Arab Open University(AOU)

Faculty of Computing Study

Network & Security program

T318
APPLIED NETWORK SECURITY

Dr. Mahmoud Attalah

Mahmoud.Attalah@aou.edu.eg

Chapter 1
Introduction to Security

1
Cryptographic algorithms and protocols
❖ Cryptographic algorithms and protocols can be grouped
into four main areas:
Symmetric encryption

•Used to conceal the contents of blocks or streams of data of any

size, including messages, files, encryption keys, and passwords

Asymmetric encryption

•Used to conceal small blocks of data, such as encryption keys

and hash function values, which are used in digital signatures

Data integrity algorithms

•Used to protect blocks of data, such as messages, from

alteration

Authentication protocols

•Schemes based on the use of cryptographic algorithms designed

to authenticate the identity of entities

2
 What Is Security?

❖ Computer Security
▪ The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources [NIST
Computer Security Handbook].

❖ Network and Internet Security

▪ Measures to deter, prevent, detect, and correct security violations
that involve transmission of information[Stallings, Cryptography and
Network Security].

3
 Computer Security

The NIST Computer Security Handbook defines the

term computer security as:

“the protection afforded to an automated

information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources” (includes
hardware, software, firmware, information/
data, and telecommunications)
4
 Computer Security Objectives

1. Confidentiality

▪ Data confidentiality: Assures that private or confidential

information is not made available or disclosed to

unauthorized individuals

▪ Privacy: Assures that individuals control or influence

what information related to them may be collected

and stored and by whom and to whom that
information may be disclosed

5
 Computer Security Objectives(cont.)

2. Integrity
▪ Data integrity: Assures that information and programs are
changed only in a specified and authorized manner

▪ System integrity: Assures that a system performs its intended

function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system

3. Availability
▪ Assures that systems work promptly and service is not denied
to authorized users
6
 Computer Security Objectives(cont.)
Others: Authenticity, Accountability

Figure 1.1 Essential Network and Computer Security Requirements

7
Breach of Security Levels of Impact

The loss could be expected to have

a severe or catastrophic adverse
High effect on organizational
operations, organizational assets,
or individuals

The loss could be expected

to have a serious adverse
Moderate effect on organizational
operations, organizational
assets, or individuals

The loss could be

expected to have a
limited adverse effect
on organizational
Low operations,
organizational assets, or
individuals

8
 Impact of Security Breaches

❖ How do security breaches impact organizations?

▪ Electiveness of primary operations are reduced

▪ Financial loss

▪ Damage to assets

▪ Harm to individuals

❖ Different levels of impact. [E.g. FIPS Publication 199 denes:

Low/Minor, Moderate/Significant, High/Severe

9
 Computer Security Challenges

▪ Security is not simple

▪ Potential attacks on the security features need to be considered

▪ Procedures used to provide particular services are often

counter-intuitive

▪ It is necessary to decide where to use the various security

mechanisms

▪ Requires constant monitoring

▪ Is too often an afterthought

10
 Computer Security Challenges(cont.)

▪ Security mechanisms typically involve more than a particular

algorithm or protocol

▪ Security is essentially a battle of wits between a perpetrator and

the designer

▪ Little benefit from security investment is perceived until a

security failure occurs

▪ Strong security is often viewed as an impediment to efficient and

user-friendly operation

11
 OSI Security Architecture
❖ Security attack
▪ Any action that compromises the security of information owned by an
organization

❖ Security mechanism
▪ A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack

❖ Security service
▪ A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization

▪ Intended to counter security attacks, and they make use of one or more
security mechanisms to provide the service
12
Threats and Attacks (RFC 4949)

13
 Types of Attacks
❖ Passive Attack
▪ Make use of information, but not affect system resources, e.g.
• Release message contents
• Traffic analysis
▪ Relatively hard to detect, but easier to prevent
❖ Active Attack
▪ Alter system resources or operation, e.g.
• Masquerade.
• Replay.
• Modification.
• Denial of service(DOS).
▪ Relatively hard to prevent, but easier to detect

14
 Types of Attacks

Attacks

Active Passive

15
 Types of Attacks(Cont.)
❖ Passive Attack
▪ Make use of information, but not affect system resources, e.g.
• Release message contents
• Traffic analysis
▪ Relatively hard to detect, but easier to prevent

