NETWORK SECURITY

Security Attacks
Security Attacks
Cyber security attacks refer to the sets of actions that the threat
Security Attacks
actors perform to gain any unauthorised access, cause damage to
Security Attacks
systems/computers, steal data, or compromise the computer
Attacks
networks. An attacker can launch a cyber attack from any location.
The attacker can also be an individual or even a group. There are
various TTP (tactics, techniques, and procedures)
What are Security Attacks?

A vulnerable application could subject people and systems to

several kinds of harm. An attack occurs when a malevolent actor
takes advantage of security flaws or vulnerabilities to harm others.
In this article, we’ll examine various attack methods, so that you’ll
know what to watch out for when safeguarding your application.
Types of Security Attacks
Cyber security attacks can be of the following two
types:

● Active attacks
● Passive attacks
1. Active Attacks

An active assault tries to change system resources or interfere with

their functionality. Active attacks entail some form of data stream
manipulation or false statement generation. Active attacks can take
the following forms:
● Masquerade
● Modification of Messages
● Repudiation
● Replay
● Denial of Service
1.1. Masquerade

When one entity impersonates another, it commits a masquerade attack. One of the other
active attack types is included in a masquerade attack. An authorisation process can
become extremely vulnerable to a disguised attack if it isn’t always completely
safeguarded. Masquerade attacks can be carried out via stolen logins and passwords, by
spotting holes in programmes, or by figuring out a way to get around the authentication
procedure.
1.2. Modification of Messages

Modification denotes that a communication has been delayed, reordered, or had a piece of it
changed to achieve an unlawful effect. Modification compromises the accuracy of the source
data.

In essence, it indicates that unauthorised individuals not only access data but also spoof it by
initiating denial-of-service attacks, such as modifying sent data packets or flooding the network
with false data.

An assault on authentication is manufacturing. A notification that originally said, “Allow JOHN

to view confidential file X,” for instance, is changed to say, “Allow Smith to read confidential
file X.”
1.3. Repudiation

This attack happens when the login control gets tampered with or the
network is not totally secure. With this attack, the author’s information
can be altered by malicious user actions in order to save fake data in log
files, up to the broad alteration of data on behalf of others, comparable to
the spoofing of email messages.
1.4. Replay

When the network is not completely secure or the login control is

tampered with, an attack occurs. With this attack, the information of
the author can be changed by malicious user actions to save suspicious
data in log files, up to the widespread alteration of data on behalf of
others, similar to the spoofing of email messages.
1.5. Denial of Service

Denial of service hinders the regular use of communication infrastructure.

There may be a specified target for this attack. An entity might, for
instance, sup press all messages sent to a specific location. Another
example of service denial is when an entire network is disrupted, either by
network disablement or message overload that lowers performance. So
traffic and buffer is happened
2. Passive Attacks
A passive attack does not eat up system resources and instead makes an effort to
gather or use information from the system. Attacks that are passive in nature spy
on or keep track of transmission. The adversary wants to intercept the
transmission of information in order to collect it. The following are examples of
passive attacks:
2.1. Releasing Message Content

Sensitive or confidential information may be present in a telephone conversation, an email,

or a transmitted file. We want to keep an adversary from finding out what is being
transmitted. In this type of passive attack, the information transmitted from one person to
another gets into the hands of a third person/hacker. It jeopardises the confidentiality factor
in a conversation.
2.2. Traffic Analysis

Imagine that we had a method of hiding (encrypting) data, preventing the attacker from extracting
any data from the communication even if it was intercepted.

The adversary was able to ascertain the communication host’s location and identity as well as its
frequency and message length. It could be possible to infer the nature of the message from this
information.

