This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The information held by the company is sensitive. This includes personal details of the customers. It is a matter of concern that this information should not fall into the attacker's hands. The company wants to implement encryption to secure this information. A suitable solution for this concern is to be researched and a recommendation is to be made.
Encryption system is the part of a company or business organization. Without Encryption system the business system cannot properly. But if the Encryption system is unsecured, business become harmful and a company become loss. So Encryption security is the hard of business because more and more data, information keep in the Encryption. As a result secure Encryption system is must need for a business organization or retails company. In this task I will try to solve and discuss about the secure Encryption system.
What is Encryption?
Using Encrypted message
Encryption is the method of converting information into a complex form, so that it is understandable only to someone who knows how to 'decrypt' it to obtain the original data or message. Encrypted data in mail system helps for security. When an attacker try to seek real data it is impossible to read data if it is encrypted data. So encrypted message system should be use, when a company wants to use a secure email. So a company or organization should use the encryption method to improve the email security. Encryption is also used to protect data and information in transition, for example data being transferred via networks, wireless microphones, mobile telephones, wireless intercom systems etc.
â€¢ Stored information, starting only files to whole hard disks;
â€¢ Computer rules such as computer operating systems;
â€¢ Information transmitted over the Internet, including emails and internet telephony (Voice over Internet Protocol or VoIP);
How does encryption work?
Encryption involves pleasing a novel message or plaintext and converts it into cipher text using an encryption algorithm and an encryption key. Simple example:
â€¢ the ciphertext is sduoldphqw lv lq vhvvlrq and can be converted back to plaintext with a decryption algorithm and decryption key, in this case 'replace each letter with that three places to the left of it in the alphabet'.
â€¢ Take the plaintext is Parliament is in session;
â€¢ Encrypt according to the encryption algorithm 'replace each letter with that X places to the right of it in the alphabet', where X, the encryption key, is 3;
Algorithm: A procedure of solving a mathematical problem in a finite number of steps that frequently involves repetition of an operation.
Key: Data that is used to lock or unlock information by passing its value to the encryption algorithm. The key size is often expressed in the number of bits that the key encompasses
Parallelization: The use of multiple processors, processes, or computing systems for the express purpose of breaking an encryption algorithm.
Prime Number: An integer used heavily in current encryption algorithms. The integer has the following properties: the integer cannot be -1.0. or 1; a division operation performed on the integer cannot use a divisor of -1.0. or 1; and the integer is not divisible by any other integer without a remainder.
Round: A phase of the encryption process. Encryption algorithms may be applied repeatedly to the plaintext message during many rounds to achieve the final ciphertext.
Exclusive OR (XOR): A simple Boolean operation that compares the data bits at a binary level and sums the two values without a carry operation. When comparing bits that are equal (e.g., 0 XOR 0), the result is 0. When comparing bits that are not equal (e.g., 0 XOR 1) the result is 1. For example, the binary value 1001 XORed with 0111 results in 1110. This mathematical operation is often used I encryption algorithms to assist in the production of ciphertext.
Applications of encryption:
Securing networks and SSL protocol
A secure network is essential for a security email system. Without network security email security is not possible. Secure Sockets Layer (SSL) is an encryption protocol. The SSL is used to do a secure communications and user authentication over open, unsecured networks. Internet is the example of unsecure network. For transferring secure information SSL is must need. For example when a user submits credit card details online it become unsecure if there are no SSL protocol. So to build up a secure email system for a retail company secure network and SSL protocol must be needed.
Private use - encryption software packages are readily available commercially and by free download from the Internet. One free e-mail encryption package is Pretty Good Privacy (PGP), available since 1991.2 An alternative is S/MIME, supported by most e-mail vendors
Access control - Digital television providers control subscriber access by encrypting audio and video signals. Subscribers are equipped with a descrambling device comprising the decryption algorithm and decryption key, which together decrypt pictures and sound.
Block ciphers, data is broken into chunks or blocks of data. The encryption
algorithm and key are then applied to each block.
Stream ciphers, the encryption algorithm and key are applied to each piece of
data continuously until the entire message is transformed into cipher text.
