Network Security

BY PROF. TRUPTI SISODE.

Network security

 Network security refers to the policies, practices, and

technologies designed to protect the integrity,
confidentiality, and availability of network infrastructure
and data. With the rise of cyber threats like hacking,
phishing, malware, and denial-of-service (DoS) attacks,
securing networks has become essential for organizations,
governments, and individuals.
Security Services:

 Security services are essential mechanisms used to protect data, networks, and systems from
unauthorized access, alteration, or destruction. These services ensure that the information
exchanged over networks remains secure, reliable, and available to authorized users.
 1. Confidentiality
• Purpose: Prevents unauthorized access to sensitive data.
• Mechanisms:
• Encryption ensures that only authorized individuals with the correct decryption keys can read the
data.
• Access control mechanisms limit who can view the data.
• Example: Encrypting financial transactions in online banking to prevent eavesdropping by
hackers.
Integrity

•Purpose: Ensures that data remains accurate and unaltered during

transmission or storage.
•Mechanisms:
•Hashing algorithms (e.g., SHA-256) create a unique "fingerprint" of data,
allowing systems to detect any changes.
•Digital signatures verify the authenticity and integrity of a message or
document.
•Example: Verifying that an email message has not been tampered with by
comparing its hash value with the original.
Availability

•Purpose: Ensures that data and resources are accessible to

authorized users when needed.
•Mechanisms:
•Redundancy techniques (backup servers, data replication)
prevent service disruption.
•Protection against Denial-of-Service (DoS) or Distributed Denial-
of-Service (DDoS) attacks using firewalls and load balancers.
•Example: Ensuring that an online service (e.g., a website or
database) remains accessible during peak usage or during an
attack.
Authentication

•Purpose: Verifies the identity of a user or device before granting

access to the system.
•Mechanisms:
•Passwords, biometric scans (fingerprint, facial recognition), and
two-factor authentication (2FA) ensure that only legitimate users
can access resources.
•Public Key Infrastructure (PKI) provides digital certificates for
verifying user or device identities.
•Example: Logging into an email account using a username,
password, and a one-time password (OTP) sent to your phone.
Authorization

•Purpose: Determines what actions or services a user is permitted to

access once authenticated.
•Mechanisms:
•Role-Based Access Control (RBAC) assigns permissions based on
the user’s role.
•Policies define which resources specific users or groups can access.
•Example: A network administrator has full access to manage a
server, while an end-user has limited access to specific folders.
Non-Repudiation

•Purpose: Ensures that a party in a communication cannot deny the

authenticity of their signature or actions.
•Mechanisms:
•Digital signatures, which bind the sender to the message using their
private key, provide proof of origin.
•Audit trails and logs record actions and transactions.
•Example: An email signed with a digital certificate prevents the sender
from denying that they sent the message.
 Message Confidentiality:
 Cryptography plays a critical role in ensuring confidentiality, as it
ensures that sensitive data remains hidden from those who are not
permitted to access it.
 Key Cryptography Terms:
•Plaintext: The original, readable message or data before encryption.
•Example: "Hello World"
•Ciphertext: The encrypted, unreadable version of the plaintext that results after
encryption.
•Example: "XGTR 123KNL"
•Encryption: The process of converting plaintext into ciphertext using an algorithm and
an encryption(E) key(K).
•Example: Using a cipher algorithm to convert "Hello" into something unreadable like
"G5yT7."
 Decryption

•The process of converting ciphertext back into plaintext using a decryption key.
•Example: Converting "G5yT7" back into "Hello."
•Key: A secret value used by an encryption algorithm to convert plaintext to ciphertext and vice
versa. It could be a string of numbers, characters, or even a combination.
•Public Key: Used in public-key cryptography, this key is openly shared to encrypt data.
•Private Key: A confidential key used in public-key cryptography to decrypt the data encrypted
by the corresponding public key.

