Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

File

advertisement 
A TECHNICAL
POSTER PRESENTATION
ON
NETWORK SECURITY &
CRYPTOGRAPHY
SRI VASAVI ENGINEEERING COLLEGE
DEPARTMENT OF INFORMATION TECHNLOGY
Presented by
NAME:
ROLL NO.:
CONTACT NO.:
BRANCH,YEAR:
EMAIL ID’S:
CONTACT DETAILS
M.PHANIJA
B.LAVANYA
08A81A1235
08A81A1207
CH.PRAVALLIKA
08A81A1208
9652674983
IT,3RD YEAR
bnklavanya3@gmail.com
phanija.miryala@gmail.com
pravallika.chitikana@gmail.com
SRI VASAVI COLLEGE OF ENGG. & TECH., PEDATADEPALLI
Abstract
Network security is a complicated subject, historically only tackled by
well-trained and experienced experts. However, as more and more people
become ``wired'', an increasing number of people need to understand the
basics of security in a networked world. This document was written manager
in mind, explaining the concepts needed to read through the hype in the
marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP
and internetworking . We go on to consider risk management, network threats,
firewalls, and more special-purpose secure networking devices.
This is not intended to be a ``frequently asked questions'' reference, nor is it a
``hands-on'' document describing how to accomplish specific functionality. It
is hoped that the reader will have a wider perspective on security in general,
and better understand how to reduce and manage risk personally, at home, and
in the workplace.
2
Cryptography
and
Network Security
Authentication: The process of proving
one's identity. (The primary forms of host-to-
Does security provide some very
host authentication on the Internet today are
basic protections that we are naive to believe
name-based or address-based, both of which
that we don't need? During this time when the
are notoriously weak.)
Internet provides essential communication
between tens of millions of people and is

being increasingly used as a tool for
that no one can read the message except the
commerce, security becomes a tremendously
intended receiver.
prrivacy/confidentiality:
Ensuring
important issue to deal with. There are many
aspects to security and many applications,
Ranging from secure commerce and payments
to private
Communications and protecting
passwords. One essential aspect for Secure
communications is that of cryptography.
Cryptography is the science of writing in
secret code and is an ancient art. The first
documented use of cryptography in writing
dates back to circa 1900 B.C. when an
Egyptian
scribe
used
non-standard
hieroglyphs in an inscription.
In data and
cryptography
is
tele communications,
necessary
when
communicating over any untrusted medium,

Integrity: Assuring the receiver that the
which includes just about any network,
received message has not been altered in any
particularly the Internet.Within the context of
way from the original.
any application-to-application communication,

there are some specific security requirements,
Non-repudiation: A mechanism to
prove that the sender really sent this message.
including:
Cryptography, then, not only protects data
3
from theft or alteration, but can also be used
With this form of cryptography, it is obvious
for user authentication.
that the key must be known to both the sender
cryptographic
and the receiver; that, in fact, is the secret. The
algorithms that will be discussed are (Figure
biggest difficulty with this approach, of
1):
course, is the distribution of the key.Secret

The

three
types
of
key cryptography schemes are generally
Secret Key Cryptography (SKC):
categorized as being either stream ciphers or
Uses a single key for both encryption and
block ciphers.
decryption
Stream ciphers operate on a single bit


Public Key Cryptography (PKC):
(byte or computer word) at a time and
Uses one key for encryption and another for
implement some form of feedback mechanism
decryption
so that the key is constantly changing. A block
Hash Functions: Uses a mathematical
cipher is so- called because the scheme
transformation
to
irreversibly
encrypts one block of data at a time using the
"encrypt"
same key on each block. In general, the same
information
plain text block will always encrypt to the
same cipher text when using the same key in a
1. Secret Key Cryptography
block cipher whereas the same plaintext will
encrypt to different cipher text in a stream
cipher.
With secret key cryptography, a single key is
2. Public key cryptography
used for both encryption and decryption.
Modern
As shown in Figure the sender uses the key (or
PKC
was
first
described
some set of rules) to encrypt the plain text and
publicly by Stanford University professor
sends the cipher text to the receiver. The
Martin
receiver applies the same key (or rule set) to
Whitfield
decrypt the message and recover the plain
described a two-key crypto system in which
text. Because a single key is used for both
two parties could engage in a secure
functions, secret key cryptography is also
communication
called symmetric encryption.
communications channel without having to
Hellman
Diffie
and
in
over
graduate
1976.
a
Their
student
paper
non-secure
share a secret key. Generic PKC employs two
4
keys that are mathematically related although
ensure integrity, none of this works without
knowledge of one key does not allow someone
trust. In SKC, PKC solved the secret
to easily determine the other key. One key is
distribution problem. There are a number of
used to encrypt the
trust
plaintext and the
models
employed
other key is used to decrypt the cipher text.
cryptographic schemes.
The

