More than 3000 engineers find our updates useful. You can get them at your mail box!
Search your paper presentation and project titles:

Department/Area of interest: ( To list the projects / paper presentations)

Mechanical               Scada technology              Communication             Computer science           Alternative energy
Electrical                  Robotics                        Biometrics                     Artificial intelligence             Electronics

Network Security Overview

Computer networks are typically a shared resource used by many applications

representing different interests. The Internet is particularly widely shared, being

used by competing businesses, mutually antagonistic governments, and opportunistic

criminals. Unless security measures are taken, a network conversation or a

distributed application may be compromised by an adversary.

Consider some threats to secure use of, for example, the World Wide Web.

Suppose you are a customer using a credit card to order an item from a website.

An obvious threat is that an adversary would eavesdrop on your network communication,

reading your messages to obtain your credit card information. How might

that eavesdropping be accomplished? It is trivial on a broadcast network such as

an Ethernet, where any node can be confi gured to receive all the message traffi c

on that network. Wireless communication can be monitored without any physical

connection. More elaborate approaches include wiretapping and planting spy

software on any of the chain of nodes involved. Only in the most extreme cases,

such as national security, are serious measures taken to prevent such monitoring,

and the Internet is not one of those cases. It is possible and practical, however, to

encrypt messages so as to prevent an adversary from understanding the message

contents. A protocol that does so is said to provide confi dentiality . Taking the

concept a step further, concealing the quantity or destination of communication

is called traffi c confi dentiality —because merely knowing how much communication

is going where can be useful to an adversary in some situations.

Even with confi dentiality there still remain threats for the website customer.

An adversary who can’t read the contents of your encrypted message might still

be able to change a few bits in it, resulting in a valid order for, say, a completely

different item or perhaps 1,000 units of the item. There are techniques to detect,

if not prevent, such tampering. A protocol that detects such message tampering

provides data integrity . The adversary could alternatively transmit an extra copy

of your message in a replay attack . To the website, it would appear as though

you had simply ordered another of the same item you ordered the fi rst time. A

protocol that detects replays provides originality . Originality would not, however,

preclude the adversary intercepting your order, waiting a while, then transmitting

it—in effect, delaying your order. The adversary could thereby arrange for

the item to arrive on your doorstep while you are away on vacation, when it can

be easily snatched. A protocol that detects such delaying tactics is said to provide

timeliness . Data integrity, originality, and timeliness are considered aspects of the

more general property of integrity .

Another threat to the customer is unknowingly being directed to a false website.

This can result from a DNS attack, in which false information is entered in

a domain name server or the name service cache of the customer’s computer.

This leads to translating a correct URL into an incorrect IP address—the address

of a false website. A protocol that ensures that you really are talking to whom

you think you’re talking is said to provide authentication . Authentication entails

integrity since it is meaningless to say that a message came from a certain participant

if it is no longer the same message.

The owner of the website can be attacked as well. Some websites have been

defaced; the fi les that make up the website content have been remotely accessed

and modifi ed without authorization. That is an issue of access control : enforcing

the rules regarding who is allowed to do what. Websites have also been subject to

denial of service (DoS) attacks, during which would-be customers are unable to

access the website because it is being overwhelmed by bogus requests. Ensuring

a degree of access is called availability .

Finally, the customer and website face threats from each other. Each could

unilaterally deny that a transaction occurred, or invent a nonexistent transaction.

Nonrepudiation means that a bogus denial (repudiation) of a transaction can be

disproved, and nonforgeability means that claims of a bogus (forged) transaction

can be disproved.

Although these examples have been based on Web transactions, there are comparable

security threats in almost every network context. Although the Internet

was designed with the redundancy to survive physical attacks such as bombing, it

was not originally designed to provide the kind of security we have been discussing.

Internet security mechanisms have essentially been patches. If a comprehensive

redesign of the Internet were to take place, integrating security would likely

be the foremost driving factor. That possibility makes this chapter all the more


The main tools for securing networked systems are cryptography and fi rewalls.

The bulk of this chapter concerns cryptography-based security.

Intense Debate Comments