Network Security & Role of Cryptography By Raj Kumar Rampelli
May 24, 2015
Network Security &
Role of Cryptography
ByRaj Kumar Rampelli
Need for Network security Classification of Network Attacks
◦ Possible Attacks
Security Features Security Mechanism: Cryptography Types of Encryption-Decryption techniques
◦ Symmetric: Shared Key Type◦ Asymmetric: Public/Private Key Type
Public Key Infrastructure Digital Signature Public Key Infrastructure implementation and its factors
◦ Generation of key pair◦ Obtain Digital certificate◦ Encryption/Decryption analysis◦ Digital certificate role
Conclusion
Outline
04/12/2023Raj Kumar Rampelli 2
What is a Network ?◦ Data Carrier
Data ?◦ Anything which conveys something between
1st person (sender/receiver) and 2nd person (receiver/sender)
Categories of Data ?◦ Normal◦ Confidential Data can’t be enclosed to 3rd person.
Goal ?◦ Protection of DATA i.e. Information Security.◦ Preventing compromise or loss of DATA from unauthorized
access
Need for Network Security
04/12/2023Raj Kumar Rampelli 3
What is Network Attack ?◦ An action that compromises the security of DATA
Categories of Attacks◦ Passive
Learn from DATA and make use of system information Do not alter the DATA Very difficult to identify the attack Ex: Eavesdropping (Interception)
◦ Active Modifies the DATA Ex: Denial of Service
Possible Attacks◦ Interruption◦ Interception◦ Modification◦ Fabrication
Classification of Attacks
04/12/2023Raj Kumar Rampelli 4
Normal Flow
Interruption
◦ Attack on “availability” Disconnection of a wireless or wired internet
connection Unavailability of a particular web site Inability to access any web site
Possible Attacks
Sender ReceiverDisturb
Sender Receiver
04/12/2023Raj Kumar Rampelli 5
Interception (No Privacy)
◦ Attack on “confidentiality”◦ Packet Analyzer software
Intercept and log traffic passing over a network Captures each Packet and decodes the data Ex: Microsoft Network Monitor
◦ Man in the middle attack◦ Wiretapping: capture the data◦ Intruder can be a person or a program or a computer
Possible Attacks (cont.)
Sender Receiver
Intruder
04/12/2023Raj Kumar Rampelli 6
Modification◦ Attacker modifies the data sent by the sender◦ Gain access to a system and make changes
Alter programs so that it performs differently◦ Attack on “Integrity”
Fabrication◦ Attacker acts like Sender◦ Gain access to a person’s email and sending
messages◦ Attack on “Authenticity”◦ Lack of mutual authentication
Possible Attacks (cont.)
04/12/2023Raj Kumar Rampelli 7
A Transaction/Communication (or a service) is secure if and only if the following security features are provided◦ Confidentiality◦ Integrity◦ Authenticity (Mutual Authentication)◦ Non-repudiation
Cryptography◦ Symmetric key Cryptography◦ Public Key Infrastructure
Security Features
04/12/2023Raj Kumar Rampelli 8
Cryptography
Services•Provide security features
Symmetric Key Cryptography
•Data Encryption
Standard (DES)•Triple DES
•Advanced ES
Public Key Infrastructure•Public-Private
Key•RSA•ECC
Encryption and
Decryption•Cypher Text
Digital Signature
Digital Certificate
Security Mechanism: Cryptography
String of information that binds the unique identifier of each user to his/her
corresponding public key.
A mathematical scheme for demonstrating the authenticity, non-repudiation and integrity of
a digital message
04/12/2023Raj Kumar Rampelli 9
Symmetric Key scenario
Public-Private Key scenario
Encryption-Decryption Techniques
Sender (plain text) SK(plain text)
Cipher Text (Encrypted
text)
Receiver SK(Cipher text) Plain
text
Sender (plain text) PubKey(plain
text)
Cipher Text (Encrypted
text)
Receiver PrivKey(Cipher text)
Plain text
04/12/2023Raj Kumar Rampelli 10
• Generation of Public-Private key pair
• Generation of certificate request message
• Receive and store digital certificates
• Encryption and Decryption• Generation and verification of
digital signature message• Verification of Digital certificate
Performance factors at client
PKI Implementation
04/12/2023Raj Kumar Rampelli 11
Generate public and private key pair at client Check the following details using different
Public Key Cryptography (PKC) algorithms◦ Time taken for key pair generation◦ Storage space required for storing the key pair◦ Repeat above two steps by changing the key size in
the algorithm◦ Analyze the results and choose optimal algorithm
suitable for your application. PKC algorithms
◦ RSA◦ ECC
Performance factor-1:Generation of Key Pair
04/12/2023Raj Kumar Rampelli 12
Generate certificate request message (CRM) using public-private key pair
Apply for new Digital Certificate◦ Send CRM and user/app credentials to Certificate
Authority (CA) CA verifies the requester credentials
◦ Approves/Rejects the application◦ If approved,
Generate Digital Certificate using requester credential with public key information
Store it in Digital certificate data base locally Send Digital certificate to requester
Receive Digital certificate from CA and store locally.
Performance factor-2:Obtain Digital certificate
04/12/2023Raj Kumar Rampelli 13
String of information that binds the unique identifier of each client to his/her corresponding public key.
Pre-requite for obtaining Digital certificate◦ Generate public-private key pair locally◦ Generate certificate request message
Digital certificate used to authenticate server credentials during mutual authentication process
Mutual authentication process:◦ a client authenticating themselves to a server and that server
authenticating itself to the user in such a way that both parties are assured of the others' identity [wiki]
Authenticating an entity using its Digital certificate:◦ Check the validity period of certificate◦ Verify the digital signature of CA on the certificate using CA’s
public key
What is Digital certificate
04/12/2023Raj Kumar Rampelli 14
Client encrypts the message using server’s public key The time taken for encryption of fixed size message
◦ Using server’s ECC public key◦ Using server’s RSA public key◦ Analyze the results.
Client decrypts the received message (from server) using client’s private key
The time taken for decryption of fixed size message◦ Using client’s ECC private key◦ Using client’s RSA private key◦ Analyze the results.
Performance factor-3:Encryption of Data at client
04/12/2023Raj Kumar Rampelli 15
A valid digital signature gives a recipient reason to believe that the message was created by a known sender (Authenticity), such that the sender cannot deny having sent the
message (Non-repudiation) and that the message was not altered in transit (Integrity).
Performance factor-4:Digital signature generation & verification
04/12/2023Raj Kumar Rampelli 16
A method to Secure “Data transactions” between users is needed◦ Should ensure all desired security features for any
transaction. Cryptography: collections of standards/techniques for
securing the Data.◦ PKI ensures all security features
As the key size increases, the more difficult to crack the data.
Analyze PKI Implementation factors using different cryptographic algorithms with different key sizes
Digital certificate: Mainly used for authenticity Digital signature: Mainly used for Integrity of data
Conclusion
04/12/2023Raj Kumar Rampelli 17
THANK YOU
Have a Look at: My PPTs: http://www.slideshare.net/rampalliraj/
My Tech Blog:
http://practicepeople.blogspot.in/
04/12/2023Raj Kumar Rampelli 18