NETWORK SECURITY

 A vulnerability is a component that leaves a system open to exploitation

(e.g. a network cable or a protocol weakness).
 A threat indicates the potential for a violation of security.
 The term attack is applied to an attempted violation.

ABBREVIATIONS

ADSL asymmetric digital PGP Pretty Good Privacy

subscriber line PING packet internet groper

DES Data Encryption Standard PSTN public switched telephone

DMZ demilitarised zone network

DNS domain name system RC2 Rivest cipher 2

DSS Digital Signature Standard RC4 Rivest cipher 4

FTP file transfer protocol RSA Rivest, Shamir and

IANA Internet Assigned Numbers Adleman block cipher

Authority S-HTTP secure hypertext transfer

ICMP internet control message protocol

protocol S/MIME secure/multipurpose internet

IDEA International Data mail extensions

Encryption Algorithm SET secure electronic transaction

IP internet protocol SHA secure hash algorithm

IPSec internet protocol security SIM subscriber identity module

ISDN integrated services digital SMTP simple mail transfer

network protocol

ISO International Organization TCP transmission control

for Standardization protocol

LAN local area network UDP user datagram protocol

 MD5 message digest 5 VPN virtual private network

MSP message security protocol XOR exclusive-OR

NSA National Security Agency 3DES Triple Data Encryption

OSI open systems Standard

interconnection

Almon Strowger found out that there id need for network security.
Eavesdropping on a telephone conversation has never been technically difficult. In particular,
‘tapping’ the wires of the target telephone in the local circuit would have been straightforward
fifty years ago, provided that physical access could be gained to the wires. Today, in
principle, a similar approach could still be successful over the last mile of the telephone
distribution system. Much of the technology is still analogue, and signals can be detected by
either direct contact with the twisted-pair wires or by sensing fields radiating from the
transmissions. However, where ADSL (asymmetric digital subscriber line) or ISDN
(integrated services digital network) services are provided, separating a telephone
conversation from data traffic would need an ADSL modem or ISDN telephone and the
knowledge to connect them correctly. This information is commonly available, so should not
be a major obstacle in itself.

 Confidentiality, in terms of selecting who or what is allowed access to

data and systems. This is achieved through encryption and access
control systems. Even knowledge of the existence of data, rather than
the information that it contains, may be of significant value to an
eavesdropper.
 The integrity of data, where modification is allowed only by authorised
persons or organisations. The modifications could include any changes
such as adding to, selectively deleting from, or even changing the status
of a set of data.
 The freshness of data contained in messages. An attacker could capture
part or all of a message and re-use it at a later date, passing it off as a
new message. Some method of incorporating a freshness indicator (e.g.
a time stamp) into messages minimises the risk of this happening.
 The authentication of the source of information, often in terms of the
identity of a person as well as the physical address of an access point to
the network such as a workstation.
 The availability of network services, including security procedures, to
authorised people when they are needed.
A passive attack is characterised by the interception of messages without modification.
There is no change to the network data or systems. The message itself may be read or its
occurrence may simply be logged. Identifying the communicating parties and noting the
duration and frequency of messages can be of significant value in itself. From this
knowledge certain deductions or inferences may be drawn regarding the likely subject
matter, the urgency or the implications of messages being sent. This type of activity is
termed traffic analysis

An active attack is one in which an unauthorised change of the system is attempted.

