Network Security and Cryptography E-Book

NETWORK SECURITYAND CRYPTOGRAPHY

LICENSE, DISCLAIMER OF LIABILITY, AND LIMITED WARRANTY

By purchasing or using this book and its companion files (the “Work”), you agree that this license grants permission to use the contents contained herein, but does not give you the right of ownership to any of the textual content in the book or ownership to any of the information, files, or products contained in it. This license does not permit uploading of the Work onto the Internet or on a network (of any kind) without the written consent of the Publisher. Duplication or dissemination of any text, code, simulations, images, etc. contained herein is limited to and subject to licensing terms for the respective products, and permission must be obtained from the Publisher or the owner of the content, etc., in order to reproduce or network any portion of the textual material (in any media) that is contained in the Work.

MERCURY LEARNING AND INFORMATION (“MLI” or “the Publisher”) and anyone involved in the creation, writing, production, accompanying algorithms, code, or computer programs (“the software”), and any accompanying Web site or software of the Work, cannot and do not warrant the performance or results that might be obtained by using the contents of the Work. The author, developers, and the Publisher have used their best efforts to ensure the accuracy and functionality of the textual material and/or programs contained in this package; we, however, make no warranty of any kind, express or implied, regarding the performance of these contents or programs. The Work is sold “as is” without warranty (except for defective materials used in manufacturing the book or due to faulty workmanship).

The author, developers, and the publisher of any accompanying content, and anyone involved in the composition, production, and manufacturing of this work will not be liable for damages of any kind arising out of the use of (or the inability to use) the algorithms, source code, computer programs, or textual material contained in this publication. This includes, but is not limited to, loss of revenue or profit, or other incidental, physical, or consequential damages arising out of the use of this Work. The data used throughout this text, including names of persons and companies are for instructional purposes only. They have been researched with care but are not guaranteed for any intent beyond their educational purpose.

The sole remedy in the event of a claim of any kind is expressly limited to replacement of the book and only at the discretion of the Publisher. The use of “implied warranty” and certain “exclusions” vary from state to state, and might not apply to the purchaser of this product.

NETWORK SECURITYAND CRYPTOGRAPHY

A Self-Teaching Introduction

Second Edition

Sarhan M. Musa, Ph.D.

Prairie View A&M University

Copyright ©2022 by MERCURY LEARNING AND INFORMATION LLC. All rights reserved.

This publication, portions of it, or any accompanying software may not be reproduced in any way, stored in a retrieval system of any type, or transmitted by any means, media, electronic display or mechanical display, including, but not limited to, photocopy, recording, Internet postings, or scanning, without prior permission in writing from the publisher.

Publisher: David Pallai

MERCURY LEARNING AND INFORMATION

22841 Quicksilver Drive

Dulles, VA 20166

[email protected]

www.merclearning.com

1-800-232-0223

S. M. Musa. Network Security and Cryptography, Second Edition.

ISBN: 978-1-68392-883-6

The publisher recognizes and respects all marks used by companies, manufacturers, and developers as a means to distinguish their products. All brand names and product names mentioned in this book are trademarks or service marks of their respective companies. Any omission or misuse (of any kind) of service marks or trademarks, etc. is not an attempt to infringe on the property of others.

Library of Congress Control Number: 2022941507

222324321  Printed on acid-free paper in the United States of America.

Our titles are available for adoption, license, or bulk purchase by institutions, corporations, etc. For additional information, please contact the Customer Service Dept. at 800-232-0223(toll free).

All of our titles are available in digital format at academiccourseware.com and other digital vendors. The sole obligation of MERCURY LEARNING AND INFORMATION to the purchaser is to replace the book, based on defective materials or faulty workmanship, but not based on the operation or functionality of the product.

To my wife, Lama and my children,Mahmoud, Ibrahim, and Khalid

PREFACE

Network Security and Cryptography, Second Edition introduces the basic concepts in computer networks and the latest trends and technologies in cryptography and network security. Primarily intended as a textbook for courses in computer science, electronics and communication, and electrical engineering, the book also serves as a basic reference and refresher for professionals in these areas. Mainly this book is organized into fifteen chapters.