a. Cryptanalysis: The study and practice of breaking encryption methods to gain access to
the original plaintext without knowing the decryption key.
b. Work Factor: The estimated amount of time, effort, or computational resources required
to break a cryptographic system (e.g., decrypt ciphertext) using cryptanalysis. It indicates
the system's strength against attacks.
1.Confidentiality in symmetric key
cryptography
•Process: In symmetric key cryptography, the same key is used for both encryption
(converting plaintext into ciphertext) and decryption (converting ciphertext back into plaintext).
•Key Sharing: The key must be kept secret and shared between the sender and receiver. A
problem with symmetric cryptography is the challenge of securely sharing this key between the
two parties.
 The sender encrypts a message (plaintext) using a shared secret key.
 This produces a ciphertext which is transmitted through a network.
 The receiver then uses the same shared secret key to decrypt the ciphertext back into
plaintext.
 2. Asymmetric Key Cryptography
(also called Public Key
Cryptography):
•Process: Asymmetric cryptography uses two keys:
1.Public Key (known to everyone)
2.Private Key (known only to the owner)
•Each party has a public key for others to use and a private key for themselves.
•In this method, encryption is done using the receiver's public key and decryption is done using the
receiver's private key.
 The sender encrypts the plaintext using the receiver's public key, producing ciphertext.
 The ciphertext travels through the network.
 The receiver decrypts it using their private key to retrieve the plaintext.
cryptography encryption model

 Steps in the Encryption Model:

1. Plaintext (P): The original message or data that needs to be secured. This is what is input before
encryption.
2. Encryption Method (E): The process of converting the plaintext into an unreadable format, known as
ciphertext. The encryption is done using an encryption key (K). The method and key depend on the type
of cryptography used (symmetric or asymmetric).
3. Ciphertext: The result of encryption, this is the scrambled, unreadable data that is transmitted over the
network. It protects the original message from unauthorized access.
4. Decryption Method (D): The process of converting the ciphertext back into plaintext (P). This
decryption uses a decryption key (K), which depends on the type of cryptography being applied.
5. Plaintext (P) (after decryption): The original message is restored once the ciphertext is decrypted
successfully by the intended recipient.
 Potential Threats:
1. Passive Intruder:
1. This type of intruder "just listens." They eavesdrop on the communication but do not alter the
messages. They aim to gather information covertly without being detected.
2. Active Intruder:
1. This intruder alters messages during transmission. They may modify, delete, or inject new messages in
an attempt to compromise the communication. This type of attack is more aggressive and malicious.
 Key Components:
• Encryption Key (K): Used to convert plaintext into ciphertext.
• Decryption Key (K): Used to revert the ciphertext back into plaintext.
 Types of situations faced by Intruder:

•Ciphertext-Only Attack: The attacker only sees the scrambled message (ciphertext)
and tries to figure out the original message (plaintext) or the key.
•Known-Plaintext Attack: The attacker has both the scrambled message (ciphertext)
and part of the original message (plaintext). They use this to find the key or crack more
messages.
•Chosen-Plaintext Attack: The attacker can pick messages to encrypt and then sees the
scrambled version. They use this to discover patterns and break the encryption.
•Chosen-Ciphertext Attack: The attacker can pick scrambled messages (ciphertext) and
see the decrypted version. This helps them find weaknesses and potentially break the
encryption.
 Types of encryption methods

 1. Substitution Cipher:
 A Substitution Cipher is a simple encryption technique where each letter of
the plaintext is replaced by another letter or symbol. The relationship
between the plaintext and ciphertext is one-to-one, meaning each character
in the plaintext has a unique substitute in the ciphertext.

 It have two types:

 1. Monoalphabetic Substitution Cipher
 2. Polyalphabetic Substitution Cipher
 1. Monoalphabetic Substitution
Cipher

 In a monoalphabetic substitution cipher, one fixed substitution rule is applied to the entire message. Each letter in the
plaintext is replaced by the same corresponding letter or symbol in the ciphertext throughout the message.
 Example:
 Let’s use the following key for encryption:
• Plaintext Alphabet: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
• Cipher Alphabet: M N B V C X Z L K J H G F D S A Q W E R T Y U I O P
 Now, encrypt the word CAT:
• C becomes B
• A becomes M
• T becomes Y
 The ciphertext of CAT is BMY.
 2. Polyalphabetic Substitution Cipher

