Subject Name: NETWORK SECURITY

Subject Code: 10EC832

Prepared By: SHAIK KAREEMULLA & BENJAMIN I

Department: ELECTRONICS AND COMMUNICATION

ENGINEERING

Engineered for Tomorrow

Prepared by : Kareemulla & Benjamin

Department : Electronics and Communication Engg

01/29/24 Date : 16.02.2015

 UNIT I

01/29/24
01/29/24
TOPICS TO BE COVERED:
Services, Mechanisms, Mechanism Attacks,
The OSI security architecture, A model for
network security. (6 Hrs)

01/29/24
 Computer Security
The protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources (includes hardware,
software, firmware, information/data, and
telecommunications)

01/29/24
 Key Security Concepts

01/29/24
 Three Key Objectives
• Confidentiality
– Data confidentiality
– Privacy
• Integrity
– Data integrity
– System integrity
• Availability
• Additional concepts
– Authenticity
– Accountability
 Levels of Impact
• 3 levels of impact from a security breach
– Low
– Moderate
– High

01/29/24
 Examples of Security Requirements
• confidentiality – student grades
• integrity – patient information
• availability – authentication service

01/29/24
 Computer Security Challenges
1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system
01/29/24
 OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• defines a systematic way of defining and providing
security requirements
• for us it provides a useful, if abstract, overview of
concepts we will study
 Aspects of Security
• 3 aspects of information security:
– security attack
– security mechanism: detect, prevent, recover
– security service
• terms
– threat – a potential for violation of security
– attack – an assault on system security, a
deliberate attempt to evade security services
 Passive Attacks (1)
Release of Message Contents

01/29/24
 Passive Attacks (2)
Traffic Analysis

01/29/24
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than detection
• By means of encryption
Active Attacks (1)
Masquerade
Active Attacks (2)
Replay
 Active Attacks (3)
Modification of Messages

01/29/24
Active Attacks (4)
Denial of Service
• Active attacks try to alter system resources or affect
their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade
– Replay
– Modification of messages
– Denial of service: preventing normal use
• A specific target or entire network
• Difficult to prevent
– The goal is to detect and recover
 Security Service
– enhance security of data processing systems and
information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated
with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
 Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

• RFC 2828:
“a processing or communication service provided by
a system to give a specific kind of protection to
system resources”
01/29/24
 Security Services (X.800)
• Authentication - assurance that communicating
entity is the one claimed
– have both peer-entity & data origin authentication
• Access Control - prevention of the unauthorized use
of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as
sent by an authorized entity
• Non-Repudiation - protection against denial by one
of the parties in a communication
• Availability – resource accessible/usable
 Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
• hence our focus on this topic
 Security Mechanisms
• specific security mechanisms:
– encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery
01/29/24
Model for Network Security
 Model for Network Security
• using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Model for Network Access Security
 Model for Network Access Security
• using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated information
or resources

01/29/24
 Standards
• NIST: National Institute of Standards and
Technology
– FIPS: Federal Information Processing Standards
– SP: Special Publications
• ISOC: Internet Society
– Home for IETF (Internet Engineering Task Force)
and IAB (Internet Architecture Board)
– RFCs: Requests for Comments
 Summary
• topic roadmap & standards organizations
• security concepts:
– confidentiality, integrity, availability
• security architecture
• security attacks, services, mechanisms
• models for network (access) security
 Exercise
1. Write a note on security Services.
2. Explain Security Mechanisms.
3. What are the types of security attacks? Explain in details.
4. What are things on which OSI security model focuses?
5. With a block diagram explain network security model in
detail.
 UNIT -2
SYMMETRIC CIPHER MODEL

01/29/24
 Contents
• INTRODUCTION
• CRYPTOGRAPHY
• NEED FOR SECURITY
• SYMMETRIC CIPHER MODEL
• MODEL OF CONVENTIONAL CRYPTOSYSTEM
• THE DATA ENCRYPTION STANDARD
• DES ENCRYPTION ALGORITHM
• (DES3) TRIPLE DATA ENCRYPTION STANDARD
• APPLICATIONS
• CONCLUSION
(7 Hrs)

01/29/24
 INTRODUCTION
 Power analysis attacks have attracted significant attention
within the cryptographic community. So far, they have been
successfully applied to different kinds of (unprotected) symmetric
and public-key encryption schemes.

 In Boolean Masking has been successfully applied to smart

card implementations of the DES and the AES .

