Importance of Encryption Technique in Network
The report is prepared for a financial company for securing its digital communication between the staffs of the old and the new branch located in the east and south of the country. The report is prepared for the CEO defining the encryption methodology that can be applied for the development of the network framework for the organization. A short description is given for the strength and weakness of the selection of the security mechanism and the best methodology is applied for the development of the organizational network. A comparison is made on the symmetric and the public- key cryptography and its use is described for ensuring the resources of the network cannot be accessed illegally.
It is important to understand the importance of the encryption technique for its application in the network and secure the communication between the two offices of the organization. There are two types of encryption that can be applied in the network and it can work together without causing interference (Cascarino 2015). For the application of the cryptography the data needs to be secured should be identified and the length and time of the security should also be secured for the determination of the security level required to be implemented in the network. The encryption can be applied in the network using the following two approaches such as:
- Link encryption and
- End to End encryption
In case of link encryption the message is encrypted before it is transmitted over the network via the physical medium (LaCroix 2015). The message passes over different links of communication before reaching the destination address and for sending the sensitive information the data must be encrypted using the symmetric or the public key encryption for increasing the security of the organization.
The implementation of the end to end encryption increases the security of the network at a higher level. It can be decrypted after reaching the final destination. It requires ball the system to be compatible to the end to end encryption and thus the proprietary algorithm cannot be applied for the end to end encryption. The cost of the end to end encryption is much greater than the link encryption. The end to end encryption can be monitored by the hacker by the implementation of the traffic analysis as the destination patterns are not masked. The individuals connected in the network can choose their pattern for sending the data packets and thus it may not be compatible with the other system.
Types of Encryption Methodology
The difference between the public key cryptography and the use of symmetric key for securing the data communication in the offices are evaluated. The symmetric key encryption technique uses a single key for the encryption and the decryption of the data. It is similar like locking a file in a wardrobe with a single key (Kermani Azarderakhsh and Mirakhorli 2016). For any of the user needs to access the file needs to open the wardrobe with the key. It is a faster and secure approach for encrypting a file and it is the best approach for local encryption and it is less secure for networks. If the file is encrypted with symmetric key the key is also required to be sent to the user over the network for opening the file and the physical medium used for sending the file is insecure and any hacker monitoring the network can steal the data packet and the key required for decrypting the message.
The public key encryption is more secure than the symmetric key encryption and it uses two keys for the encryption of the message. The private key is kept with the sender and the public key is sent with the message for decryption. The public key is used as a derivate of the private key and the two keys are required for the decryption of the message (Mauss et al. 2015). The private key is not sent using the network and thus it remains secure all the time. The main disadvantage of the public key encryption is that it is time consuming and needs more resource for its working. Moreover, large number of data cannot be sent using the public key encryption.
For the development of the communication methodology the two types of methodology should be mixed with each other. The main idea proposed for the selection of the cryptography is that the data should be encrypted using the symmetric key encryption and the data is sent immediately without creating a load on the available resources. The encryption key can be encapsulated with the public key and sent to the user (Ryan 2015). On the decryption of the package the symmetric key can be used for the decryption of the data. The process acts in a similar way as the activation of the credit card by email as the company of the credit card sends the activation code by email and then it can be activated using phone or ATM machine. This mix and match process would also take the same time as the public key encryption technique but it consumes less resources than the public key encryption technique.
Comparison between Public Key Cryptography and Symmetric Key Cryptography
From the above report it can be concluded that with the selection of the best encryption algorithm is important for the development of the network solution for securely transmit data over the different offices of the organization. The mix and match method with the implementation of the public key and the symmetric key encryption is applied for the development of the network solution. The encryption of the messages with the key helps in increasing the security of the network and eliminates the risk of data loss and data hijacking that can negatively affect the growth of the organization. There are different algorithm that can be applied for the encryption of the message such as RSA, SHA, digital signature, etc. The verification of the public or the private key is important for getting the message in unaltered format and effectiveness of the security administrative control of the network.
It is the fourth version of the secure hash algorithm and it is a part of the Keccak family whicg was designed by the authors Guido Bertoni, Gilles Van, Joan Daemen and Michale Peeters. The Keccak is developed following a novel approach also known as sponge construction. Random permutation is used for the inputting the data and output the data of any amount with using the pseudorandom function regarding all the inputs for increasing the flexibility of the system (Elgenaidi et al. 2016). The SHA-3 is a revised version of the SHA – 2 algorithm and it was designed for increasing the robustness of the hash algorithm. The core properties that are followed for increasing the security of the SHA 3 algorithm is the resistance against collision, resistance against preimage and resistance against the second preimage (Burns et al. 2017). For defining the core security properties a hash function is used with n bit output.
