Cryptography and Network Security Paper Presentation
Cryptography and Network Security Paper Presentation
Cryptography and Network Security Paper Presentation
com
NETWORK SECURITY NEC – N – PAC 2006 1
omm
i.c.co
CRYPTOGRAPHY
ooggi
ntyty
ddeen
NETWORK SECURITY
sstutu
CONTENTS
ww. .
• What is Cryptography?
• Types of Cryptography
wwww
www.studentyogi.com www.studentyogi.com 1
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 2
• Todays latest used cryptographic techniques
• Different types of threats to network
• Network Security can be done by various
m
methods
co
1. VPN ( Virtual Private Networks)
2. Firewalls
gi.
3. IPSec.
4. AAA Server.
tyo
d en
stu
Abstract
w.
ww
www.studentyogi.com www.studentyogi.com 2
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 3
manager in mind, explaining the concepts needed to read through the hype in the
marketplace and understand risks and how to deal with them.
m
internetworking . We go on to consider risk management, network threats, firewalls, and
more special-purpose secure networking devices.
co
This is not intended to be a ``frequently asked questions'' reference, nor is it a ``hands-on''
document describing how to accomplish specific functionality.
gi.
It is hoped that the reader will have a wider perspective on security in general, and better
understand how to reduce and manage risk personally, at home, and in the workplace.
tyo
d en
stu
w.
naive to believe that we don't need? During this time when the Internet
provides essential communication between tens of millions of people and
is being increasingly used as a tool for commerce, security becomes a
tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
Communications and protecting passwords. One essential aspect for
www.studentyogi.com www.studentyogi.com 3
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 4
Secure communications is that of cryptography.
m
In data and telecommunications, cryptography is necessary
when communicating over any untrusted medium, which includes just
about any network, particularly the Internet.
co
Within the context of any application-to-application communication, there
are some specific security requirements, including:
gi.
Authentication: The process of proving one's identity. (The
primary forms of host-to-host authentication on the Internet today
are name-based or address-based, both of which are notoriously
weak.)
•
tyo
Privacy/confidentiality: Ensuring that no one can read the
message except the intended receiver.
www.studentyogi.com www.studentyogi.com 4
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 5
m
co
gi.
tyo
en
1. Secret Key Cryptography
d
As shown in Figure the sender uses the key (or some set of rules) to
encrypt the plain text and sends the cipher text to the receiver. The
receiver applies the same key (or rule set) to decrypt the message and
recover the plain text. Because a single key is used for both functions,
secret key cryptography is also called symmetric encryption.
w.
key.
www.studentyogi.com www.studentyogi.com 5
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 6
Stream ciphers operate on a single bit (byte or computer word) at a
time and implement some form of feedback mechanism so that the key is
constantly changing. A block cipher is so- called because the scheme
encrypts one block of data at a time using the same key on each block. In
general, the same plain text block will always encrypt to the same cipher
m
text when using the same key in a block cipher whereas the same plaintext
will encrypt to different cipher text in a stream cipher.
co
2. Public key cryptography
Modern PKC was first described publicly by Stanford University
professor Martin Hellman and graduate student Whitfield Diffie in 1976.
Their paper described a two-key crypto system in which two parties could
gi.
engage in a secure communication over a non-secure communications
channel without having to share a secret key.
Generic PKC employs two keys that are mathematically
related although knowledge of one key does not allow someone to
tyo
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the cipher text. The
important point here is that it does not matter which key is applied
first, but that both keys are required for the process to work (Figure
1B). Because a pair of keys are required, this approach is also called
en
asymmetric cryptography
3. Hash Functions
are algorithms that, in some sense, use no key (Figure 1C). Instead, a
fixed-length hash value is computed based upon the plaintext that makes it
impossible for either the contents or length of the plaintext to be
stu
4. TRUST MODELS
Secure use of cryptography requires trust. While secret key
cryptography can ensure message confidentiality and hash codes can
www.studentyogi.com www.studentyogi.com 6
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 7
ensure integrity, none of this works without trust. In SKC, PKC solved the
secret distribution problem. There are a number of trust models employed
by various cryptographic schemes.
• The web of trust employed by Pretty Good Privacy (PGP) users, who
m
hold their own set of trusted public keys.
• Kerberos, a secret key distribution scheme using a trusted third party.
co
• Certificates, which allow a set of trusted third parties to authenticate
each other and, by implication, each other's users.
