Cryptography and Network Security

Abstract- 1. Introduction to Cryptography

Cryptography and Network security are Cryptography has been employed for keeping secrets
two complicated subjects.As people become “wired”, since the time of Caesar. From the simplest ciphers of
an increasing number of people need to understand shifting letters, to mathematically provably secure ciphers
the basics of security in a networked world. of today, cryptography has progressed a long way.
Cryptography makes it possible to keep data secure over
Cryptography helps in making the data to be secure
an insecure network. The basic idea of cryptography is to
over an insecure network. Network security helps in
take a plaintext message, combine it with a key, and get
maintaining the network to be in secured mode. ciphertext output. The process of encrypting plaintext
We discussed on to consider risk management, messages is encryption. Getting the plaintext back from
network threats, firewalls, and more special-purpose the ciphertext is decryption. The process of trying to
secure networking devices. break a cryptosystem is cryptanalysis.

We mainly emphasis on: 2. Foundations of Cryptography

The earliest use of cryptography was used by
• Introduction to Cryptography Caesar to transmit vital commands to and from his
officers. The method he use was simple, but highly
• Foundations of Cryptography effective for the time. The idea was to take each letter,
• Key Distribution and shift it by a number of characters. So for a shift of 2,
A would become C, E would become G, M would
• Key Services become O, and so on.
• Uses of Cryptography Another variant of the same scheme is just to
randomly replace one letter for another, or the
• Introduction to Networking transposition cipher. The advantage here is that instead of
25 possible ways to permute the text, there are 25! .The
• TCP/IP as Language of Internet
primary method used to transposition ciphers on language
• Internet Protocol text is to use a frequency table.
The beginning of modern cryptography is the use
• Popularity
of the XOR digital operation. XOR is an invertible bit
• Security level manipulation. It is defined by the following table.
Input1 Input2 Output
• Data Diddling 0 0 0
• Data Destruction 0 1 1
1 0 1
• Firewalls 1 1 0
• Types of Firewalls If a key of length equal to the message you want to
encrypt is used and securely transmitted, then the
• Secure and Network Devices encrypted message is perfectly secure. The use of a very
long key in a set of repeated XOR operations is called a
One Time Pad (OTP).
We discussed about the UUCP, Risk Management,
Types and Sources of Threats, Types of Fire walls, 2.1 Encryption modes and Techniques
Security Network Devices, Encryption Modes and
The two principle modes of operation for ciphers
Techniques and Keys in Network Security and
are stream and block ciphers. You put in a bit, and a bit
Cryptography. NetworkSecurity & Cryptography is comes out. Incoming cipher text should ideally produce
most useful for better way of using the internet what appears to be random output. Although stream
without any problems. ciphers have their uses, the more common mode of
operation is the block cipher. In this mode a block of bits
is operated on as a whole and results in a block of cipher
text.The most famous block cipher is DES, or the Data
Encryption Standard. Other common ones are Blowfish,
IDEA, and the new AES. Some Popular Networks
We're going to look at two of these networks, both of
ECB, CBC, and CTR modes
which are “public” networks. Anyone can connect to
The way to use a block cipher is to fill the block with either of these networks, or they can use types of
plaintext, and then to run the cipher on it. When using networks to connect their own hosts (computers)
this method, Electronic Codebook (ECB). To solve this together, without connecting to the public networks. Each
undesirable property, two other modes are used. The most type takes a very different approach to providing network
common oneis the Cipher Block Chaining, or CBC. In services.
this process the previous cipher text is XOR'ed with the
plaintext block before it is encrypted. UUCP
A flow of ECB, CBC, and CTR modes
UUCP (Unix-to-Unix CoPy) was originally developed to
connect Unix hosts together. UUCP has since been ported
ECB: Plaintext-> |Encryptor| -> Ciphertext
to many different architectures, including PCs, Macs,
Amigos, Apple IIs, VMS hosts, everything else you can
CBC: Plaintext -> |XOR| -> |Encryptor| -> Ciphertext
name.
Past block ---^
Batch - Oriented Processing
CTR: Plaintext -> |Combine| -> |Encryptor| -> Ciphertext
Counter -------^ UUCP and similar systems are batch-oriented systems:
3. Key Distribution everything that they have to do is added to a queue, and
then at some specified time, everything in the queue is
The problem with the crypto-systems of past was
processed.
keeping the key secure, and securely communicating the
key to the other party. The general problem of this is key
