NETWORK SECURITY (21EC742)

MODULE - 1

Syllabus:
Attacks on Computers and Computer Security, Need for Security, Security Approaches, Principles
of Security, Types of Attacks.
Security Mechanisms, Services and attacks, Model for Network Security.
Network Access Control, Extensible Authentication Protocol.

Text Book:

Cryptography and Network Security, Atul Kahate, TMH, 2003

Page 1
 1. The Need for Security

Basic Concepts

Most previous computer applications had no, or at best, very little security. This continued
for a number of years until the importance of data was truly realized. Until then, computer
data was considered to be useful, but not something to be protected. When computer
applications were developed to handle financial and personal data, the real need for security
was felt like never before. People realized that data on computers is an extremely important
aspect of modern life. Therefore, various areas in security began to gain prominence. Two
typical examples of such security mechanisms were as follows:

● Provide a user identification and password to every user, and use that information to
authenticate a user.
● Encode information stored in the databases in some fashion, so that it is not visible to users
who do not have the right permission.
Figure 1.1 shows such an example of what can happen when you use your credit card for
making purchases over the Internet. From the user’s computer, the user details such as user
id, order details such as order id and item id, and payment details such as credit-card
information travel across the Internet to the server (i.e. to the merchant’s computer). The
merchant’s server stores these details in its database. There are various security holes here.
First of all, an intruder can capture the credit-card details as they travel from the client to the
server. If we somehow protect this transit from an intruder’s attack, it still does not solve our
problem. Once the merchant computer receives the credit-card details and validates them so
as to process the order and later obtain payments, the merchant computer stores the credit-
card details into its database. Now, an attacker can simply succeed in accessing this database,
and therefore gain access to all the credit-card numbers stored.

Figure 1.1: Example of information traveling from a client to a server over the Internet
Page 2
2. Security Approaches

• Trusted Systems

A trusted system is a computer system that can be trusted to a specified extent to enforce a
specified security policy.
Trusted systems were initially of primary interest to the military. However, these days, they
have spanned across various areas, most prominently in the banking and financial
community, but the concept never caught on. Trusted systems often use the term reference
monitor. This is an entity that is at the logical heart of the computer system. It is mainly
responsible for all the decisions related to access controls. Naturally, following are the
expectations from the reference monitor:
(a) It should be tamper-proof.

(b) It should always be invoked.

(c) It should be small enough so that it can be tested independently.

In their 1983 Orange Book (also called the Trusted Computer System Evaluation Criteria
(TCSEC)),the National Security Agency (NSA) of the US Government defined a set of
evaluation classes. These described the features and assurances that the user could expect
from a trusted system.
• Security Models

An organization can take several approaches to implement its security model. Let us
summarize these approaches.
1. No Security

In this simplest case, the approach could be a decision to implement no security at all.

2. Security through Obscurity

In this model, a system is secure simply because nobody knows about its existence and
contents. This approach cannot work for too long, as there are many ways an attacker can
come to know about it.
3. Host Security

In this scheme, the security for each host is enforced individually. This is a very safe
approach, but the trouble is that it cannot scale well. The complexity and diversity of modern
sites/organizations makes the task even harder.
4. Network Security

Page 3
 Host security is tough to achieve as organizations grow and become more diverse. In this
technique, the focus is to control network access to various hosts and their services, rather
than individual host security. This is a very efficient and scalable model.
• Security-Management Practices

Good security-management practices always talk of a security policy being in place. Putting a
security policy in place is actually quite tough. A good security policy and its proper
implementation go a long way in ensuring adequate security-management practices. A good
security policy generally takes care of four key aspects, as follows.

