Академический Документы
Профессиональный Документы
Культура Документы
Aruna Tiwari
arunatiwari30@gmail.com
Keywords:-
I Introduction
A network has been defined [2] as “any set of interlinking lines resembling a net, a network of
roads an interconnected system , a network of alliances.” This definition suits our purpose
well: a computer network is simply a system of interconnected computers.
The requirements of information security within an organization have undergone two major
changes in the last several decades .Before the widespread use data processing equipment , the
security of information felt to be valuable to organization was provided primarily by physical
and administrative means. An example of the former is the use of rugged filling cabinets with a
combination lock for storing sensitive documents. [3]
With the introduction of computer, the need for automated tools for protecting files and other
information stored on the computer became evident. This is especially the case for a shared
system, such as a time- sharing system, and the need is even more acute for systems that can be
accessed over public telephone network , data network, or the Internet. The generic name for
the collection of tools designed to protect data and to thwart hackers is computer security.
The second major change that affected security is the introduction of distributed systems and
the use of networks and communications facilities for carrying data between terminal user and
computer and between computer and computer. Network security measures are needed to
protect data during their transmission. In fact, the term network security is somewhat
misleading, because virtually all business, government, and academic organizations
interconnection their data processing equipment with a collection with a collection of
interconnected networks. Such a collection is often referred to as an internet, and the term
internet security.
II Aspects of Security
1. Privacy
2. Authentication
3. Integrity
4. Non- repudiation
1. Privacy:-Privacy means that the sender and the receiver expect confidentiality. The
transmitted message should make sense to only the intended receiver. To all others, the
message should be unintelligible.
2. Authentication:-Authentication means that the receiver is sure of the sender „s identify
and that an imposter has not sent the message.
3. Integrity:- Data integrity means that the data must arrive at the receiver exactly as it
was sent. There must be no changes during the transmission, either accidental or
malicious . As more and more monetary exchanges occur over the Internet, integrity is
crucial.
4. Non –Repudiation :- Non- repudiation means that a receiver must be able to prove that
a received message came from a specific sender . The sender must not be able to deny
sending a message that he, in fact, did send. The burden of proof falls on the receiver.
from accessing some services, which they are eligible for. For instance , an
unauthorized user might send too many login requests to a server using random
user ids one after the other quick succession, so as to flood the network and
deny other legitimate user from using the network facilities.
Packet Sniffing:-
To read a packet , the computer via which the traffic goes through. Usually, this is a router.
However , routers are highly protected resources. Therefore , an attacker might not be able to
attack a less protected computer on the same path.
Packet spoofing:
1. The attacker can intercept the reply- If the attacker is between the
destination and forged source, the attacker can see the reply and use that
information for hijacking attacks.
2. The attacker need not see reply- If the attacker‟s intention was a Denial Of
Services (DOS) attack, the attacker need not bother about the reply.
3. The attacker does not want the reply- The attacker could simply be angry
with the host, so it may put that host‟s address as forged source address and
send the packet to the destination, as it wants the host with the forged address
to receive it and get confused.
IV Security Services
There following categories of security services:
1. Authentication: The assurance that the communicating entity is the one that is
claims to be.
Peer Entity Authentication: Used in association with a logical connection to
provide confidence in the identity of the entities connected.
Data Origin Authentication: In a connectionless transfer , provides assurance
that the source of received data is as claimed.
2. Access Control : In the context of network security , access control is the ability to
limit and control the access to host systems and application via communications
links. To achieve this , each entity trying to gain access must first be identified , or
authenticated ,so that access rights can be tailored to the individual.
3. Data Confidentiality : The protection of data from unauthorized disclosure.
Connection Confidentiality : The protection of all user data on a
connection.
Connectionless Confidentiality : The protection of all user data in single
data block.
Selective –Field Confidentiality : The confidentiality of selected fields
within the user data on a connection or in a single data block.
Traffic Flow Confidentiality : The protection of the information that might
be derived from observation of traffic flows.
