SlideShare a Scribd company logo

Network security

Download as PPT, PDF
anoop negi
anoop negi

This document provides an overview of network security concepts including cryptography, digital signatures, security at various layers, and firewalls. It discusses cryptography principles like plaintext, ciphertext, and keys. Symmetric and asymmetric key cryptography algorithms are explained along with digital signatures and hashing. Network layer security standards like IPsec and its authentication header and encapsulating security payload are described. Transport layer security including TLS handshake, alert, and cipher protocols is also summarized. The roles and types of firewalls in providing access control between networks are defined.

Engineering
1 of 26
NETWORK SECURITY name- anoop negi roll no- 27 Date: 4-04-2016
CONTENTS  understand principles of network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
INTRODUCTION Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
KEY TERMS  Confidentiality: only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
CONTINUE……….. ❍ eavesdrop: intercept messages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
SYMMETRIC KEY CRYPTOGRAPHY  The same key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
Continue……….  substitution cipher: substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
Data Encryption Standard  Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
Continue……….
Public Key Cryptography  Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
RSA  The most common public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
RSA
Digital Signature Digital signature can provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
Message Digests  Computationally expensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
SECURITY AT IP LEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
AUTHENTICATION HEADER (AH)  AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
AH FIELDS  Next Header: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
ENCAPSULATING SECURITY PAYLOAD Provides confidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
ESP HEADER AND TRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
Continue….
Transport layer security  TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
Handshake protocol
Alert protocol  The alert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
Change cipher spee protocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
FIREWALLS  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.
THANK YOU

Recommended

Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and Networking
Zahidul Hossain
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
shraddha mane
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
Pavithra renu
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 

Recommended

Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and Networking
Zahidul Hossain
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
shraddha mane
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
Pavithra renu
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
Arun ACE
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Ramki M
 
Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
Adam Reagan
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHMPROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
saniacorreya
 
Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
Saif Kassim
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and Attacks
Shahbaz Anjam
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
Hardik Manocha
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
CAS
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
thai
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Ch16
Ch16Ch16
Ch16Joe Christensen
 
Ip sec
Ip secIp sec
Ip secshifanabasheer
 

More Related Content

What's hot

Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
Arun ACE
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Ramki M
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
Adam Reagan
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHMPROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
saniacorreya
 
Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
Saif Kassim
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and Attacks
Shahbaz Anjam
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
Hardik Manocha
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
CAS
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
thai
 

What's hot (20)

Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
 
Cryptography
CryptographyCryptography
Cryptography
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Encryption
EncryptionEncryption
Encryption
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHMPROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
 
Encryption
EncryptionEncryption
Encryption
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and Attacks
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Data encryption
Data encryptionData encryption
Data encryption
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
Cryptography
CryptographyCryptography
Cryptography
 

Viewers also liked

BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Data Security
Data SecurityData Security
Data Securitybackdoor
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
st anns PG College,Mallapur,Hyderabad, India
 
L4 internet security
L4 internet securityL4 internet security
L4 internet securitylistergc
 
Network security
Network securityNetwork security
Network security
Dhaval Kaneria
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
Gaurav Dalvi
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
PPT on Family Palnning
PPT on Family PalnningPPT on Family Palnning
PPT on Family Palnning
GULZAR HUSSAIN
 
Firewall
FirewallFirewall
FirewallApo
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Family planning....ppt
Family planning....pptFamily planning....ppt
Family planning....pptMonika Sharma
 

Viewers also liked (20)

Ch16
Ch16Ch16
Ch16
 
Ip sec
Ip secIp sec
Ip sec
 
Network security
Network securityNetwork security
Network security
 
Unit 5
Unit 5Unit 5
Unit 5
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Data Security
Data SecurityData Security
Data Security
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
L4 internet security
L4 internet securityL4 internet security
L4 internet security
 
Network security
Network securityNetwork security
Network security
 
IP Security
IP SecurityIP Security
IP Security
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
PPT on Family Palnning
PPT on Family PalnningPPT on Family Palnning
PPT on Family Palnning
 
Firewall
FirewallFirewall
Firewall
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Firewall
Firewall Firewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Family planning....ppt
Family planning....pptFamily planning....ppt
Family planning....ppt
 

Similar to Network security

IS - SSL
IS - SSLIS - SSL
IS - SSL
FumikageTokoyami4
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
AdiseshaK
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
AdiseshaK
 
Ip security
Ip security Ip security
Ip security
Naveen Dubey
 
Ip security
Ip security Ip security
Ip security
Dr.K.Sreenivas Rao
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
Chinmay Patel
 
Moein
MoeinMoein
Moein
itrraincity
 
network security
network securitynetwork security
network security
BishalWosti1
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
ShineStar21
 
Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
Ankit Anand
 
Ip Security.pptx
Ip Security.pptxIp Security.pptx
Ip Security.pptx
TouseeqHaider11
 
CNS UNIT-VI.pptx
CNS UNIT-VI.pptxCNS UNIT-VI.pptx
CNS UNIT-VI.pptx
nandan543979
 
Network security Slides fir bs-13.PPT.pptx
Network security Slides fir bs-13.PPT.pptxNetwork security Slides fir bs-13.PPT.pptx
Network security Slides fir bs-13.PPT.pptx
ahsanAli918806
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
Wireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption ModelWireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption Model
IOSR Journals
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 

Similar to Network security (20)

IS - SSL
IS - SSLIS - SSL
IS - SSL
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
 
Ip security
Ip security Ip security
Ip security
 
Ip security
Ip security Ip security
Ip security
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Moein
MoeinMoein
Moein
 
network security
network securitynetwork security
network security
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
 
Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
 
Unit 6
Unit 6Unit 6
Unit 6
 
Ip Security.pptx
Ip Security.pptxIp Security.pptx
Ip Security.pptx
 
CNS UNIT-VI.pptx
CNS UNIT-VI.pptxCNS UNIT-VI.pptx
CNS UNIT-VI.pptx
 
Network security Slides fir bs-13.PPT.pptx
Network security Slides fir bs-13.PPT.pptxNetwork security Slides fir bs-13.PPT.pptx
Network security Slides fir bs-13.PPT.pptx
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Wireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption ModelWireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption Model
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 

Recently uploaded

Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
Kamal Acharya
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.
PrashantGoswami42
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 

Recently uploaded (20)

Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 

Network security

  • 1. NETWORK SECURITY name- anoop negi roll no- 27 Date: 4-04-2016
  • 2. CONTENTS  understand principles of network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
  • 3. INTRODUCTION Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
  • 4. KEY TERMS  Confidentiality: only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
  • 5. CONTINUE……….. ❍ eavesdrop: intercept messages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
  • 6. SYMMETRIC KEY CRYPTOGRAPHY  The same key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
  • 7. Continue……….  substitution cipher: substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
  • 8. Data Encryption Standard  Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
  • 10. Public Key Cryptography  Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
  • 11. RSA  The most common public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
  • 12. RSA
  • 13. Digital Signature Digital signature can provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
  • 14. Message Digests  Computationally expensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
  • 15. SECURITY AT IP LEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
  • 16. AUTHENTICATION HEADER (AH)  AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
  • 17. AH FIELDS  Next Header: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
  • 18. ENCAPSULATING SECURITY PAYLOAD Provides confidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
  • 19. ESP HEADER AND TRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
  • 21. Transport layer security  TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
  • 23. Alert protocol  The alert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
  • 24. Change cipher spee protocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
  • 25. FIREWALLS  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.