Network Security
1. Introduction
�Things you need to know
Instructor:
Office:
CF-01
Email:
Dr. Rehan Qureshi
riqureshi@[Link],riqureshi@[Link]
Student Consultation:
RQ
Take appointment before meeting, preferably
via email
2
�Things you need to know
Books:
Cryptography and Network Security
Cryptography and Network Security
Behrouz A. Forouzan
Course Folder:
RQ
William Stallings
[Link]
id=0BxAtti5k9UyUSlhBWjBqMmkxdDQ&u
sp=sharing
3
�Things you need to know
The lecture slides provide only the
outline of the lecture. These outlines are
not a substitute for class attendance and
note taking. More importantly, these
outlines are not a substitute for the text
book.
In order to pass the course
YOU MUST STUDY FROM THE BOOK.
RQ
�Contents
RQ
Security Goals
Security Attacks
Security Services
Security Mechanisms
Security Techniques
Security Models
5
�Security
RQ
The term security is used in the
sense of minimizing the vulnerabilities
of assets and resources.
An asset is anything of value.
A vulnerability is any weakness that
could be exploited to violate a system
or the information it contains.
6
�Information security
The information stored in physical form
requires physical security mechanisms
With computers managing the most of
the information, tools are required for
1.
2.
RQ
e.g. rugged filing cabinets for paper
based filing systems
Computer security
Network or Internet security
7
�Computer security
RQ
The collection of tools designed to
protect data on computers
�Network security
RQ
Network or Internet security consists of
measures to prevent, detect, and
correct security violations that involve
the transmission of information
�Security Goals
RQ
10
�Security Goals
Confidentiality
Integrity
Protection of data from
unauthorized disclosure
Assurance that data received is as
sent by an authorized entity.
Availability
RQ
The information created and stored
by an organization needs to be
available to authorized entities.
11
�Security Attacks or Threats
An attack is an action that compromises
the security (Confidentiality, Availability,
Integrity) of information.
A threat is a danger which could affect
the security of information, leading to
potential loss or damage.
Often attack & threat are used
synonymously.
RQ
12
�Security Attacks
RQ
13
�Attacks Threatening
Confidentiality
RQ
Snooping unauthorized access to or
interception of data.
Traffic Analysis Obtain some
information by monitoring online traffic.
14
�Attacks Threatening Integrity
RQ
Modification the attacker intercepts
the message and changes it.
Masquerading or spoofing happens
when the attacker impersonates
somebody else.
15
�Attacks Threatening Integrity
Replaying the attacker obtains a
copy of a message sent by a user and
later tries to replay it.
Repudiation
RQ
sender of the message might later deny
that she has sent the message;
the receiver of the message might later
deny that he has received the message
16
�Attacks Threatening Availability
RQ
Denial of service (DoS) It may slow
down or totally interrupt the service of
a system.
17
�Passive vs. Active Attacks
Passive attack:
Active attack:
RQ
attackers goal is just to obtain
information
the attack does not modify data or harm
the system
difficult to detect
may change the data or harm the system
easier to detect than to prevent
18
�Passive vs. Active Attacks
RQ
19
�OSI Security Architecture
RQ
ITU-T X.800 Security Architecture for
OSI
defines a systematic way of defining
and providing security requirements
specially, it defines security services
related to security goals, and security
mechanisms to provide these security
services
20
�Security Services and
Mechanisms
Security Service
A service that enhances the security of data
processing systems & information transfers.
Security Mechanism
RQ
A mechanism that is designed to detect,
prevent or recover from a security attack.
A mechanism or combination of
mechanisms are used to provide a service.
A mechanism can be used in one or more
services.
21
�Security Services
RQ
ITU-T X.800 has defined five common
services related to security goals:
22
�Security Services
Data Confidentiality designed to
protect data from disclosure attack.
Data Integrity designed to protect
data from modification, insertion,
deletion and replaying by an adversary.
Authentication This service provides
the authentication of the party at the
other end of the line
RQ
23
�Security Services
Nonrepudiation Service protects
against repudiation by either the
sender or the receiver of the data
(proof of origin and proof of delivery).
Access Control provides protection
against unauthorized access to data.
RQ
24
�Security Mechanisms
ITU-T X.800
also defines
some security
mechanisms to
provide the
security services
RQ
25
�Relationship between Services
and Mechanisms
RQ
26
�Relationship btw Services & Mechanisms
Y=Yes, the mechanism is considered to be appropriate, either on its
own or in combination with other mechanisms [ITU-T X.800]
RQ
27
�Relationship btw Services & OSI Layers
Y=Yes, service could be incorporated in the standards for the layer as a
provider option [ITU-T X.800]
RQ
28
�Techniques
Mechanisms discussed so far are only
theoretical recipes to implement
security.
The actual implementation of security
goals needs some techniques.
Two techniques are prevalent today:
RQ
Cryptography Focus of this course
Steganography
29
�Cryptography
RQ
Cryptography, a word with Greek
origins, means secret writing.
However, we use the term to refer to
the science and art of transforming
messages to make them secure and
immune to attacks.
30
�Steganography
The word steganography, with origin in
Greek, means covered writing, in
contrast with cryptography, which
means secret writing.
Example: covering data under color image
RQ
31
�Model for Network Security
RQ
32
�Model for Network Access
Security
RQ
33
�Summary
Have considered:
RQ
Information security
Security attacks, services, mechanisms
Security techniques
Models for network (access) security
34