important point here is that it
by
various
The web of trust employed by
does not matter which key is applied first,
Pretty Good Privacy (PGP) users, who hold
but that both keys are required for the process
their own set of trusted public keys.
to work (Figure 1B). Because a pair of keys

are required, this approach is also called
Kerberos, a secret key distribution
scheme using a trusted third party.
asymmetric cryptography

3. Hash Functions
trusted third parties to authenticate each other
Hash functions, also called message digests
and one-way encryption,
Certificates, which allow a set of
and, by implication, each other's users.
are algorithms that,
Each of these trust models differs in
in some sense, use no key (Figure 1C).
complexity, general applicability, scope, and
Instead, a fixed-length hash value is computed
scalability.
based upon the plaintext that makes it
impossible for either the contents or length of
Types of authority
the plaintext to be recovered. Hash algorithms
are typically used to provide a digital

fingerprint of a file's contents often used to
bind,
ensure that the file has not been altered by an
organization, corporate position, or other
intruder or virus. Hash functions are also
entity.
commonly employed by many operating

systems to encrypt passwords. Hash functions,
actions the holder may or may not take based
then, help preserve the integrity of a file.
upon this certificate.
4. TRUST MODELS

Secure use of cryptography requires trust.
(e.g., encrypting the session's symmetric key
While secret key cryptography can ensure
for data confidentiality).
message confidentiality and hash codes can
5
Establish identity: Associate, or
a
public
key
to
an
individual,
Assign authority: Establish what
Secure confidential information
Todays latest used cryptographic
techniques:Hash algorithms that are in
Different types of threats to network:
common use today include:Message Digest
(MD) algorithms

 Secure Hash Algorithm (SHA)
programs have special features that allow
Application backdoors
-
Some
for remote access . Others contain bugs
that provide a backdoor , or hidden access
Pretty Good Privacy (PGP)
, that provides some level of control of
Pretty Good Privacy (PGP) is one of today's
the program.
most widely used public key cryptography
programs. PGP can be used to sign or encrypt

e-mail messages with mere click of the mouse.
SMTP session hijacking
- SMTP
is the most common method of Sending eDepending upon the version of PGP, the
mail over the Internet . By gaining access
software uses SHA or MD5 for calculating the
to a list of e- mail Addresses , a person
message hash; CAST, Triple-DES, or IDEA
can send unsolicited junk e-mail ( spam )
for encryption; and RSA or DSS/Diffie-
to thousands of users . This is done quite
Hellman for key exchange and digital
often by redirecting the e-mail through the
signatures. And much more techniques used.
SMTP server of an unsuspecting host ,
Time
making the actual sender of the spam
is
the
only true
test
of
good
cryptography; any cryptographic scheme that
difficult to trace.
stays in use year after year is most likely a

good one. The strength of cryptography lies in
applications , some operating systems Have
the choice (and management) of the keys;
backdoors . Others provide remote access
longer keys will resist attack better than
with insufficient security controls or have
shorter keys
bugs that an experienced hacker can take
Encrypt and decrypt messages using any of
advantage of .
Operating system
bugs -
Like
the classical substitution ciphers discussed,
both by hand and with the assistance of

programs.
probably heard this phrase used in news
understand
the
concepts
of
language
Denial of service
-
You
have
reports on the attacks on major Web sites
redundancy and unicity distance.
. This type of attack is nearly Impossible
6
to counter . What happens is that the
quickly
hacker sends a request to the server to
Viruses range from harmless messages to
connect to it . When the
erasing all of your data .
server responds
with an acknowledgement
from one system to the next.
and tries to
establish a session , it cannot find the

system
By
always annoying , spam is the electronic
with
these
equivalent of junk mail . Spam can be
unanswerable session requests , a
hacker
dangerous though . Quite often it contains
a crawl or
links to Web sites . Be careful of clicking
that
inundating
made
a
the
request .
server
causes the server to slow to
eventually crash.
on
Spam
-
Typically
harmless
but
these because you may accidentally
accept a cookie that provides a backdoor

is
E-mail bombs - An e-mail bomb
usually a personal
to your computer.
attack . Someone

Redirect bombs - Hackers can use
sends you the same e-mail hundreds or
ICMP
thousands of
information
times until your
e-mail
system cannot accept any more messages .
to
change ( redirect ) the Path
takes
by
sending
it
to
a
different router . This is one of the ways
that a denial of service attack is set up.

