22EC2210R

NETWORK PROTOCOLS AND SECURITY

Session-31
Introduction to Security &
Security attacks

1
Introduction to Security
Security:
Ensuring the (secrecy) confidentiality, data integrity
and availability of components of computer system.
1. Network security – measures to protect data during
their transmission
2. Internet security - measures to protect data during
their transmission over a collection of interconnected
networks
3. Computer security – the protection afforded to an
automated information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information system
resources. 2
Key Security Concepts

Authentication
Non-repudiation
3
Security Goals
• To protect computer assets from human errors, natural
disasters, physical and electronic maliciousness.

4
Confidentiality
• Assures that private or confidential information is not made
available or disclosed to unauthorized individuals
• Specifies that only the sender and the intended recipient(s) should
be able to access the contents of a message.
• Another user C gets access to this message, which is not desired
and therefore, defeats the purpose of confidentiality.

5
Integrity
• Data integrity
Assures that information and programs are changed
only in a specified and authorized manner.
• System integrity
Assures that a system performs its intended
function in an unimpaired manner, free from deliberate
or inadvertent unauthorized manipulation of the system.

6
Availability
• Assures that systems work promptly and service is not
denied to authorized users.
• Ensuring that authorized parties are not denied access to
information and resources.
• Ensuring that the computer works when it is supposed to
work and that it works the way it should.

7
Authentication
• Authentication is the process of verifying the identity of
user or information.
• User authentication is the process of verifying the identity
of user when that user logs into a computer system.
• The main objective of authentication is to allow
authorized users to access the computer and to deny
access to the unauthorized users.

8
Non-repudiation
• Non-repudiation is the assurance that someone cannot
deny something.
• It refers to the ability to ensure that a party to a contract
or a communication cannot deny the authenticity of their
signature on a document or the sending of a message
that they originated.
• It does not allow the sender of a message to refuse the
claim of not sending that message.

9
Security Attacks

10
Levels of Impact

We can define 3 levels of impact from a security attack

Low - The loss is minor

11
Security Attacks
• Any action that compromises the security of information
owned by an organization.
• Types
- Passive Attack
• Just to obtain information. Does not Modify or harm the
system.

- Active Attack
• May Change the Data and harm the system.

12
Passive Attacks
• Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions.
• The goal of the opponent is to obtain information that is
being transmitted.
• Two types of passive attacks
- release of message contents
- traffic analysis

13
Passive Attack (a) Release of message Contents

14
Passive Attack (b) Traffic analysis

15
Active Attacks
• Active attacks involve some modification of the data
stream or the creation of a false stream
• It can be subdivided into four categories:
- masquerade
- replay
- modification of messages
- denial of service.

16
Active Attacks (a) Masquerade

17
Active Attacks (b) Replay

18
Active Attacks (c) Modification of messages

19
Active Attacks (d) Denial of service

20
Handling Attacks
• Passive attacks – focus on Prevention
- Easy to stop
- Hard to detect
• Active attacks – focus on Detection and Recovery
- Hard to stop
- Easy to detect

21
Security Services
• Authentication - assurance that communicating entity is
the one claimed
- have both peer-entity & data origin authentication
• Access Control - prevention of the unauthorized use of a
resource
• Data Confidentiality –protection of data from unauthorized
disclosure
• Data Integrity - assurance that data received is as sent by
an authorized entity
• Non-Repudiation - protection against denial by one of the
parties in a communication
• Availability – resource accessible/usable
22
Security Mechanism
1. SPECIFIC SECURITY MECHANISMS:
May be incorporated into the appropriate protocol layer
in order to provide some of the OSI security services
2. PERVASIVE SECURITY MECHANISMS:
Mechanisms that are not specific to any particular OSI
security service or protocol layer.

23
SPECIFIC SECURITY MECHANISMS
i. Encipherment
- The use of mathematical algorithms to transform data
into a form that is not readily intelligible.
- The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption
keys.
ii. Digital Signature
- Data appended to, or a cryptographic transformation of,
a data unit that allows a recipient of the data unit to
prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).

24
Security Mechanism
iii. Access Control
- A variety of mechanisms that enforce access rights to
resources.
iv. Data Integrity
- A variety of mechanisms used to assure the integrity of
a data unit or stream of data units.
v. Authentication Exchange
- A mechanism intended to ensure the identity of an
entity by means of information exchange.

25
Security Mechanism
vi. Traffic Padding
- The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
vii. Routing Control
- Enables selection of particular physically secure routes
for certain data and allows routing changes, especially
when a breach of security is suspected.
viii. Notarization
- The use of a trusted third party to assure certain
properties of a data exchange.

26
PERVASIVE SECURITY MECHANISMS
i. Trusted Functionality
- That which is perceived to be correct with respect to
some criteria (e.g., as established by a security policy).
ii. Security Label
- The marking bound to a resource (which may be a data
unit) that names or designates the security attributes of
that resource.
iii. Event Detection
- Detection of security-relevant events.

27
Security Mechanism
iv. Security Audit Trail
- Data collected and potentially used to facilitate a
security audit, which is an independent review and
examination of system records and activities.
v. Security Recovery
- Deals with requests from mechanisms, such as event
handling and management functions, and takes recovery
actions.

28