SIP traffic encryption is the most practical defence against traffic analysis. An attacker would
need access to the SIP proxy or call log in order to find out who made the call to accomplish this.
Conclusion

The field of information security is challenged by both active and passive attacks. Active attacks
pose significant risks, applying strong defense mechanisms to prevent disruption and
data loss. On the other side, passive attacks emphasize the need to protect sensitive
information from unauthorized access through encryption and user training.
As cyber threats continue to evolve and so our strategies must upgrade for security and
protection. By understanding the strategies used by cybercriminals and implementing effective
security measures, individuals and organizations can improve their defenses against
both types of attacks, ensuring the safety and integrity of their critical data.
Security Services
It is a processing or communication service that is provided by a
system to give a specific kind of production to system resources.
Security services implement security policies and are implemented
by security mechanisms.
Confidentiality

Authentication

Peer entity authentication

Integrity

Non-repudiation

Access Control

Availability
Security Mechanisms

Incorporated into the appropriate protocol layer in order to provide some of the
OSI security services,

Encipherment: It refers to the process of applying mathematical algorithms for converting

data into a form that is not intelligible. This depends on algorithm used and encryption
keys.

Digital Signature: The appended data or a cryptographic transformation applied to any data
unit allowing to prove the source and integrity of the data unit and protect against forgery.

Access Control: A variety of techniques used for enforcing access permissions to the system
resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream
of data units.
Authentication Exchange: A mechanism intended to ensure the
identity of an entity by means of information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.
Routing Control: Enables selection of particular physically secure routes
for certain data and allows routing changes once a breach of security is
suspected.

Notarization: The use of a trusted third party to assure cert in properties of a data
exchange
Pervasive Security Mechanisms

These are not specific to any particular OSI security service or protocol layer.

Trusted Functionality: That which is perceived to b correct with respect to some criteria Security
Level: The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource.
Event Detection: It is the process of detecting all the events related to network security.
Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.
Security Recovery: It deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
Some basic terminologies used

1. CIPHER TEXT - the coded message

2. CIPHER - algorithm for transforming plaintext to cipher text

3. KEY - info used in cipher known only to sender/receiver

4. ENCIPHER (ENCRYPT) - converting plaintext to cipher text

5. ECIPHER (DECRYPT) - recovering ciphertext from plaintext

6. CRYPTOGRAPHY - study of encryption principles/methods

7. CRYPTANALYSIS (CODEBREAKING) - the study of principles/ methods of

deciphering ciphertext without knowing key
8. CRYPTOLOGY - the field of both cryptography and cryptanalysis
Process of Shift Cipher

In order to encrypt a plaintext letter, the sender positions the sliding ruler underneath the
first set of plaintext letters and slides it to LEFT by the number of positions of the secret
shift.

The plaintext letter is then encrypted to the cipher text letter on the sliding ruler
underneath. The result of this process is depicted in the following illustration for an agreed
shift of three positions. In this case, the plaintext ‘tutorial’ is encrypted to the cipher text
‘WXWRULDO’. Here is the cipher text alphabet for a Shift of 3 −
 On receiving the cipher text, the receiver who also knows the secret shift,
positions his sliding ruler underneath the ciphertext alphabet and slides it to
RIGHT by the agreed shift number, 3 in this case.

He then replaces the cipher text letter by the plaintext letter on the sliding ruler
underneath. Hence the ciphertext ‘WXWRULDO’ is decrypted to ‘tutorial’. To
decrypt a message encoded with a Shift of 3, generate the plaintext alphabet
using a shift of ‘-3’ as shown below −
WXWRULDO
tutorial
Cryptographic Hash Functions:
A hash function H accepts a variable-length
block of data M as input and produces a
fixed-size hash
value h = H(M).
• A “good” hash function has the property that the results of
applying the function to a large set of inputs will produce
outputs that are evenly distributed and apparently random.

In general terms, the principal object of a hash function is

data integrity. A change to any bit or bits in M results, with
high probability, in a change to the hash value.
The kind of hash function needed for security applications
is referred to as a cryptographic hash function.
• A cryptographic hash function is an algorithm for which
it is computationally infeasible (because no
attack is significantly more efficient than brute force) to
find either
->a data object that maps to a pre-specified hash result
(the one-way property) or
-> two data objects that map to the same hash result
(the collision-free property).
Because of these characteristics, hash
functions are often used to determine
whether or not data has changed
The above figure depicts the general operation of a
cryptographic hash function.