 The protected algorithms usually have much higher memory

requirements than the unmasked ones. For this reason, it is often
assumed that masking is not a practical solution for the protection
of hardware implementations.
 CRYPTOGRAPHY
 Cryptography is the study of mathematical techniques related
to aspects of information security such as confidentiality, data
integrity, entity authentication, and origin authentication.
 There are two kinds of cryptosystems:
1.symmetric
2.asymmetric
 Symmetric cryptosystems use the same key (the secret key)
to encrypt and decrypt a message.
 Asymmetric cryptosystems use one key (the public key) to
encrypt a message and a different key (the private key) to
decrypt it. Asymmetric cryptosystems are also called public key
cryptosystems.
 Need for security
• Steps involved in secured communication:
1. Design an algorithm for performing the security related transformation such that
the opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Specify the protocol to be used by the two principles that make use of the security
algorithm.

Threats in communication

• Information access threat: Modification of the data without the knowledge of

sender and then transmit the data.

• Service threat: Exploit this flaws in the services available in computer to inhibit the
use by legitimate users.
 SYMMETRIC CIPHER MODEL
Secret key shared by Secret key shared by

sender and recipient sender and recipient

Encryption Transmitted Decryption

Process Process
Cipher text

Plaintext Encryption Algorithm Decryption Algorithm Plaintext

input e.g.: TDES (reverse of Encryption output

Algorithm)
Simplified Model of Conventional Encryption

01/29/24
MODEL OF CONVENTIONAL
CRYPTOSYSTEM
 THE DATA ENCRYPTION STANDARD
• DES is the most widely used symmetric algorithm in the world,
because the key length is too short. Since DES was first announced,
controversy has raged about whether 56 bits is long enough to
guarantee security.

• Just applying DES twice, double DES, is ineffective. Using two 56-
bit keys gives 112 total key bits, so a brute force attack needs 2 111
encryptions. However, brute force is not the best attack.

• Advanced Encryption Standard (AES) will be at least as strong as

Triple DES and probably much faster.
 Limitations of DES
• Generating the per-round keys that the key is subjected to an a
initial permutation to generate two 28 – bit quantities C0 and
D0. The sixteen suspect keys are ones for which , C0 and D0
are one of the four values : all ones , all zeroes , alternating
ones and zeroes , alternating zeroes and ones . Since there are
four possible values for each half , there are sixteen
possibilities in all.
• The four weak keys are the ones for which each of , C0 and
D0 are all ones or all zeroes. Weak keys are their own
inverses. The remaining twelve keys are the semi- weak keys.
Each is the inverse of one of the others.
01/29/24
Applications of DES
The DES core can be utilized for a variety of encryption
applications including:
• Secure File/Data transfer
• Electronic Funds Transfer
• Encrypted Storage Data
• Secure communications
Features of DES
• Encryption/Decryption performed in 16 cycles
(ECB mode)
• 56 bits of security
• For use in FPGA designs
• Verilog IP Core
 (DES3) Triple Data Encryption Standard
 The DES3 core is a block cipher, working on 64 bits of data at a
time. It is built upon the Data Encryption Standard (DES) core.
Key length is 64 bits of which only 56 bits are used.
 The DES3 Low Gate version is implemented to minimize gate

count or FPGA resources. The design does not use any memories
such as SRAM.

 The DES3 Pipelined version is implemented to maximize

performance by pipelining the DES algorithm through three DES-
PL instantiations.
TDES Encryption

TDES Decryption
 DES ENCRYPTION ALGORITHM

01/29/24
 INPUT 64
BIT BLOCK DIAG FOR INPUT DATA
KEY 48
INITIAL BITS
PERMUTATION

LEFT RIGHT 32 bits 48 bits 48 bits

EXPANSION S-BOX
32 BITS 32 BITS PERMUTATION
XOR
32 bits

XOR
32 bits PERMUTATION
BOX
32 bits 32 bits

Li Ri
01/29/24
 56 BITS
8 BITS FOR PARITY PERMUTATION
INPUT 64 BIT
CHOICE(PC1)

BLOCK DIAGRAM FOR KEY GENERATION

56 BITS

48 bits
PERMUTATION
48 BIT KEY
CHOICE(PC2)

48 bits 48 bits
EXPANSION S-BOX
PERMUTATION
01/29/24
XOR
 Single Round of DES

01/29/24
Initial permutation (IP)

Table- Initial permutation

IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

01/29/24
Expansion permutation (E)

Table- Expansion permutation

E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
Substitution boxes (S-boxes)
 TDES Algorithm

01/29/24
Applications of DES3
The DES3 core can be utilized for a variety of encryption
applications including::
• Secure File/Data transfer
• Electronic Funds Transfer
• Encrypted Storage Data
• Secure communications
Features of DES3
• Encryption/Decryption performed in 48 cycles(ECB mode)
• Up to 168 bits of security
• For use in FPGA or ASIC designs
• Verilog IP Core