 A polyalphabetic substitution cipher uses multiple cipher alphabets to encrypt the message. Different parts of the plaintext are
encrypted with different substitution rules, which makes it harder for attackers to detect patterns.
 Example: Vigenère Cipher
 Let’s encrypt the word HELLO using the key KEY (repeated to match the length of the message: KEYKE).
1. Plaintext: H E L L O
2. Key: K E Y K E
 Now, using a Caesar cipher shift based on each letter of the key:
• H (shifted by K, 10 positions) becomes R
• E (shifted by E, 4 positions) becomes I
• L (shifted by Y, 24 positions) becomes J
• L (shifted by K, 10 positions) becomes V
• O (shifted by E, 4 positions) becomes S
 So, HELLO becomes RIJVS.
Ceasar Cipher

 Apply the Caesar Cipher shift (Shift by 3) common if not given:

•'a':
•'a' is the 1st letter of the alphabet.
•Shift by 3 gives us the 4th letter, which is 'd'.
•'t':
•'t' is the 20th letter of the alphabet.
•Shift by 3 gives us the 23rd letter, which is 'w'.

 Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
 Cipher:D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 ANS: "dwwdfn wrpruurz diwhu oxqfk"
Question.

 Q. using ceasar cipher with key 123 to the message "attack tomorrow after lunch "
 In a Caesar cipher, the key typically represents the number of positions each letter is shifted in the
alphabet. However, since the key you've provided is 123, which is larger than the number of letters
in the alphabet (26), you can simplify it by taking the modulus of the key with 26.
 Calculation:
• 123mod 26=19 123 \mod 26 = 19 123mod26=19
 So, a key of 123 is equivalent to a key of 19 in the context of a Caesar cipher.
 Here's how it's calculated:
• Divide 123 by 26:
123÷26=4 with a remainder of 19.
• So, 123mod 26=19 123mod26=19.
 Encrypting "attack tomorrow after lunch" with a shift
of 19:
1. Write down the alphabet:
 Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
 Cipher: T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
 "tmmtvd mffiiif tmev eleva“
 -------------------------------------------------------------------------------
 Transposition Cipher

 Step 1: Remove spaces from the message.

 The message becomes:
"ATTACKTOMORROWAFTERLUNCH"
(Note: To make it fit into columns, we will fill in spaces with X at the
end.)
 Step 2: Write the message in rows under the keyword.
 We'll use "PRIVATE" as the keyword, which has 7 letters, so we will
Step 3: Rearrange the columns based on the
alphabetical order of the keyword.

So the column order will be: A, E, I, P, R, T, V or 1, 2, 3, 4, 5,

6, 7.

The alphabetical order of "PRIVATE" is:

•A (Column 5)
•E (Column 7)
•I (Column 3)
•P (Column 1)
•R (Column 2)
•T (Column 6)
•V (Column 4)
 Step 4: Read column by column.
 The ciphertext is generated by reading down each
column in the new order:
 So, the encrypted message is:
" CRRXTWUXTOTHAOANTMFCKOLXAREX "
 This is the ciphertext for "ATTACK TOMORROW AFTER
LUNCH" using the transposition cipher with the keyword
"PRIVATE."
 Two fundamental cryptographic principles:
1. Redundancy
• What you do: You place a tamper-proof seal on the package that shows if the box was opened. This
seal is the redundancy — its extra protection added to ensure the integrity of the package.
• Why it helps: If someone tries to open the box and reseal it, you (the receiver) can see that the seal
has been broken, and you’ll know that something is wrong. Without the tamper-proof seal, it would
be hard to tell if the package was tampered with.
 In Cryptography:
 Redundancy works in the same way. Extra information, like a checksum, hash, or digital signature, is
added to data so that any tampering (like someone changing the message) can be detected when it
arrives.
 Example in cryptography: When you send an email and it includes a digital signature, the
signature is a form of redundancy. If someone intercepts and alters the email, the digital signature
won’t match the altered content, and the recipient will know the email was tampered with.
 2. Freshness

