Submitted By:

Akshat Jain (imb2011031) Aniruddha Guha Biswas (imb2011010) Raveesh Tandon (imb2011020) Saurabh Bharti (imb2011016) Shaurabh Singh (imb2011005)

What Is Network Security

Network Security is the authorization of access to data in a network, which is controlled by the network administrator. network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources

Need for Network Security

Increasing online transactions. Personal and sensitive information shared over network. Protect our confidential data.

Security Attacks

Interruption:
Attack on availability

Interception:
Attack on confidentiality

Modification:
Attack on integrity

Fabrication:
Attack on authenticity

Types Of Attack
1) Passive attacks:
Obtain information that is being transmitted.

Two types:
Release of message contents:

Traffic analysis:- The opponent can determine

the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.
Very difficult to detect.

2) Active attacks:
Involve some modification of the data stream

or the creation of a false stream. Three categories:

Replay:- Passive capture of a data unit and its

subsequent retransmission to produce an unauthorized effect. Modification:- Some portion of a legitimate message is altered. Denial of service:- Prevents the normal use of communication facilities.

Issues in Network Security

Confidentiality (privacy) Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources)

Encryption Algorithms
Data Encryption Standard (DES) IDEA Advanced Encryption Standard (AES) RSA Algorithm

Encryption using Public Key System

Bs public key KUB Bs private key KRB

RSA Algorithm
Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P

10

Applications

Three categories:
a) Encryption/decryption: The sender encrypts a message with the recipients public key. b) Digital signature / authentication: The sender signs a message with its private key.
c) Key exchange: Two sides cooperate to exhange a session key.

11

Network Security Principles

Authentication Application- KERBEROS

Created by MIT to address various security issues Implements a client-server model and provides mutual authentication to each other. Every user has a password Every application server has a password Passwords are kept only in Kerberos Database No unauthorized user has access to servers(physically) The user requires ticket for each access

Electronic Mail Security: Pretty Good Privacy (PGP)

PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.

IP Security :: IPSec
IP protocol is responsible for routing packets over the Internet. For security in packet transmission, we use IPSec. Provides two modes of protection

Tunnel Mode Transport Mode

16

Applications:
Secure branch office connectivity over the

Internet. Secure remote access over the Internet. Establsihing extranet and intranet connectivity with partners. Enhancing electronic commerce security.

SSL (Secure Socket Layer)

transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end service SSL has two layers of protocols

SSL Architecture

SSL Architecture

SSL session

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

SSL connection
a transient, peer-to-peer, communications

link associated with 1 SSL session

SSL Handshake Protocol

allows server & client to:

authenticate each other
to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used

comprises a series of messages in phases

Establish Security Capabilities Server Authentication and Key Exchange

Client Authentication and Key Exchange

Finish

SSL Handshake Protocol

Reference:
Computer Networks, 4th Edition (Prentice Hall) - Andrew S Tanenbaum. Network Security and Cryptography by William Stalling. Wikipedia.

Thank You