Published on March 3, 2014
By Raj Kumar Rampelli
Need for Network security Classification of Network Attacks ◦ Possible Attacks Security Features Security Mechanism: Cryptography Types of Encryption-Decryption techniques ◦ Symmetric: Shared Key Type ◦ Asymmetric: Public/Private Key Type Public Key Infrastructure Digital Signature Public Key Infrastructure implementation and its factors ◦ ◦ ◦ ◦ Generation of key pair Obtain Digital certificate Encryption/Decryption analysis Digital certificate role Conclusion Raj Kumar Rampelli 3/3/2014 2
What is a Network ? ◦ Data Carrier Data ? ◦ Anything which conveys something between 1st person (sender/receiver) and 2nd person (receiver/sender) Categories of Data ? ◦ Normal ◦ Confidential Data can’t be enclosed to 3rd person. Goal ? ◦ Protection of DATA i.e. Information Security. ◦ Preventing compromise or loss of DATA from unauthorized access Raj Kumar Rampelli 3/3/2014 3
What is Network Attack ? Categories of Attacks ◦ An action that compromises the security of DATA ◦ Passive Learn from DATA and make use of system information Do not alter the DATA Very difficult to identify the attack Ex: Eavesdropping (Interception) ◦ Active Modifies the DATA Ex: Denial of Service Possible Attacks ◦ ◦ ◦ ◦ Interruption Interception Modification Fabrication Raj Kumar Rampelli 3/3/2014 4
Normal Flow Sender Receiver Interruption Sender Disturb Receiver ◦ Attack on “availability” Disconnection of a wireless or wired internet connection Unavailability of a particular web site Inability to access any web site Raj Kumar Rampelli 3/3/2014 5
Interception (No Privacy) Intruder Sender Receiver ◦ Attack on “confidentiality” ◦ Packet Analyzer software Intercept and log traffic passing over a network Captures each Packet and decodes the data Ex: Microsoft Network Monitor ◦ Man in the middle attack ◦ Wiretapping: capture the data ◦ Intruder can be a person or a program or a computer Raj Kumar Rampelli 3/3/2014 6
Modification ◦ Attacker modifies the data sent by the sender ◦ Gain access to a system and make changes Alter programs so that it performs differently ◦ Attack on “Integrity” Fabrication ◦ Attacker acts like Sender ◦ Gain access to a person’s email and sending messages ◦ Attack on “Authenticity” ◦ Lack of mutual authentication Raj Kumar Rampelli 3/3/2014 7
A Transaction/Communication (or a service) is secure if and only if the following security features are provided ◦ ◦ ◦ ◦ Confidentiality Integrity Authenticity (Mutual Authentication) Non-repudiation Cryptography ◦ Symmetric key Cryptography ◦ Public Key Infrastructure Raj Kumar Rampelli 3/3/2014 8
String of information that binds the unique identifier of each user to his/her corresponding public key. Services •Provide security features Digital Certificate Symmetric Key Cryptography •Data Encryption Standard (DES) •Triple DES •Advanced ES Cryptography Public Key Infrastructure Digital Signature •Public-Private Key •RSA A mathematical scheme for demonstrating the authenticity, non-repudiation and integrity of a digital message Encryption and Decryption •ECC •Cypher Text Raj Kumar Rampelli 3/3/2014 9
Symmetric Key scenario Sender (plain text) SK(plain text) Cipher Text (Encrypted text) Receiver SK(Cipher text) Plain text Public-Private Key scenario Sender (plain text) PubKey(plain text) Cipher Text (Encrypted text) Receiver PrivKey(Cipher text) Plain text Raj Kumar Rampelli 3/3/2014 10
• Generation of Public-Private key pair Performance factors at client • Generation of certificate request message • Receive and store digital certificates • Encryption and Decryption • Generation and verification of digital signature message • Verification of Digital certificate Raj Kumar Rampelli 3/3/2014 11
Generate public and private key pair at client Check the following details using different Public Key Cryptography (PKC) algorithms ◦ Time taken for key pair generation ◦ Storage space required for storing the key pair ◦ Repeat above two steps by changing the key size in the algorithm ◦ Analyze the results and choose optimal algorithm suitable for your application. PKC algorithms ◦ RSA ◦ ECC Raj Kumar Rampelli 3/3/2014 12
