The Problem Of Network Security Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Network security is always remains a problem. We need this security to protect confidential information and resources from misuse. There are many security standards which are available for Server and wireless Network communication. Security standards use different encryption algorithm to provide security. AES is more secured as compared to Rivest Cipher. Rivest Ciphers have been cracked by many attackers. Due to security reason we need powerful encryption standards which prevent all flaws in current situation.

Cryptography is the art of using mathematics to encrypt and decrypt message or data. It enables us to transmit data through unsecured networks or store sensitive data, so that it must not be readable by unauthorized person. According to Kirchhoff's Principle [1], users of a good encryption system would not need to keep anything secret except the secret key they are using. In other words, it shouldn't matter if the enemy know or discover the encryption method, so long as they don't discover the key. Basically, the fewer things you have to keep secret, the better. Hiding your encryption method from the enemy spies might be difficult, and if it is compromised then changing to a new encryption method is likely to be difficult and expensive. So you should endeavor to design your system so that the encryption method does not have to be kept secret.

Modern encryption methods can be divided into two types; first, symmetric cryptography or secret key cryptography and second, asymmetric or public key cryptography. In Secret key or symmetric cryptography, the keys used for encryption and decryption must be same. Sender and receiver both agreed upon one key before communication. Examples of algorithms are DES, 3DES, AES. In public key cryptography both key are different. In 1976, Whitfield Diffie and Martin Hellman first time proposed the concept of public-key cryptography, in this concept two different keys are used, public key and private key. Public Key is used to encrypt the message and may be freely available to all. Private Key is used for decryption and keeps it secret from an unauthorized person. In 1978, Ronald Rivest, Adi Shamir, and Len Adleman invented RSA. It won Turing Award. It is most widely used in (http, SSL, PGP, etc.).

Today, all IT and security teams of large organizations are challenged due to increasing in the volume of cyber-attacks on large businesses, Military, Scientific, Intelligence departments, governments, individuals, and infrastructures. IT professionals monitor a stable increase in the number and types of malicious website infections. Experience grows everyday with phishing, Trojan attacks and pharming performed by both external and internal fraudsters via internet. IP theft is also a big problem in businesses because businesses share information with individuals and partners across the globe. Average monetary value of losses due to cyber-crime was $394,700 according to 2010 CyberSecurity Watch Survey result [2]. That's why we need some powerful encryption methods to save our self from internet frauds and unauthorized access.

Background

In 1970's, IBM developed the cryptosystem which known as Data Encryption Standard (DES). It based on symmetric key cryptography. In 1976 National Bureau of Standard (NBS) declared it as US cryptography standard for government official sensitive documents. Now NSA is responsible to provide high security. After years many attacks were developed on DES. In response DES tripled of number of rounds and known as 3-DES or Triple-DES. In August 1999, some other systems become effective like MARS from IBM's Don Coppersmith, Serpent by Anderson, Biham, and Knudsen, RC6 developed by Ron Rivest and three collaborators for RSA Laboratories, one of the chief designers of DES and Twofish by Bruce Schneier's Counterpane Company. On 2 October 2000, the NIST announced the winner: Advanced Encryption Standard (AES), a system developed by the Joan Daemen and Vincent Rijmen, they were Belgian cryptographers and originally called Rijndael. NIST expects this system to be secure for the next thirty years. AES encrypts a 128 bits message by using a key of 128 bits, 192 bits, or 256 bits. It is an iterated cipher, in which a sequence of four operations is applied a certain number of times. Thus it consists of 10 rounds at key length 128 (12 rounds at 196 and 14 rounds at 256 bits), and each round of these four operations [3].

Area of Investigation

Figure 1: UoB Manufacturing - Network Diagram

From Figure 1, Server connected via a wired LAN and Wireless Access Point are two segments on which I describe about the Ron Rivest algorithms related to these segments and compare them with other similar Protocols in these two areas. According to Figure 1, there are two servers CADCAM and PDC which are connected to Machine Room switch. These servers are having sensitive information regarding their customers and users. We should need to select best encryption protocol to secure the sensitive information from unauthorized person. In wireless portion we need encryption method which helps to avoid unauthorized access to wireless network.