3. Principles of Security
Let us assume that a person A wants to send a check worth $100 to another person B.
Normally, what are the factors that A and B will think of, in such a case? A will write the
check for $100, put it inside an envelope, and send it to B.
● A will like to ensure that no one except B gets the envelope, and even if someone else gets
it, he/she does not come to know about the details of the check. This is the principle of
confidentiality.
● A and B will further like to make sure that no one can tamper with the contents of the
check (such as its amount, date, signature, name of the payee, etc.). This is the principle of
integrity.
● B would like to be assured that the check has indeed come from A, and not from someone
else posing as A (as it could be a fake check in that case). This is the principle of
authentication.
● What will happen tomorrow if B deposits the check in his/her account, the money is
transferred from A’s account to B’s account, and then A refuses having written/sent the
check? The court of law will use A’s signature to disallow A to refute this claim, and settle
the dispute. This is the principle of non-repudiation.

These are the four principles of security. There are two more: access control and
availability, which are not related to a particular message, but are linked to the overall system
as a whole.

• Confidentiality

The principle of confidentiality specifies that only the sender and the intended recipient(s)
should be able to access the contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access a message. An example of compromising the
confidentiality of a message is shown in Fig.1.2. Here, the user of computer A sends a

Page 4
message to the user of computer B. (Actually, from here onwards, we shall use the term A to
mean the user A, B to mean user B, etc., although we shall just show the computers of users
A, B, etc.). Another user C gets access to this message, which is not desired, and therefore
defeats the purpose of confidentiality. An example of this could be a confidential email
message sent by A to B, which is accessed by C without the permission or knowledge of A
and B. This type of attack is called interception.

Fig.1.2 Loss of confidentiality

• Authentication

Authentication mechanisms help establish proof of identities. The authentication process

ensures that the origin of an electronic message or document is correctly identified. For
instance, suppose that user C sends an electronic document over the Internet to user B.
However, the trouble is that user C had posed as user A when he/she sent this document to
user B. How would user B know that the message has come from user C, who is posing as
user A? A real-life example of this could be the case of a user C, posing as user A, sending a
funds transfer request (from A’s account to C’s account) to bank B. The bank might happily
transfer the funds from A’s account to C’s account—after all, it would think that user A has
requested for the funds transfer! This concept is shown in Fig. 1.3. This type of attack is
called fabrication.

Fig. 1.3 Absence of authentication

Fabrication is possible in absence of proper authentication mechanisms.

Page 5
 • Integrity

When the contents of a message are changed after the sender sends it, but before it reaches
the intended recipient, we say that the integrity of the message is lost. For example, suppose
you write a check for $100 to pay for goods bought from the US. However, when you see
your next account statement, you are startled to see that the check resulted in a payment of
$1000! This is the case for loss of message integrity. Conceptually, this is shown in Fig. 1.4.
Here, user C tampers with a message originally sent by user A, which is actually destined for
user B. User C somehow manages to access it, change its contents, and send the changed
message to user B. User B has no way of knowing that the contents of the message were

changed after user A had sent it. User A also does not know about this change. This type of
attack is called modification.

Fig. 1.4 Loss of integrity

Modification causes loss of message integrity.

Non-repudiation

There are situations where a user sends a message, and later on refuses that she had sent that
message. For instance, user A could send a funds transfer request to bank B over the Internet.
After the bank performs the funds transfer as per A’s instructions, A could claim that he/she
never sent the funds transfer instruction to the bank! Thus, A repudiates, or denies, his/her
funds transfer instruction. The principle of non-repudiation defeats such possibilities of
denying something after having done it. This is shown in Fig. 1.5.

Fig. 1.5 Establishing non-repudiation

Non-repudiation does not allow the sender of a message to refute the claim of not sending that
message.
Page 6
• Access Control

The principle of access control determines who should be able to access what. For instance,
we should be able to specify that user A can view the records in a database, but cannot update
them. However, user B might be allowed to make updates as well. An access-control
mechanism can be set up to ensure this. Access control is broadly related to two areas: role
management and rule management. Role management concentrates on the user side (which
user can do what), whereas rule management focuses on the resources side (which resource is
accessible, and under what circumstances). Based on the decisions taken here, an access-
control matrix is prepared, which lists the users against a list of items they can access (e.g. it
can say that user A can write to file X, but can only update files Y and Z). An Access Control
List (ACL) is a subset of an access-control matrix.
Access control specifies and controls who can access what

• Availability

The principle of availability states that resources (i.e. information) should be available to
authorized parties at all times. For example, due to the intentional actions of another
unauthorized user C, an authorized user A may not be able to contact a server computer B, as
shown in Fig. 1.6. This would defeat the principle of availability. Such an attack is called
interruption.

