CHAPTER 8: NETWORK SECURITY: sender encrypted password, checking other party is live or not to

prevent from playback attack, using symmetric and public key

When two people want to communicate securely over computer encryption are some ways to authenticate in such situation.
network, certainly sender wants only the receiver to be able to
 Message Integrity and Non-repudiation: Even if the sender and
understand a message that sender has sent even though they are
receiver are able to authenticate each other, they also want to ensure
communicating over insecure medium where an intruder may intercept,
that the content of their communications is not altered, either
read, and performs computation on whatever is transmitted from sender
maliciously or by the accident, in transmission. Check summing
to receiver. Receiver also wants to be sure that the message he/she
techniques, Digital Signature, message digest are some ways to
receives from sender is indeed send by real sender and sender also want
provide such message integrity and non-repudiation.
to sure that person to whom he/she communicating is indeed the actual
 Availability and Access Control: Some users may be legitimate to
receiver. Sender and receiver also want to make sure that the content of
access resources, while others are not. This leads to the notion of
their message have not been altered in transit. Considering these
access control; ensuring that entities seeking to gain access to
requirements, we can identify the following desirable properties for
resources are allowed to do so only if the have the appropriate access
“secure communication”, as essential task of Network Security.
rights, and perform their access in well-defined manner. Access
 Confidentiality: Only the sender and intended receiver should be able controls can be implemented by firewalls on application-level, on
to understand the content of the transmitted message. Because packet-filtering etc.
intruder may tap the message, it is necessary that the message
somehow encrypted so that data can’t be understand by other than
receiver. But there should be some mechanism (algorithm) to decrypt
the message by receiver. This aspect of confidentiality is probably the
most commonly known meaning of the term “Secure
Communication”.
 Authentication: Both the sender and receiver should be able to
confirm the identity of the other party involved in the communication-
to confirm that the other party is indeed who or what he/she claim to
be. Face-to-face human communication solves this problem easily by
visual recognition. When Communicating entities exchange message
over secure medium where they can’t see the other party,
Cryptography:
authentication is not so simple. Sender IP address, sender password,
Cryptography is a science of secrecy which allows a sender to disguise All cryptographic algorithms involve substituting one thing for another to
data for secure communication, so that an intruder can’t gain information make cipher text and can’t be understand by intruder. In symmetric key
from the intercepted data. The receiver, of course, must be able to cryptography, sender and receiver share identical secret keys. In Public
recover the original data from the disguised data. Some important key cryptography, a pair of keys is used. One of the keys is known to both
terminologies used in cryptography are: (indeed it is known to whole world) called public key. The other key is
known only by either sender or receiver, mostly used for decryption,
Plaintext /clear text: original form of data called private key.
Cipher (code) text: encrypted or disguised data
Symmetric Key Cryptography:
Key: Secret information to encrypt or decrypt data
As already mention, in symmetric key cryptography, both sender and
receiver shares the secret key for encryption and decryption.

Caesar cipher: For English text, substitution of the letter in plaintext

message is done by a letter that is k position behind that letter. If k=2,
then “I am a student” would be “k co c uvwfgpv” in cipher text. While the
cipher text looks like nonsense, it wouldn’t take long to break the code if
you knew that the Caesar cipher was being used, as there are only 25
possible key values. It is easier to break if you know that cipher text is
From above Figure, Alice provides a key KA (a string of numbers or
used to disguise data.
characters) as input to the encryption algorithm. The encryption
algorithm takes the key and the plaintext message; let’s say m, as input Monoalphabetic Cipher: In monoalphabetic cipher, substitution of one
and producer cipher text as output. The notation K A (m) will be used to letter in plaintext message is done by another letter, but not following
refer the cipher text form (encrypted using K A) of the plaintext message, regular pattern as Caesar cipher, as long as each letter has unique
m. Similarly Bob will provide a key KB, to the decryption algorithm that substitution.
takes the cipher text and Bob’s key as input and produce the original
plaintext as output. That is, if Bob receives an encrypted message K A (m), plaintext: abcdefghijklmnopqrstuvwxyz
he decrypt it by computing KB (KA (m)) = m.
ciphertext: mnbvcxzasdfghjklpoiuytrewq