Chapter 1 is an overview of computer networks that defines its various terms and concepts. It also covers the Open Systems Interconnection (OSI) Model, the Transmission Control Protocol/Internetworking Protocol (TCP/IP) Model, the Hierarchical model, computer network equipment, computer network types, and computer network topology.

Chapter 2 covers the mathematical foundations for computer networks including probability fundamentals, random variables, discrete probability models, continuous probability models, transformation of random variables, generating functions, central limit theorem, classification of random processes, statistics of random processes and stationary, time averages of random processes and Ergodicity, multiple random processes, sample random processes, and Kendall’s notation.

Chapter 3 is an overview of cryptography that defines its various terms and concepts. It also covers the genetic model of secure communication, OSI security architecture, security attacks, security services, security mechanisms, categorization of security attacks, categorization of cryptographic systems, symmetric encryption model, link encryption, end-to-end encryption, and traffic pattern confidentiality.

Chapter 4 covers the mathematical foundations for cryptography including groups, rings, integral domain and fields, modular arithmetic, residue classes, primes and co-primes, the Euclidean Algorithm and the extended Euclidean Algorithm, the Galois Field, Fermat’s little theorem and its corollaries, Euler’s totient function, Euler’s theorem, prime numbers, discrete logarithms, primitive roots, primality testing, and Chinese remainder theorem.

Chapter 5 provides classical cipher schemes. It contains the Caesar cipher, the mono-alphabetic cipher, Hill cipher, play fair cipher, polyalphabetic cipher, one time pad and rail fence ciphers, rectangular transposition cipher, and steganography.

Chapter 6 discusses modern symmetric ciphers. It covers the concepts of the symmetric cipher, Claude Shannon’s theory of diffusion and confusion, the Feistel cipher, the Data Encryption Standard (DES), avalanche effect, differential cryptanalysis attack on the DES, linear cryptanalysis attack on the DES, double DES, meet-in-the-middle attack on double DES, triple DES, block/stream cipher modes of operation, International Data Encryption Algorithm (IDEA), Advanced Encryption Standard (AES), key management in symmetric schemes, and Pseudo-Random Number Generator (PRNG) algorithms.

Chapter 7 addresses public-key cryptography for data confidentiality. It covers requirements of public key cryptography, data confidentiality using public key cryptography, the RSA algorithm, types of attacks against RSA, Diffie-Hellman Key Exchange Algorithm, man-in-the-middle attack against Diffie-Hellman Key exchange algorithm, ElGamal encryption scheme, and elliptic curve cryptography (ECC).

Chapter 8 addresses the authentication schemes including message authentication, authentication services and techniques, digital signature for message authentication; message authentication code (MAC) and secure hash functions, characteristics of hash functions, authentication protocols, birthday paradox, birthday attack against digital signatures, message digest algorithm (MD5), Secure Hash Algorithm (SHA-1), and the Digital Signature Algorithm (DSA).

Chapter 9 covers the concept and details of the Centralized Authentication Service, motivation for the Centralized Authentication Service, the Simple Authentication Exchange in Open Environment, Centralized Authentication Service Kerberos Version 4, Inter-Kerberos Authentication Service, and Authentication Service Kerberos Version 5.

Chapter 10 discusses the public key infrastructure (PKI) including X.509 public key certificate; Hierarchical Organization of Certification Authorities (CAs), creation of certificates’ chain for CA’s Signature Verification; revocation of X.509 certificates, and X.509 authentication protocols.

Chapter 11 explains in detail all aspects of Pretty Good Privacy including Email service PGP, services supported by PGP, components of PGP, concept of R64 transformation, the concept of public key ring and private key ring, the trust model of key management in PGP, Email service secure Internet mail extension, and functions supported by S/MIME.

Chapter 12 discusses the Internet Security Services including Internet Protocol Security (IPSec), services provided by IPSec, Authentication Header (AH), Encapsulating Security Payload, the concept of Integrity Check Value (ICV) in IPSec, AH and ESP Packet Formats in IPV.4, the concept of Security Association (SA); Security Policy and Security Policy Database (SPD), combining of SAs; IPSec Protocol Modes e.g., Transport Mode Tunnel Mode, and Wildcard Mode. It covers the Oakley Key Exchange Protocol in IPSec, Secure Socket Layer (SSL) Protocol and its components, Transport Layer Security (TLS) Protocol and its components, the Secure Electronic Transaction (SET) Protocol, and sequence of events in SET message exchange, including concepts of dual signature and payment gateways.