Fig. 1.6 Attack on availability

Interruption puts the availability of resources in danger

Page 7
 We may be aware of the traditional OSI standard for Network Model (titled OSI Network
Model 7498-1),which describes the seven layers of the networking technology (application,
presentation, session, transport, network, data link, and physical). A very less known standard
on similar lines is the OSI standard for Security Model (titled OSI Security Model 7498-2).
This also defines seven layers of security in the form of
• Authentication

• Access control

• Non-repudiation

• Data integrity

• Confidentiality

• Assurance or availability

• Notarization or signature

4. Types of Attacks

i. Attacks: A General View

From a common person’s point of view, we can classify attacks into three categories, as
shown in Fig. 1.7.

Fig. 1.7 Classification of attacks as understood in general terms

1. Criminal Attacks

Criminal attacks are the simplest to understand. Here, the sole aim of the attackers is to
maximize financial gain by attacking computer systems. Table 1.1 lists some forms of
Page 8
criminal attacks.

Table 1.1 Types of criminal attacks

2. Publicity Attacks

Publicity attacks occur because the attackers want to see their names appear on television
news channels and newspapers. History suggests that these types of attackers are usually not
hardcore criminals. They are people such as students in universities or employees in large
organizations, who seek publicity by adopting a novel approach of attacking computer
systems. One form of publicity attacks is to damage (or deface) the Web pages of a site by
attacking it. One of the most famous of such attacks occurred on the US Department of
Justice’s Web site in 1996. The New York Times home page was also infamously defaced
two years later.
3. Legal Attacks

This form of attack is quite novel and unique. Here, the attacker tries to make the judge or the
jury doubtful about the security of a computer system. This works as follows. The attacker
attacks the computer system, and the attacked party (say a bank or an organization) manages
to take the attacker to the court. While the case is being fought, the attacker tries to convince
the judge and the jury that there is inherent weakness in the computer system and that she has

Page 9
done nothing wrongful. The aim of the attacker is to exploit the weakness of the judge and the
jury in technological matters.

For example, an attacker may sue a bank for performing an online transaction, which he/she
never wanted to perform. In court, the attacker could innocently say something like: The
bank’s Web site asked me to enter a password and that is all that I provided; I do not know
what happened thereafter. A judge is unwittingly likely to sympathize with the attacker!

SECURITY ATTACKS:

Threat- A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible danger that
might exploit vulnerability.
Attack- An assault on system security that derives from an intelligent threat. That is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade security
services and violate the security policy of a system.
Security attack: Any action that compromises the security of information owned by an
organization.
A useful means of classifying security attacks is in terms of passive attacks and active attacks. A
passive attack attempts to learn or make use of information from the system but does not affect
system resources. An active attack attempts to alter system resources or affect their operation.

Passive Attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions as shown in Fig 1.8. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and traffic analysis.

Page 10
 Fig:1.8 Passive Attacks
• The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of these
transmissions.

Fig: 1.9. Release of message

• A second type of passive attack, traffic analysis, is subtler (Figure 1.10). Suppose that we
had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information from the
message. The common technique for masking contents is encryption.

Fig: 1.10. Traffic Analysis

Page 11
Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Typically, the message traffic is sent and received in an apparently normal fashion, and neither the
sender nor the receiver is aware that a third party has read the messages or observed the traffic
pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
Active attacks: Active attacks involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service.
• A masquerade takes place when one entity pretends to be a different entity (Figure 1.11). A
masquerade attack usually includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a valid authentication
sequence has taken place, thus enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those privileges.

Fig:1.11. Masquerade
• Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.