Reliability of encryption
The strength of an encryption technique describes how difficult it is to 'break' it. Information security experts agree that there are already algorithms which are very strong and if used correctly are effectively unbreakable.
Choosing appropriate encryption depends on:
â€¢ what kind of information needs to be secured;
â€¢ how long it needs to be protected;
â€¢ who the potential interceptors are;
â€¢ what resources they might have.
Type of encryption: There are many type of encryption. Such as
Symmetric Encryption: Symmetric encryption defines as a system that uses the same key for encryption and decryption and faster data transfer then asymmetric encryption.
Advantages of Using Symmetric Encryption: Symmetric encryption faster but not relisble. Smaller size increase then main size of data. The symmetric encryption process is simple each trading partners can used the same publicly known encryption algorithm - no need to develop and exchange secret algorithms security is dependent on the length of the key
Asymmetric encryption: Asymmetric encryption use different key encryption and decryption. Slower then symmetric encryption but most secure.
Advantage asymmetric encryption: one key use to encryption and another key use to decryption. Data transfer is more secure then symmetric encryption.
Fig: Drawn layout of the two types of encryption
Different encryption algorithms use proprietary methods of generating these keys and are therefore useful for different applications. Here are some details about some of these encryption algorithms. Strong encryption is often discerned by the key length used by the algorithm.
List the main purposes of a hash algorithm. Name hash algorithms.
Hash algorithms take a variable plaintext input and produce a fixed length output.
The algorithm is designed to ensure that the input can be encrypted but not decrypted.
The most popular algorithms are:
â€¢ the MD series
In 1977, shortly after the idea of a public key system was proposed, three mathematicians, Ron Rivest, Adi Shamir and Len Adleman gave a concrete example of how such a method could be implemented. To honour them, the method was referred to as the RSA Scheme. The system uses a private and a public key. To start two large prime numbers are selected and then multiplied together; n=p*q.
If we let f(n) = (p-1) (q-1), and e>1 such that GCD(e, f(n))=1. Here e will have a fairly large probability of being co-prime to f(n), if n is large enough and e will be part of the encryption key. If we solve the Linear Diophantine equation; ed congruent 1 (mod f(n)), for d. The pair of integers (e, n) are the public key and (d, n) form the private key. Encryption of M can be accomplished by the following expression; Me = qn + C where 0<= C < n. Decryption would be the inverse of the encryption and could be expressed as; Cd congruent R (mod n) where 0<= R < n. RSA is the most popular method for public key encryption and digital signatures today.
The Data Encryption Standard (DES) was developed and endorsed by the U.S. government in 1977 as an official standard and forms the basis not only for the Automatic Teller Machines (ATM) PIN authentication but a variant is also utilized in UNIX password encryption. DES is a block cipher with 64-bit block size that uses 56-bit keys. Due to recent advances in computer technology, some experts no longer consider DES secure against all attacks; since then Triple-DES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits.
Blowfish is a symmetric block cipher just like DES or IDEA. It takes a variable-length key, from 32 to 448 bits, making it ideal for both domestic and exportable use. Bruce Schneier designed Blowfish in 1993 as a fast, free alternative to the then existing encryption algorithms
a) Vulnerabilities with traditional p2p network:
Five vulnerabilities of P2P networks:
(1) Revelation: It is established on linking to someone else in order to share files. Thus a network is also getting connected with the p2p client.
(2) Data corruption: The chance of corrupted file is high. Most of them are not checked when they are received by p2p software. These files can be vulnerable to the network.
(3) Bandwidth shaping/throttling: Anyone can download anything with a p2p client without knowing legal or illegal file. And most of the ISP knows that very well. Sometimes they limit bandwidth or stops p2p client connection.
(4) Signal to noise ratio: Sometimes it is impossible for someone to tell if the files contain virus, worm or spyware. It is easy for an experienced person to tell if the file contain virus. But it is impossible for almost every user.
(5) Spyware/backdoors/etc: This is the most important fact for a traditional network. A P2p program comes with spyware, malware and other malicious content before installing of after installing. And to run majority p2p programs, a system may have to configure a firewall setting which is bad.
b) Briefly describe the vulnerabilities peculiar to the P2P technology:
The attacks and vulnerability we are facing with common internet may not be the same for p2p programs. Attacks like Sybil attack, rational attack can be found only in the p2p programs.