01/29/24
 Origins AES
• clear a replacement for DES was needed
– have theoretical attacks that can break it
– have demonstrated exhaustive key search attacks
• can use Triple-DES – but slow with small blocks
• US NIST issued call for ciphers in 1997
• 15 candidates accepted in Jun 98
• 5 were shortlisted in Aug-99
• Rijndael was selected as the AES in Oct-2000
• issued as FIPS PUB 197 standard in Nov-2001
 AES Requirements
• private key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• stronger & faster than Triple-DES
• active life of 20-30 years (+ archival use)
• provide full specification & design details
• both C & Java implementations
• NIST have released all submissions & unclassified
analyses
 AES Evaluation Criteria
• initial criteria:
– security – effort to practically cryptanalyse
– cost – computational
– algorithm & implementation characteristics
• final criteria
– general security
– software & hardware implementation ease
– implementation attacks
– flexibility (in en/decrypt, keying, other factors)

01/29/24
 AES Shortlist
• after testing and evaluation, shortlist in Aug-99:
– MARS (IBM) - complex, fast, high security margin
– RC6 (USA) - v. simple, v. fast, low security margin
– Rijndael (Belgium) - clean, fast, good security margin
– Serpent (Euro) - slow, clean, v. high security margin
– Twofish (USA) - complex, v. fast, high security margin
• then subject to further analysis & comment
• saw contrast between algorithms with
– few complex rounds verses many simple rounds
– which refined existing ciphers verses new proposals

01/29/24
 The AES Cipher - Rijndael
• designed by Rijmen-Daemen in Belgium
• has 128/192/256 bit keys, 128 bit data
• an iterative rather than feistel cipher
– treats data in 4 groups of 4 bytes
– operates an entire block in every round
• designed to be:
– resistant against known attacks
– speed and code compactness on many CPUs
– design simplicity
 Rijndael
• processes data as 4 groups of 4 bytes (state)
• has 9/11/13 rounds in which state undergoes:
– byte substitution (1 S-box used on every byte)
– shift rows (permute bytes between groups/columns)
– mix columns (subs using matrix multipy of groups)
– add round key (XOR state with key material)
• initial XOR key material & incomplete last round
• all operations can be combined into XOR and table
lookups - hence very fast & efficient
AES
 Byte Substitution
• a simple substitution of each byte
• uses one table of 16x16 bytes containing a permutation of all
256 8-bit values
• each byte of state is replaced by byte in row (left 4-bits) &
column (right 4-bits)
– eg. byte {95} is replaced by row 9 col 5 byte
– which is the value {2A}
• S-box is constructed using a defined transformation of the
values in GF(28)
• designed to be resistant to all known attacks

01/29/24
 Shift Rows
• a circular byte shift in each each
– 1st row is unchanged
– 2nd row does 1 byte circular shift to left
– 3rd row does 2 byte circular shift to left
– 4th row does 3 byte circular shift to left
• decrypt does shifts to right
• since state is processed by columns, this step
permutes bytes between the columns
 Mix Columns
• each column is processed separately
• each byte is replaced by a value dependent on
all 4 bytes in the column
• effectively a matrix multiplication in GF(28)
using prime poly m(x) =x8+x4+x3+x+1
 Add Round Key
• XOR state with 128-bits of the round key
• again processed by column (though effectively
a series of byte operations)
• inverse for decryption is identical since XOR is
own inverse, just with correct round key
• designed to be as simple as possible
 AES Round

01/29/24
 AES Key Expansion
• takes 128-bit (16-byte) key and expands into
array of 44/52/60 32-bit words
• start by copying key into first 4 words
• then loop creating words that depend on
values in previous & 4 places back
– in 3 of 4 cases just XOR these together
– every 4th has S-box + rotate + XOR constant of
previous before XOR together
• designed to resist known attacks
 AES Decryption
• AES decryption is not identical to encryption
since steps done in reverse
• but can define an equivalent inverse cipher
with steps as for encryption
– but using inverses of each step
– with a different key schedule
• works since result is unchanged when
– swap byte substitution & shift rows
– swap mix columns & add (tweaked) round key
 Implementation Aspects
• can efficiently implement on 8-bit CPU
– byte substitution works on bytes using a table of
256 entries
– shift rows is simple byte shifting
– add round key works on byte XORs
– mix columns requires matrix multiply in GF(28)
which works on byte values, can be simplified to use
a table lookup
 Implementation Aspects
• can efficiently implement on 32-bit CPU
– redefine steps to use 32-bit words
– can precompute 4 tables of 256-words
– then each column in each round can be computed
using 4 table lookups + 4 XORs
– at a cost of 16Kb to store tables
• designers believe this very efficient
implementation was a key factor in its
selection as the AES cipher