For example, Plaintext: bob, i love you, alice

 Cipher text: nkn, s gktc wky, mgsbc DES is a symmetric key standard published by NIST (National Institute of
Standards and Technology, U.S. government, 1997) as modern time
A monoalphabetic cipher would also appear to be better than the Caesar symmetric key encryption technique. DES encodes plaintext in 64-bits
cipher in that there are on the order of 10 26 possible pairings of letter blocks using 64-bits keys (actually 56-bits, as 1 bit for parity in each byte).
rather than 25 possible pairings. This cipher also can be broken if you DES goal is completely scramble the data and key so that every bit of
apply statistical analysis such as occurrences of letters in plaintext cipher text depends on every bits of data and every bits of keys. The basic
language ( as in English plaintext, “e” and “t” are the most frequently operation of DES is shown if figure below.
occurring letters accounting 13 percent and 9 percent respectively),
pairing of letter often together such as “in”, “it”, “the”, “ion”, “ing” etc.

Polyalphabetic Encryption: The idea behind polyalphabetic encryption is

to use multiple monoalphabetic or Caesar ciphers, with specific cipher to
encode a letter in a specific position in plaintext message. For example, if
two different Caesar cipher (with k=2 and k=5), as shown below, one
might choose to use these ciphers C 1 and C2, in the repeating pattern of
C1, C2, C1 i.e. first letter of plaintext is to be encoded using C 1, the second
using C2, and third using C1 and fourth using again C1 by repeating pattern.

Plaintext: i a m s t u d e n

C1 (k= 2): k c o u v w f g p

C2 (k =5): n f r x y z i j s

Then plaintext message “I am a Student “is encrypted as “k fo c xvwigpy”

using C1C2C1 pattern. Here encryption and decryption keys are knowledge If 56-bit DES is considered too insecure, one can simply run the 56-bit
of two Caesar keys k=3 and k=5 as well as pattern C 1C2C1. algorithm multiple times, taking the 64-bit output from one iteration of
DES as the input to the next DES iteration, using the different encryption
key each time. Triple-DES (3DES) is a U.S. government standard (NIST
1999), replaces simply DES as 56-bit DES is run three times in 3DES. 3DES
Data Encryption Standard (DES) and Advanced Encryption Standard
(AES)
is proposed encryption standard for PPP (point-to-point) protocol for data keys! We can interchange the public and private key encryption and get
link layer. the same result i.e. KB- (KB+ (m)) = KB+ (KB- (m)) = m.

AES (Advanced Encryption Standard, NIST 2001), successor of DES, is a

symmetric key algorithm that processes data in 128-bit blocks and can
operate with keys that are 128, 192 and 256 bits long. NIST estimates that
a machine that could crack 56-bits DES in one second, would take
approximately 149 trillion years to crack a 128-bit AES key.