This could include, for example, the modification of transmitted or stored data, or the
creation of new data streams. Figure 2 (see Section 3.2) shows four sub-categories
here: masquerade or fabrication, message replay, message modification and denial
of service or interruption of availability.
Masquerade attacks, as the name suggests, relate to an entity (usually a computer
or a person) taking on a false identity in order to acquire or modify information, and
in effect achieve an unwarranted privilege status. Masquerade attacks can also
incorporate other categories.
Message replay involves the re-use of captured data at a later time than originally
intended in order to repeat some action of benefit to the attacker: for example, the
capture and replay of an instruction to transfer funds from a bank account into one
under the control of an attacker. This could be foiled by confirmation of the freshness
of a message.
Message modification could involve modifying a packet header address for the
purpose of directing it to an unintended destination or modifying the user data.
Denial-of-service attacks prevent the normal use or management of
communication services, and may take the form of either a targeted attack on a
particular service or a broad, incapacitating attack. For example, a network may be
flooded with messages that cause a degradation of service or possibly a complete
collapse if a server shuts down under abnormal loading. Another example is rapid
and repeated requests to a web server, which bar legitimate access to others.
Denial-of-service attacks are frequently reported for internet-connected services.
 A Trojan is a program that has hidden instructions enabling it to carry out
a malicious act such as the capture of passwords. These could then be
used in other forms of attack.
 A worm is a program that can replicate itself and create a level of
demand for services that cannot be satisfied.
  The term virus is also used for a worm that replicates by attaching itself
to other programs.
A virus attack is an active attack, but more details of the particular virus mechanism are
needed for further categorisation. From the information on computer viruses, Trojans can
lead to masquerade attacks in which captured passwords are put to use, and worms can
result in loss of the availability of services, so denial of service is appropriate here. However,
if you research further you should be able to find viruses that are implicated in all the forms
of active attack identified in Figure 2.

Figure 3 shows the arrangement of a typical local area network (LAN), in which
repeater hubs provide interconnections between workstations for a group of users (a
work group), with different work groups being interconnected through backbone links
and having access to the public switched telephone network (PSTN) and a packet-
switched network. Repeater hubs are also used to refresh the transmitted signal to
compensate for the attenuation caused by the transmission medium. I shall
use Figure 3 to explore the potential for security breaches in a basic network.

Typically, the LAN will be Ethernet based, operating on the broadcast principle, whereby
each packet (or strictly frame) is presented to all workstations on the local segment, but is
normally accepted and read only by the intended receiving station. (Segment in this context
refers to part of a local area network.) A broadcast environment is advantageous to someone
attempting to carry out either a passive or an active attack locally. Switches that separate
work groups on a LAN incorporate a bridge function, and bridges learn where to send
packets by noting the source addresses of packets they receive and recording this
information in a forwarding table. The contents of the forwarding table then determine on
which port on the switch packets will be sent. An attacker could corrupt entries in forwarding
tables by modifying the source address information of incoming packets presented to a
bridge. Future packets could then be forwarded to inappropriate parts of the network as a
result.
For example, protocol analysers (or sniffers) analyse network traffic and have valid use in
network management activities. Network discovery utilities based on the PING (packet
internet groper) and TRACEROUTE commands are widely included in many PC operating
systems and allow IP (internet protocol) addresses to be probed and routes through
networks to be confirmed
This is encryption – a process that transforms information (the plaintext) into a
seemingly unintelligible form (the ciphertext) using a mathematical algorithm and
some secret information (the encryption key). The process of decryption undoes
this transformation using a mathematical algorithm, in conjunction with some secret
value (the decryption key) that reverses the effects of the encryption algorithm. An
encryption algorithm and all its possible keys, plaintexts and ciphertexts is known as
a cryptosystem or cryptographic system. Figure 4 illustrates the process.