• Typically, the input is padded out to an integer multiple of

some fixed length (e.g., 1024 bits), and the padding includes the
value of the length of the original message in bits.
• The length field is a security measure to increase the difficulty
for an attacker to produce an alternative message with the same
hash value.
Applications of Cryptographic Hash Functions:

The most versatile cryptographic algorithm is

the cryptographic hash function. It is used in a
wide variety of security applications and
Internet protocols. The following are various
applications where it is employed.
Message Authentication:
• Message authentication is a mechanism or service used to
verify the integrity of a message.
• Message authentication assures that data received are exactly
as sent (i.e., there is no modification,
insertion, deletion, or replay).
• When a hash function is used to provide message
authentication, the hash function value is often referred
to as a message digest.
The essence of the use of a hash function for message integrity is as
follows.
* The sender computes a hash value as a function of the bits in the
message and transmits both the hash value and the message.
* The receiver performs the same hash calculation on the message bits
and compares this value with the incoming hash value.
If there is a mismatch, the receiver knows
that the message (or possibly the hash value)
has been altered (Figure a).
-> The hash value must be transmitted in a secure
fashion. That is, the hash value must be protected so
that if an adversary alters or replaces the message, it
is not feasible for adversary to also alter the hash
value to fool the receiver. This type of attack is
shown in Figure b.
The following are a variety of ways in which a hash code can be used to
provide message authentication.

a. The message plus concatenated hash code is encrypted using symmetric

encryption. Because only A and B share the secret key, the message must have
come from A and has not been altered.
The hash code provides the structure or redundancy required to achieve
authentication. Because encryption is applied to the entire message plus hash
code, confidentiality is also provided.
b. Only the hash code is encrypted,
using symmetric encryption. This
reduces the processing burden for
those applications that do not require
confidentiality.
Digital Signatures:

• Another important application, which is similar to the message

authentication application, is the digital
signature.
• The operation of the digital signature is similar to that of the
MAC.
• In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
• Anyone who knows the user’s public key can verify the integrity
of the message that is associated with
the digital signature.
Other Applications:

• Hash functions are commonly used to create a

one-way password file.
• Hash functions can be used for intrusion detection
and virus detection.
• A cryptographic hash function can be used to
construct a pseudorandom function (PRF) or a
pseudorandom number generator (PRNG).
HMAC(Hash based Message Authentication Code)

HMAC (Hash-based Message Authentication Code) is a

type of message authentication code (MAC) that is
acquired by executing a cryptographic hash function on the
data that is to be authenticated and a secret shared key.
Like any of the MACs, it is used for both data integrity and
authentication.
What is HMAC?
HMAC (Hash-Based Message Authentication Code) is a cryptographic
technique that ensures data integrity and authenticity using a hash function
and a secret key. Unlike approaches based on signatures and asymmetric
cryptography. Checking data integrity is necessary for the parties involved
in communication. HTTPS, SFTP, FTPS, and other transfer protocols use
HMAC.
The cryptographic hash function may be MD-5, SHA-1, or
SHA-256. Digital signatures are nearly similar to HMACs i.e.
they both employ a hash function and a shared key. The
difference lies in the keys i.e. HMAC uses a symmetric
key(same copy) while Signatures uses an asymmetric (two
different keys).
Working of Hash-based Message Authentication Code
HMACs provides client and server with a shared private key that is known
only to them. The client makes a unique hash (HMAC) for every request.
When the client requests the server, it hashes the requested data with a
private key and sends it as a part of the request.
Both the message and key are hashed in separate steps making it secure.
When the server receives the request, it makes its own HMAC. Both the
HMACS are compared and if both are equal, the client is considered
legitimate.
The formula for HMAC:
HMAC = hashFunc(secret key + message)
There are three types of authentication functions. They are message
encryption, message authentication code, and hash functions. The major
difference between MAC and hash (HMAC here) is the dependence of a
key. In HMAC we have to apply the hash function along with a key on the
plain text
The hash function will be applied to the plain text message. But before
applying, we have to compute S bits and then append it to plain text and
after that apply the hash function. For generating those S bits we make use
of a key that is shared between the sender and receiver.
Using key K (0 < K < b), K+ is generated by padding O’s on left side
of key K until length becomes b bits. The reason why it’s not padded
on right is change(increase) in the length of key. b bits because it is
the block size of plain text. There are two predefined padding bits
called ipad and opad. All this is done before applying hash function
to the plain text message.
ipad - 00110110
opad - 01011100
Now we have to calculate S bits:
1. K+ is XORed with ipad and the result is S1 bits which is equivalent to b bits since both K+
and ipad are b bits. We have to append S1 with plain text messages. Let P be the plain text
message.
2. S1, p0, p1 upto Pm each is b bits. m is the number of plain text blocks. P0 is plain text
block and b is plain text block size. After appending S1 to Plain text we have to apply
HASH algorithm (any variant). Simultaneously we have to apply initialization vector (IV)
which is a buffer of size n-bits. The result produced is therefore n-bit hashcode i.e H( S1 ||
M ).
3. Similarly, n-bits are padded to b-bits And K+ is EXORed with opad producing output S2
bits. S2 is appended to the b-bits and once again hash function is applied with IV to the
block. This further results into n-bit hashcode which is H( S2 || H( S1 || M )).
Summary of Calculation

