Network Security is concerned with three main areas:
- Secrecy. Only the sender and intended receiver should understand the content of messages.
- Authentication. The sender and receiver need to confirm their identities.
- Integrity. Need to ensure the message is not altered without detection.
There are a number of threats to the security of a network, including:
- Packet Sniffing, where a rogue NIC reads all packets passing through including those not addressed to it.
- IP Spoofing, where a rogue NIC addresses packets from a different source to pretend to be it.
- Denial of Service (DOS), where a flood of maliciously generated packets flood a receiver.
- Distributed Denial of Service (DDSO), where multiple co-ordinated sources flood a receiver.
Cryptography
Cryptography is the technique of encrypting messages to ensure they can only be understood and endpoints with the correct encryption and decryption keys.
In Symmetric cryptography the encryption and decryption algorithms are the same and need to be kept secret. This can be implemented with:
- Substitution Cipher. Can be easily broken by brute force.
- Data Encryption Standard (DES), a US encryption standard with a 56-bit symmetric key. No backdoor method and brute force can take in the order of months.
In Public Key cryptography, the sender and reciever do not share a secret key, the encryption key is public buy the decryption key is private and only known to the receiver.
The Rivest, Shamir, Adelson (RSA) algorithm is used in public key cryptography.
Authentication
In order to prove the identity of a host digital signatures can be established (analogous to hand-written signatures). The sender digitally signs a document, establishing themselves as the creator, the receiver can than verify the original creator. The message is encoded by a private key from the sender, the sender also sends the private key, the reciever can then verify the message by aplying the sender’s public and private keys.
Digests
It is computationally expensive to encrypt long messages with public key encryption, as such a fixed length digital signature, or fingerprint of the sender can be established by applying a hash function to the message. It is infaesible to find any other messages which generates the same hash product. MD5 and SHA-1 hash functions are widely used for this purpose.
Certificate Authorities (CA)
In order to validate public keys, a trusted certification authority stores a bind of public keys to entities. An entity registers its public key with a CA, which then creates a certificate binding the entity to its key and digitally signs this certificate with the CA’s own private key.
Secure Sockets Layer (SSL)
SSL works at the transport layer and provides security to any TCP-based application using SSL services. It is frequently used between web browsers and servers for e-commerce activty. SSL forms the basis of the transport layer security (TLS).
The SSL Security services provides server authentication by verification of public keys against trusted CA’s; data encryption and client authentication. Data is encrypted in SSL by the browser generating a symmetric session key, which is then ecrypted by the server’s public key so only the server may decrypt it.
