PricingBlogAbout Us

Cryptography: Buffer Overflow Threats and Mitigation Techniques

Verified

Added on  2023/05/23

|7
|1251
|249
AI Summary
This document discusses buffer overflow threats and mitigation techniques in cryptography. It covers the vulnerability of confidentiality, integrity, and availability due to buffer overflow. The threat profile, systems it attacks, and how it attacks are also explained. The document also covers exporting public keys, ASCII format for cipher text, and the role of cryptography in privacy.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
1Cryptography
Cryptography
Student Name
University Name

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2Cryptography
Table of Content
Solution 1.......................................................................................................................3
Threat Profile...........................................................................................................3
Solution 2.......................................................................................................................5
Part d.......................................................................................................................5
Part e........................................................................................................................5
Part g.......................................................................................................................5
References......................................................................................................................7
Solution 1
Buffer Overflow is a recent security vulnerability. Confidentiality, integrity, and
availability was impacted because of this bug.
Threat Profile
Threat International Score:
Vulnerability DB Base International Score: 5.1
Vulnerability DB Temp International Score: 5.1
Vulnerability DB Dependability: Very High
Law: Federal Information protection or security law and this Act was designed to
secure or protect data from attackers at the time of buffer overflow. Static analysis
strategies and legal rules & regulations executed to find usual coding issues that might
expose buffer overflow.
Document Page
3Cryptography
Fig 1: Buffer Overflow
Image Source:ai2-s2-public.s3.aws.com
Threat list: Hinders security of user’s data, format string assaults, unauthorized
control on the execution of programs & processes, unauthorized modification of inner
variables and crashing of the processes.
Systems it attacks: Buffer overflows vulnerability affecting widely utilized server
products and also represent some significant risks or threats to users of such
applications. Recently several buffer overflow threats were disclosed in several
SCADA constituents. Considering that several cyber-attacks or assaults against
SCADA is highly increased and these buffer overflow security vulnerabilities will
seriously exploit with huge frequency ("Security vulnerability in sendmail", 1999).
Buffer overflow assaults are particularly very dangerous and their web servers,
desktop applications, as well as web applications.
How Buffer overflow attack: Attacker sends or transmit data to any application
which store that data in a very undersized batch buffer and causing the huge
overwriting of the data or information on a call batch or stack considering the
Document Page
4Cryptography
function’s turning pointer. Therefore in this manner attacker is capable to run all its
own malicious code whenever a lawful function is accomplished and entire control is
transferred to the exploited code restrained in the data of attacker. Attacker corrupt the
executing stack of the web applications or servers by sending generally crafted data.
Buffer overflow security vulnerability performs by the attacker in a condition when a
web application attempts to simply put more information in a framework than it holds.
Also writing outside of the space allotted to buffer permits an assaulter to write the
content of adjoining memory artifacts causing information corruption, crash the
system or the performance of an absolute malicious code.
Mitigation
Fig
1:Avoiding
Buffer
Overflows
Image
Source:develo
per.apple.com
In very simple
terms, for the
mitigation of
Buffer overflow keep the framework from overflowing by manually limiting its
magnitude or size which prevents buffer or framework from causing huge requests for
more and more buffer memory. In this manner, no mismatch or counterpart will occur
as well as no overflow occurred. A contiguous response is essential for the system
administrators or managers to forestall exploiters from exploiting it (Rahimi &
Zargham, 2013).
Conclusion: This study concludes that Buffer Overflows is a security vulnerability
which causes safety or security failure. There are various techniques for fixing the
ordinary security Buffer Overflows. Above mentioned mitigation techniques
connected to demand and design stage of the software development or evaluation
lifecycle. Program, testing will also reduce the issue or risk by furnishing the
existence of buffer overflow and permitting the development group to fix all risks as
they found. By utilizing all techniques within a layered formulation at bonded

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5Cryptography
software demand analysis stage, it might be possible to simply reduce the danger or
risk of buffer overflows at some level.
Document Page
6Cryptography
Solution 2
Part d
To export public key, display the public key on the web page or also paste the
public key in email, and then type the command:
gpg --armor --export @example.com > mykey.asc
I believe that the public key should be exported into an ASCII format and ordinary
format for this is ASCII which exports simply to Base-64.
ASCII armoured Public Key (exported by command *.asc file)
The public key is also exported in binary format, however this might be inconvenient
when the public key is sent through webmail (Tenvergert, Kingma & Klasen, 2012).
Therefore, public key exported in ASCII format assists a command-line alternative (--
armored).
Part e
When we need cipher text in an ASCII format
Encrypt a file in an ASCII cord [a-zA-Z0-9:] to ASCII cord [a-zA-Z0-9]
Cipher text is generally an outcome of encryption executed on plain text but some
time we need cipher text in ASCII format (Pyle, 2015). As we know that one byte of
any key as well as one byte of a plain text map usually to one byte of a cipher text.
The Key string also have a particular length therefore the characters of key are
utilized for the encryption cycles with the help of the key string. When one text file
information does not completely have uniform distribution than also we need a cipher
text in ASCII format.
Part g
Cryptography plays a role in guaranteeing right to secrecy or privacy of the
individuals
Cryptography utilize inside the Internet by lots of individuals as it has the capability
or potential to record individuals or government power connections or relationships.
Cryptography is also a central to all the questions roughly about how much free the
individuals of the upcoming future are from the Internet (Bhandari, 2016).
Individual’s data or information privacy is done by cryptography as cryptography is
just like a science which applies convoluted mathematics as well as logic's to design
very strong encryption strategies as well as methods. Therefore cryptography is just
Document Page
7Cryptography
like an art which plays a significant role in guaranteeing a right to secrecy or privacy
of the individuals.
References
Bhandari, S. (2016). A New Era of Cryptography : Quantum
Cryptography. International Journal On Cryptography And Information
Security, 6(3/4), 31-37.
Costa, D., Figuerêdo, S., & Oliveira, G. (2017). Cryptography in Wireless Multimedia
Sensor Networks: A Survey and Research Directions. Cryptography, 1(1), 4.
Pyle, I. (2015). Format effectors in ISO7 and ASCII. Communications Of The
ACM, 10(3), 137.
Rahimi, S., & Zargham, M. (2013). Vulnerability Scrying Method for Software
Vulnerability Discovery Prediction Without a Vulnerability Database. IEEE
Transactions On Reliability, 62(2), 395-407.
Security vulnerability in sendmail. (1999). Network Security, 1999(1), 3.
Tenvergert, E., Kingma, J., & Klasen, H. (2012). Fixfree and Genhdr: Two Turbo
Pascal Programs to Transform Comma-Delimited Free ASCII Format Files into
Fixed Format ASCII Files and Vice Versa. Perceptual And Motor Skills, 81(2),
355-364.
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.