Network Security

1. Introduction
 Things you need to know …
 Instructor:
Madiha Abbasi
 Office:
 FT-06
 Email:
 madihaabbasi2@hotmail.com

2
Things you need to know …
 Books:
 Cryptography and Network Security
 Behrouz A. Forouzan

 Cryptography and Network Security

 William Stallings

3
Things you need to know …

The lecture slides provide only the outline

of the lecture. These outlines are not a
substitute for class attendance and note
taking. More importantly, these outlines
are not a substitute for the text book.
In order to pass the course …
YOU MUST STUDY FROM THE BOOK.

4
Contents

 Security Goals
 Security Attacks
 Security Services
 Security Mechanisms
 Security Techniques
 Security Models

5
Security

 The term “security” is used in the

sense of minimizing the vulnerabilities
of assets and resources.
 An asset is anything of value.
 A vulnerability is any weakness that
could be exploited to violate a system
or the information it contains.

6
Information security
 The information stored in physical form
requires physical security mechanisms
 e.g. rugged filing cabinets for paper
based filing systems
 With computers managing the most of
the information, tools are required for
1. Computer security
2. Network or Internet security
7
Computer security

 The collection of tools designed to

protect data on computers

8
Network security

 Network or Internet security consists of

measures to prevent, detect, and
correct security violations that involve
the transmission of information

9
Security Goals

10
 Security Goals
 Confidentiality
 Protection of data from
unauthorized disclosure
 Integrity
 Assurance that data received is as
sent by an authorized entity.
 Availability
 The information created and stored
by an organization needs to be
available to authorized entities. 11
 Security Attacks or Threats
 An attack is an action that compromises
the security (Confidentiality, Availability,
Integrity) of information.
 A threat is a danger which could affect
the security of information, leading to
potential loss or damage.
 Often attack & threat are used
synonymously.
12
Security Attacks

13
Attacks Threatening
Confidentiality

 Snooping – unauthorized access to or

interception of data.
 Traffic Analysis – Obtain some
information by monitoring online traffic.

14
Attacks Threatening Integrity
 Modification – the attacker intercepts
the message and changes it.
 Masquerading or spoofing happens
when the attacker impersonates
somebody else.

15
Attacks Threatening Integrity

 Replaying – the attacker obtains a

copy of a message sent by a user and
later tries to replay it.
 Repudiation
 sender of the message might later deny
that she has sent the message;
 the receiver of the message might later
deny that he has received the message
16
Attacks Threatening Availability

 Denial of service (DoS) – It may slow

down or totally interrupt the service of
a system.

17
Passive vs. Active Attacks
 Passive attack:
 attacker’s goal is just to obtain
information
 the attack does not modify data or harm
the system
 difficult to detect
 Active attack:
 may change the data or harm the system
 easier to detect than to prevent
18
Passive vs. Active Attacks

19
OSI Security Architecture

 ITU-T X.800 “Security Architecture for

OSI”
 defines a systematic way of defining
and providing security requirements
 specially, it defines security services
related to security goals, and security
mechanisms to provide these security
services
20
 Security Services and
Mechanisms
 Security Service
 A service that enhances the security of data
processing systems & information transfers.
 Security Mechanism
 A mechanism that is designed to detect,
prevent or recover from a security attack.
 A mechanism or combination of
mechanisms are used to provide a service.
 A mechanism can be used in one or more
services. 21
Security Services

 ITU-T X.800 has defined five common

services related to security goals:

22
 Security Services
 Data Confidentiality – designed to
protect data from disclosure attack.
 Data Integrity – designed to protect
data from modification, insertion,
deletion and replaying by an adversary.
 Authentication – This service provides
the authentication of the party at the
other end of the line
23
Security Services

 Nonrepudiation – Service protects

against repudiation by either the
sender or the receiver of the data
(proof of origin and proof of delivery).

 Access Control – provides protection

against unauthorized access to data.

24
Security Mechanisms

ITU-T X.800
also defines
some security
mechanisms to
provide the
security services

25
Relationship between Services
and Mechanisms

26
Relationship btw Services & Mechanisms
Y=Yes, the mechanism is considered to be appropriate, either on its
own or in combination with other mechanisms [ITU-T X.800]

27
Relationship btw Services & OSI Layers
Y=Yes, service could be incorporated in the standards for the layer as
a provider option [ITU-T X.800]

28
Techniques

 Mechanisms discussed so far are only

theoretical recipes to implement
security.
 The actual implementation of security
goals needs some techniques.
 Two techniques are prevalent today:
 Cryptography  Focus of this course
 Steganography
29
Cryptography

 Cryptography, a word with Greek

origins, means “secret writing.”
 However, we use the term to refer to
the science and art of transforming
messages to make them secure and
immune to attacks.

30
Steganography
 The word steganography, with origin in
Greek, means “covered writing,” in
contrast with cryptography, which
means “secret writing.”
Example: covering data under color image

31
Model for Network Security

32
Model for Network Access
Security

33
Summary

 Have considered:
 Information security
 Security attacks, services, mechanisms
 Security techniques
 Models for network (access) security

34