Cryptography and Network Security 4/e

CS-513 / EC-554: Information andNetwork Security

FOR INTERNAL USE BY STUDENTS ONLY1Lecture slides by Lawrie Brown for Cryptography and Network Security, 4/e, by William Stallings, Chapter 1 Introduction.

CS-513 / EC-554Reference BooksStallings, W., Cryptography and Network Security: Principles and Practice, Prentice-Hall. Forouzan, B.A., Cryptography and Network Security, Tata McGraw-Hill. Schneier, B., Applied Cryptography, 2nd Ed., Wiley & Sons. Kaufman, C., Perlman, R. and Speciner, M., Network Security, Prentice-Hall. Bishop, M., Computer Security: Art and Science, Pearson. Etc. Some books on Computer Networks also useful.Cryptography and Network SecurityChapter 1Fourth Editionby William Stallings

Lecture slides by Lawrie Brown3Lecture slides by Lawrie Brown for Cryptography and Network Security, 4/e, by William Stallings, Chapter 1 Introduction.

Chapter 1 IntroductionThe art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. The Art of War, Sun Tzu

4This quote from the start of Ch0 sets the scene for why we want to study these issues.

BackgroundInformation Security requirements have changed in recent timestraditionally provided by physical and administrative mechanismscomputer use requires automated tools to protect files and other stored informationuse of networks and communications links requires measures to protect data during transmission

5The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment,the security of information felt to be valuable to an organization was provided primarily by physical (eg. rugged filing cabinets with locks) and administrative mechanisms (eg. Personnel screening procedures during hiring process).Growing computer use implies a need for automated tools for protecting files and other information stored on it. This is especially the case for a shared system, such as a time-sharing system, and even more so for systems that can be accessed over a public telephone network, data network, or the Internet.The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission.

DefinitionsComputer Security - responsible for protecting computer systems - collection of tools designed to protect data and to thwart hackersInformation security protecting information from unauthorized access, modification, etc.Network Security - measures to protect data during their transmissionInternet Security - measures to protect data during their transmission over a collection of interconnected networks

6Here are some key definitions, note boundaries between them are blurred.Aim of Courseour focus is on Information & Network Securitywhich consists of measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information

7Detail the focus of this book/course, which is on Internet Security - being measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information.Security Trends

8Discuss observed security trends (Stallings section 1.1 & Figure 1.2 above), noting growth in sophistication of attacks contrasting with decrease in skill & knowledge needed to mount an attack.

OSI Security ArchitectureITU-T X.800 Security Architecture for OSIdefines a systematic way of defining and providing security requirementsfor us it provides a useful, if abstract, overview of concepts we will study

9To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralized data processing environment; with the use of local and wide area networks,the problems are compounded. ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic approach. The OSI security architecture is useful to managers as a way of organizing the task of providing security.Computer Security ChallengesSecurity is not simplePotential attacks on the security features need to be consideredProcedures used to provide particular services are often counter-intuitiveIt is necessary to decide where to use the various security mechanismsRequires constant monitoringIs too often an afterthought

Security mechanisms typically involve more than a particular algorithm or protocolSecurity is essentially a battle of wits between a perpetrator and the designerLittle benefit from security investment is perceived until a security failure occursStrong security is often viewed as an impediment to efficient and user-friendly operation

Computer and network security is both fascinating and complex. Some of thereasons follow:

1. Security is not as simple as it might first appear to the novice. The requirementsseem to be straightforward; indeed, most of the major requirementsfor security services can be given self-explanatory, one-word labels: confidentiality,authentication, nonrepudiation, or integrity. But the mechanisms used to meet those requirements can be quite complex, and understanding themmay involve rather subtle reasoning.

2. In developing a particular security mechanism or algorithm, one must alwaysconsider potential attacks on those security features. In many cases, successfulattacks are designed by looking at the problem in a completely different way,therefore exploiting an unexpected weakness in the mechanism.

3. Because of point 2, the procedures used to provide particular services areoften counterintuitive. Typically, a security mechanism is complex, and it isnot obvious from the statement of a particular requirement that such elaboratemeasures are needed. It is only when the various aspects of the threat areconsidered that elaborate security mechanisms make sense.

4. Having designed various security mechanisms, it is necessary to decide whereto use them. This is true both in terms of physical placement (e.g., at what pointsin a network are certain security mechanisms needed) and in a logical sense(e.g., at what layer or layers of an architecture such as TCP/IP [TransmissionControl Protocol/Internet Protocol] should mechanisms be placed).