Key criteria for encryption:

Authentication

Authentication is a term which is used to confirm genuine by validation of the identity of an entity. It is the verification of the identity of the user who is trying to log in in the network like wireless or server. Once the authentication process has been done then user will be able to access resources available on network. It can be done by using user name and password, secrete key. Biometric becomes more secured way of authentication in big organizations.

Data integrity

Data integrity is a technique of ensuring that personal and sensitive information has not been accessed by unauthorized person for any unknown means. Some measurement should be needed to ensure integrity on physical devices like servers. Provide access to data according to role, restricting unauthorized access to resources. In network, administrator has authority to manage the servers and wireless security.

Access Control

Access control is a technique of controlling access to information and network resources. It is allowing only privileged entities access. Access control list should be managed to control the unauthorized access to the resources. For Example, student, teacher, Head of Department and administrator, all of them have different control access level to data store on File Servers.

Data Confidentiality

Data confidentiality refers to keep sensitive and personal information secret and private from all authorized people, so they can't get and use it for some illegal activities. It is a key criterion of cryptosystem. According to Data Protection Act 1998, data should be kept secret from unauthorized people. Now days it is a big issue, large numbers of people are having this problem.

Server Segment

Server segment is always important in the network because it needs more security and powerful encryption protocols. Network administrator must needs secured authentication protocol to secure this segment. In our segment there are two servers PDC and CADCAM. These servers are having important backup data. We should need good encryption protocol to make them secure. When a server performs an operation with a stranger, two main common security issues must be addressed. First, the all details of the current transaction must remain confidential. Second, server should authenticate the current client according to a pre-existing policy. This specifies that the current client is authorized for current transaction. Transport Layer Security TLS/SSL is a famous security protocol for providing server authentication, data integrity and data confidentiality. It works on transport layer.

Secure Sockets Layer (SSL)

SSL designed by Netscape in 1944 to provide Internet security and privacy. It supports server-client authentication. It maintains the security and data integrity over the network. It operates on the transport layer. It is an application independent. It encrypts the whole network channel which is used as communication between server and client. It does not support the message level digital signature. This was based on RC4 cipher which was already cracked. Due to security reasons IETF later develop the standard providing same functionality. This based on SSL v 3.0 and called as TLS. It is also known as TLS/SSL. Now a day it based on TLS and provides high performance over internet. It provides server end security over the Ethernet.

Transport Layer Security (TLS) Protocol:

TLS is an IETF draft; it is built on the SSL (Secure Sockets Layer) V3.0 protocol, and it provides communications and data privacy over the Internet. It also provides server authentication. TSL is application independent protocol. TLS 1.2 is the latest version of TLS and it works with SSL v3.3 [5]. It was defined in August 2008 in RFC 5246. TLS is consists of two layers; TLS Record Protocol and TLS Handshake protocol. TLS Record protocol provides two basic connection security properties; private connection reliable connection. This protocol is used for encapsulation of many high level protocols. TLS Handshake protocol delivers three basic connection security properties [6].

The peer identity could be authenticated by using asymmetric cryptography (DSA, RSA etc.)

The intercession of shared secret is secure

Reliable negotiation: Attacker can't modify the negotiation.

Protocols used by record protocol are: application data protocol, change cipher spec protocol, alert protocol and handshake protocol. TLS Record Protocol specifies MAC encryption and compression algorithms. The parameters for these algorithms are depending on MAC and bulk encryption keys for read and the write process of connection. The TLS security parameters for read and write are done by PRF Algorithm, MAC Algorithm and Bulk Encryption Algorithm Compression Algorithm. Ciphers used in record protocol are; standard stream cipher, AEAD Ciphers and CBC cipher [6]. Handshake protocol is accountable for session negotiating; it consists of session identifier, peer certificate, compression method, cipher and resemble.