- Collision resistance – a pair of different messages m1 and m2 should not be easily found such that H (m1) equals to H (m2).
- Preimage resistance – For an arbitrary value of x, a message m should not be found easily and H (m) should be equal to H (m2).
- Second preimage resistance – The message m1 should not be found for a different message m2 and H (m1) is equal to h (m2).
An analysis is made on the strength and weakness of the SHA 3 algorithm depending on its mode of communication and the analysis is divided into the following three categories such as:
Category 1 – The attacks made on the core property of the hash function and most of the applications are dependent on the core security properties. The core security property is the most important for any of the hash function.
Category 2 – Bias in the output can help the distinguishers to find a property of the hash function to distinguish it from the hash function. It is weaker than the first category and there are different random properties for the hash function that are required for some of the applications and it must be ensured that the hash function should not exhibit undesired results.
Mix and Match Method for Encryption
Category 3 – An internal permutation is used for the SHA 3 and it should be distinguished from the random permutation. The internal permutation is used in a specific way with the implementation of restriction the output is difficult to distinguish. Some of the exception property must be excluded for having little influence on the different security measures for the hash function.
The strength of the SHA 3 algorithm is demonstrated in the following table.
|
Output Size |
Function |
Preimage Resistance |
Second Preimage Resistance |
Collision Resistance |
|
224 |
SHA 3-224 |
224 |
224 |
112 |
|
256 |
SHA 3-256 |
256 |
256 |
128 |
|
348 |
SHA 3-348 |
348 |
348 |
192 |
|
512 |
SHA 3-512 |
512 |
512 |
256 |
|
d |
SHAKE128 |
Min (d,128) |
Min (d, 128) |
Min (d/2, 128) |
|
d |
SHAKE256 |
Min (d, 256) |
Min (d, 256) |
Min (d/2, 256) |
The SHA 3 algorithm is not sensitive for the extension attacks and the protocols that are based on the MAC address are more robust. An attack is made on the core security properties for the
Weakness
The main weakness of the SHA 3 algorithm is that it is designed for the hardware and it is slow for the software. When it is compared with the SGA 2 algorithm it takes double time for running a software and ¼ th time for running in the hardware platform. If there is a requirement to run it in a minimum time less number of iteration is needed to be used and it can be hacked by the hackers with the implementation of hardware device (PV and Sandhu 2016). Thus the hackers can access the password eight times faster than the SHA 2 algorithm if the half iteration is used in order to make the algorithm 4 times faster than its normal operation. The security of the SHA 3 XOFs is less than the 4 SHA -3 hash function. The security of the XOFs SHA is dependent on the strength of the Keccak permutation.
A study is made on the Lamport’s authentication scheme and the use of hash function and its vulnerability is identified for protecting the network from eavesdropping and theft of the passwords. The Lamport’s hash uses a one-time password mechanism for protecting the password and the eavesdropping. The user name, integer and n-fold hash is stored for the password (Shivraj et al. 2015). If there is a need for the user to login into the system the password should be typed by the user and the machine sends a request to the server and a response is received as n. A calculation is made on the user end as hashn-1 and returns it to the server. Then a calculation is made on the server end by as, hash (hashn-1) = hashn (password) and it decrements the n. If the n decrements to 0, a password reset request is sent to the user. The implementation of salting can improve the scheme by storing the salt on the server and sending back both the n and the salt for weakening the dictionary attacks in the network (Amirshahi and Barsky 2015). The hash of Lamport’s value is limited to n and if n is large the initial value of the hash needs to be calculated and if the n is small then the scheme should be reset as soon as possible. The Lamport’s hash can be compromised with the application of the man in the middle attack and also called as small n attacks. In this type of attack the server is impersonated by the attacker when the client authenticates using the username and the password with a small man in the middle query (Lamport and Tyrväinen 2016). If the client responds with the hashn (password) the attacker can calculate the hashm (password) for m > n. For the construction of a no collision resistant function a one way function should be selected and it may be a secure hash function and one of the bits for its inputs can be ignored. The first preimage resistance can be weakened with the implementation of the function and destroys the second preimage resistance and the collision resistance (Amirshahi and Barsky 2015). The main threat of the cryptography arises after the development of the quantum computers and it is noted that the large hash functions are secure and a Lamport scheme can be applied for more than one messages making it an efficient digital signature scheme for securing the information in the network.
Evaluation of SHA-3 Algorithm
For the creation of a Lamport key that would be a private and a public key the following steps should be followed.