• What the OTP does: The OTP is a number that you have to enter to log in, but it’s only valid for a few
minutes. This ensures that the login is fresh and recent, preventing someone from reusing an old OTP to
gain access to your account later.
• Why it helps: If someone intercepted your previous OTP, they couldn’t use it after it expired because it
was valid only for a short period (ensuring freshness). Each time you try to log in, a new OTP is
generated, preventing attackers from using old codes to break into your account.
 In Cryptography:
 Freshness ensures that each message or action is new and hasn’t been reused. It prevents attacks where
old, legitimate data is captured and resent to trick the system.
 Example in cryptography: A nonce (number used once) is similar to an OTP in cryptographic
communications. It ensures that a message, even if intercepted, cannot be replayed or reused by an
attacker. Every secure transaction or message includes a new nonce, so each communication is
Communication security

 Communication security refers to the measures and protocols

implemented to protect information transmitted over
communication channels from unauthorized access, interception,
or alteration. It ensures the confidentiality, integrity, authenticity,
and availability of the data being communicated.

There are several techniques used to implement security in these

area but, we only study firewalls.
Firewalls:

 Firewalls are security devices or software designed to monitor and

control incoming and outgoing network traffic based on
predetermined security rules. They act as a barrier between trusted
internal networks and untrusted external networks, such as the
internet, helping to prevent unauthorized access and attacks.
 Types of Firewalls: 1) Packet-Filtering
Firewall
 Packet-Filtering Firewalls are the simplest and most basic type of firewall. They control network access by analyzing
incoming and outgoing packets, allowing or blocking them based on a set of predetermined security rules.
 How Packet-Filtering Firewalls Work:
• Packet-Level Inspection: The firewall examines each packet individually without considering the overall connection or
session. It filters packets based on specific attributes, such as:
• Source IP address: The address from which the packet originated.
• Destination IP address: The address to which the packet is heading.
• Source port: The port number used by the source device.
• Destination port: The port number the packet is intended for on the destination device (e.g., port 80 for HTTP, port
443 for HTTPS).
• Protocol: The communication protocol being used (e.g., TCP, UDP, ICMP).
• Flags or TCP state: Certain bits in the packet that indicate its role in the connection process (e.g., SYN, ACK).
filtering rules in a Packet-Filtering Firewall decide which traffic is allowed or blocked based on:

1.Source IP (where the traffic is coming from)

2.Destination IP (where the traffic is going)
3.Source/Destination Port (specific services like HTTP on port 80 or HTTPS on port 443)
4.Protocol (e.g., TCP or UDP)
These rules filter packets based on predefined conditions to control network access.

Stateless: Packet-filtering firewalls are often called "stateless" firewalls because they do not keep
track of the state of connections.

Example Rule Configuration:

Let’s assume a network admin wants to allow HTTP (port 80) and HTTPS (port 443) traffic, while
blocking all other traffic from an external network. The firewall would have rules like:
5.Allow traffic from any source to any destination where the destination port is 80 (HTTP).
6.Allow traffic from any source to any destination where the destination port is 443 (HTTPS).
7.Block all other traffic.
2. Stateful Firewall

 A Stateful Firewall is a type of firewall that tracks and monitors the state of
network connections. This means it remembers the history of a connection,
like whether it’s just starting, already established, or closing. By doing this, it
can make smarter decisions about what traffic to allow or block.
 A Stateful Firewall is like a smart security guard for your network.
 In Short:
 A stateful firewall is a smart guard that keeps track of who’s talking to whom,
making sure only the right information gets in!
 Key Features:

•Remembers Connections: It keeps track of ongoing

conversations, like when you’re chatting online or browsing a
website.
•Knows What's Normal: It understands which data is allowed to
come back to you because it knows you asked for it.
•Blocks Bad Stuff: If something tries to enter that wasn’t part of
your conversation, it can stop it.
•Example: When you visit a website, it lets the website's
information come back to you but blocks any random requests
from unknown sources.
Application Gateway

 An Application Gateway, often referred to as a Proxy Firewall, is a type of firewall that acts as an
intermediary between users and the applications or services they want to access.