● Select K.
○ If K < b, pad 0’s on left until k=b. K is between 0 and b ( 0 < K < b )
● EXOR K+ with ipad equivalent to b bits producing S1 bits.
● Append S1 with plain text M
● Apply SHA-512 on ( S1 || M )
● Pad n-bits until length is equal to b-bits
● EXOR K+ with opad equivalent to b bits producing S2 bits.
● Append S2 with output of step 5.
● Apply SHA-512 on step 7 to output n-bit hashcode.
Security in Hash-based Message Authentication Code
HMAC is more secure than MAC since the key and message are hashed in different steps:

HMAC(key, message) = H(mod1(key) || H(mod2(key) || message).

The data is initially hashed by the client using a private key before being sent to the
server as part of the request. The server then creates its own HMAC. This assures that
the process is not vulnerable to attacks, which could result in crucial data being
disclosed as subsequent MACs are generated

Additionally, once the procedure is completed, the delivered message becomes

irreversible and resistant to hackers. Even if a malicious party attempts to steal the
communication, they will be unable to determine its length or decrypt it because they do
not have the decryption key.
Advantages of HMAC
● HMACs are ideal for high-performance systems like routers due to the use of hash
functions which are calculated and verified quickly unlike the public key systems.
● Digital signatures are larger than HMACs, yet the HMACs provide comparably higher
security.
● HMACs are used in administrations where public key systems are prohibited.
Disadvantages of HMAC
● HMACs uses shared key which may lead to non-repudiation. If either sender or
receiver’s key is compromised then it will be easy for attackers to create unauthorized
messages.
● Securely managing and distributing secret keys can be challenging.
● Although unlikely, hash collisions (where two different messages produce the same
hash) can occur.
● The security of HMAC depends on the length of the secret key. Short keys are more
vulnerable to brute-force attacks.
● The security of HMAC relies on the strength of the chosen hash function (e.g.,
SHA-256). If the hash function is compromised, HMAC is also affected.
Applications of HMAC
● Verification of e-mail address during activation or creation of an account.
● Authentication of form data that is sent to the client browser and then submitted back.
● HMACs can be used for Internet of things (IoT) due to less cost.
● Whenever there is a need to reset the password, a link that can be used once is sent
without adding a server state.
● It can take a message of any length and convert it into a fixed-length message digest.
That is even if you got a long message, the message digest will be small and thus
permits maximizing bandwidth.
Key Management in Cryptography

In cryptography, it is a very monotonous task to distribute the public

and private keys between sender and receiver. If the key is known to
the third party (forger/eavesdropper) then the whole security
mechanism becomes worthless. So, there comes the need to secure the
exchange of keys. In this article, we will learn about key management,
how Cryptographic Keys Work, Types of Key Management, and Key
Management Lifecycle.
What is Key Management?