Figure 4 Encryption and decryption

Cryptography is the general name given to the art and science of keeping
messages secret. It is not the purpose here to examine in detail any of the
mathematical algorithms that are used in the cryptographic process, but instead to
provide a general overview of the process and its uses.
Modern encryption systems use mathematical algorithms that are well known and
have been exposed to public testing, relying for security on the keys used. For
example, a well-known and very simple algorithm is the Caesar cipher, which
encrypts each letter of the alphabet by shifting it forward three places. Thus A
becomes D, B becomes E, C becomes F and so on. (A cipher that uses an
alphabetic shift for any number of places is also commonly referred to as a Caesar
cipher, although this isn't strictly correct since the Caesar cipher is technically one in
which each character is replaced by one three places to the right.) I could describe
this mathematically as p + 3 = c, where p is the plaintext and c the ciphertext. For a
more general equation I could write p + x = c where x could take any integer value
up to 25. Selecting different values for x would obviously produce different values for
c, although the basic algorithm of a forward shift is unchanged. Thus, in this example
the value x is the key. (The Caesar cipher is of course too simple to be used for
practical security systems.)
There are two main requirements for cryptography:
1. It should be computationally infeasible to derive the plaintext from the
ciphertext without knowledge of the decryption key.
2. It should be computationally infeasible to derive the ciphertext from the
plaintext without knowledge of the encryption key.
Both these conditions should be satisfied even when the encryption and decryption
algorithms themselves are known.
The reason for the first condition is obvious, but probably not the second, so I shall
briefly explainthe need to confirm authenticity was introduced. This is often also a
requirement for information that is sent ‘in the clear’, that is, not encrypted. One
method of authentication is for the sender and recipient to share a secret key. The
sender uses the key to encrypt a copy of the message, or a portion of it, which is
included with the data transfer and, on receipt, the recipient uses the key to decrypt
the encrypted data. If the result matches the plaintext message, this provides a
reasonable assurance that it was sent by the other key owner, and thus a check on
its authenticity. Of course, this assumes that the key has not been compromised in
any way.
Modern encryption systems are derived from one of two basic systems: symmetric
key (sometimes called shared key) systems, and asymmetric key (often called public
key) systems.

symmetric key systems as sharing a single secret key between the two
communicating entities – this key is used for both encryption and
decryption. Symmetric key systems rely on using some secure method whereby
Alice and Bob can first agree on a secret key that is known only to them. When Alice
wants to send a private message to some other entity, say Charlie, another secret
key must first be shared. If Bob then wishes to communicate privately with Charlie
himself, he and Charlie require a separate secret key to share. Figure 5 is a
graphical representation of the keys Alice, Bob and Charlie would each need if they
were to send private messages to each other. As you can see from this, for a group
of three separate entities to send each other private messages, three separate
shared keys are required.

In a system of n communicating entities the number of shared keys required is:

n (n − 1)
/2
A block cipher operates on groups of bits – typically groups of 64. If the final block
of the plaintext message is shorter than 64 bits, it is padded with some regular
pattern of 1s and 0s to make a complete block. Block ciphers encrypt each block
independently, so the plaintext does not have to be processed in a sequential
manner. This means that as well as allowing parallel processing for faster
throughput, a block cipher also enables specific portions of the message (e.g.
specific records in a database) to be extracted and manipulated. A block of plaintext
will always encrypt to the same block of ciphertext provided that the same algorithm
and key are used.
A stream cipher generally operates on one bit of plaintext at a time, although some
stream ciphers operate on bytes. A component called a keystream generator
generates a sequence of bits, usually known as a keystream. In the simplest form of
stream cipher, a modulo-2 adder (exclusive-OR or XOR gate) combines each bit in
the plaintext with each bit in the keystream to produce the ciphertext. At the receiving
end, another modulo-2 adder combines the ciphertext with the keystream to recover
the plaintext. This is illustrated in Figure 6. The encryption of a unit of plain text is
dependent on its position in the data stream, so identical units of plaintext will not
always encrypt to identical units of ciphertext when using the same algorithm and
key.

Figure 6 Encryption and decryption using a modulo-2 adder

Stream ciphers can be classified as either synchronous or self-synchronising. In a
synchronous stream cipher, depicted in Figure 7, the keystream output is a function
of a key, and is generated independently of the plaintext and the ciphertext. A single
bit error in the ciphertext will result in only a single bit error in the decrypted plaintext
– a useful property when the transmission error rate is high.

Figure 7 Synchronous stream cipher (Source: based on Schneier, 1996, Figure 9.6)
In a self-synchronising cipher, depicted in Figure 8, the keystream is a function of
the key and several bits of the cipher output. Because the keystream outputs depend
on the previous n bits of the plaintext or the ciphertext, the encryption and decryption
keystream generators are automatically synchronised after n bits. However, a single
bit error in the ciphertext results in an error burst with a length dependent on the
number of cipher output bits used to compute the keystream.
Figure 8 Self-synchronising stream cipher (Source: based on Schneier, 1996, Figure
9.8)
A selection of some symmetric key systems used in popular software products is
given in Table 2.