Creation of the key pair – For the creation of the key pair, a private key and a public key should be created. Both the keys are of 256 bits in size and the private key should be always with the user and stored for future use.
Message Signing – If a sign is required to be added to a message the message should be hashed as a 256 bit sum of hash. For the bits of the hash value one number is required to be picked from the available pair of numbers for comprising the private key. For the bit with value 1 the first number is chosen and for the value 2 the second number is chosen. From this 256 sequence of random number can be generated. The size of the single number would be 256 bits and thus the total length of the signature would be 256 * 256 bits which is equal to 8 kb (Dharmawardena and Wang 2017). The signature can be published with the message and they are a set of random number. The private key is used and it cannot be used again and the 256 random number that is used in the message must be destroyed such that the security of the data packet is not compromised. The reuse of the private key can increase the risk of duplication of the signature.
Verification of the Signature – For the verification of the signature the message is required to be hashed for getting the 256 bit hash sum. The hash bits is utilized for find the public key of the sender and it is done in the same manner as the sender picks a random number from the signature i.e. if the first bit is 0 the first number is picked and if it is 0 the second number is picked.
Each of the 256 random numbers are hashed at the receiver end and if the 256 hashes matches with the hashes of the sender then the signature is verified and if not the message is discarded.
For creation of the DNS server the first step is to Click on Add roles and Features > next > Role based or feature based installation > Select a server from the server pool> Next > Check box of DNS Server> Add feature> Next> Install> Close. In the next step the tools should be selected and followed by the DNS option to Forward Lookup zone and Add new Zone.
Strengths and Weaknesses of the SHA-3 Algorithm
For connecting it with the users some user account are created and the connection is tested for reducing the errors in the network.
The Server is also configured with DHCP for automatically assigning the IP address to the host connected in the network. An address pool is generated and screenshot is attached for demonstration that the client connected in the network automatically receives the dynamic IP address.
For the configuration of the server with Web configuration the server is configured with IIS and apache and the screenshot such that the web client can access the website “www.beta-enterprise.com” is attached with the report. The web server is tested with the creation of a sample webpage for being accessed from the client machine.
The windows server is configured with email service for sending and receiving email in the internal network and for the email server configuration “[email protected]” is used. The screenshot of the mail server configuration is attached with the report.
For the configuration of the server with file transfer protocol the FTP client tools are utilized and the screenshot for uploading and downloading of the files from the server are attached with the report.
For testing the vulnerability of the current network configuration five types of security attacks are implemented in the server using Kali Linux and their screenshot are embedded. The countermeasures for the mitigation of the security issues are analyzed and given in the report for securing the server from external access. For proceeding with the attacks the Social Engineering Toolkit is used. It is a menu driven attack mechanism that is used for concentrating on the attack of security elements. It is the best suited tool for penetration testing and it can be invoked with the se-toolkit command. The SET can be used from Application menu and there are different options available in the Social Engineering Toolkit and is given in the following screenshot. The following steps are used for the security attacks and are listed below:
Reconnaissance, Scanning, Gaining access, maintaining access and Clearing the tracks. In the reconnaissance stage information is gathered about the targeted host and for it different tools can be used such as nmap and the information consists of the range of the network, open ports, access points, operating system and service assigned to the ports. The use of Whois, NS look up can be used for information gathering about the current status of the network.
Lamport’s Authentication Scheme
A network scanning is made for the evaluation of number of active hosts connected in the network and getting the address of the port for the targeted machine.
For gaining the access of the targeted host different programs are utilized such as keyloggers and spywares. The password directory files can be used for cracking the password using the brute force attack mechanism.
The access on the targeted host is maintained by creating a backdoor on the server and by installing application programs and rootkits and hiding the presence of the backdoor on the server (Chapman 2016). The root kit file is deployed using the driver _root_.sys and running the DEPLOY.EXE program helps in installation of the rootkit program in the targeted host. The files can be hidden from the directory list with the installation of the rootkit program.
The access of the targeted machine should cleared and covered in order to continue the access of the machine and not get detected. The deletion of the log files using the tunneling protocol helps in clearing the tracks.