 Example of an Application Gateway:

• When you visit a website, your request goes to the application gateway first.
It checks the request for security, forwards it to the web server, retrieves the
response, and then sends it back to you. If the website tries to send something
harmful, the application gateway can block it before it reaches you.
key features of an Application Gateway
(Proxy Firewall)

•Intermediary Role: Acts as a middleman between users and

applications, handling requests and responses.
•Traffic Inspection: Inspects data for harmful content or unauthorized
access, enhancing security.
•Protocol-Specific Filtering: Works at the application layer to filter
traffic based on specific application protocols (e.g., HTTP, FTP).
•Anonymity and Privacy: Hides users' IP addresses, providing an extra
layer of privacy.
•Caching and Performance: Stores frequently accessed content to speed
up response times for users.
Web Security

 Web Security refers to the practices and measures taken to protect websites and web
applications from various threats and attacks. It aims to safeguard the integrity,
confidentiality, and availability of web resources and user data.
 Threats in web security: 1.
Spoofing
 Definition: In this context, spoofing refers to an attacker creating a fake version of a
prominent website's homepage to deceive users into thinking they are visiting the
legitimate site.
 Example:
 Imagine a user types in the URL for their bank’s website (e.g., www.examplebank.com)
in their web browser. Instead of the real homepage, they are redirected to a fake
homepage that looks almost identical to the real one. This fake site may have:
• The same logo and color scheme as the legitimate bank.
• Similar content, including links to account login, services, and customer support.
• Fake testimonials or reviews to build credibility.
How It Works:
1.Phishing Email: An attacker sends a phishing email to potential victims, claiming there is
a security issue with their account. The email contains a link to the fake website.
2.Domain Spoofing: The attacker may use a domain name that closely resembles the real
one (e.g., www.exarnplebank.com instead of www.examplebank.com) to trick users.
3.Data Harvesting: When users enter their login credentials on the fake site, the attacker
captures this information and can then access the real bank account.

Impact:
•Loss of Sensitive Information: Users may unknowingly provide their usernames and
passwords, leading to unauthorized access to their accounts.
•Financial Loss: Victims could suffer financial losses if their accounts are accessed and
funds are withdrawn.
•Reputation Damage: The legitimate website could face reputational damage if users fall
victim to the spoofing attack.
2. Denial of Service

 Definition: A Denial of Service (DoS) attack is when an attacker tries to make a

website or online service unavailable to users by overwhelming it with too much
traffic or requests.
 Types of Denial-of-Service Attacks:
1. DoS Attack:
1. A single computer sends many requests to a server, making it too busy to respond to legitimate
users.
2. Distributed Denial of Service (DDoS) Attack:
1. Many computers (often controlled by an attacker) work together to flood a target server with
traffic, making it harder to stop the attack.
Simple Example of a DoS Attack:
Scenario:
•Imagine a popular online store is about to have a big sale.
How it Works:
•An attacker sends a huge number of requests to the store's website right before the
sale starts. The server gets overloaded and cannot handle all the requests.

Impact:
•Website Crash: Legitimate customers can't access the website to shop, leading to
lost sales.
•Customer Frustration: People trying to buy items get frustrated when the site
doesn’t work, which can hurt the store's reputation.
•Financial Loss: The store loses money because customers can't make purchases
during the sale.
 Malware

 Malware, short for "malicious software," is any software specifically designed to disrupt,
damage, or gain unauthorized access to computer systems, networks, or devices. It can take
many forms and is often used by attackers to steal data, cause harm, or take control of systems.
 Types of Malware
 Viruses: Attaches itself to legitimate files or programs and spreads when those files are shared.
 Worms: Self-replicating malware that spreads across networks without needing a host file.
 Trojans: Malware disguised as legitimate software that, once installed, allows attackers access
to the system.
 Spyware: Secretly monitors user activity and collects personal information without consent.
How Malware Spreads:
•Email Attachments: Many types of malware are spread through malicious email attachments
that users open.
•Infected Software: Downloading software or applications from untrustworthy sources can lead
to malware infections.
•Vulnerable Systems: Exploiting security vulnerabilities in operating systems and applications
allows malware to spread easily.
•Removable Media: USB drives and external hard drives can carry malware from one device to
another.