Table 2 Examples of commercial symmetric key systems

Algorithm Description

DES (Data Encryption A block cipher with a 56-bit key. Adopted in 1977 by the US National Secur
Standard) Agency (NSA) as the US Federal standard, it has been one of the most widel
encryption algorithms but, as computers have become more powerful, it is no
considered to have become too weak.

Triple-DES (or 3DES) A variant of DES developed to increase its security. It has several forms; eac
on a block three times using the DES algorithm, thus effectively increasing th
length. Some variants can use three different keys, the same key three times,
encryption–decryption–encryption mode.

IDEA(International Data A block cipher with a 128-bit key published in 1990. It encrypts data faster th
Encryption Algorithm) and is considered to be a more secure algorithm.

Blowfish A compact and simple block cipher with a variable-length key of up to 448 b

RC2 (Rivest cipher no. 2) A block cipher with a variable-length key of up to 2048 bits. The details of th
algorithm used have not been officially published.

RC4 (Rivest cipher no. 4) A stream cipher with a variable-length key of up to 2048 bits.

Often the key length for RC2 and RC4 is limited to 40 bits because of the US export
approval process. A shorter key reduces the strength of an encryption algorithm.

Asymmetric or public key systems are based on encryption techniques whereby

data that has been encrypted by one key can be decrypted by a different, seemingly
unrelated, key. One of the keys is known as the public key and the other is known
as the private key. The keys are, in fact, related to each other mathematically but
this relationship is complex, so that it is computationally infeasible to calculate one
key from the other. Thus, anyone possessing only the public key is unable to derive
the private key. They are able to encrypt messages that can be decrypted with the
private key, but are unable to decrypt any messages already encrypted with the
public key.
I shall not explain the mathematical techniques used in asymmetric key systems, as
you do not need to understand the mathematics in order to appreciate the important
features of such systems.
Each communicating entity will have its own key pair; the private key will be kept
secret but the public key will be made freely available. For example, Bob, the owner
of a key pair, could send a copy of his public key to everyone he knows, he could
enter it into a public database, or he could respond to individual requests from
entities wishing to communicate by sending his public key to them. But he would
keep his private key secret. For Alice to send a private message to Bob, she first
encrypts it using Bob's easily accessible public key. On receipt, Bob decrypts the
ciphertext with his secret private key and recovers the original message. No one
other than Bob can decrypt the ciphertext because only Bob has the private key and
it is computationally infeasible to derive the private key from the public key. Thus, the
message can be sent secretly from Alice to Bob without the need for the prior
exchange of a secret key.
Using asymmetric key systems with n communicating entities, the number of key
pairs required is n. Compare this with the number of shared keys required for
symmetric key systems (see SAQs 4 and 5) where the number of keys is related to
the square of the number of communicating entities. Asymmetric key systems are
therefore more scalable.
Public key algorithms can allow either the public key or the private key to be used for
encryption with the remaining key used for decryption. This allows these particular
public key algorithms to be used for authentication, as you will see later.
Public key algorithms place higher demands on processing resources than
symmetric key algorithms and so tend to be slower. Public key encryption is
therefore often used just to exchange a temporary key for a symmetric encryption
algorithm. This is discussed further in Section 4.6.
As with symmetric key systems, there are many public key algorithms available for
use, although most of them are block ciphers. Two used in popular commercial
software products are listed in Table 3.

Table 3 Examples of commercial asymmetric key systems

Algorithm Description

RSA (named after its A block cipher first published in 1978 and used for both encryption and
creators–Rivest, Shamir and authentication. Its security is based on the problem of factoring large intege
Adleman) advances in the mathematical methods of achieving this will affect the algor
vulnerability.

DSS (Digital Signature Developed by the US National Security Agency (NSA). Can be used only f
Standard Footnotes 1) signatures and not for encryption or key distribution.
 Digital signatures are explained in Section 8.

SAQ 6
Construct a table to compare the features of symmetric and asymmetric key
systems.
Hide answer
Answer
Symmetric key and asymmetric key systems are compared in Table 4.