Chapter 13 covers system security including intrusion, intrusion detection techniques, password management, malicious programs, different phases in the life of a virus, types of virus and antivirus scanners, worms, firewalls (characteristics, types, and configurations), and trusted systems.

Chapter 14 provides the security aspects of emerging technology. It contains big data analytics, cloud computing, Internet of Things (IoT), the Smart Grid, supervisory control and data acquisition (SCADA), control systems, and wireless sensor networks (WSN).

Chapter 15 is an overview of perspective and ideas on Artificial Intelligence (AI) security. It covers Machine Learning (ML), types of ML, Deep Learning (DL), and types of DL, AI for Intrusion Detection System (IDS).

Finally, the Bullet Point Reading (BPR) technique is used in the book to simplify the concepts and to enforce the understanding and learning.

Sarhan M. Musa

Cypress, TX

July 2022

Computer networks have grown rapidly in recent years due to critical users’ needs in their daily living. A computer network is a collection of devices (nodes) connected to each other (wired or wireless) in order to allow every device to communicate, access, and share its resources with other devices. This chapter gives a basic introduction and overview of computer networking to help in understanding and learning network security.

The Open Systems Interconnection (OSI) is a reference model that was created by the International Organization for Standardization (ISO). The OSI model defines a networking conceptual framework to implement protocols in seven layers. It is an ideal tool for learning how networks function. The advantages for the OSI model to be a layered network model are to simplify the learning of the network and reduce its complexity, accelerate evolution, standardize interfaces, ensure interoperability, and facilitate modular engineering. Figure 1.1 shows the OSI model.

FIGURE 1.1  The OSI model.

The Data Link Layer has two sub-layers, the Logical Link Control (LLC) and the Media Access Control (MAC). The Logical Link Control (LLC) is responsible for error correction, flow control, and Service Access Points. The Media Access Control (MAC) is responsible for physical addressing and providing access to shared physical media (wire). It is assigned by the manufacturer. The Ethernet is a standardized way of connecting computers to create a network. Figure 1.2 illustrates the OSI model devices and protocols.

FIGURE 1.2  The OSI model devices and protocols.

The Transmission Control Protocol/Internetworking Protocol (TCP/IP) is the networking model used in today’s Internet. The TCP/IP is the basic protocol system by which computers on a network talk to each other. It is a logical address, and without TCP/IP, networks wouldn’t work. The TCP/IP consists of four layers—Application, Transport, Internet, and Network Access—as shown in Figure 1.3.

FIGURE 1.3  The TCP/IP model.

A TCP/IP can provide the following operations:

FIGURE 1.4  The TCP/IP model Mapped to the OSI model.

The common protocols can be summarized as below:

These protocols enable routers to route data between networks via the shortest path, or alternate paths, if one path is unavailable. They also define how routers across networks can dynamically share this information so all routers are aware of the available paths.

Layer 4 Protocols are responsible for the reliable transport between nodes on the network. These protocols ensure that a packet makes it to its destination—kind of like a return receipt. TCP is the transport layer protocol for IP.

Some of the common Layer 4 Protocols today are:TCP – Transport Control Protocol; this is the transport layer for IP. It ensures that IP packets are delivered to their destination.UDP – Unified Datagram Protocol; this is a lighter weight transport layer for IP. It does not provide the overhead of error checking for simple queries like DNS or NTP.SPX – Sequenced Package Exchange; this is the transport layer for IPX. It ensures that IPX packets are delivered to their destination.

Open Shortest Path First (OSPF): Link-state, hierarchical IGP routing algorithm proposed as a successor to RIP in the Internet community. OSPF features include least-cost routing, multipath routing, and load balancing. OSPF was derived from an early version of the Intermediate System to Intermediate System (IS-IS) protocol.