Public Key Encryption

One difficulty with symmetric key encryption is that the two parties must Two Fundamental Cryptographic Principles:
agree on the shared key; but to do so require secure communication.  Redundancy:
The first principle is that all encrypted messages must contain some
Perhaps the two parties first meet and agree on the key and then
redundancy, that is, information not needed to understand the message.
communicate with each other. But in networked world, communicating An example may make it clear why this is needed. Consider a mail-order
parties may never meet expect in network. company, The Couch Potato (TCP), with 60,000 products. Thinking they
are being very efficient, TCP's programmers decide that ordering
The use of Public key cryptography is conceptually quite simple. Here, messages should consist of a 16-byte customer name followed by a 3-
sender and receiver are not sharing single secret key as in case of byte data field (1 byte for the quantity and 2 bytes for the product
symmetric key systems. Instead, there are two keys- a public key that is number). The last 3 bytes are to be encrypted using a very long key
available to everyone in the world and a private key that is known to known only by the customer and TCP.
receiver only. For example, if Alice is sending message to Bob, we will use
At first this might seem secure, and in a sense it is because passive
notation KB+ and KB- to refer Bob’s public and private keys respectively. In
intruders cannot decrypt the messages. Unfortunately, it also has a fatal
order to communicate with Bob, Alice first fetches Bob’s public key and
flaw that renders it useless. Suppose that a recently-fired employee
then encrypts her message, m using Bob’s public key along with known
wants to punish TCP for firing her. Just before leaving, she takes the
encryption algorithm. Bob receives Alice encrypted message, K B+ (m) and
customer list with her. She works through the night writing a program to
use his private key and known decryption algorithm to decrypt Alice’s
generate fictitious orders using real customer names. Since she does not
encrypted message. So bob will compute to get plaintext message, m= K B-
have the list of keys, she just puts random numbers in the last 3 bytes,
(KB+ (m)). In this way, Alice can use Bob’s publicly available key to send a
and sends hundreds of orders off to TCP.
secret message to Bob without either of them having to share any secret
When these messages arrive, TCP's computer uses the customer's name The second cryptographic principle is that some measures must be taken
to locate the key and decrypt the message. Unfortunately for TCP, almost to ensure that each message received can be verified as being fresh, that
every 3-byte message is valid, so the computer begins printing out is, sent very recently. This measure is needed to prevent active intruders
from playing back old messages. If no such measures were taken, our ex-
shipping instructions. While it might seem odd for a customer to order
employee could tap TCP's phone line and just keep repeating previously
837 sets of children's swings or 540 sandboxes, for all the computer sent valid messages. Restating this idea we get:
knows, the customer might be planning to open a chain of franchised Cryptographic principle 2: Some method is needed to foil replay attacks
playgrounds. In this way an active intruder (the ex-employee) can cause a
massive amount of trouble, even though she cannot understand the One such measure is including in every message a timestamp valid only
messages her computer is generating. for, say, 10 seconds. The receiver can then just keep messages around for
10 seconds, to compare newly arrived messages to previous ones to filter
This problem can be solved by the addition of redundancy to all out duplicates. Messages older than 10 seconds can be thrown out, since
messages. For example, if order messages are extended to 12 bytes, the any replays sent more than 10 seconds later will be rejected as too old.
first 9 of which must be zeros, then this attack no longer works because Measures other than timestamps will be discussed later.
the ex-employee can no longer generate a large stream of valid
messages. The moral of the story is that all messages must contain Digital Signatures
considerable redundancy so that active intruders cannot send random
We use to sign checks, credit card receipts, legal documents, letters, etc.
junk and have it be interpreted as a valid message.
to attest that we have acknowledge or agreed with contents of the
However, adding redundancy also makes it easier for cryptanalysts to document. In digital world, one often wants to indicate the owner or
break messages. Suppose that the mail order business is highly creator of a document, or to signify one’s agreement with the
competitive, and The Couch Potato's main competitor, The Sofa Tuber, document’s contents. A Digital Signature is a cryptographic technique to
would dearly love to know how many sandboxes TCP is selling. achieve these goals.
Consequently, they have tapped TCP's telephone line. In the original
scheme with 3-byte messages, cryptanalysis was nearly impossible,
because after guessing a key, the cryptanalyst had no way of telling
whether the guess was right. After all, almost every message is technically As human signatures, digital signatures should be done in such a way that
legal. With the new 12-byte scheme, it is easy for the cryptanalyst to tell a digital signatures are verifiable, nonforgeable and nonrepudiable. That is,
valid message from an invalid one. Thus, we have it must be possible to prove that a document signed by an individual was
Cryptographic principle 1: Messages must contain some redundancy indeed signed by that individual (the signature should be verifiable) and
that only individual could have signed the document (the signature can’t
 Freshness
be forged, and a signer can’t later repudiate or deny having signed the 1. Verifiable: The signed document, KB- (m), will be decrypted only by
document). This is achieved using technique form Public Key Bob’s public key, KB+ , to get original message m i.e. K B+ (KB- (m))=m.
Cryptography.
2. Nonforgeable and Nonrupudiable : As nobody signed on original
document, m, for the name of Bob, as only Bob knows his private key,
KB-. And if the original document, m, is ever modified to some alternate
form, m’, the signature that Bob created for m will not be valid for m’,
since KB+ (KB- (m)) does not equal to m’. Knowing of public key, KB+, is of
no help in learning the private key, K B-. Therefore, only person who
could know KB- is the person who generated the pair of keys, (K B+, KB-),
here Bob. So Bob could not deny having signed document.

