NETWORK SECURITY full report
Active In SP
Joined: Mar 2010
23-04-2010, 11:59 PM
NETWORK SECURITY.doc (Size: 191 KB / Downloads: 423)
B.Tech IV Year, ECE
In the past decades, computer networks were primarily used by the researches for sending e-mails and by corporate employees for sharing the printers. While using network systems for theses utilities, security was not a major threat and did not get the due attention.
In todayâ„¢s world computer networks gained an immensely and cover a multitude of sins. It covers simple issues like sending hate mails. Security problems also are very severe like stealing the research papers of the recent discoveries and inventions by the scientists, who use internet as a sharing tool, also hacking the financial products like credit cards, debit cards, bank accounts etc by hacking the passwords and misusing the accounts.
Cryptography is the ancient science of encoding messages so that only the sender and receiver can understand
them. Cryptography can perform more mathematical operations in a second than a human being could do in a lifetime. Within the context of any application-to-application communication, there are some specific security requirements. There are three types of cryptographic schemes. They are:
1. Secret Key Cryptography (SKC)
2. Public Key Cryptography (PKC)
3. Hash Functions
A basic understanding of computer networks is requisite in order to understand the principles of network security. The Internet is a valuable resource, and connection to it is essential for business, industry, and education. Building a network that will
connect to the Internet requires careful planning.Even for the individual user some planning and decisions are necessary. The computer itself must be considered, as well as the device itself that makes the connection to the local-area network (LAN), such as the network interface card or modem. The correct protocol must be configured so that the computer can connect to the Internet. Proper selection of a web browser is also important
What Is A Network?
A network can be defined as any set of interlinking lines resembling a net, a network or roads||an interconnected system, a network is simply a system of interconnected computers and how they are connected is irrelevant.
The International Standards Organization (ISO) Open System Interconnect (OSI) model defines internetworking in terms of a vertical stack of seven layers. The upper layers of the OSI model represent software that implements network services like encryption and connection management. The lower layers of the OSI model implement more primitive, hardware-oriented functions like routing, addressing, and flow control.
X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
X.800 defines it in 5 major categories
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality â€œprotection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication
passive attacks - eavesdropping on, or monitoring of, transmissions to:
obtain message contents, or
monitor traffic flows
active attacks â€œ modification of data stream to:
masquerade of one entity as some other replay previous messages modify messages in transit denial of service
Symmetric encryption or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-keywas only type prior to invention of public-key in 1970â„¢s
Symmetric Cipher Model:
Crytography can be characterized by:
Type of encryption operations used--substitution / transposition / product
number of keys used--single-key or private / two-key or public way in which plaintext is processed--block / stream
TYPES OF CRYPTANALYTIC ATTACKS:
Â¢ ciphertext only--only know algorithm / ciphertext, statistical, can identify plaintext
Â¢ known plaintext --know/suspect plaintext & ciphertext to attack cipher
Â¢ chosen plaintext --select plaintext and obtain ciphertext to attack cipher
Â¢ chosen ciphertext --select ciphertext and obtain plaintext to attack cipher
Â¢ chosen text --select either plaintext or ciphertext to en/decrypt to attack cipher
DATA ENCRYPTION STANDARD(DES):
The Data Encryption Standard (DES) is a cipher (a method for encrypting information) that was selected by NBS as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a Symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.
DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption standard (AES).
DES is the archetypal block cipher â€ an algorithm that takes a fixed-length string of plaintext bits and transforms it through a series of complicated operations into another ciphertext bitstring of the same length. In the case of DES, the block size is 64 bits. DES also uses a key to customize the transformation, so that decryption can supposedly only be performed by those who know the particular key used to encrypt. The key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits are used solely for checking parity, and are thereafter discarded. Hence the effective key length is 56 bits, and it is usually quoted as such.
Like other block ciphers, DES by itself is not a secure means of encryption but must instead be used in a mode of operation. FIPS-81 specifies several modes for use with DES. Further comments on the usage of DES are contained in FIPS-74.
The algorithm's overall structure is there are 16 identical stages of processing, termed rounds. There is also an initial and final permutation, termed IP and FP, which are inverses (IP "undoes" the action of FP, and vice versa). IP and FP have almost no cryptographic significance, but were apparently included in order to facilitate loading blocks in and out of mid-1970s hardware, as well as to make DES run slower in software.