Intermediate System-Intermediate System (ISIS): One of a family of IP Routing protocols, it is an Interior Gateway Protocol (IGP) for the Internet, used to distribute IP routing information throughout a single Autonomous System (AS) in an IP network. IS-IS is a link-state routing protocol, which means that the routers exchange topology information with their nearest neighbors. The topology information is flooded throughout the AS, so that every router within the AS has a complete picture of the topology of the AS. This picture is then used to calculate end-to-end paths through the AS, normally using a variant of the Dijkstra algorithm. Therefore, in a link-state routing protocol, the next hop address to which data is forwarded is determined by choosing the best end-to-end path to the eventual destination.

Autonomous System (AS): Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas.

Spanning Tree Protocol (STP): It is a Layer 2 Protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The primary purpose of STP is to ensure that the network does not create redundant loops.

Shortest Path Bridging (SPB): SPB is the IEEE 802.1aq specification for enabling multipath routing in the data center. It allows all paths to be active with multiple equal cost paths, provides much larger layer 2 topologies, supports faster convergence times, and improves the efficiency by allowing traffic to load share across all paths of a mesh network.

A Hierarchical model simplifies design, implementation, and management of the network. As shown in Figure 1.5, a Hierarchical model consists of three layers: Core, Distribution, and Access.

FIGURE 1.5  The Hierarchical model.

Network equipment includes network devices that connect directly to a network segment. There are two types of devices (equipment):

End devices or user devices

User devices are network devices that provide services directly to the user (host), Examples of end devices are scanners, fax machines, PCs, laptops, printers, servers, iPhones, smart TVs, and iPads.

Network Devices (Hardware)

Network devices provide transport for the data that needs to be transferred between end users’ devices.

Network interface cards (NICs)

• Network interface cards (NICs) are printed circuit boards that are installed in workstations to enable systems to connect to the network.

• They provide the physical connection between the network cable and the workstation. In addition, they possess the circuitry necessary to gain access to the network.

• The NIC formats information from the workstation so that it can be transmitted across the network. The NIC operates at the physical layer (Layer 1) of the OSI model, and it is also considered a data link layer device. Part of the NIC’s function is to format information between the workstation and the network, and also to control the transmission of data onto the wire.

• The NIC converts the data to electrical impulses if copper wire is used, or to light signals if a fiber-optic cable is used. Each NIC carries a unique Media Access Control (MAC) address. The NIC controls user (host) access to the networking medium. Figure 1.6 shows a NIC card.

FIGURE 1.6  NIC card.

Repeaters

Repeaters work against attenuation (degradation of signal) by cleaning and repeating signals that they receive on a network, as shown in Figure 1.7. A repeater enables signals to travel longer distances over a network.

FIGURE 1.7  A Repeater.

Repeaters operate at the Physical layer (Layer 1) of the OSI model. They cannot connect different network architectures. Also, they can’t reformat, resize, or manipulate the data signal. A repeater is used to re-time, re-shape, and re-amplify the data signal to its original shape. A repeater receives data on one port and repeats them on the other port. It can be used as a connection device on a network. Figure 1.8 shows a repeater on a network.

FIGURE 1.8  Repeater in the network.

Hub

• A hub is a multiple port repeater. It generates and re-times network signals. A hub connects devices on an Ethernet twisted pair network.

• It forms a central point on a network where the cables of other network devices come together at its ports.

• Hubs operate at the physical layer (Layer 1) of the OSI model.

• A hub does not perform any tasks besides signal regeneration. A hub receives data on one port and transmits it on all the other ports. Figure 1.9 shows a network with a hub in the center.

FIGURE 1.9  A hub in the network.

•Active hub: It amplifies or repeats signals that pass through it; it provides a path for the data signals and regenerates the signal before it forwards it to all of the connected devices.

•Passive hub: It just connects cables on a network and provides no signal regeneration; it provides only a pathway for the electrical signals to travel along.

Bridges

• A Bridge is a network device that connects multiple network segments. It breaks networks into separate segments and directs the transmission to the appropriate segment in order to filter traffic between network segments. Bridges reduce network traffic by keeping local traffic on the local segment. A Bridge examines the destination Media Access Control (MAC) address (hardware address) in order to either forward or discard the frame. It operates at the Data Link layer (Layer 2) of the OSI model.

