This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In computers lot of sensitive information is stored and transmitted over the Internet, so we need to make sure information security and safety. In fact there is only one sure way to protect information using encryption.
Cryptography is a information of science and security, protecting the information by transforming data into unreadable format called as cipher text with the help of modern security protocols and ciphers . It is most associated with scrambling plaintext (ordinary text) into cipher text (a process called encryption), then back again (from cipher text to plain text is known as decryption).
There are two fundamental techniques for encrypting information-one is symmetric encryption (secret key encryption) and other is asymmetric encryption(public key encryption) both of them have advantages and disadvantages.
Encryption program uses an encryption algorithm for encrypting and decrypting the data. The encryption algorithm creates specific strings of data and that is used for encryption keys with the intention of long-standing strings of bits or binary numbers. If the key contains more number of bits then we will get more number of possible combinations of binary numbers and that make more hard to break the code. Then the encryption algorithm encrypt the data by combination of key bits with the data bits.
In symmetric key encryption, the same key is used for encrypting data and decrypting data.
There are two types of symmetric algorithms one is stream ciphers and another one is block ciphers.
Stream ciphers encrypt the bits of information by bit-by-bit. Stream ciphers are smaller and too faster to implement than block ciphers. The most used stream cipher is RC4.
Block cipher encrypt the information by breaking it down into blocks. And encrypts data in each block commonly the block size 64 bits. The most used block ciphers are Triple DES,RC5,RC6(derived from RC5) and AES.
Asymmetric encryption uses different keys one is public key(every one knows ) for encryption and another one private key(only known to its holder) used for decryption.
Firstly coming to wireless network security between wireless access point to manger laptop, Manger needs a strong encryption to prevent data leakage, Wireless Equivalent Privacy (WEP) which is first generation encryption protocol and it was cracked with the help common hacking tool, WEP uses 40 bit RC4 stream cipher developed from RSA security. RC4 is a variable key size stream cipher.
WEP uses a pseudo random key stream that is generated by combining a Initialization Vector(IV) with a secret key.WEP Initialization Vector is only 24 bits. More detailed problems with RC4 and its implementation in WEP are widely recognized by a large number of experts. As a result of WEP's vulnerabilities, wireless networks using WEP are susceptible to man in the middle attacks.
WPA was able to improve security over its WEP counterpart by implementing the Temporal key Integrity Protocol(TKIP). Based on the RC4 stream cipher with 128 bit key and 48 bit Initialization Vector. The TKIP algorithm was designed to overcome the security deficiencies discovered in WEP by:
Stronger authentication: An 802.1x server, such as a Radius server, can be used to authenticate users individually.
A longer key: WPA lengthens the Initialization Vector (IV) to 48 bits and the master key to 128 bits.
Temporal Key Integrity Protocol (TKIP) generates different keys for each client and alters keys for each successive packet.
A message integrity code (MIC) verifies that messages have not been altered in transit and protects against replay attempts.
Whilst these mechanisms would provide consumers with a secure alternative to the broken WEP protocol, the IEEE only intended WPA protocol. WPA's new companion is WPA2.
Designed on a completely new encryption protocol, WPA2 implemented a new algorithm known as Counter Mode with Cipher Block Chaining Message Authentication Protocol(CCMP). CCMP offered several enhancements to the TKIP standard, including the use of the Advanced Encryption Standard(AES) also known as Rijndael. WPA2 was also given the ability to utilise the TKIP encryption protocol for backward compatibility.
The Virtual Private Network(VPN) uses a public telecommunication network such as Internet, to allow the end users for accessing the main network of the organization. VPN employs virtual connections originating from the main network to route through the Internet to the remote sites thereby helping greatly in protecting the remotely deployed computers from illegal incursions.
VPN offers extra security through data encryption in the form of coding at the transmitting end and decoding at the receiving end - that permits only authorized employers to access the company's network. The privacy factor is achieved through adherence to prescribed security measures and by implementing the right computer network protocol.
For secure applications the key distribution mechanism of Kerberos protocol is used. One of the bases of secure network system is authentication. Kerberos protocol is one of the best authentication protocols and it is widely used in network applications. The Kerberos protocol is proposed by MIT(Massachusetts Institute of Technology).
The solution for authentication in client-server architecture is provided by Kerberos protocol. The clients and servers need to authenticate their identities to the other side. So that It guarantees the authenticity of the communications. By supporting the dynamic key generation and secure key distribution ,the protocol provides the mechanism .So improvements are performed to apply public key cryptography to the protocol.
Kerberos ticket is a certificate issued by an authentication server, encrypted using the server key. The ticket contains the random session key that will be used for authentication of the principal to the verifier, the name of the principal to whom the session key(encryption key) was issued and an expiration time after which the session key is no longer valid. The ticket is not sent directly to the verifier, but is instead sent to the client who forwards it to the verifier as part of the application request. Because the ticket is encrypted in the server key, known only by the authentication server and intended verifier, it is not possible for the client to modify the ticket without detection.
In public key cryptography, encryption and decryption are performed using a pair of keys such that knowledge of one key does not provide knowledge of the other key in the pair . One key is published so it is called as the public key and the other key is kept private, private key.
Public key cryptography has several advantages over conventional cryptography when used for authentication. These include more natural support for authentication to multiple recipients, support for non repudiation and the elimination of secret encryption keys from the central authentication server.
Kerberos authentication proves that a client is running on behalf of a particular user, a more precise statement is that the client has knowledge of an encryption key that is known by only the user and the authentication server. In Kerberos, the user's encryption key is derived from and should be thought of as a password; we will refer to it as such in this article. Similarly, each application server shares an encryption key with the authentication server; we will call this key the server key.
Encryption in the present implementation of Kerberos uses the data encryption standard (DES). It is a property of DES that if cipher text (encrypted data) is decrypted with the same key used to encrypt it, the plaintext (original data) appears. If different encryption keys are used for encryption and decryption, or if the cipher text is modified, the result will be unintelligible, and the checksum in the Kerberos message will not match the data. This combination of encryption and the checksum provides integrity and confidentiality for encrypted Kerberos messages.
Single sign-on systems security is improved by using the Kerberos
protocol. It can protect the authentication against eavesdropping and
replay attacks. For the eavesdropping attack, the intruders can obtain
copies of the messages exchanged between clients and servers. During the authentication the information is encrypted except clients identifiers.
Actually an intruder cannot get any private information of the client, but it get the information if it figures out the client's private key in a very short period time. The further communications between valid clients and
servers are also encrypted with the session key which will change in next session. Therefore, the intruder has little chance if it hardly manages to interfere in the authentication.
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise.