cryptography and network security full report
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
computer science technology
Active In SP
**

Posts: 740
Joined: Jan 2010
#1
24-01-2010, 09:44 AM



.doc   CRYPTOGRAPHY and NETWORK SECURITY full report.DOC (Size: 619 KB / Downloads: 1,290)


CRYPTOGRAPHY AND NETWORK SECURITY
Abstract
Network security is a complicated subject, historically only tackled by
well-trained and experienced experts. However, as more and more people
become ``wired'', an increasing number of people need to understand the
basics of security in a networked world. This document was written with
the basic computer user and information systems manager in mind,
explaining the concepts needed to read through the hype in the
marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to
TCP/IP and internetworking . We go on to consider risk management,
network threats, firewalls, and more special-purpose secure networking
devices.
This is not intended to be a ``frequently asked questions'' reference,
nor is it a ``hands-on'' document describing how to accomplish specific
functionality.
It is hoped that the reader will have a wider perspective on security
in general, and better understand how to reduce and manage risk
personally, at home, and in the workplace.
Cryptography and Network Security
Does security provide some very basic protections that we
are naive to believe that we don't need? During this time when the
Internet provides essential communication between tens of millions of
people and is being increasingly used as a tool for commerce, security
becomes a tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
Communications and protecting passwords. One essential
aspect for
Secure communications is that of cryptography.
Cryptography is the science of writing in secret code and is an ancient
art. The first documented use of cryptography in writing dates back to
circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs
in an inscription.
In data and telecommunications, cryptography is necessary when
communicating over any untrusted medium, which includes just about any
network, particularly the Internet.
Within the context of any application-to-application communication,
there are some specific security requirements, including:
¢ Authentication: The process of proving one's identity. (The
primary forms of host-to-host authentication on the Internet today are
name-based or address-based, both of which are notoriously weak.)
¢ Privacy/confidentiality: Ensuring that no one can read the
message except the intended receiver.
¢ Integrity: Assuring the receiver that the received message has
not been altered in any way from the original.
¢ Non-repudiation: A mechanism to prove that the sender really
sent this message. Cryptography, then, not only protects data from
theft or alteration, but can also be used for user authentication.

The three types of cryptographic algorithms that will be discussed are
(Figure 1):
¢ Secret Key Cryptography (SKC): Uses a single key for both
encryption and decryption
¢ Public Key Cryptography (PKC): Uses one key for encryption and
another for decryption
¢ Hash Functions: Uses a mathematical transformation to
irreversibly "encrypt" information
1. Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption
and decryption.
As shown in Figure the sender uses the key (or some set of rules) to
encrypt the plain text and sends the cipher text to the receiver. The
receiver applies the same key (or rule set) to decrypt the message and
recover the plain text. Because a single key is used for both
functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver; that, in fact, is the
secret. The biggest difficulty with this approach, of course, is the
distribution of the key.
Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer
word) at a time and implement some form of feedback mechanism so that
the key is constantly changing. A block cipher is so- called because
the scheme encrypts one block of data at a time using the same key on
each block. In general, the same plain text block will always encrypt
to the same cipher text when using the same key in a block cipher
whereas the same plaintext will encrypt to different cipher text in a
stream cipher.
2. Public key cryptography
Modern PKC was first described publicly by Stanford
University professor Martin Hellman and graduate student Whitfield
Diffie in 1976. Their paper described a two-key crypto system in which
two parties could engage in a secure communication over a non-secure
communications channel without having to share a secret key.
Generic PKC employs two keys that are
mathematically
related although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the cipher
text. The
important point here is that it does not matter which key
is applied
first, but that both keys are required for the process to
work (Figure
1B). Because a pair of keys are required, this approach is
also called
asymmetric cryptography
3. Hash Functions
Hash functions, also called message digests and one-way
encryption, are algorithms that, in some sense, use no key (Figure
1C). Instead, a fixed-length hash value is computed based upon the
plaintext that makes it impossible for either the contents or length of
the plaintext to be recovered. Hash algorithms are typically used to
provide a digital fingerprint of a file's contents often used to ensure
that the file has not been altered by an intruder or virus. Hash
functions are also commonly employed by many operating systems to
encrypt passwords. Hash functions, then, help preserve the integrity of
a file.
4. TRUST MODELS
Secure use of cryptography requires trust. While secret key
cryptography can ensure message confidentiality and hash codes can
ensure integrity, none of this works without trust. In SKC, PKC solved
the secret distribution problem. There are a number of trust models
employed by various cryptographic schemes.
¢ The web of trust employed by Pretty Good Privacy (PGP) users,
who hold their own set of trusted public keys.
¢ Kerberos, a secret key distribution scheme using a trusted
third party.
¢ Certificates, which allow a set of trusted third parties to
authenticate each other and, by implication, each other's users.
Each of these trust models differs in complexity, general
applicability, scope, and scalability.

Types of authority
¢ Establish identity: Associate, or bind, a public key to an
individual, organization, corporate position, or other entity.
¢ Assign authority: Establish what actions the holder may or may
not take based upon this certificate.
¢ Secure confidential information (e.g., encrypting the session's
symmetric key for data confidentiality).
----------------------------------------------------------------------
------
Todays latest used cryptographic techniques:
Hash algorithms that are in common use today include:
¢ Message Digest (MD) algorithms
¢ Secure Hash Algorithm (SHA)
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs. PGP can be used to sign or encrypt e-mail
messages with mere click of the mouse.
Depending upon the version of PGP, the software uses SHA or MD5 for
calculating the message hash; CAST, Triple-DES, or IDEA for encryption;
and RSA or DSS/Diffie-Hellman for key exchange and digital signatures.
And much more techniques used.
Time is the only true test of good cryptography; any cryptographic
scheme that stays in use year after year is most likely a good one. The
strength of cryptography lies in the choice (and management) of the
keys; longer keys will resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution
ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.
Different types of threats to network:
¢ Application backdoors - Some programs have special
features that allow for remote access . Others contain bugs
that provide a backdoor , or hidden access , that provides some
level of control of the program.
¢ SMTP session hijacking - SMTP is the most common
method of Sending e-mail over the Internet . By gaining access
to a list of e- mail Addresses , a person can send
unsolicited junk e-mail ( spam ) to thousands of users . This
is done quite often by redirecting the e-mail through the SMTP
server of an unsuspecting host , making the actual sender of
the spam difficult to trace.
¢ Operating system bugs - Like applications , some operating
systems Have backdoors . Others provide remote access with
insufficient security controls or have bugs that an
experienced hacker can take advantage of .
¢ Denial of service - You have probably heard this phrase
used in news reports on the attacks on major Web sites . This
type of attack is nearly Impossible to counter . What happens
is that the hacker sends a request to the server to connect
to it . When the server responds with an acknowledgement and
tries to establish a session , it cannot find the system
that made the request . By inundating a server with these
unanswerable session requests , a hacker causes the server to
slow to a crawl or eventually crash.
¢ E-mail bombs - An e-mail bomb is usually a personal
attack . Someone sends you the same e-mail hundreds or
thousands of times until your e-mail system cannot accept
any more messages .
¢ Macros - To simplify complicated procedures , many
applications allow you to create a script of commands that
the application can run . This script is known as a macro .
Hackers have taken advantage of this to create their own
macros that , depending on the application , can destroy your
data or crash your computer .
¢ Viruses - Probably the most well-known threat is computer
viruses . A virus is a small program that can copy itself to
other computers . This way it can spread quickly from one
system to the next. Viruses range from harmless messages to
erasing all of your data .
¢ Spam - Typically harmless but always annoying , spam is
the electronic equivalent of junk mail . Spam can be
dangerous though . Quite often it contains links to Web sites
. Be careful of clicking on these because you may
accidentally accept a cookie that provides a backdoor to your
computer.
¢ Redirect bombs - Hackers can use ICMP to change (
redirect ) the Path information takes by sending it to a
different router . This is one of the ways that a denial of
service attack is set up.
Network security can be done by various methods.
1. Virtual Private Network:
A virtual private network ( VPN ) is a way to use a public
telecommunication infrastructure , such as the Internet , to
provide remote offices or individual users with secure access to
their organization's network. A virtual private network can be
contrasted with an expensive system of owned or leased lines
that can only be used by one organization. The goal of a VPN is
to provide the organization with the same capabilities , but at a
much lower cost
Implementation of network security by VPN.
Step 1. - The remote user dials into their local ISP and logs into the
ISPâ„¢s network as usual.

Step 2. - When connectivity to the corporate network is desired, the
user initiates a tunnel request to the destination Security server on
the corporate network. The security server authenticates the user and
creates the other end of tunnel.


Fig : a) A leased line private
network b) A virtual private network



Step 3. - The user then sends data through the tunnel which encrypted
by the VPN software before being sent over the ISP connection.

Step 4. - The destination Security server receives the encrypted data
and decrypts. The Security server then forwards the decrypted data
packets onto the corporate network. Any information sent back to the
Remote user is also encrypted before being sent over the Internet.

2.Firewalls:
A firewall provides a strong barrier between your private
network and the Internet . You can set firewalls to
restrict the number of open ports , what type of packets are
passed through and which protocols are allowed through . You
should already have a good firewall in place before you
implement a VPN , but a firewall can also be used to
terminate the VPN sessions .

Fig2: A fire wall consisting of two
packet filters and an application gateway
3.IPSec -
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms
and more comprehensive authentication . IPSec has two encryption
modes : tunnel and transport . Tunnel encrypts the header and
the payload of each packet while transport only encrypts the
payload. Only systems that are IPSec compliant can take advantage
of this Protocol . Also , all devices must use a common
key and the firewalls of each network must have very
similar security policies set up. IPSec can encrypt data
between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server
A software firewall can be installed on the computer in your
home that has an Internet connection . This computer is
considered a gateway because it provides the only point
of access between your home network and the Internet .
4. AAA Server - AAA (authentication , authorization and
accounting)
servers are used for more secure access in a remote-access VPN
environment . When a request to establish a session comes in
from a dial up client , the Request is proxies to the AAA
server . AAA then checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking
client. Use for security auditing , billing or reporting
purposes .
REFRERNCES

--
1. The New Lexicon Webster's Encyclopedic Dictionary of the
English Language. New York: Lexicon.
2. Cryptography And Network Security -- William Stallings
3. R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP
Software. Computing Science Technical Report No. 117, AT&T Bell
Laboratories, Murray Hill, New Jersey.
4. COMPUTER NETWORKS ---ANDREW S. TENAUNBAUM
5. S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite.
Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
6. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear,
``Address Allocation for Private Internets.'' RFC 1918.
7. J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.'' RFC
1244.
8. M. Curtin, ``Snake Oil Warning Signs: Encryption Software to
Avoid.'' USENET <sci.crypt> Frequently Asked Questions File.
CONTENTS
¢ What is Cryptography?
¢ Types of Cryptography
1. Secret(symmetric) Key Cryptography.
2. Public(asymmetric) Key Cryptography.
3. Hash Functions.
4. Trust Models.
¢ Todays latest used cryptographic techniques
¢ Different types of threats to network
¢ Network Security can be done by various methods
1. VPN ( Virtual Private Networks)
2. Firewalls
3. IPSec.
4. AAA Server.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
project report tiger
Active In SP
**

Posts: 1,062
Joined: Feb 2010
#2
01-03-2010, 10:16 PM


.ppt   Cryptography and Network Security.ppt (Size: 102 KB / Downloads: 773)

Cryptography and Network Security


Presented by:
William Stallings
Lecture slides by Lawrie Brown


Chapter 1 “ Introduction

The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
”The Art of War, Sun Tzu

Background

¢ Information Security requirements have changed in recent times
¢ traditionally provided by physical and administrative mechanisms
¢ computer use requires automated tools to protect files and other stored information
¢ use of networks and communications links requires measures to protect data during transmission

Definitions
¢ Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
¢ Network Security - measures to protect data during their transmission
¢ Internet Security - measures to protect data during their transmission over a collection of interconnected networks

Aim of Course

¢ our focus is on Internet Security
¢ consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information

Services, Mechanisms, Attacks

¢ need systematic way to define requirements
¢ consider three aspects of information security:
“ security attack
“ security mechanism
“ security service
¢ consider in reverse order

Security Service

“ is something that enhances the security of the data processing systems and the information transfers of an organization
“ intended to counter security attacks
“ make use of one or more security mechanisms to provide the service
“ replicate functions normally associated with physical documents
¢ eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
Security Mechanism
¢ a mechanism that is designed to detect, prevent, or recover from a security attack
¢ no single mechanism that will support all functions required
¢ however one particular element underlies many of the security mechanisms in use: cryptographic techniques
¢ hence our focus on this area

Security Attack

¢ any action that compromises the security of information owned by an organization
¢ information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
¢ have a wide range of attacks
¢ can focus of generic types of attacks
¢ note: often threat & attack mean same

OSI Security Architecture

¢ ITU-T X.800 Security Architecture for OSI
¢ defines a systematic way of defining and providing security requirements
¢ for us it provides a useful, if abstract, overview of concepts we will study

Security Services

¢ X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
¢ RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
¢ X.800 defines it in 5 major categories

Security Services (X.800)

¢ Authentication - assurance that the communicating entity is the one claimed
¢ Access Control - prevention of the unauthorized use of a resource
¢ Data Confidentiality “protection of data from unauthorized disclosure
¢ Data Integrity - assurance that data received is as sent by an authorized entity
¢ Non-Repudiation - protection against denial by one of the parties in a communication

Classify Security Attacks as

¢ passive attacks - eavesdropping on, or monitoring of, transmissions to:
“ obtain message contents, or
“ monitor traffic flows
¢ active attacks “ modification of data stream to:
“ masquerade of one entity as some other
“ replay previous messages
“ modify messages in transit
“ denial of service

Model for Network Security
¢ using this model requires us to:
“ design a suitable algorithm for the security transformation
“ generate the secret information (keys) used by the algorithm
“ develop methods to distribute and share the secret information
“ specify a protocol enabling the principals to use the transformation and secret information for a security service

Model for Network Access Security

¢ using this model requires us to:
“ select appropriate gatekeeper functions to identify users
“ implement security controls to ensure only authorised users access designated information or resources
¢ trusted computer systems can be used to implement this model

Summary

¢ have considered:
“ computer, network, internet security def™s
“ security services, mechanisms, attacks
“ X.800 standard
“ models for network (access) security
Reply
project topics
Active In SP
**

Posts: 2,492
Joined: Mar 2010
#3
21-04-2010, 10:18 PM


.doc   Network security & Cryptography.doc (Size: 69.5 KB / Downloads: 302)





Abstract
This paper aims to provide a broad review of network security and cryptography. Network security and cryptography is a subject too wide ranging to coverage about how to protect information in digital form and to provide security services. However, a general overview of network security and cryptography is provided.
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. When many systems are connected in a network it is very important to safeguard the data in each system.However, as more and more people becomewired'', an increasing number of people need to understand the basics of security in a networked world. Our paper covers different kinds of threats & firewalls in the network by implementation of different security services using various security mechanisms. Generally, the logical conclusion is to use both kind of algorithms and their combinations to achieve optimal speed and security levels. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally.
Contents
Introduction
Popular networks
Security services
Security threats
Where do they come from
Preventing security disasters
Firewalls
Types of firewalls
Point of failure
Security mechanisms
Cryptography
Types of cryptography
Secret key cryptography
Public key cryptography
Hash algorithms
Conclusion
Bibliography
Introduction
A basic understanding of computer networks is requisite in order to understand the principles of network security. In this section, we'll cover some of the foundations of computer networking, then move on to an overview of some popular networks. The impressive development of computer networks has reached the point, where security becomes essential. Users want to exchange data in a secure way. The problem of network security is a complex issue. Network security means a protection of the network assets.
Popular networks:
UUCP: (Unix-to-Unix Copy) was originally developed to connect UNIX hosts together.
Internet: The Internet is the world's largest network of networks.
Services for security:
The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
1. Confidentiality: Ensure that the information in a computer system and transmitted information are accessible only for reading by authorized parties. This type of access includes printing displaying and other forms of disclosure, including simply revealing the existence of an object.
2. Authentication: Ensure that the origin of a message or electronic document is correctly with an assurance that the identity is not false;
3. Integrity: Ensures that only authorized parties are able to modify computer systems assets and transmitted information. Modification includes writing, changing, changing status, deleting, creating and delaying or replaying of transmitted messages.
4. Non-repudiation: Requires that neither the sender nor the receiver of a message is able to deny the transmission.
5. Access control: Require that access to information resources may be controlled by or for the target system.
6. Availability: Require that computer systems assets be available to authorized parties when needed.
Attacks:
Attacks on the security of a computer system or network are best characterized by viewing the function of a computer system as provided information. This normal flow is depicted in figure:

Security threats
Categorization of these attacks is passive attacks and active attacks.
Passive attacks: In this the goal of the attacker is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.
Active attacks:. These attacks involve some modification of the data stream or the creation of false stream and can be sub divided into 4 categories: Masquerade, Replay, Modification of messages, and denial of service.
Denial of service: DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular. Some things that can be done to reduce the risk of being stung by a denial of service attack include
¢ Not running your visible-to-the-world servers at a level too close to capacity
¢ Using packet filtering to prevent obviously forged packets from entering into your network address space.
¢ Keeping up-to-date on security-related patches for your hosts' operating systems.
Unauthorized Access :
``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. These can take the form of a virus, worm, or Trojan horse. One of the most publicized threats to security is intruder. Generally referred to as a hacker or cracker, and some other threats are executing commands illicitly, confidential breaches, destructive behavior.
Where do the attacks come from How, though, does an attacker gain access to your equipment Through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physical access.
Preventing security disasters:
¢ Hope you have backups
¢ Stay current with relevant operating system patches
¢ Don't put data where it doesn't need to be
¢ Avoid systems with single points of failure
¢ Watch for relevant security advisories
Firewalls:
Firewalls can be an effective means of protecting a local system or network of systems from network based security threats while at the same time, a firewall is simply a group of components that collectively form a barrier between two networks.
Types of firewalls:
¢ Application Gateways
¢ Packet Filtering
¢ Hybrid systems
Best for me: Lots of options are available, and it makes sense to spend some time with an expert, either in-house, or an experienced consultant who can take the time to understand your organization's security policy, and can design and build a firewall architecture that best implements that policy.
Points of Failure: Any time there is only one component paying attention to what's going on between the internal and external networks, an attacker has only one thing to break (or fool!) in order to gain complete access to your internal networks.
Security Mechanisms: A mechanism that is designed to detect, prevent, or recover from a security attack. Cryptography and Steganographic are such two techniques. Hence we focus on development, use and management of Cryptographic techniques.
What is Cryptography
The word cryptography is derived from Greek and when literally translated, means secret writing. The study of enciphering and encoding (on the sending end), and decoding (on the receiving end) is called cryptography. Although the distinction is fuzzy, ciphers are different from codes. When you mix up or substitute existing letters, you are using a cipher.
Encryption refers to the transformation of data in plain text form into a form called cipher text, .The recovery of plain text requires the key, and this process is known as decryption. This key is meant to be secret information and the privacy of the text depends on the cryptographic strength of the key. Ciphers are broken into two main categories, substitution ciphers and transposition ciphers. Substitution ciphers replace letters in the plaintext with other letters or symbols, keeping the order in which the symbols fall the same. Transposition ciphers keep all of the original letters intact, but mix up their order.
Substitution cipher:
Plaintext letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher text letter Q W E R T Y U I O P A S D F G H J K L Z X C V B N M
You can construct a secret message from the above table. Relative substitutions can be done. So, the message Meet me after school behind the gym, would read
DTTZ DT QYZTK LEIGGS WTIOFR ZIT UND.
Five letters are customary in the spy biz, so your message comes out like this:
DTTZD TQYZT KLEIG GSWTI OFRZI TUNDM
Transposition cipher: Text chosen in one form can be enciphered choosing a different route. To decipher, you fill the in box following the zigzag route and read the message using the spiral route. The cipher text becomes:

EAMTN FTDIE EHOTE RHMEM BYESC GLOHO
Types of Cryptography:
There are three types of cryptographic algorithms:
1. Secret Key Cryptography.
2. Public Key Cryptography.
3. Hash Algorithms.
Secret Key Cryptography:
Secret key cryptography involves the use of single key. Given a message (Plain text) and the key, encryption produces cipher text, which is about the same length as the plain text was. Decryption is the reverse of encryption, and uses the same key as encryption.
Encryption
Plain text ------------------> cipher text
Key
Cipher text------------------> plain text
Decryption
Secret key cryptography is sometimes referred to as symmetric cryptography or conventional cryptography. If sender and receiver agree on a shared secret key, then by using secret key cryptography we can send messages to one another on a medium that can be tapped, without worrying about eavesdroppers. All we need to do is have the sender encrypt the messages and the receiver decrypt them using the key. An eavesdropper will only see unintelligible data. Some of the secret key cryptography algorithms are - DES, 3-DES, blowfish, IDEA, AES, RC2, RC4, RC5, ECB etc.
Advantages of Secret Key Cryptography:
o Very fast relative to public key cryptography.
o Considered secure, provided the key is relatively strong.
o The cipher text is compact (i.e., encryption does not add excess Baggage to the cipher text).
o Widely used and very popular.
Disadvantages of Secret Key Cryptography:
o The administration of the keys can become extremely complicated.
o A large number of keys are needed to communicate securely with a large group of People.
o The key is subject to interception by hackers.
Public Key Cryptography:
Public key cryptography sometimes also referred to as asymmetric cryptography. The public key need not be kept secret, and, in fact, may be widely available, only its authenticity is required to guarantee that A is indeed the only party who knows the co-responding private key. A primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems. The main objective of public-key encryption is to provide privacy or confidentiality. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms such as DES.
The private key and the public key are mathematically linked.
Encryption
Plain text ---------------------------------> cipher text
Public key
Private key
Cipherkey --------------------------------> plain text
Decryption
Public key cryptography can do anything secret key cryptography can do like- transmitting the data over an insecure channel, secure storage on insecure media, authentication purposes and digital signatures. Some Public key cryptography algorithms are RSA, Elliptic Curve Cryptography (ECC), ElGamal, DH, DSA/DSS etc.
Advantages of Public key Cryptography:
o Considered very secure, and easy to configure these systems.
o No form of secret sharing is required, thus reducing key administration to a Minimum.
o Supports non-repudiation.
o The number of keys managed by each user is much less compared to secret key Cryptography.
Disadvantages of Public key Cryptography:
o Much slower compared to secret key cryptography.
o The ciphertext is much larger than the plaintext, relative to secret key Cryptography.
Hash Algorithms:
Hash algorithms are also known as message digests or one-way transformations. A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed length number.
The following things can be done using hash algorithms.
Password Hashing: When a user types a password, the system must store the password encrypted because someone else can use it. To avoid this problem hashing is used. When a password is supplied, it computes the password hash and compares it with the stored value if they match; the password is taken to be correct.
Message Integrity: Cryptographic hash functions can be used to protect the integrity of a message transmitted over insecure media.
Message fingerprint: We can know whether some data stored has been modified from one day to the next, if we save that data structure with a hash function. We can compare the hash function data structure with the message on the message data. If the message digest has not changed, you can be sure that none of the data is changed.
Digital Signatures: can be efficiently implemented using hash functions.
Implementation Issues
Key Size:
This has major role for amount of security. If the algorithm is inherently strong, then it can be assumed that the larger the key size for the ciphers, the harder it is for a hacker to perform an attack on the cipher text. But, larger keys lead to lower levels of performance. Thus there are, trade-offs, which are traditionally made between the level of security and other factors, like performance.
Hybrid Systems:
Just one crypto-system will not solve every problem. Most systems in use today employ a hybrid system.
Conclusion:
Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. As and when new security methods are developed, breaking of these methods has increased. So measures have to be taken to fill the loopholes, of which cryptography has and is playing a major role. Cryptography is evergreen and developments in this area are a better option.
References:
o William Stallings: Cryptography and Network security: principles and practice: 2nd edition.
o J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.''
o Douglas R.Stinson. Cryptography: theory and practice: 2nd edition
o A.Menezes, P.van Oorschot and S.Vanstone: Handbook of Applied Cryptography.
o Smith, Laurence Dwight. Cryptography, the Science of Secret Writing.
o Speciner, M. Perlman, R: Network security, Englewood Cliffs, NJ
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
seminar presentation
Active In SP
**