Prevention and Protection:

1.Antivirus Software: Use reputable antivirus programs that can detect and remove malware.
2.Regular Updates: Keep operating systems, software, and applications up to date to patch
vulnerabilities.
3.Safe Browsing Practices: Avoid clicking on suspicious links or downloading unknown files.
4.Backup Data: Regularly back up important data to recover it in case of a ransomware attack
or data loss.
5.User Education: Educate users about recognizing phishing attempts and the risks of malware.
Hacking

 Hacking is the act of gaining unauthorized access to computer systems, networks, or devices,
often with the intent to steal, manipulate, or destroy data. While hacking can be used for malicious
purposes, it can also be conducted for ethical reasons, such as identifying security vulnerabilities.
 Types of Hacking:
 Black Hat Hacking: Malicious hacking done for personal gain or to cause harm. Black hat
hackers exploit vulnerabilities for illegal activities, such as data theft or system damage.
 White Hat Hacking:Ethical hacking conducted to improve security. White hat hackers, often
referred to as ethical hackers, help organizations identify and fix vulnerabilities.
 Phishing:A technique used by hackers to trick individuals into providing sensitive information,
such as usernames and passwords, often through deceptive emails or websites. Ex. An attacker
sends an email that appears to be from a bank, directing users to a fake login page to steal their
credentials.
Prevention and Protection:

1.Strong Passwords: Use complex and unique passwords for

different accounts and change them regularly.
2.Two-Factor Authentication (2FA): Enable 2FA wherever
possible to add an extra layer of security.
3.Regular Software Updates: Keep operating systems,
applications, and security software up to date to protect against
vulnerabilities.
4.Security Awareness Training: Educate employees and users
about recognizing phishing attempts and safe online practices.
5.Network Security: Implement firewalls, intrusion detection
systems, and other security measures to protect networks from
unauthorized access.
 Secure Naming

 What is Secure Naming? Secure naming is about ensuring that the names and identifiers we
use in digital systems (like websites and emails) are safe and trustworthy. It helps prevent
unauthorized access and impersonation by making sure that names are legitimate.
 Why is Secure Naming Important?
1. Identity Verification: Confirms that users and services are who they claim to be, reducing
impersonation risks.
2. Data Integrity: Protects against tampering, ensuring that the information shared is accurate.
3. Building Trust: Helps users feel confident that they are interacting with legitimate entities
online.
4. Prevention of Attacks: Reduces the chances of cyber attacks like phishing and spoofing.
Examples of Secure Naming
Practices:

1. Using HTTPS: Websites should use HTTPS to encrypt data and verify the
server's identity, making it harder for attackers to intercept information.
2. Secure DNS Services: Use DNS services that support DNSSEC for added
protection against attacks that target DNS.
3. Certificate Pinning: Applications should only accept trusted certificates to
prevent attackers from intercepting communications.
4. Regular Audits: Organizations should regularly check their naming systems
and practices to ensure they are secure and up to date.
DNS Spoofing

 DNS spoofing (or DNS cache poisoning) is a malicious attack that compromises the Domain
Name System (DNS), causing users to be directed to fraudulent websites instead of the
intended legitimate ones. This can lead to data theft, malware infections, and other security
issues.
 Examples of DNS Spoofing Attacks:
1. Phishing Attacks:
1. An attacker may redirect a user from a legitimate banking website to a fake one designed to steal
login credentials.
2. Malware Distribution:
1. Users trying to access a popular software download site could be sent to a site that hosts malware,
leading to infection.
•Client: Represents the innocent user trying to access a
real website.
•Attacker: Exploits vulnerabilities in the DNS to mislead
users.
•DNS Server: The system that translates domain names
into IP addresses but is tricked into caching false
information.
•Fake Website: The attacker's site designed to capture
sensitive information from the user.
DNS Spoofing Process Explained:

1.Attacker Injects Fake DNS Entry:

