Beruflich Dokumente
Kultur Dokumente
Lecture 3
Types of Attacks
Assistant Lecturer
Rasha Hussein
3rd Class - Second Course
Network Security Protocols and Administration …………….…………………. Rasha Hussein
Types of Attacks
1. Denial of Service Attacks
1.1. Denial of Service Attacks Definition
The first type of attack to examine is the denial of service (DoS). A denial
of service attack is any attack that aims to deny legitimate users of the use
of the target system. This class of attack does not actually attempt to
infiltrate a system or to obtain sensitive information. It simply aims to
prevent legitimate users from accessing a given system.
This type of attack is one of the most common categories of attack. Many
experts feel that it is so common because most forms of denial of service
attacks are fairly easy to execute. The ease with which these attacks can
be executed means that even attackers with minimal technical skills can
often successfully perform a denial of service.
The concept underlying the denial of service attack is based on the fact
that any device has operational limits. This fact applies to all devices, not
just computer systems. For example, bridges are designed to hold weight
up to a certain limit, aircraft have limits on how far they can travel
without refuelling , and automobiles can accelerate unit a certain point.
All of these various devices share a common trait: They have set
limitations to their capacity to perform work. Computers are no different
from these, or any other machine; they, too, have limits. Any computer
system, web server, or network can only handle a finite load.
How a workload (and its limits) is defined varies from one machine to
another. A workload for a computer system might be defined in a number
of different ways, including the number of simultaneous users, the size of
files, the speed of data transmission, or the amount of data stored.
Exceeding any of these limits will stop the system from responding. For
example, if you can flood a web server with more requests than it can
process, it will be overloaded and will no longer be able to respond to
further requests. This reality underlies the DoS attack. Simply overload
the system with requests, and it will no longer be able to respond to
legitimate users attempting to access the web server.
DDoS attack uses many agents to send a lot of useless packets to the
victim in a short time which make the system’s resources unavailable for
legitimate users. It overwhelms network resources with harmful packets
and prevents normal users from accessing the system resources. Since it
is very difficult to set any predefined rules to correctly identify genuine
|Page2
Network Security Protocols and Administration …………….…………………. Rasha Hussein
[1 ] W. Bhaya, and Mehdi Ebady Manaa. A Dynamic DDoS Attack Detection Approach using Data Mining Techniques".
|Page3
Network Security Protocols and Administration …………….…………………. Rasha Hussein
|Page4
Network Security Protocols and Administration …………….…………………. Rasha Hussein
|Page5
Network Security Protocols and Administration …………….…………………. Rasha Hussein
|Page7
Network Security Protocols and Administration …………….…………………. Rasha Hussein
buffer than the buffer was designed to hold. This means that although this
threat might be less than it once was, it is still a very real threat.
Any program that communicates with the Internet or a private network
must receive some data. This data is stored, at least temporarily, in a
space in memory called a buffer. If the programmer who wrote the
application was careful, the buffer will truncate or reject any information
that exceeds the buffer limit.
Given the number of applications that might be running on a target
system and the number of buffers in each application, the chance of
having at least one buffer that was not written properly is significant
enough to cause any cautious system administrator some concern. A
person moderately skilled in programming can write a program that
purposefully writes more data into the buffer than it can hold. For
example, if the buffer can hold 1024 bytes of data and you try to fill it
with 2048 bytes, the extra 1024 bytes is then simply loaded into memory.
If the extra data is actually a malicious program, then it has just been
loaded into memory and is running on the target system. Or perhaps the
perpetrator simply wants to flood the target machine’s memory, thus
overwriting other items that are currently in memory and causing them to
crash. Either way, the buffer overflow is a very serious attack.
Fortunately, buffer overflow attacks are a bit harder to execute than the
DoS or a simple MS Outlook script virus. To create a buffer overflow
attack, a hacker must have a good working knowledge of some
programming language (C or C++ is often chosen) and understand the
target operating system/application well enough to know whether it has a
buffer overflow weakness and how it might exploit the weakness.