Posts: 582
Joined: Apr 2010
#4
05-05-2010, 12:29 PM


.doc   CRYPTOGRAPHY & NETWORK SECURITY.DOC (Size: 619 KB / Downloads: 254)



CRYPTOGRAPHY

NETWORK SECURITY
CONTENTS
¢ What is Cryptography?
¢ Types of Cryptography
1. Secret(symmetric) Key Cryptography.
2. Public(asymmetric) Key Cryptography.
3. Hash Functions.
4. Trust Models.
¢ Todays latest used cryptographic techniques
¢ Different types of threats to network
¢ Network Security can be done by various methods
1. VPN ( Virtual Private Networks)
2. Firewalls
3. IPSec.
4. AAA Server.
Abstract
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP and internetworking . We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices.
This is not intended to be a ``frequently asked questions'' reference, nor is it a ``hands-on'' document describing how to accomplish specific functionality.
It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.
Cryptography and Network Security
Does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
Communications and protecting passwords. One essential aspect for
Secure communications is that of cryptography.
Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription.
In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.
Within the context of any application-to-application communication, there are some specific security requirements, including:
¢ Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
¢ Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
¢ Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
¢ Non-repudiation: A mechanism to prove that the sender really sent this message. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.
The three types of cryptographic algorithms that will be discussed are (Figure 1):
¢ Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
¢ Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
¢ Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
1. Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption and decryption.
As shown in Figure the sender uses the key (or some set of rules) to encrypt the plain text and sends the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so- called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plain text block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher.
2. Public key cryptography
Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
Generic PKC employs two keys that are mathematically
related although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the cipher text. The
important point here is that it does not matter which key is applied
first, but that both keys are required for the process to work (Figure
1B). Because a pair of keys are required, this approach is also called
asymmetric cryptography
3. Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, help preserve the integrity of a file.
4. TRUST MODELS
Secure use of cryptography requires trust. While secret key cryptography can ensure message confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC, PKC solved the secret distribution problem. There are a number of trust models employed by various cryptographic schemes.
¢ The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
¢ Kerberos, a secret key distribution scheme using a trusted third party.
¢ Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
Each of these trust models differs in complexity, general applicability, scope, and scalability.
Types of authority
¢ Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.
¢ Assign authority: Establish what actions the holder may or may not take based upon this certificate.
¢ Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality).
----------------------------------------------------------------------------
Todays latest used cryptographic techniques:
Hash algorithms that are in common use today include:
¢ Message Digest (MD) algorithms
¢ Secure Hash Algorithm (SHA)
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse.
Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures. And much more techniques used.
Time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.
Different types of threats to network:
¢ Application backdoors - Some programs have special features that allow for remote access . Others contain bugs that provide a backdoor , or hidden access , that provides some level of control of the program.
¢ SMTP session hijacking - SMTP is the most common method of Sending e-mail over the Internet . By gaining access to a list of e- mail Addresses , a person can send unsolicited junk e-mail ( spam ) to thousands of users . This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host , making the actual sender of the spam difficult to trace.
¢ Operating system bugs - Like applications , some operating systems Have backdoors . Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of .
¢ Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites . This type of attack is nearly Impossible to counter . What happens is that the hacker sends a request to the server to connect to it . When the server responds with an acknowledgement and tries to establish a session , it cannot find the system that made the request . By inundating a server with these unanswerable session requests , a hacker causes the server to slow to a crawl or eventually crash.
¢ E-mail bombs - An e-mail bomb is usually a personal attack . Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages .
¢ Macros - To simplify complicated procedures , many applications allow you to create a script of commands that the application can run . This script is known as a macro . Hackers have taken advantage of this to create their own macros that , depending on the application , can destroy your data or crash your computer .
¢ Viruses - Probably the most well-known threat is computer viruses . A virus is a small program that can copy itself to other computers . This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data .
¢ Spam - Typically harmless but always annoying , spam is the electronic equivalent of junk mail . Spam can be dangerous though . Quite often it contains links to Web sites . Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
¢ Redirect bombs - Hackers can use ICMP to change ( redirect ) the Path information takes by sending it to a different router . This is one of the ways that a denial of service attack is set up.
Network security can be done by various methods.
1. Virtual Private Network:
A virtual private network ( VPN ) is a way to use a public telecommunication infrastructure , such as the Internet , to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities , but at a much lower cost
Implementation of network security by VPN.
Step 1. - The remote user dials into their local ISP and logs into the ISPâ„¢s network as usual.
Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server authenticates the user and creates the other end of tunnel.


Fig : a) A leased line private network b) A virtual private network


Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection.
Step 4. - The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote user is also encrypted before being sent over the Internet.
2.Firewalls:
A firewall provides a strong barrier between your private network and the Internet . You can set firewalls to restrict the number of open ports , what type of packets are passed through and which protocols are allowed through . You should already have a good firewall in place before you implement a VPN , but a firewall can also be used to terminate the VPN sessions .

Fig2: A fire wall consisting of two packet filters and an application gateway
3.IPSec -
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms and more comprehensive authentication . IPSec has two encryption modes : tunnel and transport . Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this Protocol . Also , all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server
A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it provides the only point of access between your home network and the Internet .
4. AAA Server - AAA (authentication , authorization and accounting)
servers are used for more secure access in a remote-access VPN environment . When a request to establish a session comes in from a dial up client , the Request is proxies to the AAA server . AAA then checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking client. Use for security auditing , billing or reporting purposes .
REFRERNCES
--
1. The New Lexicon Webster's Encyclopedic Dictionary of the English Language. New York: Lexicon.
2. Cryptography And Network Security -- William Stallings
3. R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey.
4. COMPUTER NETWORKS ---ANDREW S. TENAUNBAUM
5. S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
6. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, ``Address Allocation for Private Internets.'' RFC 1918.
7. J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.'' RFC 1244.
8. M. Curtin, ``Snake Oil Warning Signs: Encryption Software to Avoid.'' USENET <sci.crypt> Frequently Asked Questions File.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
computer science topics
Active In SP
**

Posts: 610
Joined: Jun 2010
#5
08-06-2010, 01:14 PM

hey
please read
topicideashow-to-cryptography-and-network-security-full-report
topicideashow-to-cryptography-full-report
topicideashow-to-network-security-full-report--10704
topicideashow-to-new-trends-in-cryptography-full-report to get more information of security and cryptography



i hope you enjoyed it
and come again for helping other students issues in this forum
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
computer science crazy
Super Moderator
******

Posts: 3,048
Joined: Dec 2008
#6
03-11-2010, 05:57 PM

ppt of cryptography and network security posted in topicideashow-to-cryptography-and-network-security-ppt
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
seminar surveyer
Active In SP
**

Posts: 3,541
Joined: Sep 2010
#7
01-01-2011, 11:44 AM



Fourth Edition
by William Stallings



.ppt   crp deepak 2.ppt (Size: 467.5 KB / Downloads: 80)

Chapter 14 – Authentication Applications

We cannot enter into alliance with neighboring princes until we are acquainted with their designs.
—The Art of War, Sun Tzu

Authentication Applications

Kerberos

trusted key server system from MIT
provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5

Kerberos Requirements

its first report identified requirements as:
secure
reliable
transparent
scalable
implemented using an authentication protocol based on Needham-Schroeder