Suppose that Bob wants to digitally sign a “document”, m. As shown in RSA Algorithm (Rivest, Shamir, Adelson):
above figure, Bob simply uses his private key, KB- to compute KB- (m). Here
Bob’s goal of signing the document is not to scramble the contents of  The most common public key encryption algorithm.
document, but to fulfill the requirements of verifiable, nonforgeable and  Uses two numbers: e and d as public and private which have a special
nonrepudiable. relationship to each other.

Does this document with digital signature, K B- (m), meet above mentioned Selecting keys:
requirements? Suppose Alice has original document m and K B- (m) and  Choose two large prime numbers: p and q such that p is not equal to q.
she wants to prove that Bob had indeed signed the document and was  Compute n=pq, z=(p-1)(q-1).
only person who could have possibly signed the document. Alice take the  Choose e (with e<n) that has no common factors with z (e and z are
Bob’s public key, KB+, and applies to signed document, K B- (m), associated relatively prime).
with the document, m. That is, she computes K B+ (KB- (m)), and produces  Choose d such that ed-1 is exactly divisible by z (i.e. ed mod z=1).
m, which is exactly matches the original document. So Alice then argues
 Public key is (n,e) and Private key is (n,d).
that only Bob could have signed the document and meets the
Encryption: Cipher text (C)=pe mod (n)
requirements of digital signature with following reasons:
Decryption: p=Cd mod (n)

Q. Encrypt SUZANNE using RSA algorithm.

Let,
 p=3 and q=11 are the two prime numbers.  The package is independent of operating system and processor.
Thus, n=p*q=33 and z=(3-1)(11-1)=20.  PGP doesn’t rely on the “establishment” and its popularity and use
Let, e=3 such that e and z are relatively prime. have grown extensively since 1995.
Thus, d=7.  PGP combines the best available cryptographic algorithms to achieve
secure e-mail communication.
 It is assumed that all users are using public key cryptography and have
Letters p pe C=pe mod (n) Cd p=Cd mod (n)
generated a private/public key pair.
S 19 6859 28 1349292851 19
2  Either RSA (with RSA digital signatures) or El Gamel (with DSA) can be
U 21 9261 21 1801088541 21 used.
Z 26 17576 20 1280000000 26  All users also use a symmetric key system such as triple DES or
A 1 1 1 1 1 Rijndael.
N 14 2744 5 78125 14  PGP encrypts data using block cipher called IDEA (International Data
N 14 2744 5 78125 14 Encryption Algorithm) which uses 128-bit keys.
E 5 125 26 8031810176 5  Services offered by PGP:
 Authentication
K-B(K+B(m))=m= K+B(K-B(m)) i.e. we can use public key first, followed by
 Confidentiality
private key or we can use private key first, followed by public key.
 Compression
 Email compatibility
 Segmentation
Securing Email:

There are two main schemes which are especially designed to provide
confidentiality and authentication for electronic mail systems. These are
PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet
Mail Extension).
VPN (Virtual Private Network):
PGP:
Traditional Connectivity:
 Developed by Phil Zimmerman in 1995.
 Documentation and source code is freely available.
 [from Gartner Consulting]

[From Gartner Consulting]

Brief overview of how it works:

 VPN is a type of private network that uses public telecommunication,  Two connections- one is made to the internet and the second is made
such as the internet, instead of leased lines to communicate. to the VPN.
 Became popular as more employees worked in remote locations.  Datagrams- contains data, destination and source information.
 Firewalls- VPNs allows authorized users to pass through the firewalls.
Private Network vs. VPN:  Protocols- protocols create the VPN tunnels.

