2. Need for Network security
Classification of Network Attacks
◦ Possible Attacks
Security Features
Security Mechanism: Cryptography
Types of Encryption-Decryption techniques
◦ Symmetric: Shared Key Type
◦ Asymmetric: Public/Private Key Type
Public Key Infrastructure
Digital Signature
Public Key Infrastructure implementation and its factors
◦ Generation of key pair
◦ Obtain Digital certificate
◦ Encryption/Decryption analysis
◦ Digital certificate role
Conclusion
3/3/2014
Raj Kumar Rampelli 2
3. What is a Network ?
◦ Data Carrier
Data ?
◦ Anything which conveys something between
1st person (sender/receiver) and
2nd person (receiver/sender)
Categories of Data ?
◦ Normal
◦ Confidential Data can’t be enclosed to 3rd person.
Goal ?
◦ Protection of DATA i.e. Information Security.
◦ Preventing compromise or loss of DATA from
unauthorized access
3/3/2014
Raj Kumar Rampelli 3
4. What is Network Attack ?
◦ An action that compromises the security of DATA
Categories of Attacks
◦ Passive
Learn from DATA and make use of system information
Do not alter the DATA
Very difficult to identify the attack
Ex: Eavesdropping (Interception)
◦ Active
Modifies the DATA
Ex: Denial of Service
Possible Attacks
◦ Interruption
◦ Interception
◦ Modification
◦ Fabrication
3/3/2014
Raj Kumar Rampelli 4
5. Normal Flow
Interruption
◦ Attack on “availability”
Disconnection of a wireless or wired internet
connection
Unavailability of a particular web site
Inability to access any web site
Sender Receiver
Disturb
Sender Receiver
3/3/2014
Raj Kumar Rampelli 5
6. Interception (No Privacy)
◦ Attack on “confidentiality”
◦ Packet Analyzer software
Intercept and log traffic passing over a network
Captures each Packet and decodes the data
Ex: Microsoft Network Monitor
◦ Man in the middle attack
◦ Wiretapping: capture the data
◦ Intruder can be a person or a program or a computer
Sender Receiver
Intruder
3/3/2014
Raj Kumar Rampelli 6
7. Modification
◦ Attacker modifies the data sent by the sender
◦ Gain access to a system and make changes
Alter programs so that it performs differently
◦ Attack on “Integrity”
Fabrication
◦ Attacker acts like Sender
◦ Gain access to a person’s email and sending
messages
◦ Attack on “Authenticity”
◦ Lack of mutual authentication
3/3/2014
Raj Kumar Rampelli 7
8. A Transaction/Communication (or a service)
is secure if and only if the following security
features are provided
◦ Confidentiality
◦ Integrity
◦ Authenticity (Mutual Authentication)
◦ Non-repudiation
Cryptography
◦ Symmetric key Cryptography
◦ Public Key Infrastructure
3/3/2014
Raj Kumar Rampelli 8
9. Cryptography
Services
•Provide
security
features Symmetric Key
Cryptography
•Data Encryption
Standard (DES)
•Triple DES
•Advanced ES
Public Key
Infrastructure
•Public-Private
Key
•RSA
•ECC
Encryption and
Decryption
•Cypher Text
Digital
Signature
Digital
Certificate
String of information that binds the unique identifier
of each user to his/her corresponding public key.
A mathematical scheme for demonstrating the
authenticity, non-repudiation and integrity of a
digital message
3/3/2014
Raj Kumar Rampelli 9
11. • Generation of Public-Private key pair
• Generation of certificate request
message
• Receive and store digital certificates
• Encryption and Decryption
• Generation and verification of digital
signature message
• Verification of Digital certificate
Performance
factors at
client
3/3/2014
Raj Kumar Rampelli 11
12. Generate public and private key pair at client
Check the following details using different
Public Key Cryptography (PKC) algorithms
◦ Time taken for key pair generation
◦ Storage space required for storing the key pair
◦ Repeat above two steps by changing the key size in
the algorithm
◦ Analyze the results and choose optimal algorithm
suitable for your application.
PKC algorithms
◦ RSA
◦ ECC
3/3/2014
Raj Kumar Rampelli 12
13. Generate certificate request message (CRM) using
public-private key pair
Apply for new Digital Certificate
◦ Send CRM and user/app credentials to Certificate
Authority (CA)
CA verifies the requester credentials
◦ Approves/Rejects the application
◦ If approved,
Generate Digital Certificate using requester credential with public
key information
Store it in Digital certificate data base locally
Send Digital certificate to requester
Receive Digital certificate from CA and store
locally.
3/3/2014
Raj Kumar Rampelli 13
14. String of information that binds the unique identifier of each client
to his/her corresponding public key.
Pre-requite for obtaining Digital certificate
◦ Generate public-private key pair locally
◦ Generate certificate request message
Digital certificate used to authenticate server credentials during
mutual authentication process
Mutual authentication process:
◦ a client authenticating themselves to a server and that server
authenticating itself to the user in such a way that both parties are
assured of the others' identity [wiki]
Authenticating an entity using its Digital certificate:
◦ Check the validity period of certificate
◦ Verify the digital signature of CA on the certificate using CA’s
public key
3/3/2014
Raj Kumar Rampelli 14
15. Client encrypts the message using server’s public
key
The time taken for encryption of fixed size
message
◦ Using server’s ECC public key
◦ Using server’s RSA public key
◦ Analyze the results.
Client decrypts the received message (from
server) using client’s private key
The time taken for decryption of fixed size
message
◦ Using client’s ECC private key
◦ Using client’s RSA private key
◦ Analyze the results.
3/3/2014
Raj Kumar Rampelli 15
16. A valid digital signature gives a recipient reason to believe that the message was created by a
known sender (Authenticity), such that the sender cannot deny having sent the message
(Non-repudiation) and that the message was not altered in transit (Integrity).
Performance factor-4:
Digital signature generation & verification
3/3/2014
Raj Kumar Rampelli 16
17. A method to Secure “Data transactions” between
users is needed
◦ Should ensure all desired security features for any
transaction.
Cryptography: collections of standards/techniques
for securing the Data.
◦ PKI ensures all security features
As the key size increases, the more difficult to crack
the data.
Analyze PKI Implementation factors using different
cryptographic algorithms with different key sizes
Digital certificate: Mainly used for authenticity
Digital signature: Mainly used for Integrity of data
3/3/2014
Raj Kumar Rampelli 17
18. Have a Look at:
My PPTs:
http://www.slideshare.net/rampalliraj/
My Tech Blog:
http://practicepeople.blogspot.in/
3/3/2014
Raj Kumar Rampelli 18