Fig:1.11. Replay
• Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect
(Figure 1.12). For example, a message meaning “Allow John Smith to read confidential

Page 12
 file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”

Fig:1.12. Modification of messages

• The denial of service prevents or inhibits the normal use or management of
communications facilities (Figure 1.10). This attack may have a specific target; for
example, an entity may suppress all messages directed to a particular destination (e.g., the
security audit service). Another form of service denial is the disruption of an entire
network—either by disabling the network or by overloading it with messages so as to
degrade performance.
Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and
so on. All of the techniques for providing security have two components:
• A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.
• Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

The Practical Side of Attacks

The attacks discussed earlier can come in a number of forms in real life. They can be
classified into two broad categories: application-level attacks and network-level attacks, as
shown in Fig. 1.13.

Page 13
 Fig. 1.13 Practical side of attacks

1. Application-level Attacks These attacks happen at an application level in the sense that
the attacker attempts to access, modify, or prevent access to information of a particular
application, or the application itself. Examples of this are trying to obtain someone’s credit-
card information on the Internet, or changing the contents of a message to change the amount
in a transaction, etc.

2. Network-level Attacks These attacks generally aim at reducing the capabilities of a

network by a number of possible means. These attacks generally make an attempt to either
slow down, or completely bring to halt, a computer network. Note that this automatically can
lead to application-level attacks, because once someone is able to gain access to a network,
usually he/she is able to access/modify at least some sensitive information, causing havoc
These two types of attacks can be attempted by using various mechanisms, as discussed next.
We will not classify these attacks into the above two categories, since they can span across
application as well as network levels.
Security attacks can happen at the application level or the network level

ii. Programs that Attack

A few programs that attack computer systems to cause some damage or to create confusion.

1. Virus

One can launch an application-level attack or a network level attack using a virus. In simple
terms, a virus is a piece of program code that attaches itself to legitimate program code, and
runs when the legitimate program runs. It can then infect other programs in that computer, or
programs that are in other computers but on the same network. This is shown in Fig. 1.14. In
this example, after deleting all the files from the current user’s computer, the virus self-
propagates by sending its code to all users whose email addresses are stored in the current
user’s address book.

Page 14
 Fig. 1.14 Virus

Viruses can also be triggered by specific events (e.g. a virus could automatically execute at
12 p.m. every day). Usually viruses cause damage to computer and network systems to the
extent that they can be repaired, assuming that the organization deploys good backup and
recovery procedures.
A virus is a computer program that attaches itself to another legitimate program, and causes
damage to the computer system or to the network.
During its lifetime, a virus goes through four phases:

(a) Dormant Phase Here, the virus is idle. It gets activated based on a certain action or event
(e.g. the user typing a certain key or a certain date or time is reached, etc). This is an optional
phase.
(b) Propagation Phase In this phase, a virus copies itself, and each copy starts creating more
copies of itself, thus propagating the virus.
(c) Triggering Phase A dormant virus moves into this phase when the action/event for which
it was waiting is initiated.
(d) Execution Phase This is the actual work of the virus, which could be harmless (display
some message on the screen) or destructive (delete a file on the disk).
Viruses can be classified into the following categories: (a) Parasitic Virus This is the most
common form of virus. Such a virus attaches itself to executable files and keeps replicating.

Whenever the infected file is executed, the virus looks for other executable files to attach itself and
spread.
(b) Memory-resident Virus This type of virus first attaches itself to an area of the main
memory and then infects every executable program that is executed.
(c) Boot sector Virus This type of virus infects the master boot record of the disk and
spreads on the disk when the operating system starts booting the computer.
(d) Stealth Virus This virus has intelligence built in, which prevents anti-virus software
programs from detecting it.
(e) Polymorphic Virus A virus that keeps changing its signature (i.e. identity) on every
Page 15
execution, making it very difficult to detect.
(f) Metamorphic Virus In addition to changing its signature like a polymorphic virus, this
type of virus keeps rewriting itself every time, making its detection even harder. There is
another popular category of viruses, called the macro virus. This virus affects specific
application software, such as Microsoft Word or Microsoft Excel. They affect the documents
created by users, and spread quite easily since such documents are very commonly exchanged
over email. There is a feature called macro in these application-software programs, which
allows users to write small, useful, utility programs within the documents. Viruses attack
these macros, and hence the name macro virus.
2. Worm

Similar in concept to a virus, a worm is actually different in implementation. A virus

modifies a program (i.e. it attaches itself to the program under attack). A worm, however,
does not modify a program. Instead, it replicates itself again and again. This is shown in Fig.
1.15. The replication grows so much that ultimately the computer or the network on which
the worm resides, becomes very slow, ultimately coming to a halt. Thus, the basic purpose of
a worm attack is different from that of a virus. A worm attack attempts to make the computer
or the network under attack unusable by eating all its resources.