Key management refers to the processes and procedures involved in generating, storing,
distributing, and managing cryptographic keys used in cryptographic algorithms to
protect sensitive data. It ensures that keys used to protect sensitive data are kept safe
from unauthorized access or loss.

Good key management helps maintain the security of encrypted information and is
important for protecting digital assets from cyber threats. Effective key management is
crucial for ensuring the confidentiality, integrity, and availability of encrypted
information by securing cryptographic keys from unauthorized access, loss, or
compromise.
How Cryptographic Keys Works?

Cryptographic keys are special codes that protect information by

locking (encrypting) and unlocking (decrypting) it. In symmetric key
cryptography, a single shared key does both jobs, so the same key
must be kept secret between users. In asymmetric key
cryptography, there are two keys: a public key that anyone can use
to encrypt messages or verify signatures, and a private key that only
the owner uses to decrypt messages or create signatures.
This makes it easier to share the public key openly while
keeping the private key secret. These keys are crucial for secure
communication, like when you visit a secure website (HTTPS),
where they help encrypt your data and keep it safe from
eavesdroppers and criminals. So, to manage these keys properly
is vital to keep digital information secure and dependable.
Types of Key Management
There are two aspects of Key Management:
1. Distribution of public keys.
2. Use of public-key encryption to distribute secrets.
Distribution of Public Key

The public key can be distributed in four ways:

1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates
These are explained as following below:
1. Public Announcement: Here the public key is broadcast to everyone. The major weakness
of this method is a forgery. Anyone can create a key claiming to be someone else and
broadcast it. Until forgery is discovered can masquerade as claimed user.
2. Publicly Available Directory: In this type, the public key
is stored in a public directory. Directories are trusted here,
with properties like Participant Registration, access and allow
to modify values at any time, contains entries like {name,
public-key}. Directories can be accessed electronically still
vulnerable to forgery or tampering.
3. Public Key Authority: It is similar to the directory but,
improves security by tightening control over the distribution
of keys from the directory. It requires users to know the
public key for the directory. Whenever the keys are needed,
real-time access to the directory is made by the user to obtain
any desired public key securely.
4. Public Certification: This time authority provides a certificate (which binds an
identity to the public key) to allow key exchange without real-time access to the
public authority each time. The certificate is accompanied by some other info such
as period of validity, rights of use, etc. All of this content is signed by the private
key of the certificate authority and it can be verified by anyone possessing the
authority’s public key.
First sender and receiver both request CA for a certificate which contains a public
key and other information and then they can exchange these certificates and can
start communication.
Key Management Lifecycle
The key management lifecycle outlines the stages through
which cryptographic keys are generated, used, and eventually
retired or destroyed. Proper management of these keys is critical
to ensuring the security of cryptographic systems. Here’s an
overview of each stage:
1. Key Generation:
● Creation: Keys are created using secure algorithms to ensure
randomness and strength.
● Initialization: Keys are initialized with specific parameters
required for their intended use (e.g., length, algorithm).
2. Key Distribution:
● Sharing: For symmetric keys, secure methods must be used to share
the key between parties.
● Publication: For asymmetric keys, the public key is shared openly,
while the private key remains confidential.
3. Key Storage:
● Protection: Keys must be stored securely, typically in hardware security
modules (HSMs) or encrypted key stores, to prevent unauthorized
access.
● Access Control: Only authorized users or systems should be able to
access keys.
4. Key Usage:
● Application: Keys are used for their intended cryptographic
functions, such as encrypting/decrypting data or signing/verifying
messages.
● Monitoring: Usage is monitored to detect any unusual or
unauthorized activities.
5. Key Rotation:
● Updating: Keys are periodically updated to reduce the risk of exposure
or compromise.
● Re-Keying: New keys are generated and distributed, replacing old ones
while ensuring continuity of service.
6. Key Revocation:
● Invalidation: Keys that are no longer secure or needed are
invalidated.
● Revocation Notices: For public keys, revocation certificates or
notices are distributed to inform others that the key should no
longer be trusted.
7. Key Archival:
● Storage: Old keys are securely archived for future reference or
compliance purposes.
● Access Restrictions: Archived keys are kept in a secure location with
restricted access.
8. Key Destruction:
● Erasure: When keys are no longer needed, they are securely
destroyed to prevent any possibility of recovery.
● Verification: The destruction process is verified to ensure that no
copies remain.
Kerberos

