CYSE 610:

Networks and Cybersecurity

Introduction
And a refresh of your memory

Dr. Mingkui Wei, Associate Professor

Cybersecurity Engineering
Scope of the class

• Fundamental knowledges
• Cryptography: Secret key, public key, and Hash algorithms, and how are they used for
communication.
• Theoretical analysis of security schemes.
• Identify pitfalls and think about what it takes to make it right.
• Protocols and standards.
• On the surface/practical level.
• Practical
• Tools, simple hacks. You need to:
• Be familiar with at least one programming language.
• Be comfortable with Linux and command line interface.
What is network security
Network security

• What it is about? What do you expect?

• Network as the target
• Attack the network, e.g., interrupt a session, inject false information, infer secret information.
• Fortify the protocol and standard.
• Network as the mean
• Compromise a connected computer via a network.
• Network forensics, intrusion detection/prevention.
• The goal is simple (the C-I-A and more…):
• Alice can send messages to Bob, and
• Only Bob can read the message (no one else can).
• Bob can tell the message is indeed from Alice (but not from Trudy)
• Implication: if the message is from Alice but changed by Trudy alone the way, Bob can find it.
• Alice can not deny she has sent the message
• Why do we need network security, what makes it so hard to achieve?
Network security

• We want to have a private conversation on a public network.

• Wires can be taped, wireless can be overheard
• Routers and switches can be compromised
• Hosts can be impersonated
• Message can be modified or even forged
• ...
• How to make it right?
• Cryptography?
• Absolutely important, but far from enough.
Network security

• Security is analog, not binary

• There is no perfect security. It is always a trade-off between the value of the
information and:
• The level of inconvenience.
• The damage if the information is leaked.
• The cost to protect it:
• For a certain length of time.
• Against certain adversaries.
• Most problems are not technical, but rather operational.
Terminologies
Terminology

• Secret key cryptography: symmetric key cryptography

• Secret key: the key used in secret key cryptography

• Public key cryptography: asymmetric key cryptography

• Public/private key: the keys used in public key cryptography
Roles

• Alice: first participant

• Bob, Carol, Dave: second, third, and fourth participant
• Trudy: malicious active attacker, i.e., the intruder
Notations

• exclusive or
• | concatenation
• K(message) encrypted with secret key K
• (message)Bob+ encrypted with Bob’s public key
• (message)Bob- encrypted with Bob’s private key
Review of computer networks
OSI reference model

• Question:
• How many layers are there, what are their names and functions?
• What are typical protocols on each of these layers?
• What attacks can you name for each layer?
OSI reference model

• physical layer
• data link layer
• network layer
• transport layer
• application layer
TCP/IP

• What comes to your mind when you think about the following?
• IP

• TCP

• UPD
IP header format
TCP and UDP packet format
TCP 3-way handshake

• What is the TCP 3-way

handshake, how it works and
what it is used for?
Network services

• Reliability (natively provided by some protocols)

• Error detection and correction
• In-order delivery
• Flow control
• Congestion control
• Security (not a build-in feature to the Internet)
• Secrecy
• Integrity
• Authentication
Directory service

• To know a person’s phone number, you can check the yellow page
by his/her name.
• How to know the IP address of a host, say, GMU’s webserver?
• What protocols are used?
• How it works?
Directory service

• Domain name system (DNS)

• Translation between easy-memorable names and IP addresses
• Hierarchical structure
• Three levels: root, TLD, and authoritative
• www.gmu.edu
Security provided at different layers

• Physical layer: blocking physical access to transmission media, but

not always feasible.
• Link layer: Wired Equivalent Privacy (WEP)/WiFi Protected Access
(WPA) in 802.11
• Network layer: IPsec
• Transport layer: Transport layer security and secure socket layer
(TLS/SSL)
• Application layer: HTTPS, SFTP, SSH
Packet switching

• What is packet switching, what is the other alternative?

• What are the pros and cons of packet switching?

• Should we encrypt a message first and package it later, or the other

way around?
Layers and cryptography

• Encryption can be done either end-to-end or hop-by-hop.

• Hop-by-hop is able to hide the two communication parties’ identification,
however, each hop must be trusted.
• End-to-end can be transmitted over untrusted channel, but requires the two
end have a shared secret, i.e., they must “know” each other.
Network components

• Router and switch

• Router works on network layer, while switch works on link layer.
• How does IP address and MAC address work?
• When a packet is sent from A to B, how will IP and MAC address change?

A B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
 Network Address Translation
NAT translation table
2: NAT router changes 1: host 10.0.0.1 sends
WAN side addr LAN side addr datagram to
datagram source address
from 10.0.0.1, 3345 to 138.76.29.7, 5001 10.0.0.1, 3345 128.119.40.186, 80
138.76.29.7, 5001, …… ……
updates table
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1
1
S: 138.76.29.7, 5001
2 D: 128.119.40.186, 80 10.0.0.1
10.0.0.2
138.76.29.7 S: 128.119.40.186, 80
D: 10.0.0.1, 3345
4
S: 128.119.40.186, 80 10.0.0.3
D: 138.76.29.7, 5001 3
3: reply arrives, destination
address: 138.76.29.7, 5001
Firewalls: why

• Prevent denial of service attacks:

• SYN flooding: attacker establishes many bogus TCP connections, no
resources left for “real” connections
• Prevent illegal modification/access of internal data
• Allow only authorized access to inside network
• set of authenticated users/hosts
• Two types of firewalls:
• Stateless firewall
• Stateful firewall
Stateless firewall

• internal network connected to Internet via router firewall

• filters packet-by-packet, decision to forward/drop packet based on:
• source IP address, destination IP address
• TCP/UDP source, destination port numbers
• TCP SYN, ACK bits
Stateful firewall

• Stateless firewall
• Inspect packets based only on individual packets’ character, even if it does
not make sense.
• stateful firewall
• track connection setup (SYN), teardown (FIN): determine whether incoming,
outgoing packets “makes sense”
• Example
• To block external-initiated TCP, a stateless firewall will block incoming TCP
packet with SYN=1 & ACK=0.
• Nevertheless, a TCP packet with SYN=1 & ACK = 1 may still be answered by a
host but not caught by a stateless firewall.
Summary

• A recap of some aspects of cybersecurity and their usage in

computer networks.
• Will look more details of cryptography algorithms next time.