Fig. 1.15 Worm

A worm does not perform any destructive actions, and instead, only consumes system
resources to bring it down

Page 16
3. Trojan Horse

A Trojan horse is a hidden piece of code, like a virus. However, the purpose of a Trojan horse
is different. Whereas the main purpose of a virus is to make some sort of modifications to the
target computer or network, a Trojan horse attempts to reveal confidential information to an
attacker. The name (Trojan horse) comes from the epic poem Iliad. The story says that Greek
soldiers hid inside a large hollow horse, which was pulled into the city of Troy by its citizens,
unaware of its contents. Once the Greek soldiers entered the city of Troy, they opened the
gates for the rest of the Greek soldiers.
In a similar fashion, a Trojan horse could silently sit in the code for a Login screen by
attaching itself to it. When the user enters the user id and password, the Trojan horse could
capture these details, and send this information to the attacker without the knowledge of the
user who had mentered the id and password. The attacker can then merrily misuse the user
id and passwordto gain access to the system. This is shown in Fig. 1.16.

Fig. 1.16 Trojan horse

A Trojan horse allows an attacker to obtain some confidential information about a computer
or a network
iii. Dealing with Viruses

Preventing viruses is the best option. However, in today’s world, it is almost impossible to
achieve cent per cent security given that the world is connected to the Internet all the time.
We have to accept that viruses will attack, and we would need to find ways to deal with them.
Hence, we can attempt to detect, identify, and remove viruses. This is shown in Fig. 1.17.

Page 17
Detection of viruses involves locating the virus, having known that a virus has attacked. Then
we need to identify the specific virus that has attacked. Finally, we need to remove it. For this, we
need to remove all traces of the virus and restore the affected programs/files to their original states.
This is done by anti-virus software. Anti-virus software is classified into four generations, as depicted
in Fig. 1.18.

Fig. 1.18 Generations of Anti-virus software

The key characteristics of the four generations of anti-virus software

1. First Generation These anti-virus software programs were called simple scanners. They
needed a virus signature to identify a virus. A variation of such programs kept a watch on the
length of programs and looked for changes so as to possibly identify a virus attack.
2. Second Generation These anti-virus software programs did not rely on simple virus
signatures. Rather, they used heuristic rules to look for possible virus attacks. The idea was to
look for code blocks that were commonly associated with viruses. For example, such a
program could look for an encryption key used by a virus, find it, decrypt and remove the
virus, and clean the code. Another variation of these anti-virus programs used to store some
identification about the file (e.g. a message digest, which we shall study later) are also
notorious for detecting changes in the contents of the file.

Page 18
 3. Third Generation These anti-virus software programs were memory resident. They
watched for viruses based on actions, rather than their structure. Thus, it is not necessary to
maintain a large database of virus signatures. Instead, the focus is to keep watch on a small
number of suspect actions.
4. Fourth Generation These anti-virus software programs package many anti-virus
techniques together (e.g. scanners, activity monitoring). They also contain access control
features, thus thwarting the attempts of viruses to infect files. There is a category of software
called behavior-blocking software, which integrates with the operating system of the
computer and keeps a watch on virus-like behavior in real time. Whenever such an action is
detected, this software blocks it, preventing damages. The actions under watch can be
● Opening, viewing, modifying, deleting files

● Network communications

● Modification of settings such as start-up scripts

● Attempts to format disks

● Modification of executable files

● Scripting of email and instant messaging to send executable content to others

The main advantage of such software programs is that they are more into virus prevention
than virus detection. In other words, they stop viruses before they can do any damage, rather
than detecting them after an attack.