Before the main rounds, the block is divided into two 32-bit halves and processed alternately; this criss-crossing is known as the Feistel scheme. The Feistel structure ensures that decryption and encryption are very similar processes â€ the only difference is that the subkeys are applied in the reverse order when decrypting. The rest of the algorithm is identical. This greatly simplifies implementation, particularly in hardware, as there is no need for separate encryption and decryption algorithms.
The symbol denotes the exclusive-OR (XOR) operation. The F-function scrambles half a block together with some of the key. The output from the F-function is then combined with the other half of the block, and the halves are swapped before the next round. After the final round, the halves are not swapped; this is a feature of the Feistel structure which makes encryption and decryption similar processes.
The key-schedule of DES
The key schedule for encryption â€ the algorithm which generates the subkeys. Initially, 56 bits of the key are selected from the initial 64 by Permuted Choice 1 (PC-1) â€ the remaining eight bits are either discarded or used as parity check bits. The 56 bits are then divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) â€ 24 bits from the left half, and 24 from the right. The rotations (denoted by "<<<" in the diagram) mean that a different set of bits is used in each subkey; each bit is used in approximately 14 out of the 16 subkeys.
The key schedule for decryption is similar â€ the subkeys are in reverse order compared to encryption. Apart from that change, the process is the same as for encryption.
It's important to build systems and networks in such a way that the user is not constantly reminded of the security system..
Developers need to evaluate what is needed along with development costs, speed of execution, royalty payments, and security strengths. That said, it clearly makes sense to use as strong security as possible, consistent with other factors and taking account of the expected life of the application. Faster computers mean that longer keys can be processed rapidly but also mean that short keys in legacy systems can be more easily broken.
It's also extremely important to look at the methods of applying particular algorithms, recognizing that simple applications may not be very secure. Related to this is the issue of allowing public scrutiny, something that is essential in ensuring confidence in the product. Any developer or software publisher who resists making the cryptographic elements of their application publicly available simply doesn't deserve trust and is almost certainly supplying an inferior product.
Secure communication over insecure channels is the objective of this concept. The claim of complete security is substantiated to a large extent. Thus a detailed study of Cryptography & Network Security is reflected in this presentation
Cryptography and Network Security-William Stallings
Eli Biham: A Fast New DES Implementation in Software Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation
A.Biryukov, C. De Canniere, M. Quisquater (2004). "On Multiple Linear Approximations". Lecture Notes in Computer Science 3152: 1â€œ22. doi:10.1007/b99099. http://springerlink.com/content/16udaqwwl9ffrtxt/. (preprint).
Keith W. Campbell, Michael J. Wiener: DES is not a Group. CRYPTO 1992: pp512â€œ520
Don Coppersmith. (1994). The data encryption standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), 243â€œ250. 
Whitfield Diffie, Martin Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard" IEEE Computer 10(6), June 1977, pp74â€œ84
computer science topics|
Active In SP
Joined: Jun 2010
08-06-2010, 01:15 PM
http://topicideas.org/how-to-new-trends-...ull-report to get more information of security and cryptography
i hope you enjoyed it
and come again for helping other students issues in this forum
Active In SP
Joined: Dec 2010
26-12-2010, 12:57 PM
plss tell me some project and implimentations on network security.
i m in 7th sem ece branch.
science projects buddy|
Active In SP
Joined: Dec 2010
26-12-2010, 09:22 PM
visit this thread for some topics on network security:
http://topicideas.org/how-to-network-security-project and implimentations
http://topicideas.org/how-to-network-security-project and implimentation-topics
http://topicideas.org/how-to-java-based-...ty-project and implimentation-ideas
HANUMANT KASHINATH VAIDYA|
Active In SP
Joined: Jan 2011
06-01-2011, 04:28 PM
i had gone through your seminar and presentation on 'network security'. it is very good but i thing i need more information.can you send me?
Active In SP
Joined: Sep 2010
07-01-2011, 10:50 AM
didn't you go through the attached file and given links??? if no , please go through them. they contain more information.
Active In SP
Joined: Mar 2012
07-03-2012, 04:07 PM
paper presentation on network security