Cryptography and Network

Security

CS-801D
IT-801D
Credits -3
Total Lectures – 38 (Defined)
 Syllabus
• Module1: Attacks on Computers & Computer Security (5L)
• Introduction, Need for Security, Security approaches, Principles of Security, Types of attack.
• Module2: Cryptography: Concepts & Techniques (7L)
• Introduction, Plaintext & Cipher text, Substitution Techniques, Transposition Techniques, Encryption & Decryption,
• Symmetric & Asymmetric key Cryptography, Key Range & Key Size
• Module3: Symmetric Key Algorithm (8L)
• Introduction, Algorithm types & Modes, Overview of Symmetric Key Cryptography, DES(Data Encryption Standard)
• algorithm, IDEA(International Data Encryption Algorithm) algorithm, RC5(Rivest Cipher 5) algorithm.
• Module4: Asymmetric Key Algorithm, Digital Signature and RSA (5L)
• Introduction, Overview of Asymmetric key Cryptography, RSA algorithm, Symmetric & Asymmetric key
Cryptography
• together, Digital Signature, Basic concepts of Message Digest and Hash Function (Algorithms on Message Digest and
Hash
• function not required).
• Module5: Internet Security Protocols, User Authentication (6L)
• Basic Concepts, SSL protocol, Authentication Basics, Password, Authentication Token, Certificate based
Authentication,
• Biometric Authentication.
• Module6 : Electronic Mail Security (4L)
• Basics of mail security, Pretty Good Privacy, S/MIME.
• Module7: Firewall (3L)
• Introduction, Types of firewall, Firewall Configurations, DMZ Network
 Books to study
• Text :
• 1. “Cryptography and Network Security”, William Stallings, 2nd Edition,
Pearson Education Asia
• 2. “Network Security private communication in a public world”, C. Kaufman,
R. Perlman and M. Speciner,
• Pearson
• 3. Cryptography & Network Security: Atul Kahate, TMH.
• Reference :
• 1. “Network Security Essentials: Applications and Standards” by William
Stallings, Pearson
• 2. “Designing Network Security”, Merike Kaeo, 2nd Edition, Pearson Books
• 3. “Building Internet Firewalls”, Elizabeth D. Zwicky, Simon Cooper, D.
Brent Chapman, 2nd Edition, Oreilly
• 4. “Practical Unix & Internet Security”, Simson Garfinkel, Gene Spafford,
Alan Schwartz, 3rd Edition, Oreilly
 Introduction
• Why?

• What?

• How?
 The Need for Security
• User id + password
• Not accessible for unauthorised
 Data Transmission on the
Internet
• Data travels as clear text

• Personal or confidential information is not

secure

• Example: Credit card details

 Security Management Practices
• Affordability

• Functionality

• Cultural issues

• Legality
 Need for Security
• Why???
 Principles of Security
• Confidentiality

• Integrity

• Authentication

• Non-repudiation
Transmission of Credit Card
Details
Customer Id: 78910
Order Id: 90
Clien Item Id: 156 Serve
t Credit Card Number: r
1234567890
Issued By: Visa
Valid Till: Jan 2006
…

Server
Database
 Security approaches (Models)
• No security

• Security through obscurity

• Host security

• Network model
 Confidentiality
• Also called as privacy

• Refers to the secrecy of information

• Only the sender and the receiver should

have an access to the information
N.B. Inception causes loss of message
confidentiality
 Loss of Confidentiality

A Secret B

Sender Receiver
C

Attacker
 Authentication
• Identifies the sender/receiver of a message

• Required so that the communicating parties

trust each other

• Answers who is who

• N.B. Fabrication is possible in the absence
of proper authentication
Absence of Authentication

I am user A
A B

Sender Receiver

C
Attacker
 Integrity
• Ensures that any changes to a message are
detected

• The message from the sender to the receiver

must travel without any alterations

• Changes need to be prevented, or at least,

detected
• N.B. Modification causes loss of message
integrity
Loss of Message Integrity
Ideal route of the message

A B

Transfer $100
Transfer
to C
$1000
to C
Actual route of the message

C
Sender Attacker Receiver
Non-repudiation does not allow
the sender of a message to refuse
the claim of not sending the
message
 Access Control
Who should be able to access what
1. Role Management – Which user can do
what?
2. Rule Management – Which resource is
accessible, and under what circumstances?
 Availability
• Resources/applications must be available to
authentic users all the time

• Attackers can deny the availability

• Denial Of Service (DOS) is an example of

an attack on availability
 Attack on Availability

A B

Sender Receiver
C

Attacker
 Attacks A general view
• Criminal attacks
• Publicity attacks
• Legal attacks
 Attack Technical view
• Interception –loss of confidentiality
• Fabrication: loss of authentication
• Modification- Loss of integrity
• Interruption-loss of avaiabilty
 Types of Attacks

Attacks

Passive attacks Active attacks

 Passive attacks
• Passive attacks do not involve any
modifications to the contents of an original
message
Classification of Passive Attacks

Passive attacks
(Interception)

Release of message Traffic analysis

contents
 Active attacks
• The content of the original message are
modified in some way
Classification of Active Attacks

Active attacks

Interruption Modification Fabrication

(Masquerade) (Denial Of
Service - DOS)

Replay attacks Alterations

Practical Side of Attacks

Security attacks in
practice

Application level Network level attacks

attacks
 Virus
• Program that causes damage to other
programs/applications/data

• Contains malicious code

• Propagates as it damages
 Phases of virus
• Dormant
• Propagation
• Triggering
• Execution
 Diff types of virus
• Parasitic
• Memory-resident
• Boot sector
• Polymorphic
• Metamorphic
 Example of Virus

Add x to y Add x to y Delete all files

Perform Print-Job Perform Print-Job Send a copy of
Perform Close-Job Perform Virus-Job myself to all
End Perform Close-Job using this
End users address
book
Return

(a) Original (b) Virus (c) Virus code

clean code infected code
 Worm
• Propagates as it damages

• Does not damage a program/data

• Consumes resources, and brings system to a

halt
 Example of Worm
Perform resource-
Replicate eating tasks, but
itself no destruction

Replicate Perform resource- Perform resource-

itself eating tasks, but eating tasks, but
no destruction no destruction
Perform resource-
eating tasks, but Perform resource-
no destruction Perform resource-
eating tasks, but
eating tasks, but
no destruction
no destruction
Worm code
Perform resource-
eating tasks, but …
no destruction
 Trojan Horse
• Why The name????
• Iliad - troy
• Silently observes user actions and captures
confidential information

• Uses captured information for its use

• Example: Capturing user id and password

Example of Trojan Horse
Login program

User User Id: xxx

Login code
Password: yyy
…
Trojan horse
Login code
…

User Id: xxx

Password: yyy

Attacker
 Deleting virus

• Detection
• Identification
• Removal
 Anti virus type
• 1st generation – simple scanners
• 2nd generations- Heuristic scanners
• 3rd generation- activity traps
• 4th generations-Full-featured protection
 Specific attacks
• Sniffing and spoofing
• A. Packet sniffing
• B. Packet Spoofing
• The attacker can intercept reply
• The attacker needs not see intercept
reply
• The attacker does not want reply
Phishing & pharming