Generate certificate request message (CRM) using public-private key pair Apply for new Digital Certificate CA verifies the requester credentials ◦ Send CRM and user/app credentials to Certificate Authority (CA) ◦ Approves/Rejects the application ◦ If approved, Generate Digital Certificate using requester credential with public key information Store it in Digital certificate data base locally Send Digital certificate to requester Receive Digital certificate from CA and store locally. Raj Kumar Rampelli 3/3/2014 13
String of information that binds the unique identifier of each client to his/her corresponding public key. Pre-requite for obtaining Digital certificate ◦ Generate public-private key pair locally ◦ Generate certificate request message Digital certificate used to authenticate server credentials during mutual authentication process Mutual authentication process: ◦ a client authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity [wiki] Authenticating an entity using its Digital certificate: ◦ Check the validity period of certificate ◦ Verify the digital signature of CA on the certificate using CA’s public key Raj Kumar Rampelli 3/3/2014 14
Client encrypts the message using server’s public key The time taken for encryption of fixed size message ◦ Using server’s ECC public key ◦ Using server’s RSA public key ◦ Analyze the results. Client decrypts the received message (from server) using client’s private key The time taken for decryption of fixed size message ◦ Using client’s ECC private key ◦ Using client’s RSA private key ◦ Analyze the results. Raj Kumar Rampelli 3/3/2014 15
Performance factor-4: Digital signature generation & verification A valid digital signature gives a recipient reason to believe that the message was created by a known sender (Authenticity), such that the sender cannot deny having sent the message (Non-repudiation) and that the message was not altered in transit (Integrity). Raj Kumar Rampelli 3/3/2014 16
A method to Secure “Data transactions” between users is needed ◦ Should ensure all desired security features for any transaction. Cryptography: collections of standards/techniques for securing the Data. ◦ PKI ensures all security features As the key size increases, the more difficult to crack the data. Analyze PKI Implementation factors using different cryptographic algorithms with different key sizes Digital certificate: Mainly used for authenticity Digital signature: Mainly used for Integrity of data Raj Kumar Rampelli 3/3/2014 17
Have a Look at: My PPTs: http://www.slideshare.net/rampalliraj/ My Tech Blog: http://practicepeople.blogspot.in/ Raj Kumar Rampelli 3/3/2014 18
CS595-Cryptography and Network Security Attacks, Services and Mechanisms! Security Attacks " Action compromises the information security! Security Services
Cryptography, which translates as "secret writing," refers to the science of concealing the meaning of data so only specified parties understand a ...
Cryptography and Network Security: Principles and Practice: Amazon.de: William Stallings: Fremdsprachige Bücher
CRYPTOGRAPHY AND NETWORK SECURITY, SIXTH EDITION New topics for this edition include SHA-3, key wrapping, elliptic curve digital signature algorithm (ECDSA ...
Kindle-Shop Kindle kaufen Kindle eBooks Englische eBooks Kindle Unlimited eBook Deals Kindle Singles Kostenlose Kindle Lese-Apps Zeitungen & Zeitschriften ...
Cryptography and Network Security (Video) Introduction; ... An Introduction to Elliptic Curve Cryptography; Application of Elliptic Curves to Cryptography;
Security and Cryptography for Networks 9th International Conference, SCN 2014, Amalfi, Italy, September 3-5, 2014. Proceedings
Cryptography is a cornerstone of the modern electronic security technologies used today to protect valuable information resources on intranets, extranets ...
In this new first edition, well-known author Behrouz Forouzan uses his accessible writing style and visual approach to simplify the difficult concepts of ...
Last updated: Appendices and Documents Appendix C through Appendix H, in PDF format, are available for download here. Applied Cryptography and Data Security.