It creates several identities for an entity. There is software called "entity" on a peer to peer network which is used to access local resources. Multiple identities are used by entity in a p2p network for purpose of redundancy, resource sharing, reliability and integrity. But these are also vulnerable to the system also
The Eclipse attack:
Eclipse is an overlay attack. It breaks both p2p functionality and underlying network. It is defined as an attack where several nodes are under control with the intension of a denial of service or redirecting overlay flow.
For an effective p2p service participating nodes must cooperate, but in most cases a node becomes selfish. He always downloads without sharing. They are also called free rider. Some p2p programs do not support these free riders. And most of the time they have to face rational attacks.
C) The countermeasures that could be implemented to defend an enterprise from potential attacks:
Countermeasures for Sybil attack: To defend Sybil attack a central trusted authority is required. May be carefully configured network can slow down attacks. A good defense is to render a Sybil attack unattractive by making it impossible to place malicious identities in strategic positions. Another proposition could be to include the node's IP in its identifier. Thus an attacker would not be able to spoof fake identities.
Countermeasures for Eclipse attack: The main defense against Eclipse attack s is simply to use a pure p2p network model. An even better solution would be to additionally use a randomization algorithm to determine the node's location. If the nodes are in a pure p2p networks are randomly distributed, then there are no strategic positions and an attacker can't control his nodes' position.
Countermeasures for Worms, malware and viruses: Downloading content from P2P networks bypasses corporate messaging security systems, leaving an enterprise network susceptible to viruses, worms, Trojans, buffer overflow vulnerabilities, spyware, adware and similar threats. To defend these attacks some security controls should take. Some security issues are:
Restricted access to sensitive data
Disables access to known spyware infection sites
Installing Antivirus programs
Install Intrusion Detection System
Host based firewalls
Ensuring confidentiality of data
Ref: Semester Thesis-Attacks on Peer-to-Peer Networks-Book by Dept. of Computer Science
d) Some of the p2p programs are:
Vulnerabilities of Bear Share:
Bears hare is a Windows file sharing program from Free Peers, Inc. that lets everyone in the world share files. There are a serious security vulnerability in the product allows remote attackers to download any file on the local disk, even if it hasn't been added to the shared list.The following list includes some of the most critical BearShare vulnerabilities known to the security community:
BearShare NCTAudioFile2 ActiveX Control Buffer Overflow
BearShare Directory Traversal Issue Resurfaces
BearShare File Disclosure Variant Vulnerability
There is a security vulnerability in BearShare allows remote attackers to access files that reside outside the upload root provided by BearShare.
Vulnerabilities of EMULE:
Multiple vulnerabilities have been reported in eMule and some clones, where the most serious can be exploited by malicious people to compromise a user's system.
A format string error in the handling of "OP_SERVERMESSAGE" messages from servers can be exploited by a malicious server to execute arbitrary code on a vulnerable client system.
A boundary error in the handling of "OP_SERVERIDENT" messages can be exploited to cause a heap overflow. This can possible by a malicious server to execute arbitrary code on a client system by sending specially crafted server dent packet.
A format string error in the handling of server names can be exploited to crash a vulnerable client. Execution of arbitrary code is not thought possible due to length restrictions on the server names.
An error in the handling of certain packet sequences can be exploited to execute arbitrary code on a vulnerable client.
As day by day p2p is becoming more popular and also becoming more vulnerable. So actions should be taken to stop malicious activity rather stop using or we will be deprived from many good features of it.
Major problems that apply to encryption algorithms.
â€¢ Algorithms are not tested sufficiently when kept private - security through obscurity doesn't work.
â€¢ Computers do not adequately produce random numbers - therefore key
generation can be attacked rather than the algorithm.
â€¢ Encryption results in reduced performance - the more secure, often the slower it is to calculate.
â€¢ Increased processing power can ultimately break encryption - Moore's Law.
[Students may cite key security instead of one of the above, which should be credited]
Algorithms are not tested sufficiently when kept private
Computers do not adequately produce random numbers by default
Encryption results in reduced performance
Increased processing power can ultimately break encryption