This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This paper elaborates a cryptographic protocol for securing self-organized data storage through periodic verifications.
The proposed verification protocol is efficient, deterministic, and scalable and prevents most of the security threats.
Furthermore, the protocol also makes it possible for the data owner to delegate the verification operation to other nodes without revealing any secret information.
This paper proposes a secured data protocol which ensures data integrity, message authentication and non-repudiation.
The uniqueness of the protocol is that it effectively exploits the asymmetry of computational resources.
It is cost-effective, resource-efficient.
Digital signatures and encryption techniques are utilized for authentication and data confidentiality.
The past few years there has been an increasing interest in the application of formal methods for the analysis of cryptography.
It is well known that for several protocols for exchanging cryptographic keys over the data network can be vulnerable to a class of network in which an intruder can intercept and alter message and can transmit it.
In most of cases the security protocol can be subverted without cracking a cryptosystem and its vulnerability is referred to as protocol failure.
The NRL protocol analyzer is an interactive program that can be used either in the verification of security properties or in the direction of security flaws. It is currently being used to analyze the internet key exchange protocol and the security transaction protocol.
Security protocols are "communication protocols dedicated to achieve security goals" such as confidentiality, integrity, availability. Security goals can be achieved through the use of cryptography. The growing development of today's Internet and the technological advances has made it possible to implement and use security protocols for a wide range of applications such as sensor networks, electronic commerce, Routing environments and Web services.
Protocols and Security
The Server supports the following protocols:
FTP, FTPS, SFTP, HTTP, and HTTPS.
The protocols are configured and enabled/disabled at the Site level, at the User Setting Level, or per user.
It enables file transfer between Internet sites or between two systems. It was created for transferring files independent of the operating system used, for example between a Macintosh and a Windows PC.
FTP's features include handling of specific error situations and ensure that a file sent from point A to point B will get there reliably.
As security became a concern, secure mechanisms such as SSL and TLS were adapted to protect from being intercepted or exploited. Secure FTP Server provides security with FTPS (using SSL/TLS).
HTTP is a communication protocol for establishing a connection with a Web server and transmitting HTML pages to the client browser or any other files required by an HTTP client application.
HTTP is often referred to as a "stateless" protocol. The connection is maintained between client and server only for the immediate request after which the connections are subsequently closed. Each time we need something from the Server, our browser makes a connection, gets that file, and then the connection is closed. Since we do not connect and stay connected, the browser remembers our username and password for us, so that it can send the authentication along with every new connection request.
The following elements work together to establish a secure SSL connection:
Client:Â The client needs to be an FTP client with SSL capabilities.
Certificate:Â Certificates are digital identification documents that allow both servers and clients to authenticate with each other. Server certificates contain information about our company and the organization that issued the certificate while client certificates contain information about the user and the organization that signed the certificate.
Session Key:Â The client and the Server use the session key to encrypt data.
Public Key:Â The client encrypts a session key with the Server's public key.
Private Key:Â The server's private key decrypts the client's session.
Certificate Signing Request: This file is used when we need to have our certificate signed. Once the Certificate Signing Request file is signed, a new certificate is made and that can be used to replace the unsigned certificate.
SSL must first be enabled at the Site and Server level, and then can be enabled per User Setting Level and User.
Secure FTP Server supports two levels of authentication with SSL:
HighÂ -Â The server is configured so that it contains a certificate, but does not require a certificate from the FTP client.
HighestÂ - The server is configured so that it provides a certificate and requests a certificate from the client. The server compares the client certificate to a list contained in its Trusted Certificates database. The server either accepts or rejects the connection based upon a match.
SECURITY PROBLEMS ADDRESSED FOR PROTOCOLS DATA SECURITY:
There are many security problems that can be addressed in 802.11 and WPA can be threat as vulnerabilities.
802.11i does not address for security problem.
However, the improvement in encryption, integrity and authentication Strengthen the security of the network behind them.
TheÂ disassociation, deauthentication, and transmit-duration attacksÂ areÂ all attacks onÂ theÂ MAC layer. These attacks will not be stopped until there is authentication of management and control frames. However, it is important to remember that because nothing can be done about radio frequency jamming or interference attacks, there will never be a complete solution to DOS attacks. Wireless networks will always be subject to Dos.
Shared-Key Authentication Attacks:
802.11i solves the attack and the flawed shared key authentication by obsolescing these authentication methods:
MAC ADDRESS SPOOFING:
The standard way to prevent MAC addresses spoofing is by including the portions of the MAC address. In addition by providing a strong alternative access control methods, it should eliminate the needs for authentication based on the MAC address.
