What means that it should be possible for the receiver of a message to verify that the message has not been changed in any manner?

3.5.2 Cryptography

Cryptographic techniques are used to ensure secrecy and integrity of data in the presence of an adversary. Based on the security needs and the threats involved, various cryptographic methods such as symmetric key cryptography or public key cryptography can be used during transportation and storage of the data. In addition, a homomorphic encryption allows various computations to take place on encrypted data without requiring the data to be decrypted for processing. From the privacy perspective, these techniques are useful to protect personal information from being leaked during transportation and from storage servers [31].

Using Encryption

Cryptography is a word derived from the Greek kryptos (“hidden”), and the use of cryptography predates the computer age by hundreds of years. Keeping secrets has long been a concern of human beings, and the purpose of cryptography is to hide information or change it so that it is incomprehensible to people for whom it is not intended. Cryptographic techniques are an important part of a multilayered security plan. Some security measures, such as implementation of a firewall and use of access permissions, attempt to keep intruders out of the network or computer altogether, much like fences and door locks attempt to keep burglars off the grounds or out of the house. Cryptography provides an inner line of defense. Like a wall safe that is there in case the burglars do make it inside your house—and to protect valuables from people who are authorized to come into your house—cryptography protects data from intruders who are able to penetrate the outer network defenses and from those who are authorized to access the network but not this particular data.

Cryptographic techniques concern themselves with three basic purposes:

Authentication Verifying the identity of a user or computer.

Confidentiality Keeping the contents of the data secret.

Integrity Ensuring that data doesn’t change between the time it leaves the source and the time it reaches its destination.

One or more of these goals may be a priority, depending upon the situation.

All three mechanisms can be used together, or they can be used separately when only one or two of these considerations are important. In the following sections, we look more closely at how each one works in relation to network security.

Note

The process of confidentiality, integrity, and authentication, is also known as CIA.

Cryptographic techniques include encryption, which involves applying a procedure called an algorithm to plain text to turn it into something that will appear to be gibberish to anyone who doesn’t have the key to decrypt it. Encryption is a form of cryptography that “scrambles” plain text into unintelligible cipher text. Encryption is the foundation of such security measures as digital signatures, digital certificates, and the public key infrastructure that uses these technologies to make computer transactions more secure. Computer-based encryption techniques use keys to encrypt and decrypt data. A key is a variable (sometimes represented as a password) that is a large binary number—the larger, the better. Key length is measured in bits, and the more bits in a key, the more difficult the key will be to “crack.”

Understanding the Purposes of Cryptographic Security

Cryptographic techniques are an important part of a multilayered security plan. Some security measures, such as implementation of a firewall and use of access permissions, attempt to keep intruders out of the network or computer altogether, much like fences and door locks attempt to keep burglars off the grounds or out of the house. Cryptography provides an inner line of defense. Like a wall safe that is there in case the burglars do make it inside your house—and to protect valuables from people who are authorized to come into your house—cryptography protects data from intruders who are able to penetrate the outer network defenses and from those who are authorized to access the network but not this particular data.

Cryptographic techniques concern themselves with three basic purposes:

Authentication Verifying the identity of a user or computer

Confidentiality Keeping the contents of the data secret

Integrity Ensuring that data doesn't change between the time it leaves the source and the time it reaches its destination

One or more of these goals may be a priority, depending on the situation. For example, if an investigator receives a message from his or her chief to fly to the West Coast to interview a witness in a case, the overriding concern might be to know that it was, indeed, the chief of police who sent the message and not a fellow officer playing a practical joke. In this case, authentication of the message sender's identity is of utmost importance. If the case relates to an internal affairs investigation and it is important that no one else in the department know where the investigator is going, confidentiality of the data might be important as well. And if the message states that the investigator is authorized to spend $3,000 on the trip, it might be important to ensure that the message has not been changed (after all, chiefs are not usually this generous) in transit—in other words, that the message's integrity has not been compromised.

All three mechanisms can be used together, or they can be used separately when only one or two of these considerations are important. In the following sections, we look more closely at how each one works in relation to network security.

On the Scene

Purposes of Encryption

IPSec functions by using cryptographic techniques. The term cryptography refers to methods of making data unreadable or undecipherable by anyone except the authorized recipient in the event that the message is intercepted by someone else. IPSec uses cryptography to provide three basic services:

Authentication

Data integrity

Data confidentiality

There are times when only one or two of these services is needed, and other times when all of these services are needed. We will take a look at each of these services individually.