• Network Bridging allows two or more communication networks or network segments to create and aggregate a Network. Bridging is different than routing, which allows networks to communicate independently as separate networks.

• A Bridge is more intelligent than a hub. A Bridge maintains a MAC address table known as a “Bridge Table,” which is stored on the Bridge memory.

Switches

• A switch is a multi-port bridge, and it creates a network.

• A switch is a network device with several inputs and outputs leading to and from the hosts that the switch interconnects.

• A switch allows multiple physical LAN segments to be interconnected into single larger networks.

• A switch connects devices on twisted pair networks, and it forwards data to its destination by using the MAC address embedded in each packet.

• A switch takes packets that arrive on an input and forwards them to the right output so that they will reach their appropriate destination.

• A switch increases network performance by reducing the number of frames transmitted to the rest of the network. It operates at the Data Link layer (Layer 2) of the OSI model.

FIGURE 1.10  Sending data through a switch.

Routers

• Routers connect networks.

• A router acts as a dispatcher, choosing the best path for information to travel so it is received quickly.

• They connect multiple segments and multiple networks.

• Routers provide filtering and network traffic control on LANs and WANs.

• They operate at the Network layer (Layer 3) of the OSI model.

• Routers use the logical address (IP Address).

• Internetworks are Networks connected by multiple routers.

• A router is a type of internetworking device that passes data packets between networks based on layer 3 addresses.

Gateways

• Gateways are usually a combination of hardware and software.

• They translate between different protocol suites; that is, they convert information from one protocol stack to another.

• Gateways have the most negative effect on network performance.

• Packets must be rebuilt not just at the lower levels but at the very upper levels so that actual data content can be converted into a format the destination can process.

• Gateways create the most latency.

Firewalls

• Firewalls act as a security guard between the Internet and your local area network (LAN). All network traffic into and out of the LAN must pass through the firewall, which prevents unauthorized access to the network.

• Firewalls protect a private network’s resources from users in other networks.

• They provide controlled data access between networks. Firewalls can be hardware or software.

Access points (APs)

• An AP is a wireless LAN transceiver that can act as a center point of a standalone wireless network or as connection point between wireless and wired networks.

• It provides cell-based areas where hosts can connect to the network by associating with the AP.

• An AP operates at the Physical layer (Layer 1) and Data Link layer (Layer 2) of the OSI model.

Servers

• A server is a device that handles user requests for access to computer and network resources.

• It provides authentication, authorization, and accounting services for an enterprise.

• A MAC address may be called a “Physical address” or “Hardware address” or “Ethernet address.”

• It is found at the Data Link layer (Layer 2) of the OSI model.

• Bridges and switches use the MAC address to make forwarding decisions within a network or subnetwork.

• The MAC address consists of six bytes.

Every byte of the IP address is equal to a decimal number in the range of 0 (minimum value) to 255 (maximum value).

The IP address is a combination of the Host Portion (H) and Network Portion (N).

IP Classes:

• IP addresses are grouped into five different IP classes (A, B, C, D, and E) depending on the value of the first byte on the left-hand side in every IP address.

• Only classes A, B, and C are available for commercial use. From the class of the IP address, the N and H portions can be determined.

• The network IP and the broadcast IP of the IP address can be determined by the N and H portions of the IP address.

Personal Area Network (PAN)

• A PAN is a computer network that provides data transmission among devices that are located typically within a 10-meter radius close to a single user for a location on a body or in a room.

Local Area Network (LAN)

• A LAN is a data communications network which is in a geographically limited region (typically within a 1-mile radius—buildings/campus) allowing many users to access high bandwidth media.

• A LAN connects different devices and provides full-time connectivity.

• LAN traffic is transmitted in three ways:

1.Broadcast: data packets that are sent to all nodes on a network.

2.Multicast: single packets copied by the network and sent to a specific subset of network addresses.

3.Unicast: message sent to a single network destination.

Virtual Local Area Network (VLAN)

• The VLAN groups hosts with a common set of requirements (common broadcast domain) regardless of their physical location in the internetwork.

• It has the same attributes as a physical LAN, but is configured via software (virtual).

• To physically replicate the functions of a VLAN would require a separate, parallel collection of network equipment.