5. Security mechanisms typically involve more than a particular algorithm orprotocol. They also require that participants be in possession of some secretinformation (e.g., an encryption key), which raises questions about the creation,distribution, and protection of that secret information. There also maybe a reliance on communications protocols whose behavior may complicatethe task of developing the security mechanism. For example, if the properfunctioning of the security mechanism requires setting time limits on the transittime of a message from sender to receiver, then any protocol or networkthat introduces variable, unpredictable delays may render such time limitsmeaningless.

6. Computer and network security is essentially a battle of wits between a perpetratorwho tries to find holes and the designer or administrator who tries toclose them. The great advantage that the attacker has is that he or she needonly find a single weakness, while the designer must find and eliminate allweaknesses to achieve perfect security.

7. There is a natural tendency on the part of users and system managers to perceivelittle benefit from security investment until a security failure occurs.

8. Security requires regular, even constant, monitoring, and this is difficult intodays short-term, overloaded environment.

9. Security is still too often an afterthought to be incorporated into a systemafter the design is complete rather than being an integral part of the designprocess.

10. Many users and even security administrators view strong security as an impedimentto efficient and user-friendly operation of an information system or use ofinformation.10OSI Security Architecture3 aspects of securitySecurity attackAny action that compromises the security of information owned by an organizationSecurity mechanismA process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attackSecurity serviceA processing or communication service that enhances the security of the data processing systems and the information transfers of an organizationIntended to counter security attacks, and they make use of one or more security mechanisms to provide the service11To assess effectively the security needs of an organization and to evaluate andchoose various security products and policies, the manager responsible for securityneeds some systematic way of defining the requirements for security and characterizingthe approaches to satisfying those requirements. This is difficult enough in acentralized data processing environment; with the use of local and wide area networks,the problems are compounded.

ITU-T Recommendation X.800, Security Architecture for OSI , defines such asystematic approach. The OSI security architecture is useful to managers as a wayof organizing the task of providing security. Furthermore, because this architecturewas developed as an international standard, computer and communications vendorshave developed security features for their products and services that relate to thisstructured definition of services and mechanisms.

For our purposes, the OSI security architecture provides a useful, if abstract,overview of many of the concepts that this book deals with. The OSI security architecturefocuses on security attacks, mechanisms, and services. These can be definedbriefly as

Security attack: Any action that compromises the security of informationowned by an organization.

Security mechanism: A process (or a device incorporating such a process) thatis designed to detect, prevent, or recover from a security attack.

Security service: A processing or communication service that enhances thesecurity of the data processing systems and the information transfers of anorganization. The services are intended to counter security attacks, and theymake use of one or more security mechanisms to provide the service.Table 1.1 Threats and Attacks (RFC 4949)

In the literature, the terms threat and attack are commonly used to mean moreor less the same thing. Table 1.1 provides definitions taken from RFC 4949, InternetSecurity Glossary.12Security Attackany action that compromises the security of information owned by an organizationinformation security is about how to prevent attacks, or failing that, to detect attacks on information-based systemsoften threat & attack used to mean same thinghave a wide range of attackscan focus on generic types of attacksPassive - release of information / traffic analysisactive13Expand on definition and use of security attack, as detailed above.See Stallings Table 1.1 for definitions of threat and attack.Passive Attacks

14Have passive attacks which attempt to learn or make use of information from the system but does not affect system resources.By eavesdropping on, or monitoring of, transmissions to:+ obtain message contents (as shown above in Stallings Figure 1.3a), or+ monitor traffic flowsAre difficult to detect because they do not involve any alteration of the data.

Active Attacks

15Also have active attacks which attempt to alter system resources or affect their operation.By modification of data stream to:+ masquerade of one entity as some other+ replay previous messages (as shown above in Stallings Figure 1.4b)+ modify messages in transit+ denial of serviceActive attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical,software,and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.

Active AttacksInvolve some modification of the data stream or the creation of a false streamDifficult to prevent because of the wide variety of potential physical, software, and network vulnerabilitiesGoal is to detect attacks and to recover from any disruption or delays caused by them

16 Active attacks (Figure 1.1b) involve some modification of the data stream or thecreation of a false stream and can be subdivided into four categories: masquerade,replay, modification of messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity(path 2 of Figure 1.1b is active). A masquerade attack usually includes one of theother forms of active attack. For example, authentication sequences can be capturedand replayed after a valid authentication sequence has taken place, thus enabling anauthorized entity with few privileges to obtain extra privileges by impersonating anentity that has those privileges.