SPECIFIC ATTACKS

1. Sniffing and Spoofing: On the Internet, computers exchange messages with each other
in the form of small groups of data, called packets. A packet, like a postal envelope contains
the actual data to be sent, and the addressing information. Attackers target these packets, as
they travel from the source computer to the destination computer over the Internet. These
attack s take two main forms: (a) Packet sniffing (also called snooping), and (b) Packet
spoofing. Since the protocol used in this communication is called Internet Protocol (IP),
other names for these two attacks are (a) IP sniffing, and (b) IP spoofing. The meaning
remains the same. These two attacks are.
(a) Packet Sniffing Packet sniffing is a passive attack on an ongoing conversation. An
attacker need not hijack a conversation, but instead, can simply observe (i.e. sniff) packets as

Page 19
they pass by. Clearly, to prevent an attacker from sniffing packets, the information that is
passing needs to be protected in some ways. This can be done at two levels: (i) The data that
is traveling can be encoded in some ways, or (ii) The transmission link itself can be encoded.
To read a packet, the attacker somehow needs to access it in the first place. The simplest way
to do this is to control a computer via which the traffic goes through. Usually, this is a router.
However, routers are highly protected resources. Therefore, an attacker might not be able to
attack it, and instead, attack a less-protected computer on the same path.
(b) Packet spoofing In this technique, an attacker sends packets with an incorrect source
address. When this happens, the receiver (i.e. the party who receives these packets containing
false addresses) would inadvertently send replies back to this forged address (called spoofed
address), and not to the attacker. This can lead to three possible cases: (i) The attacker can
intercept the reply If the attacker is between the destination and the forged source, the
attacker can see the reply and use that information for hijacking attacks. (ii) The attacker need
not see the reply If the attacker’s intention was a Denial Of Service (DOS) attack, the attacker
need not bother about the reply. (iii) The attacker does not want the reply The attacker could
simply be angry with the host, so it may put that host’s address as the forged source address
and send the packet to the destination. The attacker does not want a reply from the
destination, as it wants the host with the forged address to receive it and get confused.
2. Phishing

Phishing has become a big problem in recent times. In 2004, the estimated losses due to
phishing were to the tune of USD 137 million, according to Tower Group. Attackers set up
fake Websites, which look like real Web sites. It is quite simple to do so, since creating Web
pages involves relatively simple technologies such as HTML, JavaScript, CSS (Cascading

Style Sheets), etc. Learning and using these technologies is quite simple. The attacker’s
modus operandi works as follows.
● The attacker decides to create his/her own Web site, which looks very identical to a real
Web site. For example, the attacker can clone Citibank’s Web site. The cloning is so clever
that the human eye will not be able to distinguish between the real (Citibank’s) and fake
(attacker’s) site.

●The attacker can use many techniques to attack the bank’s customers. We illustrate the most
common one below.
The attacker sends an email to the legitimate customers of the bank. The email itself appears
to have come from the bank. For ensuring this, the attacker exploits the email system to
suggest that the sender of the email is some bank official (e.g.
Page 20
[email protected]). This fake email warns the user that there has been some sort
of attack on Citibank’s computer systems and that the bank wants to issue new passwords to
all its customers, or verify their existing PINs, etc. For this purpose, the customer is asked to
visit a URL mentioned in the same email. This is conceptually shown in Fig. 1.19

Fig. 1.19 Attacker sends a forged email to the innocent victim (customer)

●When the customer (i.e. the victim) innocently clicks on the URL specified in the email,
he/she is taken to the attacker’s site, and not the bank’s original site. There, the customer is
prompted to enter confidential information, such as his/her password or PIN. Since the
attacker’s fake site looks exactly like the original bank site, the customer provides this
information. The attacker gladly accepts this information and displays a Thank you to the
unsuspecting victim. In the meanwhile, the attacker now uses the victim’s password or PIN to
access the bank’s real site and can perform any transaction as if he/she is the victim!
A real-life example of this kind of attack is reproduced below from the site
http://www.fraudwatchinternational.com. Figure 1.20 shows a fake email sent by an attacker
to an authorized PayPal user