16
 Passive Attacks

❖ Are in the nature of

eavesdropping on, or
monitoring of,
transmissions

❖ Goal of the opponent is to ❖Two types of passive attacks are:

obtain information that is
▪ The release of message
being transmitted
contents
▪ Traffic analysis

17
 Types of Attacks(Cont.)
❖ Active Attack
▪ Alter system resources or
operation, e.g.
• Masquerade.
• Replay.
• Modification.
• Denial of
service(DOS).
▪ Relatively hard to
prevent, but easier to
detect

18
 Active Attacks

❖ Involve some modification

• Takes place when one entity
of the data stream or the Masquerade
pretends to be a different entity
• Usually includes one of the other
creation of a false stream forms of active attack

❖ Difficult to prevent because

• Involves the passive capture of a
of the wide variety of data unit and its subsequent
Replay retransmission to produce an
potential physical, unauthorized effect

software, and network

vulnerabilities Modification • Some portion of a legitimate
message is altered, or messages
❖ Goal is to detect attacks of are delayed or reordered to
messages produce an unauthorized effect
and to recover from any
disruption or delays caused
Denial of • Prevents or inhibits the normal
by them use or management of
service communications facilities

19
Release Message Contents

Figure 1.2 Release Message Contents

20
Traffic Analysis

Figure 1.3 Traffic Analysis

21
Masquerade Attack

Figure 1.4 Masquerade Attack

22
Masquerade Attack

23
Replay Attack

Figure 1.5 Replay Attack

24
Modification Attack

Figure 1.5 Modification Attack

25
Denial of Service Attack

Figure 1.6 Denial of Service Attack

26
 Defining a Security Service

❖ ITU-T X.800: service that is provided by a protocol layer

of communicating systems and that ensures adequate
security of the systems or of data transfers.

❖ IETF RFC 2828: a processing or communication service

that is provided by a system to give a specific kind of
protection to system resources.

❖ Security services implement security policies and are

implemented by security mechanisms.

27
 Table 1.2

Security
Services
(X.800)

28
 Defining a Security Service(Cont.)

❖ Authentication
▪ Concerned with assuring that a communication is authentic
▪ In the case of a single message, assures the recipient that the
message is from the source that it claims to be from
▪ In the case of ongoing interaction, assures the two entities are
authentic and that the connection is not interfered with in such a
way that a third party can masquerade as one of the two legitimate
parties

Two specific authentication services are defined in

X.800:

•Peer entity authentication

•Data origin authentication

29
 Defining a Security Service(Cont.)

❖ Access Control
▪ The ability to limit and control the access to host systems
and applications via communications links

▪ To achieve this, each entity trying to gain access must first

be identified, or authenticated, so that access rights can be
tailored to the individual

30
 Defining a Security Service(Cont.)

❖ Data Confidentiality
▪ The protection of transmitted data from passive attack
• Broadest service protects all user data transmitted between two
users over a period of time

• Narrower forms of service includes the protection of a single

message or even specific fields within a message

▪ The protection of traffic flow from analysis

• This requires that an attacker not be able to observe the source
and destination, frequency, length, or other characteristics of the
traffic on a communications facility

31
 Defining a Security Service(Cont.)

❖ Data Integrity
▪ Can apply to a stream of messages, a single message, or selected
fields within a message
▪ Connection-oriented integrity service, one that deals with a
stream of messages, assures that messages are received as sent
with no duplication, insertion, modification, reordering, or
replays
▪ A connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally
provides protection against message modification only
32
 Defining a Security Service(Cont.)