Replay involves the passive capture of a data unit and its subsequent retransmissionto produce an unauthorized effect (paths 1, 2, and 3 active).

Modification of messages simply means that some portion of a legitimatemessage is altered, or that messages are delayed or reordered, to produce anunauthorized effect (paths 1 and 2 active). For example, a message meaning AllowJohn Smith to read confidential file accounts is modified to mean Allow FredBrown to read confidential file accounts.

The denial of service prevents or inhibits the normal use or management ofcommunications facilities (path 3 active). This attack may have a specific target; forexample, an entity may suppress all messages directed to a particular destination(e.g., the security audit service). Another form of service denial is the disruptionof an entire network, either by disabling the network or by overloading it withmessages so as to degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereaspassive attacks are difficult to detect, measures are available to prevent their success.On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, and network vulnerabilities.Instead, the goal is to detect active attacks and to recover from any disruptionor delays caused by them. If the detection has a deterrent effect, it may alsocontribute to prevention.Security Serviceenhance security of data processing systems and information transfers of an organizationintended to counter security attacksusing one or more security mechanisms often replicates functions normally associated with physical documentswhich, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed17Consider the role of a security service, and what may be required. Note both similarities and differences with traditional paper documents, which for example: have signatures & dates; need protection from disclosure, tampering, or destruction; may be notarized or witnessed; may be recorded or licensed

Security ServicesX.800:a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers

RFC 2828:a processing or communication service provided by a system to give a specific kind of protection to system resources18Also have a couple of definition of security services from relevant standards. X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Perhaps a clearer definition is found in RFC 2828, which provides the following definition: a processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms.

Security Services (X.800)Data Confidentiality protection of data from unauthorized disclosureData Integrity - assurance that data received is as sent by an authorized entityAuthentication - assurance that the communicating entity is the one claimedNon-Repudiation - protection against denial by one of the parties in a communicationAccess Control - prevention of the unauthorized use of a resourceAvailability system or system resources being accessible and usable upon demand

19This list includes the various "classic" security services which are traditionally discussed. Note there is a degree of ambiguity as to the meaning of these terms, and overlap in their use.See Stallings Table 1.2 for details of the 5 Security Service categories and the 14 specific services given in X.800.X.800 Service CategoriesAuthenticationAccess controlData confidentialityData integrityNonrepudiation

X.800 divides these services into five categories.20AuthenticationConcerned with assuring that a communication is authenticIn the case of a single message, assures the recipient that the message is from the source that it claims to be fromIn the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties21The authentication service is concerned with assuring that a communication isauthentic. In the case of a single message, such as a warning or alarm signal, thefunction of the authentication service is to assure the recipient that the messageis from the source that it claims to be from. In the case of an ongoing interaction,such as the connection of a terminal to a host, two aspects are involved. First,at the time of connection initiation, the service assures that the two entities areauthentic, that is, that each is the entity that it claims to be. Second, the servicemust assure that the connection is not interfered with in such a way that a thirdparty can masquerade as one of the two legitimate parties for the purposes ofunauthorized transmission or reception.

Two specific authentication services are defined in X.800:

Peer entity authentication: Provides for the corroboration of the identityof a peer entity in an association. Two entities are considered peers if theyimplement to same protocol in different systems; for example two TCP modulesin two communicating systems. Peer entity authentication is provided foruse at the establishment of, or at times during the data transfer phase of, aconnection. It attempts to provide confidence that an entity is not performingeither a masquerade or an unauthorized replay of a previous connection.