The following list is gathered using the nmap command in the linux
|
Internet Protocol (host) Address |
MAC (physical) Address |
|
192.168.177.2 |
00:50:56:FA:BA:53 |
|
192.168.1.100 |
00:0C:29:FE:16:62 |
|
192.168.177.254 |
00:50:56:F1:76:15 |
|
192.168.177.158 |
– |
IP address of the WEB server 192.168.1.100 and its screen shot is given below. The port scanning is used for finding the open port of the targeted host.
|
Host (IP) |
Port |
Status |
|
192.168.1.100 |
3632 |
Open |
|
192.168.1.100 |
110 |
Open |
|
192.168.1.100 |
995 |
Open |
|
192.168.1.100 |
22 |
Open |
|
192.168.1.100 |
993 |
Open |
|
192.168.1.100 |
80 |
Open |
|
192.168.1.100 |
143 |
Open |
|
192.168.1.100 |
21 |
Open |
The NMAP is used for exploitation of the security auditing and finding the source and the service offered by the host.
|
Host (IP) |
|
Status |
Version |
Services |
|
192.168.1.100 |
21 |
Open |
ftp |
ProFTPD 1.3.1 |
|
192.168.1.100 |
22 |
Open |
ssh |
4.7p1 Debian 8ubuntu3 (protocol 2.0) |
|
192.168.1.100 |
80 |
Open |
http |
Apache httpd 2.2.8 ((Unix) PHP/5.2.4) |
|
192.168.1.100 |
110 |
Open |
pop3 |
Dovecot pop3d |
|
192.168.1.100 |
143 |
Open |
imap |
Dovecot imapd |
|
192.168.1.100 |
993 |
Open |
ssl/imap |
Dovecot imapd |
|
192.168.1.100 |
995 |
Open |
ssl/pop |
Dovecot pop3d |
|
192.168.1.100 |
3632 |
Open |
distccd |
v1 ((GNU) 4.2.4-ubuntu4)) |
The metasploit framework is used for the exploitation.
For cracking the password of the targeted machine the John tool is used and the screen shot is given below:
The SQl injection is used for modification of the database adding new credential to the table for gaining the root access.
The attacks can be stopped by disabling the unused ports and installation of antivirus application on the windows server. The network and the health of the server must be monitored and identification of the external request helps in securing the network from illegal access (Rao and Ram 2015). For the identification of the rootkit, the antivirus software can be installed and strong password combination should be used for protecting the server from brute force attacks.
For the development of the server hardware and software are required and their cost are given in the tabulated form. Different servers have different cost and the selection of the server depends on the availability of the resource and the load on the current network.
|
Upfront Cost |
RedHat Enterprise Server |
Windows Server |
|
Server Hardware |
$67,200 |
$96,000 |
|
Windows Software License |
$24,050 |
$30,654 |
|
Virtualization Software Licenses |
$0 |
$8,700 |
|
Hardware Maintenance |
$7,392 |
$10,560 |
|
Windows Software Assurance Subscription |
$6,013 |
$7,664 |
|
RedHat Subscription |
$9,747 |
$12,996 |
|
Virtualization subscription |
$10,486 |
$2,175 |
|
Total Cost |
$124,888 |
$168,749 |
References
Alston, A., 2017. Extending the Metasploit Framework to Implement an Evasive Attack Infrastructure. arXiv preprint arXiv:1705.04853.
Al-Zadjali, B.M., 2016. Penetration Testing of Vulnerability in Android Linux Kernel Layer via an Open Network (Wi-Fi). International Journal of Computer Applications, 134(6).
Amirshahi, B. and Barsky, A., 2015. A Distributed Algorithm for Power Management in Mobile Ad-Hoc Networks. Jurnal UMP Social Sciences and Technology Management Vol, 3(1).
Bullock, J., Parker, J.T. and Kadijk, J., 2017. Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework. John Wiley & Sons.
Burns, T.J., Rios, S.C., Jordan, T.K., Gu, Q. and Underwood, T., 2017, August. Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education. In 2017 {USENIX} Workshop on Advances in Security Education ({ASE} 17). USENIX} Association}.
Cameron, D., 2016. Modern Web Server Administration using Linux and WordPress.
Cascarino, R.E., 2015. Audit program for auditing UNIX/Linux environments.
Chapman, C., 2016. Network Performance and Security: Testing and Analyzing Using Open Source and Low-cost Tools. Syngress.
DeMott, J., 2015. Bypassing EMET 4.1. IEEE Security & Privacy, 13(4), pp.66-72.
Dharmawardena, P.K. and Wang, Z., 2017. Cluster Head selection Based Routing Protocol for VANET Using Bully Algorithm and Lamport Timestamp. International Journal of Computer Theory and Engineering, 9(3), p.218.
Elgenaidi, W., Newe, T., O’Connell, E., Toal, D., Dooly, G. and Coleman, J., 2016, November. Memory storage administration of security encryption keys for line topology in maritime wireless sensor networks. In Sensing Technology (ICST), 2016 10th International Conference on (pp. 1-4). IEEE.