•The attacker (Trudy) sends a forged DNS response to the DNS server, tricking it into
believing that the attacker’s malicious IP address should be associated with a
legitimate domain (e.g., www.bank.com).
2.Client Issues Request to Real Website:
•The user (Client) types the URL of a legitimate website (e.g., www.bank.com) into
their browser. The request is sent to the DNS server to resolve the domain to an IP
address.
3.Request Resolves to Fake Website:
•The compromised DNS server responds with the attacker’s IP address instead of the
legitimate bank's IP address. The user is redirected to the attacker’s fake website,
which looks like the real bank site.
 Secure DNS

 Secure DNS refers to measures and protocols designed to enhance the security of the Domain Name
System (DNS), protecting it from various types of attacks like DNS spoofing, cache poisoning, and
other vulnerabilities
 DNSSEC (Domain Name System Security Extensions) is designed to protect the integrity and
authenticity of DNS data.
 Benefits of Secure DNS
• Protection Against Spoofing: Secure DNS helps prevent attackers from redirecting users to malicious
sites.
• Privacy: Encrypting DNS queries ensures that user browsing habits and requests are not exposed to
eavesdroppers.
• Data Integrity: Verifying DNS responses helps maintain the integrity of the data being accessed by
users.
 Fundamental services offered by DNS
sec
 1. Proof of Where Data Originated
• What It Is: DNSSEC provides assurance that the data received from a DNS query comes from a legitimate source.
• How It Works: When a DNS server responds to a query, it includes a digital signature that is generated using a private key. The
corresponding public key, which is published in the DNS records, can be used to verify that the response has not been altered and indeed
comes from the expected source.
 2. Public Key Distribution
• What It Is: DNSSEC facilitates the distribution of public keys necessary for verifying DNS signatures.
• How It Works: Each zone (domain) has a public key that is securely distributed as part of its DNS records. When a resolver queries for a
domain, it can retrieve this public key and use it to verify the digital signatures associated with the DNS responses, ensuring data integrity.
 3. Transaction and Request Authentication
• What It Is: DNSSEC helps authenticate both the requests made by clients and the transactions occurring between DNS servers.
• How It Works: By using signatures for responses and maintaining a chain of trust through key distribution, DNSSEC can authenticate that
requests and responses have not been tampered with during transmission. This ensures that the data exchanged is legitimate and reliable.
 RRSets (Resource Record Sets)

 RRSets (Resource Record Sets) are a key concept in DNS (Domain Name System). They are
groups of resource records with the same name, class, and type but potentially different data.
Each domain can have multiple resource records, and when grouped together based on their
type, they form an RRSet.
 Example Scenario: DNS Records for google.com
 Imagine you want to access the Google website. When you enter google.com in your browser,
your system queries the DNS server to resolve this domain name into an IP address. In response,
the DNS server provides a set of resource records that are grouped into RRSets based on the
type of information being provided. Here are some common types of records in an RRSet:
1. A Records (IPv4 Address): An A record maps the domain name to its IPv4 address. Google
uses multiple IP addresses for load balancing and redundancy, so multiple A records exist for
google.com.
Example of an RRSet for A records:

 Here, all A records share the same name (google.com), class (IN), and
type (A), so they form an RRSet.
Self-certifying names

 Self-certifying names are cryptographic names that verify their authenticity and
integrity without needing third-party authorities. They are generated from
cryptographic keys or hashes, making them secure and tamper-resistant.
 Self-certifying names in network security refer to a naming system where each name is
associated with a public key that can be used to verify the identity of the owner or
entity associated with that name. This approach helps to improve security and trust in
network communications, especially in distributed systems.
 When a user wants to communicate with a particular entity, they can use the self-
certifying name to retrieve the associated public key. They can then verify the identity
of the entity by checking a digital signature made using the corresponding private key.
+
Steganography

 The word Steganography is derived from two Greek words- ‘stegos’

meaning ‘to cover’ and ‘grayfia’, meaning ‘writing’, thus translating
to ‘covered writing’, or ‘hidden writing’. Steganography is a method
of hiding secret data, by embedding it into an audio, video, image, or
text file. It is one of the methods employed to protect secret or
sensitive data from malicious attacks.
 Image Steganography –
As the name suggests, Image Steganography refers to the process of
hiding data within an image file. The image selected for this purpose
is called the cover image and the image obtained after
steganography is called the stego image.
Figure – Process of Image Steganography