 Employees can access the network (internet) from remote locations. Critical Functions:
 Secured networks.
 The internet is used as backbone for VPNs.  Authentication: validates that the data was sent from the sender.
 Saves cost tremendously from reduction of equipment and  Access control: limiting unauthorized users from accessing the n/w.
maintenance costs.  Confidentiality: preventing the data to be read or copied as the data is
 Scalability being transported.
 Data integrity: ensuring that the data has not been altered.
Remote Access VPN:
Tunneling:
 Tunneling is a virtual point-to-point connection made through a public
network. It transports encapsulated data.

Original datagram

Encrypted inner datagram

Datagram header Outer datagram data area

Data encapsulation

Two types of end points remote access and site-to-site

Protocols used in VPN:

 PPTPPoint-to-Point Tunneling Protocol Types of VPN Implementations:

 L2TPLayer 2 Tunneling Protocol
 Intranetwithin an organization
 IPsecInternet Protocol security
 Extranetoutside an organization
 SOCKSis not used much as above protocols
 Remote Accessemployee to business

SSL (Secure Sockets Layer):

SSL was originally developed by Netscape Inc. SSL resides at the same
layer as the socket API. When a client uses SSL to contact a server, the SSL
protocol allows each side to authenticate itself to other. The two sides
VPN Encapsulation of Packets: then negotiate to select an encryption algorithm that they both support.
Finally, SSL allows the two sides to establish an encrypted connection.

 SSL is a transport layer security to any TCP –based app using SSL
services.
 It is used between web browsers, servers for ecommerce (shttp).
 Security services:
Next header (8) Payload length (8) Reserved (16)
 Server authentication
Security parameters index
 Data encryption
Sequence numbers
 Client authentication (optional) Authentication data (variable)

Fig: IPsec authentication header format

IPsec:
Next header: records original protocol value
The IETF has devised a set of protocols that provide secure internet
Payload length: length of the authentication header
communication, called IPsec (IP security). The protocols offer
authentication and privacy services at the IP layer, and can be used with Sequence number: unique number of each packet sent (starts with 0 and
both IPV4 and IPV6. It enhances flexibility and extensibility of the system. increases monotonically when a particular security algorithm is selected)
For example: an application that employs IPsec can choose whether to
use an authentication facility that validates the sender or to use an Security parameters index: the security scheme used
encryption facility that also ensures the payload will remain confidential;
Authentication data: data for the selected security scheme
the choices can be asymmetric (e.g. authentication in one direction but
not in another).

IPsec doesn’t restrict to a specific encryption or authentication algorithm. Securing wireless LANs (WEP):
IPsec provides a general framework that allows each pair of
communicating endpoints to choose algorithms and parameters. To Wired Equivalent Protocol (WEP) is a data link-level security protocol
guarantee interoperability, IPsec does include a set of encryption prescribed by 802.11 standards. It is first and widely used security choice
algorithms that all implementations must recognize. offered in routers for users. It is secured as wired network but less in
comparison to WPA2 (WiFi Protected Access 2). It is recognized with 10 or
IPsec is not a single protocol. Instead, IPsec provides a set of security 26 hexadecimal digits.
algorithms and a general framework that allows a pair of communicating
entities to use whichever algorithms provide security appropriate for the Encryption details:
communication.
 Uses RC4 algorithm for confidentiality and CRC-32 checksum for • Two methods: Open System authentication and shared Key
integrity. Authentication.
 Standard 64-bit WEP uses a 40 bit key which is concatenated with 24- • This applies to ad-Hoc mode.
bit initialization vector (IV) to form the RC4 key.
 Key size was limited before but now it is extended as 128-bit WEP 1. Open System:
using 104-bit key size. • The WLAN client need not provide its credentials to the Access Point
during authentication.
• Any client can authenticate with the Access Point and then attempt to
associate.
• No authentication occurs.
• Subsequently WEP keys can be used for encrypting data frames.