Fig. 1.20 Fake email from the attacker to a PayPal user

Page 21
As we can see, the attacker is trying to fool the PayPal customer to verify his/her credit-card
details. Quite clearly, the aim of the attacker is to access the credit-card information of the
customer and then misuse it. Figure 1.21 shows the screen that appears when the user clicks

on the URL specified in the fake email. Once the user provides these details, the attacker’s
job is easy! He/she simply uses these credit-card details to make purchases on behalf of the
cheated card holder!

Fig. 1.21 Fake PayPal site asking for user’s credit-card details

3. Pharming (DNS Spoofing)

Another attack, known earlier as DNS spoofing or DNS poisoning, is now called pharming
attack. As we know, using the Domain Name System (DNS), people can identify Web sites
Page 22
with human-readable names (such as www.yahoo.com), and computers can continue to treat
them as IP addresses (such as 120.10.81.67). For this, a special server computer called a DNS
server maintains the mappings between domain names and the corresponding IP addresses.
The DNS server could be located anywhere. Usually, it is with the Internet Service Provider
(ISP) of the users. With this background, the DNS spoofing attack works as follows.

● Suppose that there is a merchant (Bob) whose site’s domain name is www.bob.com, and
the IP address is 100.10.10.20. Therefore, the DNS entry for Bob in all the DNS servers is
maintained as follows:
www.bob.com 100.10.10.20

● The attacker (say, Trudy) manages to hack and replace the IP address of Bob with her own
(say 100.20.20.20) in the DSN server maintained by the ISP of a user, say Alice. Therefore,
the DNS server maintained by the ISP of Alice now has the following entry: www.bob.com
100.20.20.20
Thus, the contents of the hypothetical DNS table maintained by the ISP would be changed. A
hypothetical portion of this table (before and after the attack) is shown in Fig. 1.22

Fig. 1.22 Effect of the DNS attack

●When Alice wants to communicate with Bob’s site, her Web browser queries the DNS
server maintained by her ISP for Bob’s IP address, providing it the domain name (i.e.
www.bob.com). Alice gets the replaced (i.e. Trudy’s) IP address, which is 100.20.20.20.

● Now, Alice starts communicating with Trudy, believing that she is communicating with
Bob!
Such attacks of DNS spoofing are quite common, and cause a lot of havoc. Even worse, the
attacker (Trudy) does not have to listen to the conversation on the wire! She has to simply be
able to hack the DNS server of the ISP and replace a single IP address with her own!

Page 23
 A protocol called DNS Sec (Secure DNS) is being used to thwart such attacks.
Unfortunately,it is not widely used.

5.Security Services:
It is a processing or communication service that is provided by a system to give a specific kind of
production to system resources. Security services implement security policies and are implemented by
security mechanisms.
Confidentiality: Confidentiality is the protection of transmitted data from passive attacks. It is used to
prevent the disclosure of information to unauthorized individuals or systems. It has been defined as
“ensuring that information is accessible only to those authorized to have access”.
The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit card number
has to be secured during online transaction.
Authentication: This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from intended source. For an
ongoing interaction two aspects are involved. First, during connection initiation the service assures the
authenticity of both parties. Second, the connection between the two hosts is not interfered allowing a third
party to masquerade as one of the two parties. Two specific authentication services defines in X.800 are
Peer entity authentication: Verifies the identities of the peer entities involved in communication.
Provides use at time of Media connection estblishment and during data transmission. Provides confidence
against a masquera or replay attack Data origin authentication: Assumes the authenticity of source of data
unit, but does not provide protection against duplication or modification of data units. Supports
applications like electronic mail, where no prior interactions take place between communicating entities.
Integrity: Integrity means that data cannot be modified without authorization. Like confidentiality, it can
be applied to a stream of messages, a single message or selected fields within a message. Two types of
integrity services are available. They are:
• Connection-Oriented Integrity Service: This service deals with a stream of messages, assures that
messages are received as sent, with no duplication, insertion, modification, reordering or replays.
Destruction of data is also covered here. Hence, it attends to both message stream modification and
denial of service.
• Connectionless-Oriented Integrity Service: It deals with individual messages regardless of larger
context, providing protection against message modification only.
An integrity service can be applied with or without recovery. Because it is related to active attacks, major
concern will be detection rather than prevention. If a violation is 8 detected and the service reports it,