distribution. 7. TCP/IP Language of Internet
Public key has solved the problem of key TCP/IP (Transport Control Protocol/Internet Protocol) is
distribution. In a public key cryptography system, there the “language” of the Internet. Anything that can learn to
are two keys. One is for encrypting, and the other is for “speak TCP/IP” can play on the Internet. This is
decrypting. functionality that occurs at the Network (IP) and
Transport (TCP) layers in the ISO/OSI Reference Model.
4. Key Services Consequently, a host that has TCP/IP functionality (such
as Unix, OS/2, Mac OS, or Windows NT) can easily
The only problem with public key cryptography is
support applications (such as Netscape's Navigator) that
ensuring that the person who is giving you their key, is
uses the network.
really them, and it is their key.
Open Design
5. Use of Cryptosystems One of the most important features of TCP/IP isn't a
The most commonly used is the hash function. The technological one: The protocol is an “open” protocol ,
idea is that a small message can be created to determine if and anyone who wishes to implement it may do so freely.
a message is the same as the one that was used to Engineers and scientists from all over the world
generate the hash. The most common message hash participate in the IETF (Internet Engineering Task Force)
algorithm is MD5, and is used for many distributors of working groups that design the protocols that make the
programs as their hash algorithm of choice for their Internet work. Their time is typically donated by their
packages. companies, and the result is work that benefits everyone.
Thus Cryptography helps in making the data to be
secure over an insecure network. 8. Internet Protocol
As noted, IP is a “network layer” protocol. This is the
6. Introduction to Networking layer that allows the hosts to actually “talk” to each other.
A “network” is defined as “any set of Such things as carrying datagram, mapping the Internet
interlinking lines resembling a net, a network of roads or address (such as 10.2.3.4) to a physical network address
an interconnected system, a network of alliances.” This (such as 08:00:69:0a:ca:8f), and routing, which takes care
definition suits our purpose well: a computer network is of making sure that all of the devices that have Internet
simply a system of interconnected computers. connectivity can find the way to each other.
 naughty person. The naughty person on host H watches
8.1 Understanding IP the traffic between A and G, and runs a tool which starts
to impersonate A to G, and at the same time tells A to
IP has a number of very important features which make it
shut up, perhaps trying to convince it that G is no longer
an extremely robust and flexible protocol. For our
on the net (which might happen in the event of a crash, or
purposes, though, we're going to focus on the security of
major network outage). After a few seconds of this, if the
IP, or more specifically, the lack thereof.
attack is successful, naughty person has ``hijacked'' the
session of our user. Anything that the user can do
8.2 Attacks against IP
legitimately can now be done by the attacker,
A number of attacks against IP are possible. Typically, illegitimately. As far as G knows, nothing has happened.
these exploit the fact that IP does not perform a robust This can be solved by replacing standard telnet-type
mechanism for authentication, which is proving that a applications with encrypted versions of the same thing. In
packet came from where it claims it did. A packet simply this case, the attacker can still take over the session, but
claims to originate from a given address, and there isn't a he'll see only ``gibberish'' because the session is
way to be sure that the host that sent the packet is telling encrypted. The attacker will not have the needed
the truth. This isn't necessarily a weakness, but it is an cryptographic key(s) to decrypt the data stream from G,
important point, because it means that the facility of host and will, therefore, be unable to do anything with the
authentication has to be provided at a higher layer on the session.
ISO/OSI Reference Model. Today, applications that
require strong host authentication (such as cryptographic 8.3 TCP
applications) do this at the application layer.
TCP is a transport-layer protocol. It needs to sit on top of
a network-layer protocol, and was designed to ride atop
IP Spoofing
IP. ( Just as IP was designed to carry, among other things,
This is where one host claims to have the IP address of TCP packets.) Because TCP and IP were designed
another. Since many systems (such as router access together and wherever you have one, you typically have
control lists) define which packets may and which the other, the entire suite of Internet protocols is known
packets may not pass based on the sender's IP address, collectively as “TCP/IP”. TCP itself has a number of
this is a useful technique to an attacker: he can send important features that we'll cover briefly.
packets to a host, perhaps causing it to take some sort of
