Tamer Khattab

Electrical Engineering
Qatar University

Slides based on
Textbook slides by William Stallings
(author)

ELEC 441
Fundamentals of Secure Communications
 Lecture 1 Objectives
Communications Security Concepts • Describe the key security requirements
of confidentiality, integrity, and
(Network & Information Security) availability.

• Discuss the types of security threats and

attacks.

• Provide an overview of keyless, single-

key, and two-key cryptographic
algorithms.

• Provide an overview of the main areas

of network security.

• Describe a trust model for information

security.

• List key organizations involved in

cryptography standards.
© 2017 Pearson Education, Ltd., All rights
reserved.
 The field of network and
Internet security consists of:

measures to deter,
prevent, detect, and
correct security
violations that involve
the transmission of
information

© 2017 Pearson Education, Ltd., All rights reserved.

 NIST Cyber Security

“the protection afforded to an automated

information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources” (includes
hardware, software, firmware, information/
data, and telecommunications)

© 2017 Pearson Education, Ltd., All rights reserved.

 Information Security
“preservation of confidentiality,
integrity, and availability of information. In addition,
other properties, such as authenticity, accountability,
nonrepudiation, and reliability can also be involved.”

© 2017 Pearson Education, Ltd., All rights

reserved.
 Network Security
“protection of networks and their
service from unauthorized modification, destruction,
or disclosure, and provision of assurance that the
network performs its critical functions correctly and
there are no harmful side effects”

© 2017 Pearson Education, Ltd., All rights

reserved.
 CIA triad and more …

© 2017 Pearson Education, Ltd., All rights

reserved.
 OSI Security Architecture
• Security attack
• Any action that compromises the security of
information owned by an organization

• Security service
• A processing or communication service that
enhances the security of the data processing
systems and the information transfers of an
organization
• Intended to counter security attacks, and
they make use of one or more security
mechanisms to provide the service

• Security mechanism
• A process (or a device incorporating such a
process) that is designed to detect, prevent,
or recover from a security attack

© 2017 Pearson Education, Ltd., All rights

reserved.
 Threats and Attacks (RFC 4949)

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

•A passive attack attempts to

learn or make use of
information from the system
but does not affect system
resources

•An active attack attempts to

alter system resources or affect
their operation

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Passive Attacks

• Are in the nature of

eavesdropping on, or
monitoring of, transmissions

• Goal of the opponent is to • Two types of passive

obtain information that is
being transmitted
attacks are:
• The release of message
contents
• Traffic analysis

© 2017 Pearson Education, Ltd., All rights reserved.

 Active Attacks
• Involve some modification of the
data stream or the creation of a •Takes place when one entity
pretends to be a different entity
false stream Masquerade •Usually includes one of the other
forms of active attack
• Difficult to prevent because of
the wide variety of potential
•Involves the passive capture of a
physical, software, and network data unit and its subsequent
vulnerabilities
Replay retransmission to produce an
unauthorized effect

• Goal is to detect attacks and to

recover from any disruption or •Some portion of a legitimate
delays caused by them Modification message is altered, or messages are
of messages delayed or reordered to produce an
unauthorized effect

Denial of •Prevents or inhibits the normal use

or management of communications
service facilities

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Services

• Defined by X.800 as:

• A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers

• Defined by RFC 4949 as:

• A processing or communication service provided by a
system to give a specific kind of protection to system
resources

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Services (X.800)

Security Services
• Authentication
• Access control
• Data confidentiality
• Data integrity
• Nonrepudiation
• Availability service

© 2017 Pearson Education, Ltd., All rights reserved.

 Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the recipient
that the message is from the source that it claims to
be from
• In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties

Two specific authentication services are defined in X.800:

• Peer entity authentication

• Data origin authentication

© 2017 Pearson Education, Ltd., All rights reserved.

 Access Control

• The ability to limit and control the access to

host systems and applications via
communications links

• To achieve this, each entity trying to gain

access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual

© 2017 Pearson Education, Ltd., All rights reserved.

 Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection of a
single message or even specific fields within a message

• The protection of traffic flow from analysis

• This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility

© 2017 Pearson Education, Ltd., All rights reserved.

 Data Integrity
Can apply to a stream of messages, a single
message, or selected fields within a message

Connection-oriented integrity service, one that

deals with a stream of messages, assures that
messages are received as sent with no duplication,
insertion, modification, reordering, or replays

A connectionless integrity service, one that deals

with individual messages without regard to any
larger context, generally provides protection
against message modification only

© 2017 Pearson Education, Ltd., All rights reserved.

 Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message

• When a message is sent, the receiver can

prove that the alleged sender in fact sent the
message

• When a message is received, the sender can

prove that the alleged receiver in fact received
the message

© 2017 Pearson Education, Ltd., All rights reserved.

 Availability Service

• Protects a system to ensure its availability

• This service addresses the security concerns

raised by denial-of-service attacks

• It depends on proper management and

control of system resources and thus depends
on access control service and other security
services

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Mechanisms (X.800)

Security Mechanisms
• Cryptography
• Data integrity
• Digital signatures
• Authentication exchange
• Traffic padding
• Routing control
• Notarization
• Access control

© 2017 Pearson Education, Ltd., All rights reserved.

 Cryptography
“a branch of mathematics that deals
with the transformation of data. Cryptographic
algorithms are used in many ways in information security
and network security. Cryptography is an essential
component in the secure storage and transmission of
data, and in the secure interaction between parties.”

© 2017 Pearson Education, Ltd., All rights

reserved.
 Cryptographic Algorithms

© 2017 Pearson Education, Ltd., All rights

reserved.
 Network Security

© 2017 Pearson Education, Ltd., All rights

reserved.
 Model for Network Security

© 2017 Pearson Education, Ltd., All rights reserved.

 Trust
“the willingness of a party to be vulnerable to the
actions of another party based on the expectation
that the other will perform a particular action
important to the truster, irrespective of the ability to
monitor or control that other party.”

© 2017 Pearson Education, Ltd., All rights

reserved.
 A Trust Model
• Trustworthiness: A characteristic
of an entity that reflects the degree
to which that entity is deserving of
trust.

• Propensity: A tendency to be
willing to trust others across a
broad spectrum of situations and
trust targets. • Ability: (competence), relates to the
potential ability of the evaluated entity
• Risk: A measure of the extent to to do a given task or be entrusted with
which an entity is threatened by a given information.
potential circumstance or event,
and typically a function of 1) the • Benevolence: A disposition of goodwill
towards the trusting party.
adverse impacts that would arise if
the circumstance or event occurs; • Integrity: The truster’s perception that
and 2) the likelihood of occurrence. the trustee adheres to a set of
principles that the truster finds
acceptable.
© 2017 Pearson Education, Ltd., All rights reserved.
 Standards
National Institute of Standards and Technology

•NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S.
government use and to the promotion of U.S. private-sector innovation
•Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP)
have a worldwide impact

Internet Society

•ISOC is a professional membership society with world-wide organizational and individual membership
•Provides leadership in addressing issues that confront the future of the Internet and is the organization home
for the groups responsible for Internet infrastructure standards

ITU-T

•The International Telecommunication Union (ITU) is an international organization within the United Nations
System in which governments and the private sector coordinate global telecom networks and services
•The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and whose
mission is the development of technical standards covering all fields of telecommunications

ISO

•The International Organization for Standardization is a world-wide federation of national standards bodies
from more than 140 countries
•ISO is a nongovernmental organization that promotes the development of standardization and related
activities with a view to facilitating the international exchange of goods and services and to developing
cooperation in the spheres of intellectual, scientific, technological, and economic activity
© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
• Network security • Security services
concepts • Authentication
• Definition • Access control
• Examples • Data confidentiality
• Challenges • Data integrity
• Nonrepudiation
• The OSI security
• Availability service
architecture
• Security mechanisms
• Security attacks
• Passive attacks • Cryptography
• Active attacks
• Network security model

• Standards
© 2017 Pearson Education, Ltd., All rights reserved.