01/29/24
 Summary
• have considered:
– the AES selection process
– the details of Rijndael – the AES cipher
– looked at the steps in each round
– the key expansion
– implementation aspects
 Exercise
1. Explain CASER cipher and disadvantages of it.
2. Explain PLAYER FAIR method for the key board
CRYPTOGRAPHY give cipher text for plain text electronics
and communication.
3. What is Hill cipher algorithm? Explain briefly.
4. Differentiate between block cipher and stream cipher.
5. Differentiate between monoalphabetic and pdyalphabetic.
6. What is the principle behind DES algorithm? Explain
encryption and decryption of DES.
7. What are the models of operation in block cipher?
8. Write a note on AES cipher.
 UNIT 7
Malicious software programs

01/29/24
Contents

Viruses and related Threats,

Virus Countermeasures (7 Hrs)

01/29/24
Viruses and Other Malicious Content
 computer viruses have got a lot of publicity
 one of a family of malicious software
 effects usually obvious
 have figured in news reports, fiction, movies
(often exaggerated)
 getting more attention than deserve
 are a concern though
Malicious Software
 Backdoor or Trapdoor
• secret entry point into a program
• allows those who know access bypassing usual
security procedures
• have been commonly used by developers
• a threat when left in production programs
allowing exploited by attackers
• very hard to block in O/S
• requires good s/w development & update
 Logic Bomb
• one of oldest types of malicious software
• code embedded in legitimate program
• activated when specified conditions met
– eg presence/absence of some file
– particular date/time
– particular user
• when triggered typically damage system
– modify/delete files/disks, halt machine, etc
01/29/24
 Trojan Horse
• program with hidden side-effects
• which is usually superficially attractive
– eg game, s/w upgrade etc
• when run performs some additional tasks
– allows attacker to indirectly gain access they do not have
directly
• often used to propagate a virus/worm or install a
backdoor
• or simply to destroy data
 Mobile Code
 program/script/macro that runs unchanged
 on heterogeneous collection of platforms
 on large homogeneous collection (Windows)
 transmitted from remote system to local system
& then executed on local system
 often to inject virus, worm, or Trojan horse
 or to perform own exploits
 unauthorized data access, root compromise
 Multiple-Threat Malware
 malware may operate in multiple ways
 multipartite virus infects in multiple ways
 eg. multiple file types
 blended attack uses multiple methods of
infection or transmission
 to maximize speed of contagion and severity
 may include multiple types of malware
 eg. Nimda has worm, virus, mobile code
 can also use IM & P2P
 Viruses
 piece of software that infects programs
 modifying them to include a copy of the virus
 so it executes secretly when host program is run
 specific to operating system and hardware
 taking advantage of their details and weaknesses
 a typical virus goes through phases of:
 dormant
 propagation
 triggering
 execution

01/29/24
 Virus Structure
 components:
 infection mechanism - enables replication
 trigger - event that makes payload activate
 payload - what it does, malicious or benign
 prepended / postpended / embedded
 when infected program invoked, executes
virus code then original program code
 can block initial infection (difficult)
 or propogation (with access controls)
Virus Structure
Compression Virus
 Virus Classification
 boot sector
 file infector
 macro virus
 encrypted virus
 stealth virus
 polymorphic virus
 metamorphic virus

01/29/24
 Macro Virus
 became very common in mid-1990s since
 platform independent
 infect documents
 easily spread
 exploit macro capability of office apps
 executable program embedded in office doc
 often a form of Basic
 more recent releases include protection
 recognized by many anti-virus programs
 E-Mail Viruses
 more recent development
 e.g. Melissa
 exploits MS Word macro in attached doc
 if attachment opened, macro activates
 sends email to all on users address list
 and does local damage
 then saw versions triggered reading email
 hence much faster propagation
 Virus Countermeasures
• prevention - ideal solution but difficult
• realistically need:
– detection
– identification
– removal
• if detect but can’t identify or remove, must
discard and replace infected program
 Anti-Virus Evolution
 virus & antivirus tech have both evolved
 early viruses simple code, easily removed
 as become more complex, so must the
countermeasures
 generations
 first - signature scanners
 second - heuristics
 third - identify actions
 fourth - combination packages

01/29/24
 Exercise
1. Give the mechanisms of spreading nimda.
2. Explain the operation of compression virus with
example.
3. Write a note on virus counter measures.
4. Give the taxonomy of malicious program.
5. List the software threats and explain in detail.
6. Write a note on email virus.
7. Discuss about digital immune system.
01/29/24