Security in Communications: Lab

This is a brief introduction to the concepts used in securing communicated messages. It does not
cover the wider concerns of network security.
Security of communication usually implies ensuring of one or a number of the following:
Privacy: only the intended receiver gets to see the message.
Integrity: the intended receiver knows if the message has been tampered with
Authentication: the receiver can be sure the message originated from the supposed sender, not
an imposter.
Non-repudiation: the receiver can prove the message was sent by the sender.
The idea is that when communicating messages, only the intended recipient can decode the
message (privacy), it can be sure the message is from the genuine sender (authentication) and
that the message has not been tampered with enroute (integrity). The receiver could also prove
that the message had come from the sender in the form received (nonrepudiation). To make this
happen relies on encryption and the use of keys.
!ncryption is the process of scrambling a message into an unintelligible form for all but the holder
of the key for decryption. There are numerous e"amples of this process. The key is used with an
algorithm called the #ipher to transform the message into cipherte"t which can only be decoded
with knowledge of the cipher and the key. The cipher is agreed between both communicating
parties and may be known publicly. There are two types of key usage$ symmetric key (or pairwise
shared key) where both parties use the same secret key and asymmetric key where one key (for
encryption or decryption) is made public the other (for the reverse decryption or encryption
process) is kept private (secret).
In practice these ideas are usually wrapped up in security protocols implemented at various layers
of the communication protocol stack ranging from application layer to physical layer. Since public
keys have to be advertised to be useful they are a potential security risk in themselves. %ow does
a sender know to trust a public key& The solution comes in using certificates that are authenticated
by a trusted authority as part of the 'ublic (ey Infrastructure. So whilst public key cryptography
resolves the problem of key distribution, to be effective, certificates and an infrastructure to deal
with them is re)uired.
In this lab two security scenarios are investigated$ implementation of a secure *irtual 'rivate
+etwork (*'+) over a public internet and layer two security in a wireless ,-+.
Assessment
-ssessment for this lab is .//0 by demonstration. 1nce you have setup and tested your scenario
give a demo. 2emember that in your demo you should introduce your setup and what you are
attempting to do as well as actually doing it. See #omms Tech lab guide on +13.
VPN
3hen communications were mainly made via the 'ublic Switched Telephone +etwork a company
could establish a private network linking multiple geographically separate sites by leasing
(somewhat e"pensive) dedicated 4circuits4. Since these circuits are part of the operators network
they are relatively secure. 3ide area network connectivity has become much cheaper by using the
Internet but this has significant security risks. - *irtual 'rivate +etwork (*'+) is a system for
allowing remote access to a private network using the insecure Internet to provide connectivity.
The remote access may be from a single computer or an entire local area network. The *'+
connection is made secure by use of tunnelling and encryption.
Communications Technology RG '11
In this lab you will setup a *'+ between two devices across an Internet. The idea is to
demonstrate the secure data by probing the transmitted packets when using the secure *'+
connection and when compared to using an unsecured connection.
WLAN
3ireless communication has a big disadvantage when it comes to security$ wireless signals can be
picked up relatively easily by an undesired eavesdropper. Since wireless signals are not
constrained to wires anyone with the right e)uipment can potentially listenin on communications
provided they are within range. To try and improve the situation wireless ,-+ devices conforming
to I!!!5/6... (known as 3I7I devices), implement security at layer two. The first protocol (and
one still widely used today) is 3ired !)uivalent 'rivacy or 3!'. %ere frames between devices are
encrypted to try and foil any potential eavesdropper. In the latest devices there are additional
security protocols supported that improve on 3!'s security. The weakness of the 3!' protocol is
wellknown with numerous web publications e"plaining how to eavesdrop 3!' encrypted
communication. The idea of this lab is to demonstrate an unprotected link, show 3!' protection
and its relative weakness.
Suggested Plan:
VPN
8evise and sketch a network diagram illustrating the intended lab set up for the *'+
7ind lab e)uipment that supports *'+ and note it on the diagram (find and download the
appropriate manual if necessary).
8etermine and note how you will snoop frames9 packets (what e)uipment is re)uired&).
8ecide on an application (something te"t based might be easiest to see) to send and receive
data that can be snooped.
#onfigure a lab demo that shows the security weakness without using *'+ and how it is
made secure with the *'+.
Wireless Security
IP!"#AN# N!#$: Intentionally obtaining other peoples data is probably illegal and
doing so may result in prosecution% #he purpose o& this lab is to demonstrate the
security aspects o& 'ireless communication 'ithin and e(clusively only on a private
net'or) set-up in the lab% No other use o& the technology is permitted% *!+ +S#
ensure you have ta)en steps to only obtain data &rom the test net'or)%
8evise and sketch a network diagram illustrating the intended lab set up for the wireless
security demo.
7irst demonstrate the insecurity of an unencrypted wireless transmission (note: care needs
to be taken here to ensure you don4t eavesdrop on wireless transmissions associated with
the university 3,-+). #onnect two '#4s using an unsecured wireless connection. :se a
third '# to eavesdrop and display the captured packets.
-dd a security protocol to the transmission and show how transmissions are now secure.
2esearch weaknesses in the 3!' protocol and e"plain how it might be compromised.
Communications Technology RG '11