Kerberos v4 Overview

a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT

Kerberos v4 Dialogue

obtain ticket granting ticket from AS
once per session
obtain service granting ticket from TGT
for each distinct service required
client/server exchange to obtain service
on every service request

for more:

docs.googleviewer?a=v&q=cache:V7ZFCv4KXJ0J:cisa.umbc.edu/courses/cmsc/487/slides/ch14.ppt+through+network+without+needing+to+trust+all+workstations+rather&hl=en&gl=in&pid=bl&srcid=ADGEESjVTsbDVHoUh44yarSlOrICe2jWvR_TN_CQui6pBlECJy6QC0-RJ8K3OiHxzuWZqTU64H1UqdxLcxhqqFfu9hQLSFp-nOCE0kkhmvQqm4lrTNMZvxYM0jIACsXKOLYNk2uzze7o&sig=AHIEtbRC1fI81ffGkSIYBCHstb6wxZgz1A



Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#8
21-02-2011, 12:22 PM


.ppt   ch11.ppt (Size: 436.5 KB / Downloads: 69)
Cryptography and Network Security
Message Authentication and Hash Functions

 At cats' green on the Sunday he took the message from the inside of the pillar and added Peter Moran's name to the two names already printed there in the "Brontosaur" code. The message now read: “Leviathan to Dragon: Martin Hillman, Trevor Allan, Peter Moran: observe and tail.” What was the good of it John hardly knew. He felt better, he felt that at last he had made an attack on Peter Moran instead of waiting passively and effecting no retaliation. Besides, what was the use of being in possession of the key to the codes if he never took advantage of it?
 —Talking to Strange Men, Ruth Rendell
Message Authentication
 message authentication is concerned with:
 protecting the integrity of a message
 validating identity of originator
 non-repudiation of origin (dispute resolution)
 will consider the security requirements
 then three alternative functions used:
 message encryption
 message authentication code (MAC)
 hash function
Security Requirements
 disclosure
 traffic analysis
 masquerade
 content modification
 sequence modification
 timing modification
 source repudiation
 destination repudiation
Message Encryption
 message encryption by itself also provides a measure of authentication
 if symmetric encryption is used then:
 receiver know sender must have created it
 since only sender and receiver now key used
 know content cannot of been altered
 if message has suitable structure, redundancy or a checksum to detect any changes
 if public-key encryption is used:
 encryption provides no confidence of sender
 since anyone potentially knows public-key
 however if
 sender signs message using their private-key
 then encrypts with recipients public key
 have both secrecy and authentication
 again need to recognize corrupted messages
 but at cost of two public-key uses on message
Message Authentication Code (MAC)
 generated by an algorithm that creates a small fixed-sized block
 depending on both message and some key
 like encryption though need not be reversible
 appended to message as a signature
 receiver performs same computation on message and checks it matches the MAC
 provides assurance that message is unaltered and comes from sender
MAC Properties
 a MAC is a cryptographic checksum
MAC = CK(M)
 condenses a variable-length message M
 using a secret key K
 to a fixed-sized authenticator
 is a many-to-one function
 potentially many messages have same MAC
 but finding these needs to be very difficult
Requirements for MACs
 taking into account the types of attacks
 need the MAC to satisfy the following:
1. knowing a message and MAC, is infeasible to find another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the message
Using Symmetric Ciphers for MACs
 can use any block cipher chaining mode and use final block as a MAC
 Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC
 using IV=0 and zero-pad of final block
 encrypt message using DES in CBC mode
 and send just the final block as the MAC
• or the leftmost M bits (16≤M≤64) of final block
 but final MAC is now too small for security
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#9
04-03-2011, 03:05 PM


.ppt   ch01.ppt (Size: 524 KB / Downloads: 55)
Introduction
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War, Sun Tzu
Background
 Information Security requirements have changed in recent times
 traditionally provided by physical and administrative mechanisms
 computer use requires automated tools to protect files and other stored information
 use of networks and communications links requires measures to protect data during transmission
 Definitions
 Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
 Network Security - measures to protect data during their transmission
 Internet Security - measures to protect data during their transmission over a collection of interconnected networks
Aim of Course
 our focus is on Internet Security
 which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information
 Security Trends
 OSI Security Architecture
 ITU-T X.800 “Security Architecture for OSI”
 defines a systematic way of defining and providing security requirements
 for us it provides a useful, if abstract, overview of concepts we will study
Aspects of Security
 consider 3 aspects of information security:
 security attack
 security mechanism
 security service
 Security Attack
 any action that compromises the security of information owned by an organization
 information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
 often threat & attack used to mean same thing
 have a wide range of attacks
 can focus of generic types of attacks
 passive
 active
 Passive Attacks
 Active Attacks
 Security Service
 enhance security of data processing systems and information transfers of an organization
 intended to counter security attacks
 using one or more security mechanisms
 often replicates functions normally associated with physical documents
• which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
Security Services
 X.800:
“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”
 RFC 2828:
“a processing or communication service provided by a system to give a specific kind of protection to system resources”
Security Services (X.800)
 Authentication - assurance that the communicating entity is the one claimed
 Access Control - prevention of the unauthorized use of a resource
 Data Confidentiality –protection of data from unauthorized disclosure
 Data Integrity - assurance that data received is as sent by an authorized entity
 Non-Repudiation - protection against denial by one of the parties in a communication
Security Mechanism
 feature designed to detect, prevent, or recover from a security attack
 no single mechanism that will support all services required
 however one particular element underlies many of the security mechanisms in use:
cryptographic techniques
 hence our focus on this topic
 Security Mechanisms (X.800)
 specific security mechanisms:
 encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization
 pervasive security mechanisms:
 trusted functionality, security labels, event detection, security audit trails, security recovery
Model for Network Security
 using this model requires us to:
 design a suitable algorithm for the security transformation
 generate the secret information (keys) used by the algorithm
 develop methods to distribute and share the secret information
 specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
 using this model requires us to:
 select appropriate gatekeeper functions to identify users
 implement security controls to ensure only authorised users access designated information or resources
 trusted computer systems may be useful to help implement this model
Summary
 have considered:
 definitions for:
• computer, network, internet security
 X.800 standard
 security attacks, services, mechanisms
 models for network (access) security
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#10
16-03-2011, 04:12 PM


