CS-381 NETWORK

SECURITY

LECTURE 1
INTRODUCTIO
N
M M Waseem Iqbal

Who am I !!!

Mian Muhammad Waseem Iqbal

MS Information Security - MCS
Lecturer since May 2012, now promoted to
AP
Certified EC-Council Instructor for
CEH,CHFI and CSCU
CEH, CHFI, CSCU, CCNA, ITIL
waseem.iqbal@mcs.edu.pk

Text Book and Reference

Books

Cryptography and Network Security

Principles and Practices -William Stallings
Network Security Essentials: Applications
and Standards - William Stallings
Network security: PRIVATE communication
in a PUBLIC world - Kaufman, Perlman, and
Speciner

Assessment & Grading

4

Assignments (Many)
Quizzes (You Decide)
%
Presentations
OHT 1 & 2 30%
Final Exam 50%

20

Course Outline (1/2)

5

Introduction
Cryptography

Secret key cryptography

Conventional Encryption Techniques
Block Ciphers : DES, AES
Hashes and message digests: SHA-1 ,
MD5
Public key cryptography: RSA

Course Outline (2/2)

6

Network and system security

applications

Authentication Applications: Kerberos

Email security: PGP (Pretty Good Privacy)
IP security: IPSEC
Web and E-commerce: Secure Socket Layer
Firewalls
Intrusion detection
Malicious Software

Background
7

Information Security requirements have

changed in recent times
traditionally provided by physical and
administrative mechanisms
computer use requires automated tools to
protect files and other stored information
use of networks and communications links
requires measures to protect data during
transmission

Definitions
8

Computer Security - generic name for

the collection of tools designed to protect
data and to avoid hackers
Network Security - measures to protect
data during their transmission
Internet Security - measures to protect
data during their transmission over a
collection of interconnected networks

Aim of Course
9

our focus is on Internet Security

which consists of measures to deter,
prevent, detect, and correct security
violations that involve the transmission
& storage of information

OSI Security Architecture

10

ITU-T X.800 Security Architecture for OSI

defines a systematic way of defining and
providing security requirements
for us it provides a useful abstract,
overview of concepts we will study

Aspects of Security
11

consider 3 aspects of information

security:

security attack
security mechanism
security service

Security Attack
12

any action that compromises the security of

information owned by an organization
information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks

passive
active

Passive Attacks
13

14

Passive Attacks: Traffic

Analysis
Encrypted Transmission

Bob

Alice

Attacker (Eve)
observes pattern of
messages

Active Attacks
15

Active Attacks: Masquerade

16

Message from Bob

Bob

Attacker
(Eve)

Alice

Active Attacks: Modify

17

Balance =
$1

Bob

Balance =
$1

Balance =
$1,000,000

Balance =
$1,000,000
Attacker (Eve) intercepts
and alters messages

Alice

18

Active Attacks: Denial of

Service
Message Flood

Server
Overloaded By
Message Flood

Attacker

Example
Scenarios
A sends a file to B: E intercepts
it and reads it
How to send a file that is not readable to all except intended receiver?
A send a file to B: E intercepts it, modifies it, and then
forwards it to B
How to make sure that the document has been received unaltered ?
E sends a file to B pretending it is from A
How to make sure your communication partner is really who he claims
to be ?
A sends a message to B: E is able to delay the message for a
while
How to detect this ?
A sends a message to B. Later A (or B) denies having sent
(received) the message How to deal with electronic contracts

19

E prevents communication between A and B: B will reject any

message from A because they look unauthentic

Security Service
20

enhance security of data processing systems

and information transfers of an organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated
with physical documents
which,

for example, have signatures, dates; need

protection from disclosure, tampering, or
destruction; be notarized or witnessed; be recorded
or licensed

Security Services
21

X.800:
a service provided by a protocol layer of
communicating open systems, which
ensures adequate security of the systems or
of data transfers

RFC 2828:
a processing or communication service
provided by a system to give a specific kind
of protection to system resources

Security Services (X.800)

22

Authentication - assurance that the

communicating entity is the one claimed
Access Control - prevention of the
unauthorized use of a resource
Data Confidentiality protection of data
from unauthorized disclosure
Data Integrity - assurance that data
received is as sent by an authorized entity
Non-Repudiation - protection against
denial by one of the parties in a
communication

Security Mechanism
23

feature designed to detect, prevent, or

recover from a security attack
no single mechanism that will support all
services required
however one particular element
underlies many of the security
mechanisms in use:

cryptographic techniques

hence our focus on this topic

24

Security Mechanisms
(X.800)

specific security mechanisms:

encipherment, digital signatures, access

controls, data integrity, authentication
exchange, traffic padding, routing control,
notarization

pervasive security mechanisms:

trusted functionality, security labels, event

detection, security audit trails, security
recovery

Model for Network Security

25

Model for Network Security

26

using this model requires us to:

1.
2.
3.
4.

design a suitable algorithm for the

security transformation
generate the secret information (keys)
used by the algorithm
develop methods to distribute and share
the secret information
specify a protocol enabling the principals
to use the transformation and secret
information for a security service

27

Model for Network Access

Security

28

Model for Network Access

Security

using this model requires us to:

1.
2.

select appropriate gatekeeper functions

to identify users
implement security controls to ensure
only authorised users access designated
information or resources

trusted computer systems may be

useful to help implement this model

Layered Defense Concept

29