The document discusses the need for network security and the classification of network attacks, emphasizing the importance of protecting data from unauthorized access. It outlines various types of attacks, such as passive and active attacks, along with security mechanisms like cryptography, symmetric and asymmetric encryption techniques, and digital certificates. The conclusion stresses the importance of cryptographic methods in ensuring data integrity, authenticity, and confidentiality in transactions.

1. By
Raj Kumar Rampelli

2. 

Need for Network security
Classification of Network Attacks
◦



Possible Attacks
Security Features
Security Mechanism: Cryptography
Types of Encryption-Decryption techniques
◦ Symmetric: Shared Key Type
◦ Asymmetric: Public/Private Key Type
 Public Key Infrastructure


Digital Signature
Public Key Infrastructure implementation and its factors
◦
◦
◦
◦

Generation of key pair
Obtain Digital certificate
Encryption/Decryption analysis
Digital certificate role
Conclusion
Raj Kumar Rampelli
3/3/2014
2

3. 
What is a Network ?
◦ Data Carrier

Data ?
◦ Anything which conveys something between
1st person (sender/receiver) and
2nd person (receiver/sender)

Categories of Data ?
◦ Normal
◦ Confidential  Data can’t be enclosed to 3rd person.

Goal ?
◦ Protection of DATA i.e. Information Security.
◦ Preventing compromise or loss of DATA from
unauthorized access
Raj Kumar Rampelli
3/3/2014
3

4. 
What is Network Attack ?

Categories of Attacks
◦ An action that compromises the security of DATA
◦ Passive




Learn from DATA and make use of system information
Do not alter the DATA
Very difficult to identify the attack
Ex: Eavesdropping (Interception)
◦ Active
 Modifies the DATA
 Ex: Denial of Service

Possible Attacks
◦
◦
◦
◦
Interruption
Interception
Modification
Fabrication
Raj Kumar Rampelli
3/3/2014
4

5. 
Normal Flow
Sender

Receiver
Interruption
Sender
Disturb
Receiver
◦ Attack on “availability”
 Disconnection of a wireless or wired internet
connection
 Unavailability of a particular web site
 Inability to access any web site
Raj Kumar Rampelli
3/3/2014
5

6. 
Interception (No Privacy)
Intruder
Sender
Receiver
◦ Attack on “confidentiality”
◦ Packet Analyzer software
 Intercept and log traffic passing over a network
 Captures each Packet and decodes the data
 Ex: Microsoft Network Monitor
◦ Man in the middle attack
◦ Wiretapping: capture the data
◦ Intruder can be a person or a program or a computer
Raj Kumar Rampelli
3/3/2014
6

7. 
Modification
◦ Attacker modifies the data sent by the sender
◦ Gain access to a system and make changes
 Alter programs so that it performs differently
◦ Attack on “Integrity”

Fabrication
◦ Attacker acts like Sender
◦ Gain access to a person’s email and sending
messages
◦ Attack on “Authenticity”
◦ Lack of mutual authentication
Raj Kumar Rampelli
3/3/2014
7

8. 
A Transaction/Communication (or a service)
is secure if and only if the following security
features are provided
◦
◦
◦
◦

Confidentiality
Integrity
Authenticity (Mutual Authentication)
Non-repudiation
Cryptography
◦ Symmetric key Cryptography
◦ Public Key Infrastructure
Raj Kumar Rampelli
3/3/2014
8

9. String of information that binds the unique identifier
of each user to his/her corresponding public key.
Services
•Provide
security
features
Digital
Certificate
Symmetric Key
Cryptography
•Data Encryption
Standard (DES)
•Triple DES
•Advanced ES
Cryptography
Public Key
Infrastructure
Digital
Signature
•Public-Private
Key
•RSA
A mathematical scheme for demonstrating the
authenticity, non-repudiation and integrity of a
digital message
Encryption and
Decryption
•ECC
•Cypher Text
Raj Kumar Rampelli
3/3/2014
9

10. 
Symmetric Key scenario
Sender
(plain text) 
SK(plain text)

Cipher Text
(Encrypted
text)
Receiver
SK(Cipher text)  Plain text
Public-Private Key scenario
Sender
(plain text) 
PubKey(plain
text)
Cipher Text
(Encrypted
text)
Receiver
PrivKey(Cipher text)  Plain
text
Raj Kumar Rampelli
3/3/2014
10

11. • Generation of Public-Private key pair
Performance
factors at
client
• Generation of certificate request
message
• Receive and store digital certificates
• Encryption and Decryption
• Generation and verification of digital
signature message
• Verification of Digital certificate
Raj Kumar Rampelli
3/3/2014
11

12. 

Generate public and private key pair at client
Check the following details using different
Public Key Cryptography (PKC) algorithms
◦ Time taken for key pair generation
◦ Storage space required for storing the key pair
◦ Repeat above two steps by changing the key size in
the algorithm
◦ Analyze the results and choose optimal algorithm
suitable for your application.

PKC algorithms
◦ RSA
◦ ECC
Raj Kumar Rampelli
3/3/2014
12

13. 
Generate certificate request message (CRM) using
public-private key pair
Apply for new Digital Certificate

CA verifies the requester credentials

◦ Send CRM and user/app credentials to Certificate
Authority (CA)
◦ Approves/Rejects the application
◦ If approved,
 Generate Digital Certificate using requester credential with public
key information
 Store it in Digital certificate data base locally
 Send Digital certificate to requester

Receive Digital certificate from CA and store
locally.
Raj Kumar Rampelli
3/3/2014
13

14. 




String of information that binds the unique identifier of each client
to his/her corresponding public key.
Pre-requite for obtaining Digital certificate
◦ Generate public-private key pair locally
◦ Generate certificate request message
Digital certificate used to authenticate server credentials during
mutual authentication process
Mutual authentication process:
◦ a client authenticating themselves to a server and that server
authenticating itself to the user in such a way that both parties are
assured of the others' identity [wiki]
Authenticating an entity using its Digital certificate:
◦ Check the validity period of certificate
◦ Verify the digital signature of CA on the certificate using CA’s
public key
Raj Kumar Rampelli
3/3/2014
14

15. 

Client encrypts the message using server’s public
key
The time taken for encryption of fixed size
message
◦ Using server’s ECC public key
◦ Using server’s RSA public key
◦ Analyze the results.


Client decrypts the received message (from
server) using client’s private key
The time taken for decryption of fixed size
message
◦ Using client’s ECC private key
◦ Using client’s RSA private key
◦ Analyze the results.
Raj Kumar Rampelli
3/3/2014
15

16. Performance factor-4:
Digital signature generation & verification
A valid digital signature gives a recipient reason to believe that the message was created by a
known sender (Authenticity), such that the sender cannot deny having sent the message
(Non-repudiation) and that the message was not altered in transit (Integrity).
Raj Kumar Rampelli
3/3/2014
16

17. 
A method to Secure “Data transactions” between
users is needed
◦ Should ensure all desired security features for any
transaction.

Cryptography: collections of standards/techniques
for securing the Data.
◦ PKI ensures all security features




As the key size increases, the more difficult to crack
the data.
Analyze PKI Implementation factors using different
cryptographic algorithms with different key sizes
Digital certificate: Mainly used for authenticity
Digital signature: Mainly used for Integrity of data
Raj Kumar Rampelli
3/3/2014
17

18. 

Have a Look at:
My PPTs:

http://www.slideshare.net/rampalliraj/

My Tech Blog:

http://practicepeople.blogspot.in/
Raj Kumar Rampelli
3/3/2014
18