This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The UoB manufacturing company has different departments such as sales, production and design, the communication between the these departments ( it involves various network segments ) is unsecure, we have to provide secure communication between the them because any unauthorised users or internal employees access the files from the various servers, it will affect the profit of the company. The network supervisor suggested to employees to use Rivest encryption algorithms to secure the communication between various network segments.
The Network Segment: The communication between the UoB CADCAM workstations and CADCAM server
CADCAM workstation users want to access the data or files from the CADCAM server or upload data or files to the CADCAM server there is a need of secure communication between the clients and server because the server contains the important files or data should not access by other workstations like front office workstations or sales department. If other team members or unauthorised users can able to able to access the data on the server , the UoB manufacturing company profits will be go down and if the other companies get access the important files such as product design files from this UoB manufacturing company, there is chance of improving their productivity and sales. The above reasons make the company to use the secure communication between the clients (CADCAM workstations) and server (CADCAM server).
In the present day's most of the companies prefer to use the Secure Socket Layer with cryptographic algorithms to protect the communication between the client and server. The Secure Socket Layer protocol is used to provide privacy and security over the network and it was developed by Netscape Communications Corporation. The SSL protocol works with encryption keys to authenticate the server prior to information exchanged by the higher layers. The main reasons to use the SSL is
The cryptographic algorithms are used to encrypt the data transfer between the clients (CADCAM workstations) and server (CADCAM server), it will protect the sensitive data from unauthorised users to access to the server.
It will protect the modification of data by the unauthorised users.
If the client want to access the server first it has to authenticate by the server.
It uses secret key (bit string) to encrypt and decrypt the messages between the client and server. The mostly used secret key cryptographic algorithms are
Data Encryption Standard
Triple strength Data Encryption Standard
Rivest Cipher 2
Rivest Cipher 4
Advanced Encryption Standard
These algorithms uses symmetric ciphers to encrypt and decrypt the messages between the client and server. There are two types of symmetric ciphers
At a time it will encrypt one bit.
It will break the message into equal size blocks and encrypt the each block.
It will generate the cipher message by combining each bit of keystream with bit of plain message.
m(k) = kth bit of message
ks(k) = kth bit of key stream
c(k) = kth bit of cipher message
c(k) = ks(k)+m(k) (+ = exclusive or)
The best example for the stream cipher is Rivest Cipher 4
It will encrypt the message by dividing the plaintext into blocks of
Message for example 64 bit blocks.
The cipher text is generated by using n bit of plaintext and n bit of
Calculate c(n) = Ks ( m(n) + r(n) ) where m(n) is plaintext block and r(n)
is random number
At receiving end m(n) = Ks ( c(n) ) + r (n)
Applying Rivest algorithm on network segment (UoB workstations CADCAM workstations and server (CADCAM server) )
If the network supervisor suggested to use the Rivest ciphers for encryption, I will prefer Rivest cipher 2 which will work with SSL protocol to encrypt messages transfer between the client and server for providing secure communication. The SSL protocol uses the both public key cryptography(RSA) and symmetric key cryptography (RC2,RC4). Before the establishment of secure channel it will use the public key cryptography for sharing of keys, once session is established between the client and server, it will use the symmetric key for data transfer. RC2 is a block cipher which was designed by Ron Rivest in 1987, later Lotus corporation supported for the development of RC2 and it uses a 64 bit block size and variable key length i.e. 40 bits to 128 bits. For our application we can prefer 128 bit key with 64 bit block because 40 bit key is weak and easy to vulnerable. The 128 bit key with 64 bit block size hard to break the key as compared to the 40bit key. It uses totally 18 rounds in that 16 rounds for mixing and 2 rounds for mashing.
We can use Data Encryption Standard to encrypt the transfer of messages between the client and server but it is vulnerable by brute force attack. The RC2 is a replacement of DES cipher. RC2 cipher also can be breakable by using 234 selecting plaintexts. RC4 is advance development of RC2 and it is a stream cipher providing more secure communication as compared to RC2.
The Network Segment: Communication between manager's laptop and wireless access point
The message exchange between the manager's laptop and wireless access point is not secure in the following network segment, we have to provide security between them because to protect the wireless communication between laptops and access point from following attacks
Denial of Service attack
In this attack the third party users flooding the network with traffic i.e sending large amount of data to the network and it will cause harm to the network infrastructure, for example DoS is a ping flood.
Man in the middle attacks
There are two types of man in the middle attacks
Eavesdropping: In this attack the unauthorised users take the network data and analyse that data.
Manipulation: For example Alice sending data to the Bob, a man in the middle i.e Eve change the data and retransmit to the the the receiver.
To provide security to the network segment(communication between laptops and accespoint ) i have choosen WPA(WiFi Protected Access) protocol to secure the message exchange between them. It will provide following wireless security features to the network segment
It will validate the every user accessing the access point
It will encrypt the messages exchange between laptops and access point and protect the data from eavesdropping attack.
Confirming authorised users only accessing the information from accesspoint.
If unauthorised users accessing the laptops, centrally disabling that devices.
The WPA uses authentication server to authenticate the requests from authenticator to allow or denies the access to the access point.
It also use the pre shared key mechanism to generate the encryption key, before the laptops communicating with access point the key must enter into the access point and laptops. PSK automatically changes the key after some packets are transmitted.
It uses the Temporal Key Integrity Protocol (TKIP)
TKIP combines the pre shared key with the laptop's MAC (medium access control ) and larger IV to confirm every laptop uses the different key stream.
It will change the keys take place on a frame by frame.
It uses the Message Intergrity Code (MIC) to prevent packet forgery.
The TKIP encryption algorithm is stronger than WEP ( Wired Equivalent Privacy ) because the WEP reuse the encryption key.
It uses the Rivest cipher 4 (RC4) for encryption and decryption and also changes the temporal key after some packets transmitted. RC4 is a stream cipher invented by Rivest for RSA Data Security. It generates the random keys for each packet based on random permutation.
RC4 keystream is efficient in software
It is simple and well designed
It is good to be use in our network
RC4 Initialisation: The array s has permutatins 0 to 255 and key contains N
N bytes for m = 0 to 255
S[m] = m
K[m]= key [m (mod N)
Next m , k= 0
M=0 to 255 , k= (k + s[m] + k[m]) mod 256
Swap (s[m], s[k])
TKIP encryption algorithm uses the 128 bit cipher key and 64 bit MIC for encryption and decryption of messages.
Comparison with other methods
WPA is improvement over WEP because in the WEP the changing of encryption key optional but in WPA the encryption key is changed after every frame.
WPA2 with AES-Conter Mode CBC-MAC Protocol (AES-CCMP) provide more security as compared to the WPA, AES is a block cipher it uses same key for encryption and decryption , block size of 128 bits and possible key lengths are 128, 192, and 256 bits.
I have choosen two network segments and applied cryptographic algorithms on these segments to provide secure communication between them.