action. Guaranteed Packet Delivery
Additionally, some applications allow login based on the
Probably the most important is guaranteed packet
IP address of the person making the request (such as the
delivery. Host A sending packets to host B expects to get
Berkeley r-commands). These are both good examples
acknowledgments back for each packet. If B does not
how trusting non-trustable layers can provide security
send an acknowledgment within a specified amount of
that is -- at best -- weak.
time, A will resend the packet.
Applications on host B will expect a data stream from a
IP Session Hijacking
TCP session to be complete, and in order. As noted, if a
This is a relatively sophisticated attack, first described by packet is missing, it will be resent by A, and if packets
Steve Bellovin. This is very dangerous, however, because arrive out of order, B will arrange them in proper order
there are now toolkits available in the underground before passing the data to the requesting application.
community that allow otherwise unskilled bad-guy- This is suited well toward a number of applications, such
wannabes to perpetrate this attack. IP Session Hijacking as a telnet session. A user wants to be sure that the remote
is an attack whereby a user's session is taken over, being host receives every keystroke, and that it gets every
in the control of the attacker. If the user was in the middle packet sent back, even if this means occasional slight
of email, the attacker is looking at the email, and then can delays in responsiveness while a lost packet is resent, or
execute any commands he wishes as the attacked user. while out-of-order packets are rearranged.
The attacked user simply sees his session dropped, and It is not suited well toward other applications, such as
may simply login again, perhaps not even noticing that streaming audio or video, however. In these, it doesn't
the attacker is still logged in and doing things. really matter if a packet is lost (a lost packet in a stream
For the description of the attack, let's return to our large of 100 won't be distinguishable) but it does matter if they
network of networks. In this attack, a user on host A is arrive late (i.e., because of a host resending a packet
carrying on a session with host G. Perhaps this is a telnet presumed lost), since the data stream will be paused
session, where the user is reading his email, or using a while the lost packet is being resent. Once the lost packet
Unix shell account from home. Somewhere in the is received, it will be put in the proper slot in the data
network between A and B sits host H, which is run by a stream, and then passed up to the application.
8.4 UDP
UDP (User Datagram Protocol) is a simple transport-
layer protocol. It does not provide the same features as
TCP, and is thus considered “unreliable.” Again,
although this is unsuitable for some applications, it does
have much more applicability in other applications than
the more reliable and robust TCP.
Lower Overhead than TCP
One of the things that make UDP nice is its simplicity.
Because it doesn't need to keep track of the sequence of Figure 1. A sample UUCP network.
packets, whether they ever made it to their destination,
etc., it has lower overhead than TCP. This is another In a UUCP network, users are identified in the format
reason why it's more suited to streaming-data host!Userid. The “!” character (pronounced “bang” in
applications: there's less screwing around that needs to be networking circles) is used to separate hosts and users.
done with making sure all the packets are there, in the 9. Popularity
right order, and that sort of thing.
UUCP connections are typically made hourly, daily, or
8.5 Implementation Environment weekly, there is a fair bit of delay in getting data from
one user on a UUCP network to a user on the other end of
Building a UUCP network is a simple matter of the network. UUCP isn't very flexible, as it's used for
configuring two hosts to recognize each other, and know simply copying files Interactive protocols
how to get in touch with each other. Adding on to the 10. Security
network is simple; if hosts called A and B have a UUCP
network between them, and C would like to join the UUCP has security tradeoffs. Some strong points for its
network, then it must be configured to talk to A and/or B. security is that it is fairly limited in what it can do, and
Naturally, anything that C talks to must be made aware of it's therefore more difficult to trick into doing something
C's existence before any connections will work. Now, to it shouldn't; it's been around a long time, and most its
connect D to the network, a connection must be bugs have been discovered, analyzed, and fixed;.
established with at least one of the hosts on the network, UUCP works by having a system-wide UUCP user
and so on. account and password. Any system that has a UUCP
connection with another must know the appropriate
A Sample UCCP Network password for the UUCP or NUUCP account.