Page 24
either human intervention or automated recovery machines are required to recover.
Non-repudiation: Non-repudiation prevents either sender or receiver from denying a transmitted message.
This capability is crucial to e-commerce. Without it an individual or entity can deny that he, she or it is
responsible for a transaction, therefore not financially liable.
Access Control: This refers to the ability to control the level of access that individuals or entities have to a
network or system and how much information they can receive. It is the ability to limit and control the
access to host systems and applications via communication links. For this, each entity trying to gain access
must first be identified or authenticated, so that access rights can be tailored to the individuals.
Availability: It is defined to be the property of a system Media or a system resource being accessible and
usable upon demand by an authorized system entity. The availability can significantly be affected by a
variety of attacks, some amenable to automated counter measures i.e authentication and encryption and
others need some sort of physical action to prevent or recover from loss of availability of elements of
distributed system.

6.Security Mechanisms:
According to X.800, the sec rity mechanisms are divided into those implemented in a specific protocol
layer and those that are not specific to any particular protocol layer or security service. X.800 also
differentiates reversible & irreversible encipherment mechanisms. A reversible encipherment mechanism
is simply an encryption algorithm that allows data to be encrypted and subsequently decrypted, whereas
irreversible encipherment include hash algorithms and message authentication codes used in digital
signature and message authentication applications
Specific Security Mechanisms Incorporated into the appropriate protocol layer in order to provide some
of the OSI security services,
• Encipherment: It refers to the process of applying mathematical algorithms for converting data
into a form that is not intelligible. This depends on algorithm used and encryption keys.
• Digital Signature: The appended data or a cryptographic transformation applied to any data unit
allowing to prove the source and integrity of the data unit and protect against forgery.
• Access Control: A variety of techniques used for enforcing access permissions to the system
resources.
• Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of
data units.
• Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of
information exchange.
• Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis

Page 25
 attempts.
• Routing Control: Enables selection of particular physically secure routes for certain data and
allows routing changes once a breach of security is suspected.
• Notarization: The use of a trusted third party to assure cert in properties of a data exchange
Pervasive Security Mechanisms These are not specific to any particular OSI security service or
protocol layer.
• Trusted Functionality: That which is perceived to b correct with respect to some criteria Security
Level: The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource.
• Event Detection: It is the process of detecting all the events related to network security.
• Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.
• Security Recovery: It deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.

7. Model For Network Security:

Fig.1.23: Model for Network Security

Page 26
Data is transmitted over network between two communicating parties, who must cooperate for the
exchange to take place. A logical information channel is established by defining a route through
the internet from source to destination by use of communication protocols by the two parties.
Whenever an opponent presents a threat to confidentiality, authenticity of information, security
aspects come into play. Two components are present in almost all the security providing
techniques.
A security-related transformation on the information to be sent making it unreadable 11 by the
opponent, and the addition of a code based on the contents of the message, used to verify the
identity of sender. Some secret information shared by the two principals and, it is hoped, unknown
to the opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure transmission. It is responsible for
distributing the secret information to the two parties, while keeping it away from any opponent. It
also may be needed to settle disputes between the two parties regarding authenticity of a message
transmission.
The general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should be
such that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and
the secret information to achieve a particular security service various other threats to information
system like unwanted access still exist.
Information access threats intercept or modify data on behalf of users who should not have access
to that data Service threats exploit service flaws in computers to inhibit use by legitimate users
Viruses and worms are two examples of software attacks inserted into the system by means of a
disk or also across the network. The security mechanisms needed to cope with unwanted access fall
into two broad categories.

Page 27