Head of the Class…

Uplink Encryption

Protecting a transmission that is being sent to a satellite from at or near the surface of Earth requires much more than just cryptographic techniques; to wit, encrypting the message itself is a necessary but insufficient condition for protecting the transmission. The reason for this is that the actual transmission of the encrypted message to the satellite is but the final step in a long chain of custody that begins when the message is created and ends when the message is successfully received by the satellite. Along the way, the message may pass through many people, systems, or networks, the control of which may or may not reside entirely in the hands of the sender. If one assumes that the confidentiality and integrity of the message have not been compromised as the message has passed through all of these intermediaries, then but two primary security concerns remain: the directional accuracy of the transmitting antenna, and the method used to encrypt the message. In the case of the former, the transmitting antenna must be sufficiently well-focused to allow the signal to be received by—and ideally only by—the target satellite. With thousands of satellites in orbit, a strong potential exists for a poorly focused transmission to be intercepted by another satellite, in which case the only remaining line of defense for a message is the strength of the encryption algorithm with which it was encoded. For this reason, a prudent sender should always assume that their message could be intercepted while in transit to and from the satellite, and should implement message encryption accordingly.

When deciding upon which encryption method to use, the sender must simultaneously consider the value of the data being transmitted, the purpose of the transmission, and the technological and computational limitations of the target satellite. A satellite's computational and technological capabilities are a function of its design specifications, its current workload, and any degradation that has occurred since the satellite was placed into orbit. These properties of the satellite can therefore be considered constraints—any encrypted uplink communications must work within the boundaries of these limitations. That said, the purpose of the transmission also features prominently in the choice of which encryption method to use. Here we must distinguish between two types of transmissions: commands, which instruct the satellite to perform one or more specific tasks, and transmissions-in-transit, which are intended to be retransmitted to the surface or to another satellite or spacecraft. Not only are command instructions of high-value, but they are also not typically burdened with the same low-latency requirements of transmissions-in-transit. Command instructions should therefore always be highly encrypted, because control of the satellite could be lost if they were to be intercepted and compromised. What remains, then, are transmissions-in-transit, which may be of either high-value, or of low-value. One of the basic tenants of cryptography states that the value of the data should dictate the extent to which the data are protected. As such, minimal encryption may be acceptable for low-value transmissions-in-transit. For such transmissions, adding an unnecessarily complex layer of encryption may increase the computational burden on the satellite, which in turn may delay message delivery and limit the satellite's ability to perform other tasks simultaneously. High-value transmissions-in-transit should be protected with a robust encryption scheme that reflects the value of the data being transmitted. The extent to which a highly encrypted transmission-in-transit will negatively impact a satellite's available resources depends upon whether or not the message needs to be processed before being retransmitted. If the message is simply being relayed through the satellite without any additional processing, then the burden on the satellite's resources may be comparatively small. If, however, a highly encrypted message needs to be processed by the satellite prior to retransmission (if the message needs to be decrypted, processed, and then reencrypted), the burden on the satellite's resources may be substantial. Processing high-value, highly encrypted transmissions-in-transit may therefore vastly reduce a satellite's throughput capabilities when considered in conjunction with its technological and computational limitations.

Uplink Encryption

Protecting a transmission that is being sent to a satellite from at or near the surface of the Earth requires much more than just cryptographic techniques; to wit, encrypting the message itself is a necessary but insufficient condition for protecting the transmission. The reason for this is that the actual transmission of the encrypted message to the satellite is but the final step in a long chain of custody that begins when the message is created and ends when the message is successfully received by the satellite. Along the way, the message may pass through many people, systems, or networks, the control of which may or may not reside entirely in the hands of the sender. If one assumes that the confidentiality and integrity of the message have not been compromised as the message has passed through all of these intermediaries, then but two primary security concerns remain: the directional accuracy of the transmitting antenna, and the method used to encrypt the message. In the case of the former, the transmitting antenna must be sufficiently well-focused to allow the signal to be received by – and ideally only by – the target satellite. With thousands of satellites in orbit, a strong potential exists for a poorly focused transmission to be intercepted by another satellite, in which case the only remaining line of defense for a message is the strength of the encryption algorithm with which it was encoded. For this reason, a prudent sender should always assume that their message could be intercepted while in transit to and from the satellite, and should implement message encryption accordingly.