3. IP Spoofing
IP spoofing is essentially a technique used by hackers to gain
unauthorized access to computers. Although this is the most common
reason for IP spoofing, it is occasionally done simply to mask the origins
of a DoS attack. In fact DoS attacks often mask the actual IP address
from which the attack is originating.
With IP spoofing, the intruder sends messages to a computer system with
an IP address indicating that the message is coming from a different IP
address than it is actually coming from. If the intent is to gain
|Page8
Network Security Protocols and Administration …………….…………………. Rasha Hussein
|Page9
Network Security Protocols and Administration …………….…………………. Rasha Hussein
| P a g e 10
Security Association
Each of them stores the value of the key in a variable and the name of the encryption/
decryption algorithm in another. Alice uses the algorithm and the key to encrypt a
message to Bob; Bob uses the algorithm and the key when he needs to decrypt the
message received from Alice. Figure 30.8 shows a simple SA.
The Security Associations can be more involved if the two parties need message
integrity and authentication. Each association needs other data such as the algorithm
for message integrity, the key, and other parameters. It can be much more complex if
the parties need to use specific algorithms and specific parameters for different
protocols, such as IPSec AH or IPSec ESP.
When a host needs to send a packet that must carry an IPSec header, the host needs to
find the corresponding entry in the outbound SAD to find the information for
applying security to the packet. Similarly, when a host receives a packet that carries
an IPSec header, the host needs to find the corresponding entry in the inbound SAD
to find the information for checking the security of the packet. This searching must
be specific in the sense that the receiving host needs to be sure that correct
information is used for processing the packet.
**Each entry in an inbound SAD is selected using a triple index:
1-security parameter index (a 32-bit number that defines the SA at the destination),
Security Policy
Another important aspect of IPSec is the Security Policy (SP), which defines the
type of security applied to a packet when it is to be sent or when it has arrived. Before
using the SAD, a host must determine the predefined policy for the packet.
Each host that is using the IPSec protocol needs to keep a Security Policy Database
(SPD). Again, there is a need for an inbound SPD and an outbound SPD. Each entry
in the SPD can be accessed using a sextuple index: source address, destination
address, name, protocol, source port, and destination port, as shown in Figure 30.10.
The Internet Key Exchange (IKE) is a protocol designed to create both inbound and
outbound Security Associations. As we discussed in the previous section, when a
peer needs to send an IP packet, it consults the Security Policy Database (SPD) to see
if there is an SA for that type of traffic. If there is no SA, IKE is called to establish
one.
IKE is a complex protocol based on three other protocols: Oakley, SKEME, and
ISAKMP, as shown in Figure 30.13.
The Oakley protocol was developed by Hilarie Orman. It is a key creation protocol.
SKEME, designed by Hugo Krawcyzk, is another protocol for key exchange. It uses
public-key encryption for entity authentication in a key-exchange protocol. The
Internet Security Association and Key Management Protocol (ISAKMP) is a
protocol designed by the National Security Agency (NSA) that actually implements
the exchanges defined in IKE. It defines several packets, protocols, and parameters
that allowthe IKE exchanges to take place in standardized, formatted messages to
create SAs. We leave the discussion of these three protocols for books dedicated to
security.
Virtual Private Network (VPN)
VPN is a network that is private but virtual. It is private because it guarantees privacy
inside the organization. It is virtual because it does not use real private WANs; the
network is physically public but virtually private.
Figure 30.14 shows the idea of a virtual private network. Routers R1 and R2 use VPN
technology to guarantee privacy for the organization. VPN technology uses ESP
protocol of IPSec in the tunnel mode. A private datagram, including the header, is
encapsulated in an ESP packet. The router at the border of the sending site uses its
own IP address and the address of the router at the destination site in the new
datagram. The public network (Internet) is responsible for carrying the packet from
R1 to R2. Outsiders cannot decipherthe contents of the packet or the source and
destination addresses. Deciphering takes place at R2, which finds the destination
address of the packet and delivers it.
TRANSPORT LAYER SECURITY
Two protocols are dominant today for providing security at the transport layer: the
Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS)
protocol. We discuss SSL in this section; TLS is very similar. Figure 30.15 shows
the position of SSL and TLS in the Internet model.