• The VLAN improves performance and security in the switched network by controlling the broadcast propagation.

• It is a logical broadcast domain that can cover multiple physical LAN segments.

• It enables switches to create multiple broadcast domains within a switched network.

Metropolitan Area Network (MAN)

• MAN is a network that covers a distance typically 10 km greater than LAN but lesser than WAN for a location such as a city or town.

WAN-Wide Area Network

• WAN covers a large distance, typically up to a 100 km away for one or more cities or countries.

• The speeds are limited by cost and bandwidth.

SAN-Storage Area Network

• SAN is a high-speed network of storage devices that connects them to servers.

Computer networks are connected based on a topology. Topology means how network equipment is arranged in order to communicate. It defines the structure of the network. There are two types of topology: physical topology and logical topology.

Physical topology: the way in which the devices of the network are physically connected. It is the actual layout of the wires or media.

Logical topology: the way the hosts access the media to send data. It shows the flow of data on a network.

The most common topologies are described as follows:

1.Point-to-Point Topology:

A point-to-point link is simply topology in which one device has one connection (link) to another device. Each device can add a secondary link connection, but if the device fails, then there will be no connectivity. It is used mainly for WAN links.

FIGURE 1.13  Point to Point topology.

2.Bus Topology:

Bus topology is a topology in which all devices are connected to a single thick backbone cable. If the backbone cable fails, then the network goes down. If a cable linking the device to the backbone cable fails, then only that device will lose connection.

10Base-2 (ThinNet) and 10Base-5 (ThickNet) are popular Ethernet cabling options in bus topology.

FIGURE 1.14  Bus topology.

3.Star Topology:

Each network device in a star topology is connected to a central device such as a hub or switch or router. If one of the cables to the devices fails, then only that device becomes disconnected. Devices typically connect to the hub with the Unshielded Twisted Pair (UTP) Ethernet. It is the most commonly used physical topology in the Ethernet LANs.

FIGURE 1.15  A Star topology.

4.Ring Topology:

A ring topology connects hosts in the form of a ring or a circle. Every device in the ring topology has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either clockwise or counter-clockwise). A failure in any device or any cable breaks the loop and can take down the entire network.

FIGURE 1.16  Ring topology.

5.Mesh Topology:

A mesh topology allows multiple access links between network devices. A mesh topology provides network reliability because whenever one network device fails, the network does not stop operations; it finds a bypass to the failed node, and the network continues to operate. A mesh topology can handle high amounts of traffic, because multiple devices can transmit data simultaneously. In a mesh topology, every device has a directed point-to-point link to every other device. The link carries traffic only between the two devices it connects.

FIGURE 1.17  Mesh Network topology.

6.Tree (Hierarchical) Topology:

A tree topology puts the network devices in a hierarchical structure. A Central device on the top level of the hierarchy is connected to one or more other devices that are one level lower in the hierarchy. A tree topology is a combination of a Bus and a Star topology.

FIGURE 1.18  Tree Network topology.

7.Hybrid Topology:

A hybrid topology is an integration of two or more different previously illustrated topologies connected to each other.

FIGURE 1.19  Hybrid topology.

•Half-duplex communications: Devices can send and receive signals, but not at the same time.

•Full-duplex communications: Devices can send and receive signals simultaneously.

•Simplex: One of the devices is always the sender, while the other device is always the receiver.

A fundamental concept in probability theory is the idea of an experiment. An experiment (or trial) is the performance of an operation that leads to results called outcomes. In other words, an outcome is a result of performing the experiment once. An event is one or more outcomes of an experiment. The relationship between outcomes and events is shown in the Venn diagram of Figure 2.2. Thus,

FIGURE 2.2  Sample space (rectangle) illustrating the relationship between outcomes (dots) and events (cirles).

An experiment consists of making a measurement or observation.

An outcome is a possible result of an experiment.

An event is a collection of outcomes.

An experiment is said to be random if its outcome cannot be predicted. Thus, a random experiment is one that can be repeated a number of times but yields unpredictable outcomes at each trial. Examples of random experiments are tossing a coin, observing the number of cars arriving at a toll booth, and keeping track of the number of telephone calls on your iPhone.