Macros - To simplify complicated
Network security can be done by
procedures , many applications allow you
to create a script of commands that the
various methods.
application can run . This script is known
1. Virtual Private Network:
as
a
macro .
Hackers
have
taken
advantage of this to create their own
A virtual private network ( VPN ) is a way to
macros that , depending on the application
use a public telecommunication infrastructure
, can destroy your data or crash your
, such as the Internet , to provide remote
computer .
offices
or
individual users with
secure
access to their organization's network. A

Viruses - Probably the most well-
virtual private network can be contrasted
known threat is computer viruses . A virus
with an expensive system of owned or
is a small program that can copy itself to
leased lines that can only be used by one
other computers .
organization. The goal
This way it
can spread
7
of a VPN is
to
provide the organization
with
the
same
authenticates the user and creates the other
capabilities , but at a much lower cost
end of tunnel.
Fig :
a) A leased line private network
b) A virtual private network
Implementation of network security by
VPN.
Step 1. - The remote user dials into their local
ISP and logs into the ISP’s network as usual.
Step 3. - The user then sends data through the
tunnel which encrypted by the VPN software
before being sent over the ISP connection.
Step 2. - When connectivity to the corporate
network is desired, the user initiates a tunnel
request to the destination Security server on
the corporate network. The security server
8
2.Firewalls:
A firewall
provides a strong
barrier
Step 4. - The destination Security server
between your private network and
receives the encrypted data and decrypts. The
Internet . You can set firewalls to restrict
Security server then forwards the decrypted
the number of open ports , what type of
data packets onto the corporate network. Any
packets are passed
information sent back to the Remote user is
protocols
also encrypted before being sent over the
should already have a good firewall in
Internet.
place before you implement a VPN , but
are
a firewall can
allowed
through .
which
You
also be used to terminate
the VPN sessions.
9
through and
the
A software firewall can be installed on the
computer in your
home that has an Internet
connection . This computer is considered a
gateway because it provides the only point
of access between your home network and the
Internet .
4. AAA Server - AAA (authentication ,
authorization and accounting)
Fig2: A fire wall consisting of two packet filters
servers are used for more secure access in
and an application gateway
a remote-access VPN environment . When a
3.IPSec -
request to establish a session comes in
Internet Protocol Security Protocol (IPSec)
from a dial up client , the
provides enhanced security features such as
proxies
better encryption
checks the following :
algorithms
and more
to the
Request is
AAA server . AAA then
comprehensive authentication . IPSec has
Who you are (authentication)
two
What you are allowed to do (authorization)
encryption
modes
:
tunnel and
transport . Tunnel encrypts the header and
What you actually do (accounting) The
the payload of each packet while transport
accounting information is especially useful
only encrypts the payload. Only systems
for tracking client. Use for security auditing
that are IPSec compliant can take advantage
, billing or reporting purposes .
of this Protocol . Also , all devices must
use a common key and the firewalls of
each
network must have very similar
security policies set up. IPSec can encrypt
data between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server
10
REFRERNCES
1.The New Lexicon Webster's Encyclopedic
Dictionary of the English Language. New York:
Lexicon.
1.Cryptography And Network Security -- William
Stallings
2.R.T. Morris, 1985. A Weakness in the
4.2BSD Unix TCP/IP Software. Computing &
Science Technical Report No. 117, AT&T
Bell
Laboratories, Murray Hill, New Jersey .
3.COMPUTER
NETWORKS
---ANDREW
S.
TENAUNBAUM
4.S.M. Bellovin. Security Problems in the
TCP/IP
Protocol
Suite.
Computer
Communication Review, Vol. 19, No. 2, pp. 3248, April 19
11
12
Related documents
plaintext version
plaintext version
sylla_454_s14
sylla_454_s14
- projectgenie
- projectgenie
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
Abstract: Chen-Mou Cheng, Post
Abstract: Chen-Mou Cheng, Post
COURSES OFFERED IN FOREIGN LANGUAGES
COURSES OFFERED IN FOREIGN LANGUAGES
here - kaist
here - kaist
Cryptography Applied to Linear Functions
Cryptography Applied to Linear Functions
Download
advertisement