Data origin authentication: Provides for the corroboration of the source of adata unit. It does not provide protection against the duplication or modificationof data units. This type of service supports applications like electronic mail,where there are no prior interactions between the communicating entities.Access ControlThe ability to limit and control the access to host systems and applications via communications linksTo achieve this, each entity trying to gain access must first be indentified, or authenticated, so that access rights can be tailored to the individual

In the context of network security, access control is the ability to limit and controlthe access to host systems and applications via communications links. To achievethis, each entity trying to gain access must first be identified, or authenticated, sothat access rights can be tailored to the individual.22Data ConfidentialityThe protection of transmitted data from passive attacksBroadest service protects all user data transmitted between two users over a period of timeNarrower forms of service includes the protection of a single message or even specific fields within a messageThe protection of traffic flow from analysisThis requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility Confidentiality is the protection of transmitted data from passive attacks. Withrespect to the content of a data transmission, several levels of protection can beidentified. The broadest service protects all user data transmitted between twousers over a period of time. For example, when a TCP connection is set up betweentwo systems, this broad protection prevents the release of any user data transmittedover the TCP connection. Narrower forms of this service can also be defined,including the protection of a single message or even specific fields within a message.These refinements are less useful than the broad approach and may even be morecomplex and expensive to implement.

The other aspect of confidentiality is the protection of traffic flow from analysis.This requires that an attacker not be able to observe the source and destination, frequency,length, or other characteristics of the traffic on a communications facility.23Data Integrity As with confidentiality, integrity can apply to a stream of messages, a single message,or selected fields within a message. Again, the most useful and straightforwardapproach is total stream protection.

A connection-oriented integrity service, one that deals with a stream of messages,assures that messages are received as sent with no duplication, insertion,modification, reordering, or replays. The destruction of data is also covered underthis service. Thus, the connection-oriented integrity service addresses both messagestream modification and denial of service. On the other hand, a connectionless integrityservice, one that deals with individual messages without regard to any largercontext, generally provides protection against message modification only.

We can make a distinction between service with and without recovery.Because the integrity service relates to active attacks, we are concerned with detectionrather than prevention. If a violation of integrity is detected, then the servicemay simply report this violation, and some other portion of software or humanintervention is required to recover from the violation. Alternatively, there aremechanisms available to recover from the loss of integrity of data, as we will reviewsubsequently. The incorporation of automated recovery mechanisms is, in general,the more attractive alternative.24Nonrepudiation Prevents either sender or receiver from denying a transmitted messageWhen a message is sent, the receiver can prove that the alleged sender in fact sent the messageWhen a message is received, the sender can prove that the alleged receiver in fact received the message Nonrepudiation prevents either sender or receiver from denying a transmitted message.Thus, when a message is sent, the receiver can prove that the alleged sender infact sent the message. Similarly, when a message is received, the sender can provethat the alleged receiver in fact received the message.25

Table 1.2 Security Services (X.800)

(This table is found on page 18 in textbook) X.800 divides these services into five categories and fourteen specific services(Table 1.2).26Security Mechanismfeature designed to detect, prevent, or recover from a security attackno single mechanism that will support all services requiredhowever one particular element underlies many of the security mechanisms in use:cryptographic techniqueshence our focus on this topic

27Now introduce Security Mechanism which are the specific means of implementing one or more security services.Note these mechanisms span a wide range of technical components, but one aspect seen in many is the use of cryptographic techniques.Security Mechanisms (X.800)specific security mechanisms:encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarizationpervasive security mechanisms:trusted functionality, security labels, event detection, security audit trails, security recovery

28Some examples of mechanisms from X.800. Note that the specific security mechanisms are protocol layer specific, whilst the pervasive security mechanisms are not. We will meet some of these mechanisms in much greater detail later.See Stallings Table 1.3 for details of these mechanisms in X.800, and Table 1.4 for the relationship between services and mechanisms.Model for Network Security

29In considering the place of encryption, its useful to use the following two models from Stallings section 1.6.The first, illustrated in Figure 1.5, models information flowing over an insecure communications channel, in the presence of possible opponents. Hence an appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party. Model for Network Securityusing this model requires us to: design a suitable algorithm for the security transformation generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information specify a protocol enabling the principals to use the transformation and secret information for a security service 30This general model shows that there are four basic tasks in designing a particular security service, as listed.Model for Network Access Security

31The second, illustrated in Figure 1.6, model is concerned with controlled access to information or resources on a computer system, in the presence of possible opponents. Here appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also. Model for Network Access Securityusing this model requires us to: select appropriate gatekeeper functions to identify users implement security controls to ensure only authorised users access designated information or resources trusted computer systems may be useful to help implement this model

32Detail here the tasks needed to use this model.Note that trusted computer systems (discussed in Ch 20 can be useful here).

Summaryhave considered:definitions for: computer, network, internet securityX.800 standardsecurity attacks, services, mechanismsmodels for network (access) security33Chapter 1 summary.