SECURITY CONSDIRATION OF EAP:
802.11i refers strong security consideration of EAP authentication methods to generate the server on the basis for network security. If the underlying key is compromised or if the EAP methods used have flaws the security provided the 802.11i does not specially addressed the security of individual EAP methods.
There is a need for guidelines of EAP methods and the security features they should support. Its recommendations also include mutual authentications, resistance to dictionary attacks or the ability to generate key at least 128 bytes.
NEW EXISTING SOLUTIONS:
Wired and wireless nets both have many of the same vulnerabilities But, the solutions developed for wired nets may not be possible or implementable in wireless nets.
For example, management of policies and services in wireless net and current protocols for managing authentication are insufficient in wireless world.
So we need new ways to manage configuration, security policy, intrusion detection, and response Threats eavesdropping . Cryptography can help to prevent.
But how to detect eavesdropping is still an open research topic Dropping data packets .Selfish behavior on data forwarding Drops other nodes packets to preserve its resources.
Examples of VoIP Security
â€¢ Voicemail exploit
â€¢ Dialling plan security
â€¢ Transferring to '9011' extension for long distance exploits
â€¢ Buffer overflows
â€¢ Format-string exploits
â€¢ Password cracking
â€¢ Overload (DOS, DOS)
â€¢ Session tear-down
â€¢ Session hijacking
â€¢ Malformed messages
â€¢ Loops and spirals
â€¢ Overload (DOS, DDOS)
VoIP Supporting Services
â€¢ Web servers
â€¢ SQL Database
VoIP OS and Networking
â€¢ Buffer overflows
â€¢ Format-string exploits
â€¢ Password cracking
â€¢ Overload (DoS, DDoS)
â€¢ ARP cache poisonin
NEW SUGGESTION TO SECURE THE PROTOCOLS FOR DATA:
A new type of network security protocol using hybrid encryption in virtual private networking.
Today wireless communications is acting as a major role in networks. Through the employee's ability to install unmanaged access points will result more than 50% of enterprises exposing sensitive information through the wireless virtual private networks (VPN). It enables us to send the data between two computers across a shared or public network in a manner that emulates the properties of a private link. The basic requirements for VPN are User Authentication, Address Management, Data Compression, Data Encryption and Key Management. The private links are established in VPN using Point-to-Point tunnelling Protocol (PPTP) and Layer-Two-Tunnelling Protocol (L2TP). These protocols satisfy VPN requirements in five layers.
In user authentication layer, multiple trusted authorities using Extensible Authentication Protocol (EAP) do the authentication process.Â
Design applications to function in a secure web environment: trust the web server
Use portable, language-neutral, CGI-oriented interfaces to access identity information in real-time.
Bundle a "default" identity source
Has three levels (Network, application, system)
Network - data packet integrity in-transit (Authentication/confidentiality/access controls)
IP layer/ headers + data = IP datagram
Not inherently secure (IP Spoofing - attacks w/false source addresses)
Tunnel-mode encryption (entire datagram encrypted)
Transport-mode encryption (data only encrypted)
Host-oriented - all users share same association & key
Potential to decrypt another's messages
User-oriented - user has 1 or more association & keys
Lower risk / Superior method
Firewalls - screening routers/proxy servers, perimeter networks
WEB SECURITY PROTOCOLS:
Encryption provides confidentiality. It does this by preventing the data from being understood except by the intended recipient. The XML Encryption Syntax and processing standard defines a process for encrypting digital data and how the resulting encrypted data should be represented in XML.
To encrypt XML elements:
Select the encryption algorithm and parameters.
Obtain the key.
If the key is going to be identified, construct a Key Info element.
Encrypt the key, if it is sent with the encrypted data construct an Encrypted Key element.
Place it in Key Info or in some other portion of the document.
Encrypt the data.
For XML data, this can involve a transformation to UTF-8 encoding and serialization. The result is an octet string.
Build the Encrypted Type structure where the encrypted data is actually stored in the structure, instead of being referenced, the encrypted data must be base64 encoded.
Replace the unencrypted element in the XML document with the Encrypted Type structure.
To decrypt XML elements:
Process the element.
Obtain the decryption key.
This may require using a private key to decrypt a symmetric key or to retrieve the key from a local store.
Decrypt the data in Cipher Data.
Process the decrypted data.
This requires that the application restore the decrypted data, which is in UTF-8, to its original form.
It must be able to replace the Cipher Data structure in the XML document with the results of the decryption.
