contain characters other than the normal printable characters. Network e-mail handlers use
unprintable characters as control signals in the traffic stream. To avoid problems in transmission,
encrypted e-mail converts the entire ciphertext message to printable characters. An example of an
encrypted e-mail message is shown in Figure 12.2. Notice the three portions: an external (plaintext)
header, a section by which the message encryption key can be transferred, and the encrypted message
itself. (The encryption is shown with shading.)
Open Development: I don't trust software that doesn't trust me. Closed policies not only betray a
distrustworthy tendency in the distributors, but also ensure that I have no way to verify the
trustworthiness of the developers. Ultimately, the software I use should ideally be available as source
code that I can compile and run myself; this discourages deviousness on the part of software
developers and ensures that, should I choose to compile it myself, I know personally that the source
code to which I have access is the same stuff used to build the software I'm running. Ideally, the entire
operating environment should be verifiable with both cryptographic hashes and source-based software
management.
Open Formats: When my data is stored in a particular format, it needs to be an open format.
Vendors die, discontinue products, and play silly games with file format compatibility in the interests
of "encouraging" upgrades. Closed formats hold my data hostage to the people who control those
formats, and can make it difficult for me to maintain access to that data. This is, it should be obvious,
simply unacceptable. When closed formats are taken to a ridiculous extreme, you get the
similarly extreme consequences of DRM. Ideally, one's choice of format should be as close to plain
text as possible, because in a worst-case scenario you can still read plain text with the naked eye.