Table 4

Symmetric key systems Asymmetric key systems

The same key is used for encryption and One key is used for encryption and a different but
decryption. mathematically related key is used for decryption.

Relies on the sender and the receiver sharing a Shared secret key exchange is not needed.
secret key.

The key must be kept secret. One key (the secret key) must be kept secret, but the
other key (the public key) is published.

It should be computationally infeasible to derive It should be computationally infeasible to derive the

the key or the plaintext given the algorithm and a decryption key given the algorithm, the encryption key
sample of ciphertext. and a sample of ciphertext.

Faster and computationally less demanding than Slower and computationally more demanding than
public key encryption. symmetric key encryption.

the fundamental property that their secrecy lies in the key and not in the algorithm. (This is
generally known as Kerchoff's principle after the Dutchman who first proposed it in the
nineteenth century.) This means that the security of any system using encryption should not
be compromised by knowledge of the algorithm used.

Cryptanalysis is the science of breaking a cipher without knowledge of the key (and
often the algorithm) used. Its goal is either to recover the plaintext of the message or
to deduce the decryption key so that other messages encrypted with the same key
can be decrypted.
One of the more obvious attacks is to try every possible key (i.e. the finite set of
possible keys, known as the keyspace) until the result yields some intelligible data.
This kind of attack is known as a brute force attack. Clearly, the greater the
keyspace, the greater the immunity to a brute force attack.
SAQ 7
Assuming you could process 10 12 key attempts per second, calculate how long it
would take to search the keyspace of a 56-bit key. Compare this with the time
needed to search the keyspace of a 128-bit key.
Answer
A keyspace of 56 bits provides 2 56 ≈7.2×10 16 possible keys. At a rate of 10 12 keys
per second it would take approximately 7.2×10 4 seconds or about 20 hours to try
every key. A keyspace of 128 bits provides 2 128 ≈3.4×10 38 possible keys. This would
take approximately 3.4×10 26 seconds or about 10 19 years. (Note: the lifetime to date
of the universe is thought to be of the order of 10 10 years.)

 Ciphertext only. The attacker has only a sample of ciphertext. The

speed and success of such an attack increases as the size of the
ciphertext sample increases, provided that each portion of the sample
has been encrypted with the same algorithm and key.
 Known plaintext. The attacker has a sample of plaintext and a
corresponding sample of ciphertext. The purpose of this attack is to
deduce the encryption key so that it can be used to decrypt other
portions of ciphertext encrypted with the same algorithm and key.
 Chosen text. The attacker usually has a sample of chosen plaintext and
a corresponding sample of ciphertext. This attack is more effective than
known plaintext attacks since the attacker can select particular blocks of
plaintext that can yield more information about the key. The term may
also refer to cases where the attacker has a stream of chosen ciphertext
and a corresponding stream of plaintext.