10.1 Risk Management-The Game of Security

A Sample UCCP Network It's very important to understand that in security, one
simply cannot say “what's the best firewall?” There are
two extremes: absolute security and absolute access.

10.2 Types and Sources of Networks Threats

The types of threats there are against networked
computers, and then some things that can be done to
protect you against various threats are:

Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest,
and most difficult to address. These are the nastiest,
because they're very easy to launch, difficult to track, and
it isn't easy to refuse the requests of the attacker.
Some things that can be done to reduce the risk of being
stung by a denial of service attack include
Not running your visible-to-the-world servers at a level
too close to capacity using packet filtering to prevent
obviously forged packets from entering into your network
address space.
Keeping up-to-date on security-related patches for your
host’s operating systems. 12.1 Bastion host
A general-purpose computer used to control access
Unauthorized Access
between the internal network and the Internet.
“Unauthorized access” is a very high-level term that can
refer to a number of different sorts of attacks. The goal of 12.2 Router
these attacks is to access some resource that your
A special purpose computer for connecting networks
machine should not provide the attacker.
together. Routers also handle certain functions, such as
routing, or managing the traffic on the networks they
Executing Commands Illicitly
connect.
There are two main classifications of the severity of this
problem: normal user access, and administrator access. A 12.3 Access Control List (ACL)
normal user can do a number of things on a system that
Many routers now have the ability to selectively perform
an attacker should not be able to do. This might, then, be
their duties, based on a number of facts about a packet
all the access that an attacker needs.
that comes to it. This includes things like origination
address, destination address, destination service port.
11. Destructive Behavior
Among the destructive sorts of break-ins and attacks, 12.4 Demilitarized Zone (DMZ).
there are two major categories:
Data Diddling The DMZ is a critical part of a firewall: it is a network
that is neither part of the un-trusted network, nor part of
Data Destruction the trusted network. But, this is a network that connects
the
un trusted to the trusted. The importance of a DMZ is
11.1 Data Diddling. tremendous: someone who breaks into your network from
The data fiddler is likely the worst sort, since the fact of a the Internet should have to get through several layers in
break-in might not be immediately obvious. Perhaps he's order to successfully do so.
toying with the numbers in your spreadsheets, or
changing the dates in your projections and plans. 12.5 Proxy
This is the process of having one host act in behalf of
11.2 Data Destruction. another. A host that has the ability to fetch documents
Some of those perpetrate attacks are simply twisted jerks from the Internet might be configured as a proxy server ,
who like to delete things. and host on the intranet might be configured to be proxy
clients.
They Come From
13. Types of Firewalls
How, though, does an attacker gain access to your
equipment? There are three basic types of firewalls, and we'll
Through any connection that you have to the outside consider each of them.
world .
In order to be able to adequately address security, all 13.1 Application Gateways
possible avenues of entry must be identified and
The first firewalls were application gateways, and are
evaluated. The security of that entry point must be
sometimes known as proxy gateways. These are made up
consistent with your stated policy on acceptable risk
of bastion hosts that run special software to act as a proxy
levels.
server.

12. FIREWALLS 13.2 Packet Filtering

In order to provide level of separation between an Packet filtering is a technique whereby routers have ACL
organization's intranet and the Internet, firewalls have (Access Control Lists) turned on. By default, a router will
been employed. A firewall is simply a group of pass all traffic sent it, and will do so without any sort of
components that collectively form a barrier between two restrictions. Employing ACL is a method for enforcing
networks. your security policy with regard to what sorts of access
A number of terms specific to firewalls and networking
are:
 you allow the outside world to have to your internal
network.

13.3 Hybrid Systems

In some systems, new connections must be authenticated
and approved at the application layer. Once this has been
done, the remainder of the connection is passed down to
the session layer.

14. Secure and Network Devices

It's important to remember that the firewall only one entry
point to your network.

14.1 Secure Modems: Dial-Back Systems

If modem access is to be provided, this should be guarded
carefully. The terminal server, or network device that
provides dial-up access to your network needs to be
actively administered, and its logs need to be examined
for strange behavior. Its password need to be strong -- not
ones that can be guessed.

14.2 Crypto-Capable Routers

A feature that is being built into some routers is the
ability to session encryption between specified routers.
Because traffic traveling across the Internet can be seen
by people in the middle who have the resources to snoop
around, these are advantageous for providing connectivity
between two sites, such that there can be secure routes.

14.3 Virtual Private Networks

VPN (Virtual Private Networks) provide the ability for
two offices to communicate with each other in such a
way that it looks like they're directly connected over a
private leased line.

15.Conclusion
We discussed about the UUCP, Risk Management,
Types and Sources of Threats, Types of Fire walls,
Security Network Devices.
Thus we come to know that Network Security is most
useful for better way of using the internet without any
problems. Network security helps in maintaining the
network to be in secured mode.

Bibliography
1. RSA Security’s Complete Reference – Burnett
2. www.cryptography.com
3. IEEE Network Security Journal Vol. 32 Paper. 4
4. Handbook of Applied Cryptography