This document discusses secure communication in network systems. It defines network security as activities that protect a network's usability, reliability, integrity and safety. Secure communication ensures confidentiality by encrypting messages so only the recipient can understand them, authentication to verify identities, and message integrity to ensure messages are not altered. It discusses how authentication can be based on what users know (passwords), have (tokens, cards) or are (biometrics). MACs (message authentication codes) using hash functions with a secret key also ensure message integrity and non-repudiation. The document outlines some principles of implementing network security like layering, limiting access, obscurity and simplicity.
2. INTRODUCTION
as we know in a network system, it is not possible that single user enjoy the
whole system all alone.
because networking is used by most sector like
banking,entertainment, commercial,educational,etc.
3. what we think of networking and what
we want is
NETWORK SYSTEM
8. What is network security?
network security refers to any activities designed to protect your network.
Specifically, these activities protect the usability, reliability, integrity, and
safety of your network and data.
Effective network security targets a variety of threats and stops them from
entering or spreading on your network.
So, secure communication refers to a communication in secure
network whereby only the recipient of the message understands the
message, even if there are intruders who may intercept, read and perform
computations on whatever is being transmitted.
10. Confidentiality
Only the sender and the receiver should be able to understand the contents of the
transmitted message. B
Because of intruders(eavesdropper), i.e. hackers, the message maybe encrypted (its data
disguised) so that the interceptor cannot understand the message.
12. Authentication
Process of providing identity
Can be classified into three main categories:
what do you know,
what do you have and
what you are
13. Username and Password
User to access the information is provided with unique
user ID and password
Can be for users and for computers that share data
Based on what you know
14. Tokens
Tokens are the security device that authenticates the
user by having the appropriate permissions embedded
into the token itself
Token can be cards, RF ID tags etc.
Based on what you have
15. Biometrics
Uses the person’s unique character to authenticate them
Based on what you are.
Human characteristics that can be used for identification
includes:
Fingerprint
Hand
Retina
Face
Voice, etc
16. Message integrity and nonrepudiation
Even if the sender and receiver are able to authenticate each other, they also want to
ensure that the content of their communication is not altered, either maliciously or by
accident during transmission.
Therefore message integrity can be ensured by extensions to the checksumming
techniques that we encounter in reliable transport and data link protocols.
The most common approach is to use
a one-way hash function that combines all the bytes in the message with a secret key
and produces a message digest that is impossible to reverse.
So the thing that will give the sender and the receiver the assurance,
of untampered data is also a small fixed length data called MAC(Message
authentication code).
17. How to generate a MAC(Message Authentication Code)?
Hash function is one of the method, that can be used to generate a message
authentication code.
This is done with the help of a generating a hash value of secret key & and a message to
be authenticated.
The message to be authenticated, can be of any length. But the output of the hash
function done on the message, will be of fixed length.
this generated MAC, will also confirm the authenticity, because only the person that has
the secret key can open that MAC value for verifying the data(as mentioned before the
MAC is generated with the secret key value).
As mentioned, the sender and the receiver will negotiate a secret key, before beginning
the communication. This is similar to symmetric encryption, where same keys are used to
decrypt at both the ends.
20. critical case like in banking..
transfer
$100 to
account
no.12399
transfer
$1000
to
account
no.
12399
21. Availability and access control
The compelling need for network security has been made unbearable
over the past several years by numerous denial-of-access attacks that
have rendered a network host or other pieces of network infrastructure
unusable by legitimate users.
The notion of access control ensures that entities seeking to gain access to
resources are allowed to do so only if they have the appropriate access
rights and perform their accesses in a well-defined manner
22. studen
t
identit
y
card
only acess
to external information
like school
programs,information
about courses,etc
acess to all
information, int
ernal as well a
external
princip
al
identity
card
25. Limiting
Limiting access to information reduces threat
Only those who must use data should have access to it.
The amount of access granted to someone must should
be limited to what the person needs to know or do.
27. Obscurity
Obscuring what goes on inside a system or organization
and avoiding clear patterns of behavior makes access
from outside difficult.
28. Simplicity
Complex security system can be difficult to
understand, troubleshoot and feel secure about
The aim is to make the system simple from inside and
complex from the outside
29. Authentication
Process of providing identity
Can be classified into three main categories:
what do you know (Username and Password),
what do you have(tokens, card)
what you are(biometrics)
30. In Summary
Properties of Secure Communication:
Confidentiality
Authentication
Message Integrity
Access Control