❖ Nonrepudiation
▪ Prevents either sender or receiver from denying a transmitted
message

▪ When a message is sent, the receiver can prove that the alleged
sender in fact sent the message

▪ When a message is received, the sender can prove that the

alleged receiver in fact received the message

33
 Defining a Security Service(Cont.)

❖ Availability Service
▪ Protects a system to ensure its availability

▪ This service addresses the security concerns raised by denial-

of-service attacks

▪ It depends on proper management and control of system

resources and thus depends on access control service and
other security services

34
 Security Mechanisms

❖ Techniques designed to prevent, detect or recover from attacks

❖ No single mechanism can provide all services

❖ Common in most mechanisms: cryptographic techniques

❖ Specific security mechanisms from ITU-T X.800: Encipherment,

digital signature, access control, data integrity, authentication
exchange, traffic padding, routing control, notarization

❖ Pervasive security mechanisms from ITU-T X.800: Trusted

functionality, security label, event detection, security audit trail,
security recovery

35
 Security Mechanisms (X.800)

❖ Specific Security ❖ Pervasive Security

Mechanisms Mechanisms
▪ Encipherment ▪ Trusted
▪ Digital signatures functionality
▪ Access controls ▪ Security labels
▪ Data integrity ▪ Event detection
▪ Authentication ▪ Security audit
exchange trails
▪ Traffic padding ▪ Security recovery
▪ Routing control
▪ Notarization
36
 Table 1.3

Security
Mechanisms
(X.800)

37
 Fundamental Security Design Principles

❖ Economy of mechanism ❖ Least common mechanism

❖ Fail-safe defaults ❖ Psychological acceptability

❖ Complete meditation ❖ Isolation

❖ Open design ❖ Encapsulation

❖ Separation of privilege ❖ Modularity

❖ Least privilege ❖ Layering

❖ Least astonishment

38
 Fundamental Security Design Principles

Economy of mechanism Fail-safe defaults

❖ Means that the design of ❖ Means that access decisions should
security measures embodied
in both hardware and be based on permission rather than
software should be as simple exclusion
and small as possible
❖ Relatively simple, small design ❖ The default situation is lack of
is easier to test and verify
access, and the protection scheme
thoroughly
❖ With a complex design, there identifies conditions under which
are many more opportunities
access is permitted
for an adversary to discover
subtle weaknesses to exploit ❖ Most file access systems and virtually
that may be difficult to spot
ahead of time all protected services on
client/server use fail-safe defaults
39
Fundamental Security Design Principles

Complete mediation Open design

❖ Means that every access must ❖ Means that the design of a
be checked against the access security mechanism should be
control mechanism open rather than secret
❖ Systems should not rely on ❖ Although encryption keys must
access decisions retrieved from be secret, encryption algorithms
a cache should be open to public
scrutiny
❖ To fully implement this, every
time a user reads a field or ❖ Is the philosophy behind the
record in a file, or a data item in NIST program of standardizing
a database, the system must encryption and hash algorithms
exercise access control
❖ This resource-intensive
approach is rarely used

40
 Fundamental Security Design Principles

Separation of privilege Least privilege

❖ Means that every process and
❖ Defined as a practice in
every user of the system should
which multiple privilege operate using the least set of
attributes are required privileges necessary to perform
to achieve access to a the task
restricted resource ❖ An example of the use of this
principle is role-based access
❖ Multifactor user
control; the system security
authentication is an policy can identify and define
example which requires the various roles of users or
the use of multiple processes and each role is
techniques, such as a assigned only those
password and a smart permissions needed to perform
its functions
card, to authorize a user
41
Fundamental Security Design Principles
Least common Psychological
mechanism acceptability
❖ Means that the design should ❖ Implies that the security
minimize the functions shared mechanisms should not interfere
by different users, providing unduly with the work of users, while
at the same time meeting the needs
mutual security
of those who authorize access
❖ This principle helps reduce the
❖ Where possible, security
number of unintended
mechanisms should be transparent
communication paths and
to the users of the system or, at
reduces the amount of most, introduce minimal obstruction
hardware and software on
which all users depend, thus ❖ In addition to not being intrusive or
making it easier to verify if burdensome, security procedures
there are any undesirable must reflect the user’s mental model
security implications of protection

42
 Fundamental Security Design Principles
Isolation Encapsulation
❖ Applies in three
contexts: ❖ Can be viewed as a specific form of
▪ Public access systems
isolation based on object-oriented
should be isolated functionality
from critical resources ❖ Protection is provided by
to prevent disclosure encapsulating a collection of
or tampering procedures and data objects in a
▪ Processes and files of domain of its own so that the
individual users should internal structure of a data object
be isolated from one is accessible only to the
another except where
it is explicitly desired procedures of the protected
▪ Security mechanisms subsystem, and the procedures may
should be isolated in be called only at designated
the sense of preventing domain entry points
access to those
mechanisms