**One of the goals of these protocols is to provide server and client authentication,
data confidentiality, and data integrity Application-layer client/server programs, such
as HTTP, that use the services of TCP can encapsulate their data in SSL packets.
If the server and client are capable of running SSL (or TLS) programs, then the client
can use the URL https://... instead of http://... to allow HTTP messages to be
encapsulated in SSL (or TLS) packets. For example, credit card numbers can be
safely transferred via the Internet for online shoppers.
SSL Architecture
SSL is designed to provide security and compression services to data generated from
the application layer. Typically, SSL can receive data from any application layer
protocol, but usually the protocol is HTTP. The data received from the application is
compressed(optional),signed, and encrypted.
The data is then passed to reliable موثوقtransport layer protocol such as TCP.
Netscape developed SSL in 1994. Versions 2 and 3 were releasedin 1995. In this
section, we discuss SSLv3.
Services
SSL provides several services on data received from the application layer.
❑Fragmentation. First, SSL divides the data into blocks of 214 bytes or less.
❑Confidentiality. To provide confidentiality, the original data and the MAC are
To exchange an authenticated and confidential message , the client and the server
eachneed a set of cryptographic secrets. However, to create these secrets, one pre-
mastersecret must be established between the two parties. SSL defines several key-
exchangemethods to establish this pre-master secret.
Some Concepts: -
Encryption/Decryption Algorithms
The client and server also need to agree to a set of encryption and decryption
algorithms.
Hash Algorithms
Cipher Suite
Compression Algorithms
1. The client and server exchange two random numbers; one is created by the client
andthe other by the server.
2. The client and server exchange one pre-master secret using one of the
predefinedkey- exchange algorithms.
3. A 48-byte master secret is created from the pre-master secret by applying two
hashfunctions (SHA-1 and MD5).
4. The master secret is used to create variable-length key material by applying the
sameset of hash functions and prepending with different constants, as shown in
Figure 30.17.The module is repeated until key material of adequate size is created.
Note that the length of the key material block depends on the cipher suite selectedand
the size of keys needed for this suite.5. Six different secrets are extracted from the
key material, as shown in Figure 30.18.
For two entities to exchange data, the establishment of a session is necessary, but not
sufficient; they need to create a connection between themselves. The two entities
exchange two random numbers and create, using the master secret, the keys and
parameters needed for exchanging messages involving authentication and
privacy.
A session can consist of many connections. A connection between two parties can be
terminated and re-established within the same session. When a connection is
terminated, the two parties can also terminate the session, but it is not mandatory. A
session can be suspended and resumed again.
Four Protocols
We have discussed the idea of SSL without showing how SSL accomplishes its
tasks.SSL defines four protocols in two layers, as shown in Figure 30.19.
1.The Record Protocol is the carrier. It carries messages from three other protocols
as well as the data coming from the application layer. Messages from the Record
Protocol are payloads to the transport layer, normally TCP.
2.The Handshake Protocol provides security parameters for the Record Protocol. It
establishes a cipher set and provides keys and security parameters. It also
authenticates the server to the client and the client to the server if needed.
Phase IV: Finalizing and Finishing In Phase IV, the client and server send
messagesto change cipher specification and to finish the handshaking protocol.
❑To introduce the idea of Internet security at the network layer and the IPSec protocol
that implements that idea in two modes: transport and tunnel.
❑ To discuss two protocols in IPSec, AH and ESP, and explain the security services
each provide.
❑ To introduce the idea of Internet security at the transport layer and the SSL protocol
that implements that idea.
❑ To show how SSL creates six cryptographic secrets to be used by the client and the
server.
❑ To discuss four protocols used in SSL and how they are related to each other.
❑ To introduce Internet security at the application level and two protocols, PGP and
S/MIME, that implement that idea.
❑ To show how PGP and S/MIME can provide confidentiality and message
authentication.
We start with the discussion of security at the network layer. Although in the next two
sections we discuss security at the transport and application layers, we also need
security at the network layer for three reasons. First, not all client/server programs
are protected at the application layer. Second, not all client/server programs at the
application layer use the services of TCP to be protected by the transport layer security
that we discuss for the transport layer; some programs use the service of UDP.
Third, many applications, such as routing protocols, directly use the service of IP;
they need security services at the IP layer.
Task Force (IETF) to provide security for a packet at the network level. IPSec helps
create authenticated and confidential packets for the IP layer.
Two Modes
IPSec operates in one of two different modes: transport mode or tunnel mode.
Transport Mode
In transport mode, IPSec protects what is delivered from the transport layer to the
network layer. In other words, transport mode protects the payload to be encapsulated
in the network layer, as shown in Figure 30.1.
Note that transport mode does not protect the IP header. In other words, transport
mode does not protect the whole IP packet; it protects only the packet from the
transport layer (the IP layer payload). In this mode, the IPSec header (and trailer) are
added to the information coming from the transport layer. The IP header is added later.
Transport mode is normally used when we need host-to-host (end-to-end) protection
of data.
The sending host uses IPSec to authenticate and/or encrypt the payload delivered from
the transport layer. The receiving host uses IPSec to check the authentication and/or
decrypt the IP packet and deliver it to the transport layer. Figure 30.2 shows this
concept.
Tunnel Mode
In tunnel mode, IPSec protects the entire IP packet. It takes an IP packet, including
the header, applies IPSec security methods to the entire packet, and then adds a new IP
header, as shown in Figure 30.3.
The new IP header, has different information than the original IP header. Tunnel mode
is normally used between two routers, between a host and a router, or between a router
and a host, as shown in Figure 30.4. The entire original packet is protected from
intrusion between the sender and the receiver, as if the whole packet goes through an
imaginary tunnel.
Comparison
In transport mode, the IPSec layer comes between the transport layer and the network
layer. In tunnel mode, the flow is from the network layer to the IPSec layer and then
back to the network layer again. Figure 30.5 compares the two modes.
Two Security Protocols
IPsec defines two protocols
the Authentication Header (AH) Protocol and the Encapsulating Security Payload
(ESP) Protocol.
to provide authentication and/or encryption for packets at the IP level.
Access Control
IPSec provides access control indirectly using a Security Association Database
(SAD), as we will see in the next section. When a packet arrives at a destination,
and there is no Security Association already established for this packet, the packet
is discarded.
Message Integrity
Message integrity is preserved الحفاظin both AH and ESP. A digest of data is
created and sent by the sender to be checked by the receiver.
Entity Authentication
The Security Association and the keyed-hash digest of the data sent by the sender
authenticate the sender of the data in both AH and ESP.
Confidentiality
The encryption of the message in ESP provides confidentiality. AH, however, does not
provide confidentiality. If confidentiality is needed, one should use ESP instead of AH.
Replay Attack Protection
In both protocols, the replay attack is prevented by using sequence numbers and a
sliding receiver window. Each IPSec header contains a unique sequence number when
the Security Association is established. The number starts from 0 and increases until
the value reaches 232 − 1. When the sequence number reaches the maximum, it is reset
to 0 and, at the same time, the old Security Association (see the next section) is deleted
and a new one is established.
Key Distribution Using Asymmetric Encryption
1-Public-Key Certificates
public-key encryption is that the public key is public. Thus, if there is
some broadly accepted public-key algorithm, such as RSA, any
participant can send his or her public key to any other participant or
broadcast the key to the community at large. Although this approach is
convenient, it has a major weakness.
Anyone can forge such a public announcement. That is, some user
could pretend to be user A and send a public key to another participant
or broadcast such a public key. Until such time as user A discovers the
forgery and alerts other participants, the forger is able to read all
encrypted messages intended for A and can use the forged keys for
authentication.
The solution to this problem is the public-key certificate. a certificate
consists of a public key plus a user ID of the key owner, with the
whole block signed by a trusted third party.
*Typically, the third party is a certificate authority (CA) that is trusted
by the user community, such as a government agency or a financial
institution.
