CST 311 Intro to Computer Networks Module 4: Security in Computer Networks Part 1

 
Learning Objectives 

1.0 Learn the principles of network security.

1.1 Learn the principles of encryption and the uses of symmetric key systems and public key systems.
1.2 Understand the many uses of cryptography beyond "confidentiality", including authentication, message integrity, and digital signatures.
1.3 Learn how email messages are secured.
1.4 Implement and test a UDP Ping program.

1.5 Demonstrate TCP congestion control using Mininet.

8.1 What is Network Security?

•  Secure communication includes:
• 1). Confidentiality: Encrypting messages so that only the senders and receivers know what the message consists of. 
• 2). Message Integrity: Using reliable transport and datalink protocols in order to keep the integrity of the message (ie. not having it altered to something else).
• 3). End-Point Authentication: Being able to confirm the identity at both ends of the communication lines. 
• 4). Operational Security: Firewalls and intrusion detection systems that help control packing coming in and out of the network and monitoring suspicious activity. 
•  Intruders can perform:
• 1). Eavesdropping - sniffing and recording control and data messages.
• 2). Modifying, Inserting, or Deleting messages.
  

 8.2 Principles of Cryptography

• An original message which will be in plaintext or cleartext will be encrypted using an encryption algorithm so that the encrypted message called ciphertext looks unintelligible to the intruder.
  
• A key, which is a string of numbers or characters, is taken as an input to the encryption algorithm; it takes the key and the message and produces a ciphertext as the output.
  
• The receiver provides a decryption algorithm that takes ciphertext and produces a plaintext as an output. 
• There are two systems that's normally used: 
• 1). Symmetric Key System: Keys of sender and receiver are identical.
• 2). Public Key System: A Pair of keys is used.
  

 8.2.1 Symmetric Key Cryptography

• Examples of Symmetric Key Algorithms:
• Ceasar's Cipher: Takes each letter and replacing it with another letter that is k letters away. Not that great because you can crack this code easily since there are only 25 letters used.
  
• Monoalphabetic Cipher: Substitutes one letter with another. Better than Ceasar's since you have 10^26 possible pairings.
  
• Types of attacks from an intruder:
• Ciphertext-only attack
• Known-Plaintext Attack 
• Chosen-Plain text attack: Choosing plaintext message and obtaining its ciphertext form.
  
• Polyalphabetic Encryption: Using multiple monoalphabetic ciphers with a specific monoalphabetic cipher to encode a letter in a specific position in the plaintext message. For example, if k = 64, then the message is broken into 64-bit blocks, and each block is encrypted independently. To encode a block, the cipher uses a one-to-one map- ping to map the k-bit block of cleartext to a k-bit block of ciphertext.
• Block cipehers: Message to be encrypted is processed in blocks of k bits.
  
• Cipher Block Chaining: 
• A problem with simple block ciphers is that two or more cleartext blocks can be identical and produce the same cipher text. 
• To fix this, the mixing of randomness into the ciphertext occurs so that you won't get identical ciphertext blocks but the problem is you have send an extra random bit which doubles the bandwidth.
• Cipher block chaining is the idea that sends one random value along with the very first message and have the sender and receiver use the computed coded blocks in place of the subsequent random number.  
• Initialization vector(IV) - Random k bit string
  

 8.2.2 Public Key Encryption

• To send a message to someone, you will need to have two keys: A public key and a private key. The public key is a key that is available to everyone on the network while the private key is only known to the receiver.
  
• The use of this encryption protocol has some concerns.
• First, an intruder knows the receiver's public key and the algorithm the user used to encrypt the message. 
• The next concern is that Bob's public address can be used to be the recipient of any encrypted message. 
  
• RSA ALGORITHM Uses modulo-n arithmetic to encrypt a message. Usually used in combination with symmetric key cryptography.
  
• Session Keys The key that will be used to encode the data itself.
  

 8.3 Message Integrity and Digital Signatures

• Message integrity is making sure that the receiver of a message can authenticate who the sender of the message is and that the message was not tampered with.
• Cryptographic hash function It is infeasible to find any two different messages x and y such that H(x) = H(y).
  
• Authentication key is needed in order to keep message integrity. This is just a string of bits. 
• Message Authentication Code(MAC) is the hash function of the message plus the authentication key.
  
• HMAC is a standard for MAC.
  
• Digital Signature used to verify one's identity in the digital world.
  
• Public Key Certification is an application of digital signatures that is certifying that a public key belongs to a specific entity.
  
• Certification Authority(CA) validates identities and issues certificates. 

8.4 End-Point Authentication 

• End-Point authentication is the process of one entity proving its identity to another entity over a computer network. 
• Authentication Protocol This protocol runs before any other communication protocol which establishes the identity of the parties to one another's satisfaction until both parties are ok with it.
  
• Playback attack occurs when a listener only needs to eavesdrop on a sender and recod the encrypted version of the password and play back the encrypted version to the receiver to pretend to be the sender.
  
• Nonce is a number that protocol will use only once in a lifetime.
  

8.5 Secure Email

• Pretty Good Privacy (PGP) is an email encryption scheme that creates a public key pair for the user which is protected by a password.

Week In Review: This week was pretty hectic. I didn't have a chance to start on any of the assignments this week until Monday. Wed-Friday all i did was work on the team programming assignment 2 and study for the midterm. We're almost done with 4 weeks of this course and the amount of information for this class is overwhelming. Will have to rest up and finish the next 4 weeks strong.