When deciding upon which encryption method to use, the sender must simultaneously consider the value of the data being transmitted, the purpose of the transmission, and the technological and computational limitations of the target satellite. A satellite’s computational and technological capabilities are a function of its design specifications, its current workload, and any degradation that has occurred since the satellite was placed into orbit. These properties of the satellite can therefore be considered constraints – any encrypted uplink communications must work within the boundaries of these limitations. That having been said, the purpose of the transmission also features prominently in the choice of which encryption method to use. Here we must distinguish between two types of transmissions: commands, which instruct the satellite to perform one or more specific tasks, and transmissions-in-transit, which are intended to be retransmitted to the surface or to another satellite or spacecraft. Not only are command instructions of high value, but they are also not typically burdened with the same low-latency requirements of transmissions-in-transit. Command instructions should therefore always be highly encrypted, because control of the satellite could be lost if they were to be intercepted and compromised. What remains, then, are transmissions-in-transit, which may be of either high value, or of low value. One of the basic tenants of cryptography states that the value of the data should dictate the extent to which the data are protected. As such, minimal encryption may be acceptable for low-value transmissions-in-transit. For such transmissions, adding an unnecessarily complex layer of encryption may increase the computational burden on the satellite, which in turn may delay message delivery and limit the satellite’s ability to perform other tasks simultaneously. High-value transmissions-in-transit should be protected with a robust encryption scheme that reflects the value of the data being transmitted. The extent to which a highly encrypted transmission-in-transit will negatively impact a satellite’s available resources depends upon whether or not the message needs to be processed before being retransmitted. If the message is simply being relayed through the satellite without any additional processing, then the burden on the satellite’s resources may be comparatively small. If, however, a highly encrypted message needs to be processed by the satellite prior to retransmission (if the message needs to be decrypted, processed, and then re-encrypted), the burden on the satellite’s resources may be substantial. Processing high-value, highly encrypted transmissions-in-transit may therefore vastly reduce a satellite’s throughput capabilities when considered in conjunction with its technological and computational limitations.

Mutual Authentication Using Public Key Infrastructure

An approach for mobile IPv4 registration message origin mutual authentication has been proposed by Sufatrio and Lam [24]. It is a hybrid approach that combines both symmetric key and asymmetric key cryptographic techniques. Public Key Infrastructure (PKI) is involved while the MNs perform solely symmetric key cryptographic operations. A MN assumes that its HA is a trusted server.

Figure 5-14 illustrates the protocol. The MN and its HA share a secret key kMH. The FA and HA have, respectively, a certificate CF and CH. The FA and HA have private keys kF and kH and public keys lF and lH. In step 1, the MN acquires the certificate of the FA through advertisement message m, sent using broadcast on a periodic basis. Let Ek() be a public-key encryption signing function. Let Dk() be a public-key decryption signing function. The advertisement message m is signed using FA's public key, i.e., DkF (m), and is accompanied with FA's certificate CF.

In step 2, the MN sends through the FA a registration request m′, which is signed with the MN to HA secret key kMH. The registration messages contain the nonce of the HA nH, nonce of the MN nM, and a copy of the advertisement received in step 1 from the FA. In step 3, the FA forwards the registration, together with its nonce nF, to the HA.

On receiving the registration request, the HA verifies the novelty of nonce nH and consistency of the signature hkMH( m′). The HA now verifies FA's credentials and signature on behalf of the MN. The HA first validates the FA's certificate CF using the PKI. Then, it checks the consistency of the signature DkF (m) using the encryption function Ek(), that is, we must have ElF(DkF(m)) equal to m. If all these operations succeed, then the HA may return a registration reply to the MN. The reply rep is accompanied with a new HA nonce n′H and the nonce of the MN nM. This triple, denoted as m″, is signed using the HA-MN shared secret key kMH and associated with the FA nonce nF. This new group of three items is denoted as m‴. The final message consists of the trio m‴, signed using HA's public key, i.e., DkH(m), and HA's certificate CH.

On receiving the registration reply, the FA makes sure that the nF contained in step 4 is identical to the nF is step 3. Using the PKI, the FA validates the HA's certificate CH. Afterward, it authenticates the signature DkH(m) using the encryption function Ek(), that is, the equality ElF (DkF(m))=m must hold. The FA forwards the pair m″,hkMH(m″).