Server Certificate

The server sends a certificate message to client, when the client and server agreed upon key exchange process which uses certificates for server authentication. This message carries the server's certificate chain to the client. Message structure is:

Figure 2: Message structure od Certifcate [6]

RSA Key Exchange with authentication

RSA has both Server authentication and key exchange. Server's certificate contains public key which is used for encryption. Server static key compromises in the loss of confidentiality for all sessions under static key. After server certificate verification, client encrypts pre_master_secret ( the generated value by client which will be used to generate the master secret) with RSA server's public key and response back to server. Server decrypts the pre_master_secret by using available private key. After successfully decoding server proceed on message according to policy. In RSA key exchange clients should be authenticated using certificate verify message. Client signs a value which gets from handshakes messages. These include server certificates which binds signature to server. ServerHello.random binds signature to current process of handshake [6].

DHE Key Exchange with authentication

In Diffie-Hellman key exchange, server can send certificate which might be containing fixed DHE parameters or might be use key exchange message to send Diffie-Hellman temporary parameters which are signed by RSA or DSA certificate. In first case; client verify the signature or certificate. It ensures that parameters are belonging to server. In second case; parameters are hashed before signing with Hello.Random (function which gives random value, which later used as signing after hashed) values to confirm that attackers cannot replay old parameters. Attacker can also evade by using fresh private Key for each handshake with the help of any DHE chipper suites [6].

By using RSA and DHE exchange method, we can make server key exchange and signature process more secured. Both are used in TLS to provide security over the Ethernet and Server authentication process. The Microsoft Certificate Server is an important part of TLS/SSL certificate authority (CA). TSL gives high server-end security by providing client server authentication, data integrity and good encryption protocols supportability.

Supported Ciphers

Mostly used ciphers in TSL/SSL are DES, Rivest Cipher (RC4, RC5, and RC6), AES 128 and 256 bits and 3DES. Initially RC4 was used in SSL, due to its weakness, TSL designed to perform more security. AES 256 bits is very powerful cipher which is more secured than else because no one can cracked it, whereas RC4, RC5 and RC6 are designed by Rivest but it is not secured as AES. RC6 was also participated for the AES nomination but due to some weakness it couldn't win the AES title. According to me AES 256 bits is better than RC6, RC5, RC4 and DES. AES provides more security as compared to other cipher which provides more security over the Ethernet and server. Today AES is mostly using in all type of security standards which provide high security over wireless devices, Ethernet, organizational servers, Routers and many more. NIST expected that scope of AES cipher has for next 20 years

Comparison between Rivest and AES Ciphers in TLS

Rivest Ciphers

AES

Encryption Algorithm

RC4

RC5

RC6

AES

Key size

64 bits

128 bits

128 to 256 bits

128 to 256 bits

Cipher Type

Stream

Block

Block

Block

Block Size

64 bits

Up to 128 bits

128 bits

Description

1. Variable key stream cipher is use to encrypt and decrypt the data.

2. It performed bits level encryption

1. Symmetric key is used for encryption and decryption

2. Routine performed; key expansion, encryption, and decryption.

3. 2-bit Register

1. Symmetric key same as RC5, it was developed for the AES competition

2. Integer Multiplication.

3. 4-bit Register

1. CCMP provides dynamic key. Each time different key used as authentication and also maintaining the collision.

2. Process performed are Substitution , Permutation, Mixing and Key Adding

Cracked

Brute force Attack

Differential attack

No known attack

No one can crack it yet.

Wireless Segment

They are four elements which affect the wireless security, data integrity, access control, encryption and authentication. Wireless support stronger and medium level of encryption, which provide unauthorized access. Only authorized user can access data or connect through wireless network. Wired LANs offers more security than wireless LANs because wireless LAN don't have physical medium between client and device for this reason, there are some encryption protocol which provides security by encrypting data on wireless signals (radio waves). Data is protected when it transmitted from one end point to another. Most popular security protocol used in wireless are WEP and WPA 2.