* A user can present his or her public key to the authority in a secure
manner and obtain a certificate. The user can then publish the
certificate.
*Anyone needing this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature. Figure
4.3 illustrates the process.
One scheme has become universally accepted for formatting لصياغة
public-key certificates: the X.509 standard. X.509 certificates are
used in most network security applications, including IP security,
secure sockets layer (SSL), secure electronic transactions (SET), and
S/MIME.
2-Public-Key Distribution of Secret Keys
Solution
So, use an authentication server (AS) that knows the passwords of all
users and stores these in a centralized database. In addition, the AS shares
aAS shares a unique secret key unique secret key with each server with
each server. These keys have been distributed physically or in some other
secure manner.
The heart of the first problem is the lifetime associated with the ticket-
granting ticket.
If this lifetime is very short (e.g., minutes), then the user will be repeatedly
asked for a password. If the lifetime is long (e.g., hours), then an opponent
has a greater opportunity فرصةfor replay. An opponent could eavesdrop on
the network and capture a copy of the ticket-granting ticket TGT and then
wait for the legitimate user to log out.
Then the opponent could forge صياغةthe legitimate user’s network address
and send the message of step (3) to the TGS. This would give the opponent
unlimited access to the resources and files available to the legitimate user.
*In this scenario, the user logs on to a workstation and requests access to server V.
The client module C in the user’s workstation requests the user’s password
and then sends a message to the AS that includes the user’s ID, the server’s
ID, and the user’s password.
**The AS checks its database to see if the user has supplied the proper
password for this user ID and whether this user is permitted access to
server V . If both If both tests are tests are passed, passed, the AS accepts
the user as authentic and must now convince إقناعthe server that this user is
authentic.
C =client
AS =authentication server
V = server
ID
C = identifier of user on C
IDV = identifier of V
PC =password of user on C
ADC =network address of C
key shared by AS and V
To do so, the AS creates a ticket that contains the user’s ID and network
address and the server’s ID. This ticket is encrypted using the secret key
shared by the AS and this server. This ticket is then sent back to C.
**Because the ticket is encrypted, it cannot be altered by C or by an
opponent.
With this ticket, C can now apply to V for service. C sends a message to V
containing C’s ID and the ticket.
V decrypts the ticket and verifies that the user ID in the ticket is the same as
the unencrypted user ID in the message. If these two match, the server
considers the user authenticated and grants منحthe requested service.
Kerberos Realms العوالم : A full-service Kerberos environment
consisting of a Kerberos server, a number of clients, and a number of
application servers requires the following:
1. The Kerberos server must have the user ID and hashed passwords of all
participating users in its database. All users are registered with the
Kerberos server.
2. The Kerberos server must share a secret key with each server. All servers
are registered with the Kerberos server.
A Kerberos realm is a set of managed nodes that share the same Kerberos
database. The Kerberos database resides on the Kerberos master
computer system, which should be kept in a physically secure room. A
read-only copy of the Kerberos database might also reside on other
Kerberos computer systems.
**However, all changes to the database must be made on the master
computer system. Changing or accessing the contents of a Kerberos
database requires the
Kerberos master password. For two realms to support interrealm
authentication, a third requirement is added:
3. The Kerberos server in each interoperating realm shares a secret key
with the server in the other realm. The two Kerberos servers are registered
with each other.
Kerberos Version 5
environmental shortcomings.
System Interconnect) model in 1982 for computer network connection. The OSI
Figure(3).
message. Figure (4) shows a typical message that has been acted upon by the
seven layers to prepare it for transmission. Layer 6 breaks the original message
data into blocks. At the layer 5, a session header is added to show the sender,
concerning the logical connection between the sender and receiver. At the
layer 3 routing information is added, it also divides the message into unties
message blocks, and to detect and correct transmission errors. The individual
bits of the message and the control information are transmitted on the physical
medium by level 1.
**All the additions to the message are checked and removed by the
The TCP/IP four-layer model is created with reference to the seven-layer OSI
model,as shown in Figure (5). Both the OSI model and the TCP/IP layered
model are based on many similarities, but there are philosophical and practical
computers.
communication network.