Elias, K.A. and Ahmad, A., 2015. The Design of The Laboratory Exercise Using Virtualization Technology For A System Administration Course. In Proceedings of International Conference on Information Technology & Society.
Gupta, H. and Kumar, R., 2015, September. Protection against penetration attacks using Metasploit. In Reliability, Infocom Technologies and Optimization (ICRITO)(Trends and Future Directions), 2015 4th International Conference on (pp. 1-4). IEEE.
Gupta, N. and Rani, R., 2015. Implementing high grade security in cloud application using multifactor authentication and cryptography. International Journal of Web & Semantic Technology, 6(2), p.9.
Holik, F., Horalek, J., Marik, O., Neradova, S. and Zitta, S., 2014, November. Effective penetration testing with Metasploit framework and methodologies. In Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE.
Hu, Y., Sulek, D., Carella, A., Cox, J., Frame, A., Cipriano, K. and Wang, H.X., 2016. Efficient Distributed Vulnerability Assessment by Utilizing Miniaturized Computers.
Jaswal, N., 2014. Mastering Metasploit. Packt Publishing Ltd.
Kaur, M.G. and Kaur, N., 2017. Penetration Testing Exploitation of Windows XP SP0. International Journal, 8(3).
Kermani, M.M., Azarderakhsh, R. and Mirakhorli, M., 2016. Education and Research Integration of Emerging Multidisciplinary Medical Devices Security.
LaCroix, J., 2015. Mastering Linux network administration. Packt Publishing Ltd.
Lamport, L. and Tyrväinen, J., 2016. Leslie Lamport.
Mauss, F., Valencia, J., Hatchell, B., Silvers, K. and Crowell, S., 2015, October. System of systems approaches for mobile source transit security. In INCOSE International Symposium(Vol. 25, No. 1, pp. 1278-1289).
Mukhopadhyay, I., Goswami, S. and Mandal, E., 2014. Web Penetration Testing using Nessus and Metasploit Tool. IOSR Journal of Computer Engineering, 16(3), pp.126-129.
Nemeth, T.R.H., Snyder, G. and Whaley-Prentice, B., 2014. Basic Linux System Administration. Computer Science.
Nesterenko, A., 2016. Extracting Functional Job Roles from Professional Social Networking Site Profiles. In AIST (Supplement) (pp. 258-263).
Pleshkov, A.S. and Ruder, D.D., 2015. Penetration Testing as a Security Analysis of Computer Systems. News of Altai State University, 85(1).
PV, R. and Sandhu, R., 2016, October. POSTER: Security Enhanced Administrative Role Based Access Control Models. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1802-1804). ACM.
Rako, S., Softic, S.K., Dobrenic, D., Maric, I. and Bekic, Z., 2015, October. Planning an educational program for IT professionals based on a blended learning model. In E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (pp. 149-154). Association for the Advancement of Computing in Education (AACE).
Rao, T.D. and Ram, V.S.M.K.S., 2015. Deciphering The Prominent Security Tools Ofkali Linux. International Journal Of Engineering And Computer Science, 4(01).
Rawat, K., Zaidi, N., Kumar, P. and Choudhury, T., 2018. Analysis of Distributed Mutual Exclusion Algorithms. In Smart Computing and Informatics (pp. 487-496). Springer, Singapore.
Ryan, M., 2015. AWS System Administration: Best Practices for Sysadmins in the Amazon Cloud. O’Reilly Media, Inc..
Saraswatipura, M. and Collins, R., 2015. DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Study Guide. MC Press, LLC.
Shivraj, V.L., Rajan, M.A., Singh, M. and Balamuralidhar, P., 2015, February. One time password authentication scheme based on elliptic curves for Internet of Things (IoT). In Information Technology: Towards New Smart World (NSITNSW), 2015 5th National Symposium on (pp. 1-6). IEEE.
Slavenas, M., Rodriguez, P., Craig, A., Wuerffel, E. and Will, J., 2016, July. Image Analysis and Infrastructure Support for Data Mining the Farm Security Administration: Office of War Information Photography Collection. In Proceedings of the XSEDE16 Conference on Diversity, Big Data, and Science at Scale (p. 1). ACM.
Srivatsa, S., 2016. Analysis of Distributed Snapshot Algorithms. arXiv preprint arXiv:1601.08039.
Williams, K.Y.B. and Griffin, J.A., 2018. Better Security and Encryption Within Cloud Computing Systems. International Journal of Public Administration in the Digital Age (IJPADA), 5(2), pp.1-11.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