.ppt   aes ppt.ppt (Size: 333 KB / Downloads: 48)
Cryptography and Network Security
"It seems very simple."
"It is very simple. But if you don't know what the key is it's virtually indecipherable."
—Talking to Strange Men, Ruth Rendell
Origins
 clear a replacement for DES was needed
 have theoretical attacks that can break it
 have demonstrated exhaustive key search attacks
 can use Triple-DES – but slow, has small blocks
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
 Rijndael was selected as the AES in Oct-2000
 issued as FIPS PUB 197 standard in Nov-2001
AES Requirements
 private key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 stronger & faster than Triple-DES
 active life of 20-30 years (+ archival use)
 provide full specification & design details
 both C & Java implementations
 NIST have released all submissions & unclassified analyses
AES Evaluation Criteria
 initial criteria:
 security – effort for practical cryptanalysis
 cost – in terms of computational efficiency
 algorithm & implementation characteristics
 final criteria
 general security
 ease of software & hardware implementation
 implementation attacks
 flexibility (in en/decrypt, keying, other factors)
AES Shortlist
 after testing and evaluation, shortlist in Aug-99:
 MARS (IBM) - complex, fast, high security margin
 RC6 (USA) - v. simple, v. fast, low security margin
 Rijndael (Belgium) - clean, fast, good security margin
 Serpent (Euro) - slow, clean, v. high security margin
 Twofish (USA) - complex, v. fast, high security margin
 then subject to further analysis & comment
 saw contrast between algorithms with
 few complex rounds verses many simple rounds
 which refined existing ciphers verses new proposals
 The AES Cipher - Rijndael
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than feistel cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 designed to be:
 resistant against known attacks
 speed and code compactness on many CPUs
 design simplicity
Rijndael
 data block of 4 columns of 4 bytes is state
 key is expanded to array of words
 has 9/11/13 rounds in which state undergoes:
 byte substitution (1 S-box used on every byte)
 shift rows (permute bytes between groups/columns)
 mix columns (subs using matrix multipy of groups)
 add round key (XOR state with key material)
 view as alternating XOR key & scramble data bytes
 initial XOR key material & incomplete last round
 with fast XOR & table lookup implementation
 Byte Substitution
 a simple substitution of each byte
 uses one table of 16x16 bytes containing a permutation of all 256 8-bit values
 each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)
 eg. byte {95} is replaced by byte in row 9 column 5
 which has value {2A}
 S-box constructed using defined transformation of values in GF(28)
 designed to be resistant to all known attacks
 Byte Substitution
 Shift Rows
 a circular byte shift in each each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
 decrypt inverts using shifts to right
 since state is processed by columns, this step permutes bytes between the columns
 Shift Rows
 Mix Columns
 each column is processed separately
 each byte is replaced by a value dependent on all 4 bytes in the column
 effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1
 Mix Columns
 Mix Columns
 can express each col as 4 equations
 to derive each new byte in col
 decryption requires use of inverse matrix
 with larger coefficients, hence a little harder
 have an alternate characterisation
 each column a 4-term polynomial
 with coefficients in GF(28)
 and polynomials multiplied modulo (x4+1)
Add Round Key
 XOR state with 128-bits of the round key
 again processed by column (though effectively a series of byte operations)
 inverse for decryption identical
 since XOR own inverse, with reversed keys
 designed to be as simple as possible
 a form of Vernam cipher on expanded key
 requires other stages for complexity / security
 Add Round Key
 AES Round
AES Key Expansion
 takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words
 start by copying key into first 4 words
 then loop creating words that depend on values in previous & 4 places back
 in 3 of 4 cases just XOR these together
 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back
AES Key Expansion
 Key Expansion Rationale
 designed to resist known attacks
 design criteria included
 knowing part key insufficient to find many more
 invertible transformation
 fast on wide range of CPU’s
 use round constants to break symmetry
 diffuse key bits into round keys
 enough non-linearity to hinder analysis
 simplicity of description
AES Decryption
 AES decryption is not identical to encryption since steps done in reverse
 but can define an equivalent inverse cipher with steps as for encryption
 but using inverses of each step
 with a different key schedule
 works since result is unchanged when
 swap byte substitution & shift rows
 swap mix columns & add (tweaked) round key
 Implementation Aspects
 can efficiently implement on 8-bit CPU
 byte substitution works on bytes using a table of 256 entries
 shift rows is simple byte shift
 add round key works on byte XOR’s
 mix columns requires matrix multiply in GF(28) which works on byte values, can be simplified to use table lookups & byte XOR’s
Implementation Aspects
 can efficiently implement on 32-bit CPU
 redefine steps to use 32-bit words
 can precompute 4 tables of 256-words
 then each column in each round can be computed using 4 table lookups + 4 XORs
 at a cost of 4Kb to store tables
 designers believe this very efficient implementation was a key factor in its selection as the AES cipher
Summary
 have considered:
 the AES selection process
 the details of Rijndael – the AES cipher
 looked at the steps in each round
 the key expansion
 implementation aspects
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#11
18-03-2011, 02:18 PM

presented by:
Dr. Bill Figg


.ppt   Cryptography & Network Security.ppt (Size: 1.03 MB / Downloads: 211)
Cryptography & Network Security
Introduction
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War, Sun Tzu
Security Services
• X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
• RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
• X.800 defines it in 5 major categories
Security Services (X.800)
• Authentication - assurance that the communicating entity is the one claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial by one of the parties in a communication
Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event detection, security audit trails, security recovery
– Classify Security Attacks
• passive attacks - eavesdropping on, or monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
Types of Attacks
Classical Encryption Techniques

Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer
Symmetric Encryption
• or conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key in 1970’s
• Symmetric Cipher Model
Cryptography
• can be characterized by:
– type of encryption operations used
• substitution / transposition / product
– number of keys used
• single-key or private / two-key or public
– way in which plaintext is processed
• block / stream
Types of Cryptanalytic Attacks
• ciphertext only
– only know algorithm / ciphertext, statistical, can identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext
– select plaintext and obtain ciphertext to attack cipher
• chosen ciphertext
– select ciphertext and obtain plaintext to attack cipher
• chosen text
– select either plaintext or ciphertext to en/decrypt to attack cipher
Caesar Cipher
• earliest known substitution cipher
• by Julius Caesar
• first attested use in military affairs
• replaces each letter by 3rd letter on
• example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers
– A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• do need to recognize when have plaintext
• eg. break ciphertext "GCUA VQ DTGCM"
• Language Redundancy and Cryptanalysis
• human languages are redundant
• eg "th lrd s m shphrd shll nt wnt"
• letters are not equally commonly used
• in English e is by far the most common letter
• then T,R,N,I,O,A,S
• other letters are fairly rare
• cf. Z,J,K,Q,X
• have tables of single, double & triple letter frequencies
Encrypting and Decrypting
• plaintext encrypted two letters at a time:
– if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on"
– if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"
– if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
– otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
Polyalphabetic Ciphers
• another approach to improving security is to use multiple cipher alphabets
• called polyalphabetic substitution ciphers
• makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution
• use a key to select which alphabet is used for each letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached
One-Time Pad
• if a truly random key as long as the message is used, the cipher will be secure
• called a One-Time pad
• is unbreakable since ciphertext bears no statistical relationship to the plaintext
• since for any plaintext & any ciphertext there exists a key mapping one to other
• can only use the key once though
• have problem of safe distribution of key
Transposition Ciphers
• now consider classical transposition or permutation ciphers
• these hide the message by rearranging the letter order
• without altering the actual letters used
• can recognise these since have the same frequency distribution as the original text
Row Transposition Ciphers
• a more complex scheme
• write letters of message out in rows over a specified number of columns
• then reorder the columns according to some key before reading off the rows
Key: 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Steganography
• an alternative to encryption
• hides existence of message
– using only a subset of letters/words in a longer message marked in some way
– using invisible ink
– hiding in LSB in graphic image or sound file
• has drawbacks
– high overhead to hide relatively few info bits
• Block vs Stream Ciphers
• block ciphers process messages in into blocks, each of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or byte at a time when en/decrypting
• many current ciphers are block ciphers
• hence are focus of course
Confusion and Diffusion
• cipher needs to completely obscure statistical properties of original message
• a one-time pad does this
• more practically Shannon suggested combining elements to obtain:
• diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
• confusion – makes relationship between ciphertext and key as complex as possible
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s substitution-permutation network concept
Differential Cryptanalysis
• one of the most significant recent (public) advances in cryptanalysis
• known by NSA in 70's cf DES design
• Murphy, Biham & Shamir published 1990
• powerful method to analyse block ciphers
• used to analyse most current block ciphers with varying degrees of success
• DES reasonably resistant to it, cf Lucifer
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#12
23-03-2011, 10:52 AM

PRESENTED BY:
T.ROOBAN
S.GOBALAKRISHNAN


.doc   Crypto&Network security.doc (Size: 580.5 KB / Downloads: 57)
CRYPTOGRAPHY:
Cryptography is the practice and study of hiding information.
Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to apparent nonsense.
The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it.
Since WWI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.
Modern cryptography follows a strongly scientific approach, and designs cryptographic algorithms around computational hardness assumptions that are assumed hard to break by an adversary.
Such systems are not unbreakable in theory but it is infeasible to do so for any practical adversary.
Information-theoretically secure schemes that provably cannot be broken exist but they are less practical than computationally-secure mechanisms. An example of such systems is the one-time pad.
Alongside the advancement in cryptology-related technology, the practice has raised a number of legal issues, some of which remain unresolved
Simple explanation of encryption and decryption methods
CRYPTOGRAPHIC SCHEME:
Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.
There are, in general, three types of cryptographic schemes typically used to accomplish these goals
• Secret key cryptography (or symmetric)
• Public-key cryptography (or asymmetric)
• Hash functions.
Secret-Key Cryptography:
In this form single key is used for both encryption and decryption
• The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext
• Because a single key is used for both functions, secret key cryptography is also called symmetric encryption
• Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.
• Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.
• A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block.
• In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher.
Public-Key Cryptography:
• PKC depends upon the existence of so-called one-way functions,that are easy to computer whereas their inverse function is difficult to compute
• It employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key
• One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext
Hash Functions:
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key
A fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered.
Hash algorithms are typically used to provide a digital fingerprint of a file's contents and are also commonly employed by many operating systems to encrypt passwords and then, provide a measure of the integrity of a file
NETWORK SECURITY:
• Nearly all modern network operating systems employ passwords at the very least to protect and authenticate users accessing computer and network resources
• But passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme
• As the passwords are not saved in plaintext on computer systems precisely,they cannot be easily compromised.
• An even stronger authentication method uses the password to modify a shared secret between the client and server, but never allows the password in any form to go across the network.
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
 Consider 3 aspects of Network security:
 security attack
 security mechanism
 security service
Security Attack
 any action that compromises the security of information owned by an organization
 information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
 Often threat & attack used to mean same thing
 Have a wide range of attacks
 Can focus of generic types of attacks
o Active
o Passive
 Passive Attacks
 Active Attacks
Security Service
 Enhance security of data processing systems and information transfers of an organization
 Intended to counter security attacks
 Using one or more security mechanisms
 Often replicates functions normally associated with physical documents
 Which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
They are
 X.800:
“A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”
 RFC 2828:
“A processing or communication service provided by a system to give a specific kind of protection to system
Model for Network Security:
 using this model requires us to:
1)design a suitable algorithm for the security transformation
2)generate the secret information (keys) used by the algorithm
3)develop methods to distribute and share the secret information
4)specify a protocol enabling the principals to use the transformation and secret information for a security service.
 Using this model requires us to:
1)Select appropriate gatekeeper functions to identify users
2) Implement security controls to ensure only authorised users access designated information or resources
 Trusted computer systems may be useful to help implement this model
A simpler way to demonstrate:
Advantages:

For some organizations it may be tempting to keep desktop software. This might be tempting for any or all of the following reasons:
• This may seem simpler.
• You may already have desktop security software installed on individual machines that seems to be doing the job just fine.
• Data consists of packets have a header portion and content portion. we can’t encrypt the header. So the data is secure and the traffic pattern is not
The Importance of Network Security:
Knowing how destructive hackers can be shows you the meaning of Network Security. Most networks control firewalls enabled with the purpose of bar hackers and viruses.
Having anti-virus software on all computers in a group is obliged to.
Taking part in a group, all of the computers are connected, so with the purpose of if solitary supercomputer gets a virus, all of the other computers can be adversely affected by this same virus. Any group administrator is supposed to control all of the essential annals on back up disks. If a parade is deleted by a hacker, but you control it on back up, so therefore in attendance is veto spring.
When annals are lost forever, major problems ensue. Network security is a weighty phenomenon in support of a problem, or a back home. Hackers try to promote to people’s lives challenging, but if you are keen in support of them, your group will be safe.




Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#13
07-04-2011, 12:13 PM

Presented by
P.Lakshmi Rajyam
P.Lakshmi Mythreyi


.doc   bluetooth.doc (Size: 512 KB / Downloads: 36)
ABSTRACT
As computing becomes pervasive, people increasing rely on public computers to do business over internet .But accessing today’s web-based services invariably requires typing username and password to authenticate. Personal authentication is an important process we encounter almost every day, when we are logging on a computer, entering a company where we work, or restricted area, when we are using our plastic credit cards to pay for a service or to complete some other financial transaction, in each of this process personal authentication is required.
This paper describes a general- purpose mechanism for secure authentication users via Bluetooth technology, but by using the novel technologies like mobile computing and wireless networking, it is possible to avoid carrying the plastic ID cards or remembering the number of PIN codes. A Secure Authentication via Bluetooth Technology has been designed using cryptographic primitive’s .In this system the secure authentication is provided to Access Controlled Object (ACO). The ACO requires the authentication details which are encrypted and send by advanced sophisticated Mobile phone via Bluetooth. In order to use its service. ACO is employed to check a claimant’s Knowledge of a secret key, as if authentication fails, a certain waiting interval must pass before a new attempt can be made. The waiting interval will increase exponentially .This is to prevent an intruder to repeat the authentication procedure with different keys. This system
has been designed by using authentication and confidentiality provided by public key cryptographic system.
Keywords: Public key Cryptography, Encryption, Secure Communication, Authentication, Mobile Devices, Bluetooth, Wireless Networking.
I. INTRODUCTION
Today small and middle range ubiquitous wireless networks allow innovative exchange of information between different parties in the communication process. In this paper we will outline a set of basic principles of using wireless technologies in controlling and restricting access to a physical object or a service.
The most important practical advantage of such approach is that only existing, and readily available communication and computer system infrastructures will be used, so there is no need for any custom computer platform or hardware. It is only required to design the appropriate software layers which will handle the authentication process.
II. SYSTEM ARCHITECTURE
In describing any system architecture it is important to start with the most important part, and in this case that is access controlled object (ACO). ACO is a physical or software object which requires authentication in order to use its services. ACO can be cinema entrance, gallery door, company port or whatever. The important thing is that this object has wireless communication possibility (WCP), e.g. Bluetooth or IrDA. Through this WCP every mobile client device which also has WCP connects to ACO and asks for permission to use it's service or services. ACO returns an encrypted message to the mobile client which can also communicate with telecom communication infrastructure (TCI) owned by local mobile telephony provider. Mobile client communicates with TCI through any of available wireless protocols like GSM, GPRS, EDGE or UMTS. TCI has GSM/TCP-IP gateway so it is connected with custom access provider (CAP) through a standard Internet connection. CAP receives the encrypted message and provides authentication. The authentication can be successful or mobile client’s request can be rejected. The entire process is illustrated in Figure 1.
III. AUTHENTICATION OBJECT MODEL
In general, for authentication we will propose an overall object model which consists of a few processes (see Figure 2).
Authentication process starts with access request that is generated by mobile client. This request is encrypted on the service object side along with inserted unique token tag and returned to mobile client. Token tag usually describes type of service, time and other event-place information. Then, this new message passes from mobile client through telecom communication infrastructure and is received and processed by access provider, which then accepts or rejects the request according to the implemented algorithm. The algorithm itself represents behavior of a specific usage and can vary from case to case. Access provider can give only two specific responses: mobile client can get authentication, or it can not get authentication.
As it is well known, in the telecom industry there are two distinct types of client accounts: prepaid and postpaid. They differ in the way the customers pay for their wireless services, data and voice traffic. Prepaid clients pay their services in advance by purchasing a coupon or a voucher which can be used during a specific period of time, e.g. three or six months. On the other hand, postpaid clients are charged after they have consumed the telecom’s service.
Taking into account these two different types of client accounts, the authentication process can fail due to four reasons which are explained in the Table 1.
Table 1 – Authentication failure use-cases
If the authentication is successful, client has access to the service and message from access provider informing client about the successful authentication process is directed back again to the event-place through TCI, service is paid and authentication is successful.
IV. UML OBJECT MODEL AND PAYMENT PROCESS
More detailed UML explanation based on authentication and events are described in Figure 2.
Mobile client requests a key for service through telecom operator. Telecom forwards requested key to access provider which provides overall authentication process. access provider checks payment possibility and, if successful, stores result in the database and continues with returning a success message. Then, payment is executed and result of payment (sum or error) is also stored in the database. In the end, message of successful payment or error is directed back to mobile client. Client service access depends on this message, so client will temporarly save this message for later service access request.
V. SERVICE ACCESS PROCESS
When mobile client has permission for service access, it can use this service. Figure 3 shows service access process starting with service access request. This is message from mobile client to access controlled object that provides service. Service access request is forwarded to service provider which makes authentication process again (in the dependency of access key sent with request) and, if successful, executes authorization process which will determined if client has access permission to requested service or not. If it has, service provider permits access to this service and gives service. Result of authentication and authorization is then stored in the database and message with permission is sent through telecom operator to mobile client. Client uses service in the way it sends service use
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#14
21-04-2011, 12:38 PM

