A TECHNICAL POSTER PRESENTATION ON NETWORK SECURITY & CRYPTOGRAPHY SRI VASAVI ENGINEEERING COLLEGE DEPARTMENT OF INFORMATION TECHNLOGY Presented by NAME: ROLL NO.: CONTACT NO.: BRANCH,YEAR: EMAIL ID’S: CONTACT DETAILS M.PHANIJA B.LAVANYA 08A81A1235 08A81A1207 CH.PRAVALLIKA 08A81A1208 9652674983 IT,3RD YEAR bnklavanya3@gmail.com phanija.miryala@gmail.com pravallika.chitikana@gmail.com SRI VASAVI COLLEGE OF ENGG. & TECH., PEDATADEPALLI Abstract Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them. Some history of networking is included, as well as an introduction to TCP/IP and internetworking . We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices. This is not intended to be a ``frequently asked questions'' reference, nor is it a ``hands-on'' document describing how to accomplish specific functionality. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace. 2 Cryptography and Network Security Authentication: The process of proving one's identity. (The primary forms of host-to- Does security provide some very host authentication on the Internet today are basic protections that we are naive to believe name-based or address-based, both of which that we don't need? During this time when the are notoriously weak.) Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for that no one can read the message except the commerce, security becomes a tremendously intended receiver. prrivacy/confidentiality: Ensuring important issue to deal with. There are many aspects to security and many applications, Ranging from secure commerce and payments to private Communications and protecting passwords. One essential aspect for Secure communications is that of cryptography. Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. In data and cryptography is tele communications, necessary when communicating over any untrusted medium, Integrity: Assuring the receiver that the which includes just about any network, received message has not been altered in any particularly the Internet.Within the context of way from the original. any application-to-application communication, there are some specific security requirements, Non-repudiation: A mechanism to prove that the sender really sent this message. including: Cryptography, then, not only protects data 3 from theft or alteration, but can also be used With this form of cryptography, it is obvious for user authentication. that the key must be known to both the sender cryptographic and the receiver; that, in fact, is the secret. The algorithms that will be discussed are (Figure biggest difficulty with this approach, of 1): course, is the distribution of the key.Secret The three types of key cryptography schemes are generally Secret Key Cryptography (SKC): categorized as being either stream ciphers or Uses a single key for both encryption and block ciphers. decryption Stream ciphers operate on a single bit Public Key Cryptography (PKC): (byte or computer word) at a time and Uses one key for encryption and another for implement some form of feedback mechanism decryption so that the key is constantly changing. A block Hash Functions: Uses a mathematical cipher is so- called because the scheme transformation to irreversibly encrypts one block of data at a time using the "encrypt" same key on each block. In general, the same information plain text block will always encrypt to the same cipher text when using the same key in a 1. Secret Key Cryptography block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher. With secret key cryptography, a single key is 2. Public key cryptography used for both encryption and decryption. Modern As shown in Figure the sender uses the key (or PKC was first described some set of rules) to encrypt the plain text and publicly by Stanford University professor sends the cipher text to the receiver. The Martin receiver applies the same key (or rule set) to Whitfield decrypt the message and recover the plain described a two-key crypto system in which text. Because a single key is used for both two parties could engage in a secure functions, secret key cryptography is also communication called symmetric encryption. communications channel without having to Hellman Diffie and in over graduate 1976. a Their student paper non-secure share a secret key. Generic PKC employs two 4 keys that are mathematically related although ensure integrity, none of this works without knowledge of one key does not allow someone trust. In SKC, PKC solved the secret to easily determine the other key. One key is distribution problem. There are a number of used to encrypt the trust plaintext and the models employed other key is used to decrypt the cipher text. cryptographic schemes. The important point here is that it by various The web of trust employed by does not matter which key is applied first, Pretty Good Privacy (PGP) users, who hold but that both keys are required for the process their own set of trusted public keys. to work (Figure 1B). Because a pair of keys are required, this approach is also called Kerberos, a secret key distribution scheme using a trusted third party. asymmetric cryptography 3. Hash Functions trusted third parties to authenticate each other Hash functions, also called message digests and one-way encryption, Certificates, which allow a set of and, by implication, each other's users. are algorithms that, Each of these trust models differs in in some sense, use no key (Figure 1C). complexity, general applicability, scope, and Instead, a fixed-length hash value is computed scalability. based upon the plaintext that makes it impossible for either the contents or length of Types of authority the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to bind, ensure that the file has not been altered by an organization, corporate position, or other intruder or virus. Hash functions are also entity. commonly employed by many operating systems to encrypt passwords. Hash functions, actions the holder may or may not take based then, help preserve the integrity of a file. upon this certificate. 