Network Security - Online Article

In the age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security dose not matter. With the introduction of computer, the need for automated tools for protecting files and other information stored on the computer became evident. This is especially the case for a shared system, such as a time sharing system, and the need is even more acute for system that can be accessed over a public telephone network, data network or internet. The generic name for the collection of tools designed to protect data and to thwart hackers is computer security.

The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user computer and between computer and computer. Network Security measures are needed to protect data during their transmission. In fact, the term network security is somewhat misleading, because virtually all business, government and academic organizations inter connected their data processing equipment with the collection of inter connected network. Such a collection is often referred to as an internet, and the term Internet Security is used.

These are four points on security.

  1. Conventional Encryption
  2. Public key encryption and Hash function
  3. Network security Practice
  4. System Security

The OSI Security Architecture

The OSI security architecture focuses on security attacks, mechanism, and services. These can be defined briefly as following:

  • Security attack: Any action that compromises the security of information owned by an organization.
  • Security mechanism: A process that is designed to detect, prevent, or recover from a security attacks.
  • Security service: A process or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make us one or more security mechanisms to provide the service.

Security Attacks

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks.

  • Passive Attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message content and traffic analysis.
  • Active Attacks: Active attacks involves some modification of the data stream or the creation of a false stream and can be subdivided into four categories: Masquerade, Reply, Modification of message and Denial of service.

Security Mechanisms

  • Specific Security Mechanisms:
    • Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more.
    • Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
    • Access Control: A variety of mechanisms that enforce access rights to resources.
    • Data Integrity: A variety of mechanism used to assure the integrity of a data unit or stream of data units.
    • Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange.
    • Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
    • Router Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
    • Notarization: The use of a trusted third party to assure certain properties of a data exchange.
  • Pervasive Security Mechanisms:
    • Trusted Functionality: That which is perceived to be correct with respect to some criteria.
    • Security Label: The marking bound to a resource that names or designates the security attributes of that resource.
    • Event Detection: Detection of security-relevant events.
    • Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review an examination of system records and activities.
    • Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.

A Model For Network Security

Diagramatic representation of Network Security

Key Points

  • Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the same key. It is also known as conventional encryption.
  • Symmetric encryption transforms plain text into ciphertext using a secret key and an encryption algorithm. Using the same key and a decryption algorithm, the plaintext is recovered from the ciphertext.
  • The two types of attack on an encryption algorithm are cryptanalysis, based on properties of the encryption algorithm, and brute-force, which involves trying all possible keys.
  • Tradition symmetric cipher used substitution and/or transposition technique. Substitution techniques map plaintext elements into ciphertext elements.
  • Rotor machines are sophisticated percomputer hardware devices that use substitution techniques.
  • Steganography is a technique for hiding a secret message within a larger one in such a way that others cannot discern the presence or content of the hidden message.
  • A block cipher is an encryption/decryption scheme in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.
  • The Data Encryption Standards (DES) has been the most widely used encryption algorithm until recently. It exhibits the classic Feistel structure. DES uses a 64-bit block and a 56-bit block.
  • Two important methods for encryptanalysis are differential cryptanalysis and linear cryptanalysis. DES has been shown to be highly resistant to these two types of attack.
  • AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits. v AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic operations over a finite field, and XOR with a key.
  • Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using different key- one is public key and one is private key.
  • Asymmetric encryption can be used for confidentiality, authentication, or both.
  • The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on the difficulty of finding the prime factor of a composite number.

About the Author:

No further information.




Comments

No comment yet. Be the first to post a comment.