PRESENTED BY
ASMITA A. JADHAV.
VANDANA P. SHARMA


.doc   Network Security & Cryptography - 2.doc (Size: 86 KB / Downloads: 44)
ABSTRACT
The world is surging towards a digital revolution where computer networks mediate every aspect of modern life. Not many years ago, most computers were carefully guarded mainframes, held tightly in the hands of skilled professionals. The systems and their guardians combined to provide ironclad protection of the organization’s all important data. Today the world is scary, anyone can get their hands on to the personal computers and even link into networks!
Today the threat to the information on the network has grown to the greatest extent. Information is the most vital aspect of every organization. Network security has become sufficiently important. The object of security is to protect valuable or sensitive organizational information while making it readily available. Attackers and hackers try to harm a system and disrupt information exploiting vulnerabilities by using various techniques, methods, and tools. Security aims to develop measures and policies to protect assets and limit their vulnerabilities.
This first half of the paper deals with need for network security measures, threats to the network, steps towards network security, implementation policies of security and communication security: firewalls. The second half of paper deals with principles of cryptography, symmetric key algorithms, public key algorithms and digital signatures.
INTRODUCTION
Computers and networks originally were built to ease the exchange of information. Information is the key asset in most organizations. Inside the network the world is scary. There are links that eavesdropper can listen in on. Information needs to be forwarded through packets switches, and these switches can be reprogrammed to listen or to modify data in transit. A network is vulnerable to intruders and misuse. Network security means to protect information across the network. It deals with the prevention and detection of authorized actions by users of a network. Security forces must protect critical information while it is being ever more widely shared. Setting security aims at providing security where needed and to provide easy access for those who need information. The organizational control in security policy should define exactly who is authorized to what and under which conditions. Except for physical Security, nearly all security is based on cryptography. In Internetworking cryptography has emerged as the only alternative to protect Internet data. Cryptography can reformat and transform data making it safer on its trip between computers. Cryptography can take the data and transform it into a bunch of numbers known as ciphertext. The ciphertext is unintelligible gibberish except to someone who knows the secret to reversing the transformation. Cryptography also allows us to disguise our data so that eavesdroppers gain no information from listening to the information as transmitted. Cryptography also allows us to create an unforgettable message and detect if it has been modified in transit. Another important issue in communication security is firewalls. A firewall is simply a group of components that collectively form a barrier between two networks. Security is strongest if done end-to-end.
NETWORK SECURITY
Today’s security challenge is to share information with the right people without also sharing it with the wrong people. Information drives the modern organization.
Network security means to protect information from unauthorized disclosure while allowing authorized disclosure. It is also important to keep this information accurate and uncorrupted, even while it races around the network.
• Need for security
A network should not allow anyone to see confidential information without authorization. This requires a reliable way to identify the users. Network security needs protection for confidential information, reliable performance and data integrity. Important element of security is to protect the system’s integrity, security measures must include features like validation systems to screen out errors, both deliberate and accidental.
• Security threats
The object of security is to protect valuable or sensitive information while making it readily available. Attackers trying to harm a system exploit vulnerabilities by using various techniques, methods and tools.
A network can suffer several types of vulnerability
i) Physical threats
ii) Natural threats
iii) Mechanical breakdowns
iv) Electronic signals
v) Human threats
Natural calamities like earthquakes, hurricanes, floods, lightning, and fire can cause severe damage to the computer systems. Information can be lost and damage to hardware can disrupt other essential services. Other threats such as riots, wars, and terrorist attacks, like the bombing of the World Trade Center, can cause disasters to the network. The best approach is to have disaster recovery plans and contingency plans in place.
All mechanical devices will eventually fail, for e.g. the hard disk of a PC. Its failure will take a lot of valuable data with it. Electric components like power supplies can also fail. Network sends out electronic signals wherever cables run. Electronic signals can be intercepted to steal information. Shielded cables, fiber optic cables can be used to protect signals from being intercepted. Fiber cables provide better protection.
The most serious threat is human sources. Human threats may be from insiders, also called as malicious threat. Insiders are one who know many of the codes and security measures that are already in place. Insiders can plant viruses, worms and they can browse through the file system. Human threats can be from non-malicious threats. Non-malicious threats comes from employees who are untrained in computers and are unaware of security threats and vulnerabilities. The primary threat to data integrity comes from authorized users who are not aware of the actions they are performing. Errors and omissions can lose, damage, or alter valuable data.
• Steps towards network security
The basic goals of network security are
 To protect information from accidental destruction or modification.
 To protect information from deliberate destruction or modification.
 Make sure the data is available to authorized users, when they need it and in a form they can use.
Network security has been extended to include privacy, confidentiality, and integrity. This implies that we have to know the information and the value of that information in order to develop protective measures.
Classification of protective measures in computer security are:
 Prevention: Measures must be taken to prevent information from being damaged, altered or stolen.
 Detection: Measures must be taken to allow to detect when and how information has been damaged, altered or stolen and who caused the damage.
 Reaction: Measures that allow recovery of information, even if information is lost or damaged.
In order to take measures to protect the information following components should be examined:
i. Confidentiality: It is to prevent unauthorized disclosure of information.
ii. Integrity: It is to prevent erroneous modification of information. Storing incorrect data within the system can lose data. Malicious attackers also can modify, delete, or corrupt information that is vital.
iii. Availability: It is to prevent unauthorized withholding of information or resources. Information should be as freely available as possible to authorized users.
iv. Authentication: It is the process of verifying that users are who they claim to be when logging onto a system. It proves who you are.
v. Authorization: It is the process of allowing only authorized users access to sensitive information.
• Implementation policies
 Create usage policy: The first step, creating usage policy statements that outline users' roles and responsibilities with regard to security. Second step, Explain any specific acts that have been identified as security attacks and actions that will be taken to detect security attacks. Lastly, create an administrator acceptable use statement to explain the procedures for user account administration, policy enforcement, and privilege review.
Conduct a risk analysis: A risk analysis should identify the risks to your network, network resources, and data. The intent of a risk analysis is to identify portions of your network, assign a threat rating to each portion, and apply an appropriate level of security. This helps maintain a workable balance between security and required network access.
Assign each network resource one of the following three risk levels:
Low Risk Systems or data if data viewed by unauthorized personnel, data corrupted, or data lost would not disrupt the information.
Medium Risk Systems or data if data viewed by unauthorized personnel, data corrupted, or data lost would cause a moderate disruption.
High Risk Systems or data if data viewed by unauthorized personnel, data corrupted, or data lost would cause an extreme disruption
Reply
soniya nehra
Active In SP
**

Posts: 3
Joined: Apr 2011
#15
22-04-2011, 01:25 PM

plz send network security report
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Biometric Security Palm Vein Technology project uploader 2 1,458 19-08-2013, 09:55 AM
Last Post: study tips
  Full Report on Cloud computing study tips 4 1,288 02-08-2013, 09:59 AM
Last Post: study tips
  Routing protocols in Mobile Ad Hoc Network PPT project girl 0 585 08-02-2013, 11:37 AM
Last Post: project girl
  INFORMATION SECURITY USING STEGANOGRAPHY ppt seminar tips 0 864 07-02-2013, 04:20 PM
Last Post: seminar tips
  Visual Cryptography for Color Image using Color Error Diffusion seminar ideas 1 1,095 05-02-2013, 10:26 AM
Last Post: seminar tips
  CYBER CRIME AND SECURITY REPORT project girl 1 834 02-02-2013, 11:45 AM
Last Post: seminar tips
  smart card full report computer science technology 16 15,500 21-12-2012, 11:39 AM
Last Post: seminar tips
  FILTERING UNWANTED PACKETS ON ATM NETWORK PPT project girl 0 827 20-12-2012, 05:53 PM
Last Post: project girl
  OPERATING SYSTEM SECURITY project uploader 4 3,188 19-12-2012, 01:02 PM
Last Post: seminar tips
  virtual private network VPN full report computer science technology 11 15,739 07-11-2012, 10:54 AM
Last Post: seminar tips