2. Shared key:

Authentication is done in a four step handshake.

• The client sends an authentication request to the Access Point.

Decryption:
At the receiver side, cipher text is XORed with keystream to obtain the • The Access Point replies with a clear-text challenge.
plain text. • The client encrypts the challenge-text using the configured WEP key,
and sends it back in another authentication request.
• 64-bit WEP key is usually entered as a string 10 hexadecimal character.
• Each character represents four bits, 10 digits of four bits each gives 40 • The Access Point decrypts the response. If this matches the challenge-
bits & adding 24 bits IV gives 64 bits WEP key. text, the Access Point sends back a positive reply.
• A 128-bit WEP key is usually entered as a string of 26 hexadecimal
characters.
• 26 digits of four bits each give 104 bits and adding the 24-bit IV
produces the complete key.
Authentication:
Flaws: • Dynamic WEP keys dynamically.

• RC4 is a stream cipher, the same traffic key must never be used twice. • It is a vendor-specific feature provided by several vendors such as
3Com.
• The purpose of an IV, which is transmitted as plain text, is to prevent
any repetition, but a 24-bit IV is not long enough to ensure this on a Firewalls:
busy network.
Firewall is emerged as the basis for internet access control. An
• The way the IV was used also opened WEP to a related key attack. organization places a firewall at its connection to external networks. A
firewall partitions an internet into two regions, referred to informally as
• For a 24-bit IV, there is a 50% probability the same IV will repeat after the inside and outside. Thus, firewall isolates organization’s internal net
5000 packets. from larger internet, allowing some packets to pass, blocking others.
Remedies:

• Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) can

provide secure data transmission over an insecure network.

• However, replacements for WEP have been developed with the goal of
restoring security to the wireless network itself.

• 802.11i (WPA & WPA2) are ultimate solution for WEP, although WPA is
good solution but it has been cracked.

• WEP2 was extended version of WEP with both IV and key extended to
128 bits.
Why firewalls??
• It hoped to eliminate the duplicate IV deficiency as well as stop brute
force attack.  Prevent denial of service (DOS) attacks:
SYN flooding: attacker establishes many bogus TCP connections, no
• WEPplus can only be used when both side of connection uses resources left for real connections.
WEPplus.  Prevent illegal modification/access of internal data:
e.g. attacker replaces CIA’s homepage with something else.
 Allow only authorized access to inside network: 2. Packet Filtering:
Set of authenticated users/hosts.  Internal network connected to internet via router firewall.
 Router filters packet-by-packet, decision to forward/drop packet
Types of firewalls: based on:
 Source IP address, destination IP address
1. Application gateway  TCP/UDP source and destination port numbers
2. Packet Filtering  ICMP message type
 TCP SYN and ACK bits
1. Application gateway:
 Filters packets on application data as well as on IP/TCP/UDP Limitations of firewalls and gateways:
fields.  IP spoofing: router can’t know if data really comes from claimed
 Example: allows select internal users to telnet outside. source.
 Require all telnet users to telnet through gateway.  If multiple applications need special treatment, each has own
 For authorized users, gateway sets up telnet connection application gateway.
to destination host. Gateway relays data between two  Client software must know how to contact gateway.
connections.
 Filters often use all or nothing policy for UDP.
 Router filter blocks all telnet connections not originating
 Tradeoff: degree of communication with outside world, level of
from gateway.
security
 Many highly protected sites still suffer from attacks.