4. TRUST MODELS Secure use of cryptography requires trust. (e.g., encrypting the session's symmetric key While secret key cryptography can ensure for data confidentiality). message confidentiality and hash codes can 5 Establish identity: Associate, or a public key to an individual, Assign authority: Establish what Secure confidential information Todays latest used cryptographic techniques:Hash algorithms that are in Different types of threats to network: common use today include:Message Digest (MD) algorithms Secure Hash Algorithm (SHA) programs have special features that allow Application backdoors - Some for remote access . Others contain bugs that provide a backdoor , or hidden access Pretty Good Privacy (PGP) , that provides some level of control of Pretty Good Privacy (PGP) is one of today's the program. most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse. SMTP session hijacking - SMTP is the most common method of Sending eDepending upon the version of PGP, the mail over the Internet . By gaining access software uses SHA or MD5 for calculating the to a list of e- mail Addresses , a person message hash; CAST, Triple-DES, or IDEA can send unsolicited junk e-mail ( spam ) for encryption; and RSA or DSS/Diffie- to thousands of users . This is done quite Hellman for key exchange and digital often by redirecting the e-mail through the signatures. And much more techniques used. SMTP server of an unsuspecting host , Time making the actual sender of the spam is the only true test of good cryptography; any cryptographic scheme that difficult to trace. stays in use year after year is most likely a good one. The strength of cryptography lies in applications , some operating systems Have the choice (and management) of the keys; backdoors . Others provide remote access longer keys will resist attack better than with insufficient security controls or have shorter keys bugs that an experienced hacker can take Encrypt and decrypt messages using any of advantage of . Operating system bugs - Like the classical substitution ciphers discussed, both by hand and with the assistance of programs. probably heard this phrase used in news understand the concepts of language Denial of service - You have reports on the attacks on major Web sites redundancy and unicity distance. . This type of attack is nearly Impossible 6 to counter . What happens is that the quickly hacker sends a request to the server to Viruses range from harmless messages to connect to it . When the erasing all of your data . server responds with an acknowledgement from one system to the next. and tries to establish a session , it cannot find the system By always annoying , spam is the electronic with these equivalent of junk mail . Spam can be unanswerable session requests , a hacker dangerous though . Quite often it contains a crawl or links to Web sites . Be careful of clicking that inundating made a the request . server causes the server to slow to eventually crash. on Spam - Typically harmless but these because you may accidentally accept a cookie that provides a backdoor is E-mail bombs - An e-mail bomb usually a personal to your computer. attack . Someone Redirect bombs - Hackers can use sends you the same e-mail hundreds or ICMP thousands of information times until your e-mail system cannot accept any more messages . to change ( redirect ) the Path takes by sending it to a different router . This is one of the ways that a denial of service attack is set up. Macros - To simplify complicated Network security can be done by procedures , many applications allow you to create a script of commands that the various methods. application can run . This script is known 1. Virtual Private Network: as a macro . Hackers have taken advantage of this to create their own A virtual private network ( VPN ) is a way to macros that , depending on the application use a public telecommunication infrastructure , can destroy your data or crash your , such as the Internet , to provide remote computer . offices or individual users with secure access to their organization's network. A Viruses - Probably the most well- virtual private network can be contrasted known threat is computer viruses . A virus with an expensive system of owned or is a small program that can copy itself to leased lines that can only be used by one other computers . organization. The goal This way it can spread 7 of a VPN is to provide the organization with the same authenticates the user and creates the other capabilities , but at a much lower cost end of tunnel. Fig : a) A leased line private network b) A virtual private network Implementation of network security by VPN. Step 1. - The remote user dials into their local ISP and logs into the ISP’s network as usual. Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection. Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server 8 2.Firewalls: A firewall provides a strong barrier Step 4. - The destination Security server between your private network and receives the encrypted data and decrypts. The Internet . You can set firewalls to restrict Security server then forwards the decrypted the number of open ports , what type of data packets onto the corporate network. Any packets are passed information sent back to the Remote user is protocols also encrypted before being sent over the should already have a good firewall in Internet. place before you implement a VPN , but are a firewall can allowed through . which You also be used to terminate the VPN sessions. 9 through and the A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it provides the only point of access between your home network and the Internet . 4. AAA Server - AAA (authentication , authorization and accounting) Fig2: A fire wall consisting of two packet filters servers are used for more secure access in and an application gateway a remote-access VPN environment . When a 3.IPSec - request to establish a session comes in Internet Protocol Security Protocol (IPSec) from a dial up client , the provides enhanced security features such as proxies better encryption checks the following : algorithms and more to the Request is AAA server . AAA then comprehensive authentication . IPSec has Who you are (authentication) two What you are allowed to do (authorization) encryption modes : tunnel and transport . Tunnel encrypts the header and What you actually do (accounting) The the payload of each packet while transport accounting information is especially useful only encrypts the payload. Only systems for tracking client. Use for security auditing that are IPSec compliant can take advantage , billing or reporting purposes . of this Protocol . Also , all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices , such as : Router to router Firewall to router PC to router PC to server 10 REFRERNCES 1.The New Lexicon Webster's Encyclopedic Dictionary of the English Language. New York: Lexicon. 1.Cryptography And Network Security -- William Stallings 2.R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP Software. Computing & Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey . 3.COMPUTER NETWORKS ---ANDREW S. TENAUNBAUM 4.S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 3248, April 19 11 12