Activity 6
From the list above how would you classify a brute force attack?
Hide answer
Answer
To mount a brute force attack, the attacker would need a sample of ciphertext and
knowledge of the algorithm used, so this would be classified as a ciphertext-only
attack.
A ciphertext-only attack is one of the most difficult to mount successfully (and
therefore the easiest to defend against) because the attacker possesses such limited
information. In some cases even the encryption algorithm is also unknown. However,
the attacker may still be able to use statistical analysis to reveal patterns in the
ciphertext, which can be used to identify naturally occurring language patterns in the
corresponding plaintext. This method relies on exploiting the relative frequencies of
letters. In the English language, for example, E is the most frequently occurring letter
with a probability of about 0.12. This is followed by the letter T (probability 0.06) then
A, O, I, N, S and R. Common letter sequences in natural language (e.g. TH, HE, IN,
ER and THE, ING, AND and HER) may also be detected in the corresponding
ciphertext.
These letters and their ordering may differ slightly according to the type and length of
the sampled text. All authors have their own style and vocabulary and this can lead
to statistical differences, as can the subject matter and spelling, e.g. English or
American.
The only truly secure encryption scheme is one known as a one-time pad,
introduced in 1918 by Gilbert Vernam, an AT&T engineer. Vernam's cipher used for
its key a truly random and non-repeating stream of bits, each bit being used only
once in the encryption process. Each bit in the plaintext message is XORed with
each bit of the keystream to produce the ciphertext. After encryption the key is
destroyed. Because of the random properties of the keystream, the resulting
ciphertext bears no statistical relationship with the plaintext and so is truly
unbreakable. The disadvantage of such a scheme, however, is that it requires the
key to be at least the same length as the message and each key can be used only
once (hence the name one-time pad). Since both sender and recipient require a
copy of the key and a fresh key is needed for each message, this presents
somewhat of a problem for key management. Despite these practical difficulties, use
of the one-time pad has proved effective for high-level government and military
security applications.
IN REALITY, a combination of symmetric and asymmetric key systems is often
used. This system is based on the use of a session key – a temporary key used
only for a single transaction or for a limited number of transactions before being
discarded. The following sequence between Alice and Bob demonstrates the use of
a session key.
1. Alice chooses a secret symmetric key that will be used as a session key.
2. Alice uses the session key to encrypt her message to Bob.
3. Alice uses Bob's public key to encrypt the session key.
4. Alice sends the encrypted message and the encrypted session key to
Bob.
5. On receipt, Bob decrypts the session key using his own private key.
6. Bob uses the session key to decrypt Alice's message.
Why might a session key be preferable to the use of a recipient's public key?
Hide answer
Answer
I can think of a couple of reasons:
1. The more often a key is used and the more ciphertext produced by that
key, the more likely it is to come under attack. A session key can simply
be discarded after use.
2. Encryption and decryption can be performed much faster using
symmetric keys than asymmetric keys.
3. What are the implications of applying encryption to whole protocol data units
including the headers at any particular layer of a reference model?
4. Hide answer
5. Answer
6. The protocol data unit headers include addressing information; if this is
obscured, it will prevent the effective routing of protocol data units to their
destination. In a packet-switched environment each switch must be able to
read the address information in the packet headers. Encrypting all the data
including the headers of each packet at the sending node would render the
switches at intermediate nodes unable to read the source or destination
address without first decrypting the data.
7. The implementation of encryption in packet-switched networks must ensure
that essential addressing information can be accessed by the relevant
network devices such as switches, bridges and routers. Encryption is broadly
termed link layer encryption or end-to-end encryption depending on
whether it is applied and re-applied at each end of each link in a
communication path, or whether it is applied over the whole path between end
systems. It is useful to identify the various implementations of encryption with
the appropriate OSI layer, as indicated in Figure 9.

8.
9. View larger image
10. Figure 9 Encryption in relation to the protocol layers (Source: based on King
and Newson, 1999, p. 104)
11. End-to-end encryption is implemented at or above layer 3, the network layer
of the OSI reference model, while link layer encryption is applied at the data
link and physical layers. When encryption is applied at the transport or
network layers, end-to-end refers to hosts identified by IP (internet protocol)
addresses and, in the case of TCP (transmission control protocol)
connections, port numbers. In the context of application layer encryption,
however, end-to-end is more correctly interpreted as process-to-
process. Figure 10 identifies the extent of encryption (unshaded areas)
applied at each layer.
 12.
13. Figure 10 Alternative strategies for encryption (Source: based on Stallings,
1995, p. 139)

However, each link will typically use a separate key to encrypt all traffic. This makes
the encryption devices specific to a given medium or interface type. In a large
network, where many individual links may be used in a connection, traffic will need to
be repeatedly encrypted and decrypted.. Hardware-based encryption devices are
required to give high-speed performance and to ensure acceptable delays at data
link layer interfaces. The effectiveness of link layer encryption depends on the
relative security of nodes in the path, some of which may be within the internet. The
question of who can access nodes in the internet then becomes a significant
concern.
When applied to terrestrial networks, link layer encryption creates problems of delay
and expense, but it is particularly useful in satellite links, because of their
vulnerability to eavesdropping. In this case the satellite service provider takes
responsibility for providing encryption between any two earth stations.