WEP (Wired Equivalent Privacy)

WEP was developed to provide the wired LAN security by encryption through RC4 algorithm with both sides of data communication. Later WEP become popular in wireless network. It presents in early 802.11i drafts. In sender side WEP preforms four actions to encrypt the plaintext [7].

Key used in WEP is 40-bit long with 24-bit IV (Initialization Vector). This key is acting as encryption and decryption key.

The selected key then act as the seed for PRNG (Pseudo Random Number Generator).

The data puts in integrity algorithm and concatenate by plaintext.

They key sequence and ICV will put to RC4 algorithm.

Final encrypted message will be attached IV with Cipher text. In Receiver side, there are five processes to decrypt the received cipher text with IV [7].

The Pre-Shared Key and Initialization Vector concatenated to make a secret key.

The encrypted text and Secret Key go to in CR4 algorithm, after process plaintext derived as a result.

ICV and plaintext will separate.

The plaintext drives to IA (Integrity Algorithm) to create a new ICV.

The new ICV compare with original ICV.

WEP Weaknesses and Enhancements

Key size is 40 bits. This is not enough for security. It is weak

It allows any attacker that he can change a message without knowing secret encryption

RC4 is having problem. It already cracked by many attackers.

Authentication message can easily forging.

Key management is lack; there are varieties of cryptanalytic methods which can easily decrypt data. Brute force is best solution to decrypt.

Due to WEP weakness, now days big organization start adopting new protocols which provides more security as compared to WEP. But it is still used in home wifi devices.

WPA2 (Wi-Fi  Protected Access 2)

WPA came with the purpose of solving WEP method without need to change hardware. It was developed by IEEE to replace with WEP security standard. WAP uses PSK (pre shared key) to provide security by using 8 to 63 bits key. TKIP (Temporal Key Integrity Protocol) was carried into WPA. TKIP provides support of 128 bits key and dynamic generate key each packet and also prevents repetition. This more secured as compared to WEP.

Now WPA2 has swapped with WPA. It implements important features of 802.11. WAP2 introduce new encryption protocol CCMP. CCMP is based of AES encryption mechanism. AES is more secured as compare to others. AES is more reliable as compare to RC4 and TKIP. It support up to 256 bits key. No one cracked it yet.

WEP vs. WAP2

WEP

WPA2

Encryption Algorithm

RC4

AES

Key size

40 bits

128 to 256 bits

Key Type

Static key provides as authentication over the network. It made WEP easy to crack

CCMP provides dynamic key. Each time different key used as authentication and also maintaining the collision.

Cipher Type

Stream based

Block based (Block size 128 bits)

Cracked

Brute force algorithm can easily crack it

No one can crack it yet.

Supported Network

Wire LAN and Wireless LAN

It support only Wireless LAN and supports IEEE 802.11

Conclusion

Selected segments from UoB network diagram are wireless segment and server segment which based on wired network. There are different security standards are available in these segments. In server segment I discussed the TLS/SSL which is provides more security, it supports different encryption protocols and key exchange methods. In key exchange and authentication part I find that RSA and DHE both are good for this process. Both support asymmetric cryptography. In encryption algorithm; AES is more secured and reliable. It provides more security regarding authentication, access control, data integrity and data confidential. AES is never cracked yet due to this fact it is very widely used in many security standards. It supports key size up to 256 bits which is best as compared to other cipher like RC2 40 bits, RC4 64 to 128 bits. In wireless segment, WAP2 is more secured as compare to WEP. WAP2 support AES encryption method and whereas WEP supports RC4 encryption method, RC4 is not reliable because it can easily crack from freely available software. Rivest encryption algorithm are not reliable as compared to other. AES is best solution as compare to RC4 which is designed by Rivest. RC4 is best before AES invited. RC4 use weak key and easily breakable.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.