2. Internet Layer:
The Internet layer provides a routing function. This layer consists of the Internet
The transport layer delivers data between two processes on different host
computers. This layer contains the Transmission Control Protocol (TCP) and the
4. Application Layer:
This layer provides a direct interface with users or applications. Some of the
important application protocols are File Transfer Protocol (FTP) for file
transfers,Hypertext Transfer Protocol (HTTP) for the World Wide Web, Simple
Mail Transport Protocol (SMTP), Post Office Protocol (POP), Internet Mail
Access Protocol (IMAP), Internet Control Message Protocol (ICMP) for email,
Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP) and Secure
========================================================
IP Addresses:
services) and server device (defined as the provider of services) must have a
unique IP address.
Client workstations have either a static address or a dynamic address which
Ports:
two or more computers. For the computer acting as the client, the destination
port number will typically identify the type of application/service being hosted
by the server.
For example:
TCP port 21 is the destination port number used when communicating with an FTP server.
TCP port 22 is the destination port number used when communicating with an SSH server.
TCP port 23 is the destination port number used when communicating with an Telnet server.
TCP port 25 is the destination port number used when communicating with an SMTP server.
TCP port 80 is the destination port number used when communicating with an HTTP server.
TCP port 110 is the destination port number used when communicating with a POP3 server.
TCP port 5190 is the destination port number used when communicating with an AOLIM server.
TCP port 6667 is the destination port number used when communicating with an IRC server.
The above is a small selection from a possible 65,535 (64K) port numbers.
The port numbers are divided into three ranges: the Well Known Ports (from 0
through 1023), the Registered Ports (from 1024 through 49151), and the
consists of more than one computing system) not block users from continuing
to computer. If similar systems exist, users can move their computing tasks to
nodes.
=========================================================
owned by an organization.
organization. The services are intended to counter security attacks, and they
** the terms threat and attack are commonly used to mean more or less the
same thing. provides definitions taken from RFC 2828, Internet Security
Glossary.
Threat
capability, action, or event that could breach ينتهكsecurity and cause harm.
Attack
An assault اعتداءon system security that derives from an intelligent threat; that
policy of a system.
Security Mechanisms
Table 1.3 lists the security mechanisms defined in X.800. As can be seen the
mechanisms are divided into those that are implemented in a specific protocol
some sort of internet. The two parties, who are the principals(headmaster ) in
this transaction, must cooperate for the exchange to take place. A logical
Security aspects come into play when it is necessary or desirable to protect the
confidentiality, authenticity, and so on. All the techniques for providing security
include the encryption of the message, which scrambles the message so that it
contents of the message, which can be used to verify the identity of the sender
● Some secret information shared by the two principals and, it is hoped,
third party may be needed to arbitrate disputes between the two principals
This general model shows that there are four basic tasks in designing a
3. Develop methods for the distribution and sharing of the secret information.
4.Specify a protocol to be used by the two principals that makes use of the
service.
What Is Network Security?
As we know, computer networks are distributed networks of
computers that are either strongly connected meaning that they share a
lot of resources from one central computer or loosely connected,
meaning that they share only those resources that can make the
network work. When we talk about computer network security, It is
no longer one computer but a network.
So computer network security is a broader study of computer security.
It is still a branch of computer science, but a lot broader than that of
computer security.
It involves creating an environment in which a computer network,
including all its resources, which are many; all the data in it both in
storage and in transit; and all its users are secure. Because it is wider
than computer security, this is a more complex field of study
involving more de tailed mathematical designs of cryptographic,
communication, transport, and exchange protocols and best practices.
How does network security work?
Network security combines multiple layers of defenses at the edge and
in the network. Each network security layer implements policies and
controls. Authorized users gain access to network resources, but
malicious actors are blocked from carrying out exploits and threats.
1.Access Control
is a service the system uses, together with a user pre-provided
identification
information such as a password, to determine who uses what of its
services. Let us
look at some forms of access control based on hardware and software.
1.1 Hardware Access Control Systems
Access control tools falling in this category include the following:
•Access terminal.