43
 Fundamental Security Design Principles
Modularity Layering
❖ Refers both to the
❖ Refers to the use of multiple,
development of security
overlapping protection approaches
functions as separate,
addressing the people, technology,
protected modules and
and operational aspects of
to the use of a modular
information systems
architecture for
❖ The failure or circumvention of any
mechanism design and
individual protection approach will
implementation
not leave the system unprotected

44
 Fundamental Security Design Principles

❖Least astonishment
▪ Means that a program or user interface
should always respond in the way that is least
likely to astonish the user
▪ The mechanism for authorization should be
transparent enough to a user that the user
has a good intuitive understanding of how the
security goals map to the provided security
mechanism
45
 Attack Surfaces

❖ An attack surface consists of the reachable and

exploitable vulnerabilities in a system
❖ Examples:
▪ Open ports on outward facing Web and other servers, and code
listening on those ports
▪ Services available on the inside of a firewall
▪ Code that processes incoming data, email, XML, office documents,
and industry-specific custom data exchange formats
▪ Interfaces, SQL, and Web forms
▪ An employee with access to sensitive information vulnerable to a
social engineering attack
46
 Attack Surface Categories

❖ Network attack surface

▪ Refers to vulnerabilities over an enterprise network, wide-
area network, or the Internet

❖ Software attack surface

▪ Refers to vulnerabilities in application, utility, or operating
system code

❖ Human attack surface

▪ Refers to vulnerabilities created by personnel or outsiders

47
Defense in Depth and Attack Surface

Figure 1.7 Defense in Depth and Attack Surface

48
 Attack Tree

❖ A branching, hierarchical data structure that represents a set of

potential techniques for exploiting security vulnerabilities
❖ The security incident that is the goal of the attack is
represented as the root node of the tree, and the ways that an
attacker could reach that goal are represented as branches and
subnodes of the tree
❖ The final nodes on the paths outward from the root, (leaf
nodes), represent different ways to initiate an attack
❖ The motivation for the use of attack trees is to effectively
exploit the information available on attack patterns

49
 LOGO

Figure 1.8 An Attack Tree for Internet Banking Authentication

Model for Network Security

Figure 1.9 Model for Network Security

51
Network Access Security Model

Figure 1.10 Network Access Security Model

52
 Unwanted Access
❖ Placement in a computer system of logic that
exploits vulnerabilities in the system and that
can affect application programs as well as utility
programs such as editors and compilers

❖ Programs can present two kinds of threats:

▪ Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
▪ Service threats
• Exploit service flaws in computers to inhibit use
by legitimate users

53
 Standards

National Institute of Standards and Technology

•NIST is a U.S. federal agency that deals with measurement science, standards, and technology
related to U.S. government use and to the promotion of U.S. private-sector innovation
•Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special
Publications (SP) have a worldwide impact

Internet Society
•ISOC is a professional membership society with world-wide organizational and individual
membership
•Provides leadership in addressing issues that confront the future of the Internet and is the
organization home for the groups responsible for Internet infrastructure standards

ITU-T
•The International Telecommunication Union (ITU) is an international organization within the United
Nations System in which governments and the private sector coordinate global telecom networks
and services
•The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU
and whose mission is the development of technical standards covering all fields of
telecommunications

ISO
•The International Organization for Standardization is a world-wide federation of national standards
bodies from more than 140 countries
•ISO is a nongovernmental organization that promotes the development of standardization and
related activities with a view to facilitating the international exchange of goods and services and to
developing cooperation in the spheres of intellectual, scientific, technological, and economic activity

54
Security Services and Mechanisms

Table 1.4 Security Services and Mechanisms

55
 Summary
❖ Computer security ❖ Security services
concepts ▪ Authentication
▪ Definition ▪ Access control
▪ Examples ▪ Data confidentiality
▪ Challenges ▪ Data integrity
❖ The OSI security ▪ Nonrepudiation
architecture ▪ Availability service
❖ Security attacks ❖ Security mechanisms
▪ Passive attacks
❖ Fundamental
▪ Active attacks security design
principles
▪ Attack surfaces and attack trees
❖ Network security
model
❖ Standards

Copy protected with Online-PDF-No-Copy.com 56