Each of these trust models differs in complexity, general applicability,
gi.
scope, and scalability.
Types of authority
• Establish identity: Associate, or bind, a public key to an individual,
•
tyo
organization, corporate position, or other entity.
Assign authority: Establish what actions the holder may or may not
take based upon this certificate.
• Secure confidential information (e.g., encrypting the session's
en
symmetric key for data confidentiality).
----------------------------------------------------------------------------
Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs. PGP can be used to sign or encrypt e-mail messages with
mere click of the mouse.
ww
www.studentyogi.com www.studentyogi.com 7
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 8
cryptography lies in the choice (and management) of the keys; longer keys will
resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution
ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.
m
Different types of threats to network:
co
• Application backdoors - Some programs have special features that allow
for remote access . Others contain bugs that provide a backdoor , or hidden
access , that provides some level of control of the program.
gi.
• SMTP session hijacking - SMTP is the most common method of Sending
e-mail over the Internet . By gaining access to a list of e- mail Addresses ,
a person can send unsolicited junk e-mail ( spam ) to thousands of users .
This is done quite often by redirecting the e-mail through the SMTP server
•
trace.
tyo
of an unsuspecting host , making the actual sender of the spam difficult to
www.studentyogi.com www.studentyogi.com 8
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 9
can spread quickly from one system to the next. Viruses range from
harmless messages to erasing all of your data .
m
contains links to Web sites . Be careful of clicking on these because you
may accidentally accept a cookie that provides a backdoor to your
computer.
co
• Redirect bombs - Hackers can use ICMP to change ( redirect ) the
Path information takes by sending it to a different router . This is
one of the ways that a denial of service attack is set up.
gi.
Network security can be done by various methods.
1. Virtual Private Network:
as usual.
stu
w.
ww
Step 2. - When connectivity to the corporate network is desired, the user initiates
a tunnel request to the destination Security server on the corporate network. The
security server authenticates the user and creates the other end of tunnel.
www.studentyogi.com www.studentyogi.com 9
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 10
m
Fig : a) A leased line private network b) A virtual private network
co
gi.
tyo
d en
Step 3. - The user then sends data through the tunnel which encrypted by the VPN
software before being sent over the ISP connection.
stu
w.
ww
www.studentyogi.com www.studentyogi.com10
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 11
m
co
gi.
tyo
Step 4. - The destination Security server receives the encrypted data and decrypts.
en
The Security server then forwards the decrypted data packets onto the corporate
network. Any information sent back to the Remote user is also encrypted before
being sent over the Internet.
d
stu
w.
ww
www.studentyogi.com www.studentyogi.com11
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 12
2.Firewalls:
A firewall provides a strong barrier between your private network
and the Internet . You can set firewalls to restrict the number of open
ports , what type of packets are passed through and which protocols are
allowed through . You should already have a good firewall in place before
m
you implement a VPN , but a firewall can also be used to terminate the
VPN sessions .
co
gi.
tyo
Fig2: A fire wall consisting of two packet filters and an application gateway
3.IPSec -
en
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms and more
comprehensive authentication . IPSec has two encryption modes : tunnel and
transport . Tunnel encrypts the header and the payload of each packet while
transport only encrypts the payload. Only systems that are IPSec compliant
d
can take advantage of this Protocol . Also , all devices must use a
common key and the firewalls of each network must have very similar
stu
security policies set up. IPSec can encrypt data between various devices ,
such as :
Router to router
Firewall to router
PC to router
w.
PC to server
www.studentyogi.com www.studentyogi.com12
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 13
client , the Request is proxies to the AAA server . AAA then checks the
following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
m
The accounting information is especially useful for tracking client. Use for
security auditing , billing or reporting purposes .
co
gi.
tyo
d en
stu
REFRERNCES
--
1. The New Lexicon Webster's Encyclopedic Dictionary of the English
Language. New York: Lexicon.
w.
www.studentyogi.com www.studentyogi.com13
www.studentyogi.com www.studentyogi.com
NETWORK SECURITY NEC – N – PAC 2006 14
6. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, ``Address
Allocation for Private Internets.'' RFC 1918.
7. J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.'' RFC 1244.
m
8. M. Curtin, ``Snake Oil Warning Signs: Encryption Software to Avoid.''
USENET <sci.crypt> Frequently Asked Questions File.
co
gi.
tyo
d en
stu
w.
ww
www.studentyogi.com www.studentyogi.com14