These activities can be done in a variety of ways including fingerprint
verification and real-time anti-break-in sensors.
• Visual event monitoring. This is a combination of many
technologies into one very useful and rapidly growing form of access
control using a variety of real time technologies including video and
audio signals, aerial photographs, and global positioning system
(GPS) technology to identify locations.
• Identification cards. Sometimes called proximity cards, these cards
have become very common these days as a means of access control in
buildings, financial institutions, and other restricted areas.
The cards come in a variety of forms, including magnetic, bar coded,
contact chip, and a combination of these.
• Biometric identification. This is perhaps the fastest growing form
of control access tool today. Some of the most popular forms include
fingerprint, iris, and voice recognition. However, fingerprint
recognition offers a higher level of security.
• Video surveillance. This is a replacement of CCTV of yester year,
and it is gaining popularity as an access control tool. With fast
networking technologies and digital cameras, images can now be
taken and analyzed very quickly, and action taken in minutes.
1.2 Software Access Control Systems
Software access control falls into two types:
a. point of access monitoring (POA), personal activities can be
monitored by a PC-based application. The application can even be
connected to a network or to machines.
b. In remote mode, the terminals can be linked in a variety of ways,
including the use of modems, telephone lines, and all forms of
wireless connections.
2.Authentication
Authentication is a service used to identify a user. User identity,
especially of remote users.
This service provides a system with the capability to verify that a user
is the very one he or she claims to be based on what the user is,
knows, and has.
Physically, we can authenticate users based on checking one or more
of the following user items:
• User name (sometimes screen name)
• Password
• Retinal images: The user looks into an electronic device that maps
his or her eye retina image; the system then compares this map with a
similar map stored on the system.
• Fingerprints: The user presses on or sometimes inserts a particular
finger into a device that makes a copy of the user fingerprint and then
compares it with a similar image on the system user file.
• Physical location: The physical location of the system initiating an
entry request is checked to ensure that a request is actually originating
from a known and authorized location. In networks, to check the
authenticity of a client’s location a network or Internet protocol (IP)
address of the client machine is compared with the one on the system
user file.
This method is used mostly in addition to other security measures
because it alone cannot guarantee security. If used alone, it provides
access to the requested system to anybody who has access to the client
machine.
• Identity cards: Increasingly, cards are being used as authenticating
documents.
Whoever is the carrier of the card gains access to the requested
system.
card authentication is usually used as a second-level authentication
tool because whoever has access to the card
automatically can gain access to the requested system.
3. Confidentiality
The confidentiality service protects system data and information from
unauthorized disclosure.
This service uses encryption algorithms to ensure that nothing of the
sort(such as third party like a cryptanalysis or a man-in-the middle has
eavesdropped on the data) happened while the data was in the
network.
Encryption protects the communications channel from sniffers.
Sniffers are programs written for and installed on the communication
channels to eavesdrop on network traffic, examining all traffic on
selected network segments. Sniffers are easy to write and install and
difficult to detect. The encryption algorithm can either be symmetric
or asymmetric.
*Symmetric encryption or secret key encryption, as it is usually
called, uses a common key and the same cryptographic algorithm to
scramble and unscramble the message.
* Asymmetric encryption commonly known as public key encryption
uses two different keys: a public key known by all and a private key
known by only the sender and the receiver.
Both the sender and the receiver each has a pair of these keys, one
public and one private.
To encrypt a message, a sender uses the receiver’s public key which
was published. Upon receipt, the recipient of the message decrypts it
with his or her private key.
4. Integrity
The integrity service protects data against active threats such as those
that may alter it. Just like data confidentiality, data in transition
between the sending and receiving parties is susceptible تتعرضto
many threats from hackers, eavesdroppers, and cryptanalysts whose
goal is to intercept the data and alter it based on their motives.
This service, through encryption and hashing algorithms, ensures that
the integrity of the transient data is intact.
A hash function takes an input message M and creates a code from it.
The code is commonly referred to as a hash or a message digest.
A one-way hash function is used to create a signature of the message –
just like a human fingerprint.