IPSec defines two protocols
The Authentication Header Protocol and
The Encapsulating Security Payload Protocol ;
To provide authentication or encryption for packets at the IP level.
Authentication Header (AH)
The Authentication Header (AH) Protocol is designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet.
The protocol uses a hash function and a symmetric key to create a message digest
The digest is inserted in the authentication header.
The AH is then placed in the appropriate location based on the mode (transport or tunnel).
The addition of an authentication header follows these steps:
An authentication header is added to the payload with the authentication data field set to zero.
Padding may be added to make the total length even for a particular hashing algorithm.
Hashing is based on the total packet. However, only those fields of the IP header that do not change during transmission are included in the calculation of the message digest (authentication data).
The authentication data are inserted in the authentication header.
The IP header is added after the value of the protocol field is changed to 51.
Encapsulating Security Payload (ESP)
The AH Protocol does not provide privacy but only source authentication and data integrity.
IPSec later defined an alternative protocol that provides source authentication and integrityand privacy called Encapsulating Security Payload (ESP).
The ESP procedure follows these steps:
1. An ESP trailer is added to the payload.
2. The payload and the trailer are encrypted.
3. The ESP header is added.
4. The ESP header, payload, and ESP trailer are used to create the authentication data.
5. The authentication data are added to the end of the ESP trailer.
6. The IP header is added after the protocol value is changed to 50.
The security requirements of Web Services are similar to that of any other Internet Based Application. This deals with issues providing basic security services, authorization, confidentiality, integrity and non repudiation, to Web Services.
Web Services enable the exchange of data and the remote invocation of application logic using XML messaging to move data through firewalls and between heterogeneous systems.
Confidentiality in Web Services are
Session-level confidentiality ensures the consumer and provider that their communications cannot be overheard.
Web service application topologies include all sorts of devices PCs, proxies, demilitarized zones, gateways etc. Consequently, many intermediaries come between two communicating parties.
SSL/TLS may secure the path between any two, but not from one end to the other.
SSL can provide confidentiality between client and the website and between website and web service, but not between client and Web Service.
The user credentials are encrypted and sent from browser to website in a secured channel.
The web server then needs to decrypt the message and re-encrypt and send it to the web service.
During this gap, the information could be inspected or modified.
End to end confidentiality cannot be achieved using SSL. XML encryption facilitates encryption of SOAP message in part or as a whole to ensure end-to-end confidentiality.
Integrity is the assurance that information can only be modified by authorized entities. Authentication Codes, Session-level integrity can be provided by SSL whereas Web Services need end-to-end integrity.
SSL ensure integrity between any two points in the web service application topology but not from one end to the other because at each intermediary point there is a possibility of message getting modified. End-to-end integrity can be provided using digital signatures.
Non-repudiation provides the capability to prove to a third party that a particular transaction occurred. Presently SSL is the most widely used protocol that provides non-repudiation in client-server architecture. Since Web Services involves passing of messages over a chain of entities where each entity both decrypts and re-encrypts the message.
Using a protocol like SSL can provide non-repudiation between any two entities but not over the chain.
XML encryption, XML Signature, and SAML are new technologies addressing this requirement.
There is some rich XML protocol for authentication.
Best of breed, SSO protocol incorporating a lot of practice.
Secure HTTP - security extension
Protects individual transaction request or response messages, similar to e-mail
Services: authentication, integrity, confidentiality + digital signatures (adds non-repudiation)
Flexibility in how messages are protected and key management
It is not uncommon for the security protocols to have flaws so that an intruder can attack it. The purpose of the session protocol is to authenticate two web services to each other and to establish a shared secret session key with which they can encrypt their messages to ensure confidentiality.
Web Services require end-to-end security since the requests might have to traverse over a chain of entities.
The most popular protocol now in use, SSL, works well for point-to-point security services.
SSL does not completely address the security issues of Web Services.
Strong security protocols
First broadcast authentication
Low security overhead
Computation, memory, communication
Apply to future sensor networks
Energy limitations persist
Tendency to use minimal hardware
Base protocol for more sophisticated security services
The following topics are under consideration.
Enables Bluetooth information points. This will drive the adoption of Bluetooth into mobile phones, and enable advertising models based on users pulling information from the information points, and not based on the object push model that is used in a limited way today.
Enables the automatic configuration of theÂ topologies especially inÂ scatteredÂ situations that are becoming more common today. This should all be invisible to users of the technology, while also making the technology "just work."
Enable audio and video data to be transmitted at a higher quality, especially when best effort traffic is being transmitted in the sameÂ piconet.