4. Data Integrity : The assurance that data received are exactly as sent by an
authorized entity (i.e. , contain no modification, insertion , deletion , or replay)
Connection Integrity with Recovery : Provides for the integrity of all
user data on a connection and detects any modification, insertion ,
deletion , or replay of any data within recovery attempted.
Connection Integrity Within Recovery: As above , but provides only
detection without recovery.
Selective- Field connection Integrity: Provides for the integrity of
selected fields within the user data of data block transferred over a
connection and takes the form of determination of whether the selected
fields have been modified, inserted , deleted or replayed.
Connectionless Integrity: Provides for the integrity of a single
connectionless data block and may take the form of detection of data
modification. Additionally , a limited form of replay detection may be
provided.
Selective- Field Connectionless Integrity: Provides for the integrity of
selected fields connectionless data block; takes the form of
determination of whether the selected fields have been modified.
5. Non-repudiation : Provides protection against denial by one of the entities involved
in a communication of having participated in all or part of the communication.
Non-repudiation , origin : Proof that the message was sent by
specified party.
Non-repudiation , destination : Proof that the message was received
by the specified party.
V Security Mechanisms
1. Specific Security Mechanisms : May be incorporated into the appropriate
protocol layer in order to provide some of OSI security services.
Encipherment: the use of mathematical algorithm to transform data
into a form that is not readily intelligible. The transformation and
subsequent recovery of the data depend on the algorithm and zero
or more encryption keys.
Digital Signature: Data appended to , or a cryptographic
transformation of , a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against
forgery.
Access Control : A variety of mechanisms that enforce access rights
to resources.
Data Integrity : A variety of mechanisms used to assure the integrity
of a data unit of stream of data units.
Authentication Exchange: A mechanisms intended to ensure the
identity of an entity by means of information exchange.
Traffic Padding: The insertion of bits into gaps stream to frustrate
traffic analysis attempts.
Routing control : Enables selection of particular physically secure routes for certain data
S.No. Services Encipherment Digital Access Data Authentication Traffic Routing Notarization
Signature Control Integrity Exchange Padding Control
1 Peer entity Y Y Y
authentication
2 Data origin Y Y
authentication
3 Access Y
Control
4 Confidentiality Y Y
5 Traffic flow Y Y
Confidentiality
6 Data Integrity Y Y Y Y
7 Non- Y Y Y
repudiation
8 Availability Y Y
A model for much of what will be discussing is captured , in very general terms, in fig. A
message is to be transferred from one party to another across some sort of internet. The two
parties , who are principals in this transaction , must cooperate for the exchange to take place.
A logical information channel is established by defining a route through the internet from
source to destination by the cooperative use of communication protocols. (e.g. TCP/IP) by the
two principals.
Security aspects come into play with it is necessary or desirable to protect the
information transformation from san opponent who may present a threat to confidentiality ,
authenticity , and so on. All the techniques for providing security have two components.
Fig . 1
A trusted third party may be needed to achieve secure transformation. For example a third
party may be responsible for distributing the secret information to the two principals which
keeping it from any opponent. Or a third party may be needed to arbitrate disputes between two
principals concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a particular security
service.
VIII Conclusion
Network security is becoming more and more crucial as the volume of data being exchanged
on the Internet increases. When people use the internet, they have certain expectations. They
expect confidentially and data integrity. They want to be able to identify the sender of a
message. They want to be able to prove that a message has in fact been sent by a certain sender
even if the sender denies it. In this paper , we focused mainly on network security levels issues
rather than implementation and we discus about security issues related to the security attack,
services and a model of network security.
References :-
[1]. Matt Curtin “ Introduction to Network Security ” reprinted with the permission of kent
information services , Inc. March 1997.
[2]. The New Lexicon Webster‟s Encyclopedic Dictionary of the English language .New York:
Lexicon
AUTHORS
Aruna Tiwari is Pursuing Ph. D from RKDF University Bhopal M.P. in Computer Science
And Engineering. Area of interests are Network Security and Wireless Networks