Kerberos provides a centralized authentication server whose

function is to authenticate users to servers and servers to users.
In Kerberos Authentication server and database is used for
client authentication. Kerberos runs as a third-party trusted
server known as the Key Distribution Center (KDC). Each user
and service on the network is a principal
The main components of Kerberos are:
● Authentication Server (AS): The Authentication Server performs the initial authentication
and ticket for Ticket Granting Service.
● Database: The Authentication Server verifies the access rights of users in the database.
● Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for the Server
Working of Kerberos
Step-1: User login and request services on the host. Thus user requests for
ticket-granting service.
Step-2: Authentication Server verifies user’s access right using database and then
gives ticket-granting-ticket and session key. Results are encrypted using the
Password of the user.
Step-3: The decryption of the message is done using the password then send the
ticket to Ticket Granting Server. The Ticket contains authenticators like user names
and network addresses.
Step-4: Ticket Granting Server decrypts the ticket sent by User and
authenticator verifies the request then creates the ticket for requesting services
from the Server.
Step-5: The user sends the Ticket and Authenticator to the Server.
Step-6: The server verifies the Ticket and authenticators then generate access to
the service. After this User can access the services.
Limitations of Kerberos
● Each network service must be modified individually for use with Kerberos
● It doesn’t work well in a timeshare environment
● Secured Kerberos Server
● Requires an always-on Kerberos server
● Stores all passwords are encrypted with a single key
● Assumes workstations are secure
● May result in cascading loss of trust.
● Scalability
Is Kerberos Infallible?
No security measure is 100% impregnable, and Kerberos is no
exception. Because it’s been around for so long, hackers have had the
ability over the years to find ways around it, typically through
forging tickets, repeated attempts at password guessing (brute
force/credential stuffing), and the use of malware, to downgrade the
encryption
Despite this, Kerberos remains the best access security
protocol available today. The protocol is flexible enough
to employ stronger encryption algorithms to combat new
threats, and if users employ good password-choice
guidelines, you shouldn’t have a problem.
Applications of Kerberos

User Authentication:

Single Sign-On (SSO):

Mutual Authentication:

Authorization:

Network Security:
Applications of Kerberos
● User Authentication: User Authentication is one of the main applications of Kerberos.
Users only have to input their username and password once with Kerberos to gain access
to the network. The Kerberos server subsequently receives the encrypted authentication
data and issues a ticket granting ticket (TGT).
● Single Sign-On (SSO): Kerberos offers a Single Sign-On (SSO) solution that enables
users to log in once to access a variety of network resources. A user can access any
network resource they have been authorized to use after being authenticated by the
Kerberos server without having to provide their credentials again.
● Mutual Authentication: Before any data is transferred, Kerberos uses a mutual authentication
technique to make sure that both the client and server are authenticated. Using a shared secret key that
is securely kept on both the client and server, this is accomplished. A client asks the Kerberos server for
a service ticket whenever it tries to access a network resource. The client must use its shared secret key
to decrypt the challenge that the Kerberos server sends via encryption. If the decryption is successful,
the client responds to the server with evidence of its identity.
● Authorization: Kerberos also offers a system for authorization in addition to authentication. After
being authenticated, a user can submit service tickets for certain network resources. Users can access
just the resources they have been given permission to use thanks to information about their privileges
and permissions contained in the service tickets.
● Network Security: Kerberos offers a central authentication server that can regulate user credentials and
access restrictions, which helps to ensure network security. In order to prevent unwanted access to
sensitive data and resources, this server may authenticate users before granting them access to network
resources.