9.3.4.4 Hider and Extractor

The technique of information hiding is implemented in SIHT, which mainly focuses on two aspects, secret speech information concealing and public speech information hiding. The latter is necessary and important.

Whereas cryptographic techniques try to conceal the contents of information, information hiding (steganography) goes a bit further: it tries to conceal not only the contents of information, but also its very existence. Two people can communicate covertly by exchanging unclassified messages containing confidential information, but both parties have to take into account the presence of passive, active, or even malicious attackers.

The third person watching the communication should not be able to decide whether the sender is active in the sense that he sends covers containing secret messages rather than covers without additional information. More formally, if an observer has access to a carrier set {c1,⋯,cn} of cover-objects transmitted between both communication parties, he should not be able to decide which cover-object ci contains secret information. Thus, the security of invisible communication lies mainly in the inability to distinguish cover-objects from stego-objects [21,22]2122.

In practice, not all data can be used as cover for secret communication, since the modifications employed in the embedding process should not be visible to anyone who is not involved in the communication process. This fact shows that sufficient redundant data should be contained in the cover for the purpose of being substituted by secret information. As an example, due to measuring errors, any data which are the result of some physical scanning process will contain a stochastic component called noise. Such random artifacts can be used for the submission of secret information. In fact, it turns out that noisy data has more advantageous properties in most steganographic applications.

Obviously a cover should never be used twice, since an attacker who has access to two versions of one cover can easily detect and reconstruct the message. To avoid accidental reuse, both sender and receiver should destroy all covers that already have been used for information transfer.

Some steganographic methods combine traditional cryptography with steganography: the sender encrypts the secret information prior to the embedding process. Clearly, such a combination increases the security of the overall communication process, as it is more difficult for an attacker to detect embedded Cipher text (which itself has a rather random appearance) in a cover. A strong steganographic system, however, does not need prior enciphering [21].

SIHT utilizes a secret key steganography system similar to a symmetric cipher: the sender chooses a cover c and embeds the secret message into c using a secret key k. If the receiver knows the key used in the embedding process, he or she can reverse the process and extract the secret message. Anyone who does not know the secret key should not be able to obtain the evidence of encoded information. Again, the cover c and the stega-objects can be perceptually similar.

A secret key steganography system can be described as a quintuple [153] ∑=〈C,M,K,DK,EK〉 , where C is the set of possible covers, M is the set of secret messages with |C| ≥ |M|, K is the set of secret keys, EK:C × M × K→C and DK:C × K→M with the property that DK(EK(c,m,k), k) = m for all m∈M, c∈C, and k∈K.

7.9 Conclusions and Future work

In this chapter, we started by giving a brief introduction to mobile ad hoc networks and went on to discuss different security issues in detail. We have discussed the important security attacks and their solutions. As MANETs are resource constrained and cannot use elaborate cryptographic techniques for data encryption and decryption, we have tried to describe some of the key management techniques that can be used in this type of network. A chapter on security of mobile ad hoc networks cannot be complete without discussing the intrusion detection techniques existing in the literature. We thought it will be very useful to describe here the intrusion detection schemes starting from the simple ones to more complex schemes that utilize trust values of nodes. We have also described some interesting collaborative techniques of intrusion detection to complete the chapter. As regards future work, several challenges still remain in this area of securing ad hoc networks as a whole and MANET in particular. One main issue of concern is that the mobile devices are battery-powered and have limited computational resources. Hence, researchers must take this into account while designing security mechanisms. A complete model of all possible attacks would help researchers evaluate the security of their protocol. Such a model would also allow the application of formal methods to verify a security mechanism. Moreover, it would help researchers to design a more complete security solution instead of designing specific security mechanisms for handling specific security attacks. Another challenge is to design security solutions that are not only highly secure but also exhibit high network performance.

Summary

In this chapter we began our journey from the past to discover the old cryptographic systems, which played vital roles during wars and in sending diplomatic messages in ancient times. This knowledge is crucial to understand the new encryption techniques and how they work in modern time.

After listing the major cryptographic techniques we talked about steganography, its types, and techniques, and how was implemented in ancient civilizations to the present day.

We also talked briefly about digital watermarking and online anonymity. We postpone our deep discussion of these two subjects to Chapters 3 and 5Chapter 3Chapter 5, respectively.

In Chapter 2 we will begin our practical hiding journey by introducing the reader to many simple techniques that could be used to hide our files in Windows®. So let us begin hiding your secret information!