Cryptography Techniques for Network Security: A Research Project
Verified
Added on 2024/05/21
|5
|3935
|215
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ITC595 Research Project Cryptographic Technique A.Abdul ITC595 MIT, School of Computing & Mathematics, Charles Sturt University author@first-third.edu.au ABSTRACT–This paper aims to research over cryptography. One of the major problems all industries facing today is the leakage of data. The attackers get their hands on the precious data and might misuse it. We need to look into possible solution so that the data does not reach in wrong hands. In this paper, we have described certain cryptography techniques, to store data in an encrypted form. Techniques like ciphering, MAC, Hash Function, SHA are described in detail to get a gist of the topic. Keywords—Cryptography;secretkey;Authentication; Confidentiality INTRODUCTION In the recent years, the networks trespassers have expandedtheirtechnicalknowledge,advancedsuperior packages and feature determined out new approaches to take advantage of community vulnerabilities. The activities of such intruders can create a stampede for the companies as the intruderscaneasilyhaveaccesstotheconfidential information of an organization. It can also harm a person personally as an attacker can come to know the account’s number and password and can easily misuse it according to his own advantage. All these issues have raised the demand for network security. Network security can be divided into four categories:confidentiality,authentication,non-repudiation, and integrity. Confidentiality–Confidentialityreferstokeepingthe information out of unauthorized people. Authentication –Authentication refers to knowing whom you are talking to before revealing sensitive information. Nonrepudiation–Nonrepudiationdealswiththedigital signature so that the other party cannot deny the authenticity of the message (Baortaz, 2005). Integrity –Integrity refers to ensuring that the content of the messageisnotalteredwhilesendingandreceivingthe message. Figure1Encryption technology For these reasons, cryptography has become an essential part of computers and communication networks. Cryptography protects everything from business emails to internet shopping to electronic bank transactions. Cryptographyistheprocessofencryptingaplaintext (readable) into a ciphertext (non-readable) (Deffie, 1976). Cryptography involves certain mathematical techniques to avoid eavesdropping. The boom in the use of cryptography canbedatedbackto20thcenturywhenwireless communicationwasintroducedinthecommunication networks. Until the early 1990s, only governmental, military and financial data were protected by encryption. But now things as simple as chat applications are well encrypted. There are several ways to encrypt the valuable information like a block cipher, stream cipher, MAC (Message Authentication Codes),HashFunctions,Publickey,PrivateKey,Digital Signatures etc. A.Research Problem The major issue is discussed in the research report is about to network source. To resolve this issue, the authentication and confidentiality technique is used. This research paper is based on the security issues which can be solved by the cryptographic technology (Sharma, 2015). B.Research Justification Thisresearchaimstosolvethesecurityissueswith identifying the network issues. Research is being performed after reviewing the research article to find the best technology withthebestresult.Withthisresearch,providethe knowledgeofthecryptographytechnologywiththeir functionality. Figure2Cryptography technique TABLEI: COMPARISONOFALGORITHM S. no. Comparison CryptographySizeGeneration time 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Algorithm 1DES5629 2RSA1024287 3AES12875 4ElGamal16086 Thisgiventableshowsthecomparisonbetweenthe cryptography algorithms with their generation time. LITERATURE REVIEW Cryptographyisanemergingtechnology.Itrefersto encrypting a text in a manner that it becomes non-readable. Cryptanalysis refers to the process of decrypting the ciphertext into the plain text. The process of encryption and decryption of data is called cryptology. Plain Text –Plain text refers to the original text that can be read by humans (Sharma, 2015). Cipher Text –Ciphertext is the encrypted or the secret text that contains a certain amount of redundancy so to make it non-readable. Fig 1: Cryptology Where E: Encryption, D: Decryption, C.T:Cipher Text, P.T: Plain Text. C.Cryptosystems Generally, cryptosystems are divided into two categories: SymmetricCryptosystemsandAsymmetricCryptosystems basedonthekeysusedinencryptionanddecryption processes. In Symmetric Cryptosystems, the keys used in encryption and decryption are both identical or are derived from each other. Thekeyshouldbekeptsecretotherwisethesecure communication can be compromised. The disadvantage of this system is that it creates a key distribution problem which is handledinasymmetriccryptosystems.Anexampleof symmetric cryptosystem is DES (Data Encryption Standard). In Asymmetric Cryptosystems, the keys used for encryption and decoding are dissimilar. The key for encryption is kept secret and the decryption key is kept secret. If user M1 wants to send M2 a message then he can encipher it using the public key of M2. M2 can decipher the text using his private key (Gaubatz, 2005). Figure3Cryptographic algorithm D.Symmetric Cryptosystems Thissectionmainlyfocusesonsymmetriccryptosystem techniques: stream ciphers, block ciphers, MAC algorithm, Hash Functions etc. It is the encryption procedure that encodes a fixed magnitude block of n-bits of facts. The size of the data blocks can be 64 bits, 128 bits, and 256 bits. A block cipher drives intake 64-bits of normal text and will generate a ciphertext of 64-bits. The popular block ciphers used today are DES, AES, 3DES, Blowfish, Two fish. Based on the approach of action, the block cipher is divided into two categories: Deterministic and Probabilistic (Patil, 2013). Electronic Code Block (ECB) –It is the most used methods in thecipheringprocesses.Itisadeterministicmodeof operation.Inthismethod,eachmessageisdividedinto numerousblocksandformerlyallblockisencrypted separately. It is very fast. Figure4Block Diagram of CB Cipher Block Chaining (CBC) –In this method, all the blocks are made dependent on the previous block for encryption. Cipher Feedback (CFB) –It is same as CBC. Offset Code Block (OCB) –It is a block mode of cipher for operationsthatoffersauthenticationandconfidentiality parallel at the identical time. DES(DataEncryptionStandard)–Itisanencryption procedure for electronic information. DES is capable to deliver a security with high level and is easy to understand. It is available to all users and is easy to use (Gaubatz, 2005). Advanced Encryption Standard [AES] - Itis the symmetric algorithm for block cipher that has been implemented in software and hardware worldwide to protect sensitive data. AES comprises three block ciphers: AES-192, AES-128, and AES-256. All cipher encodes and decrypts the data packets in blocks of 128 bits by means of the cryptology algorithm. A stream cipher is an encrypting algorithm that encrypts bits and bytes of plaintext at a time. Since 1980s additive stream ciphershavebeenusedincryptographyduetoitslow implementation cost. In a stream cipher, a small key and an initialization value (IV) are appended to a plain text and they are encrypted [6].The key is the stream of pseudorandom bits. Stream Ciphers are also called One-Time Pad which means that it uses a random key which is unpredictable and it is used only once. The only problem with this algorithm is that a key must be as lengthy as or equal to the length of the plain text.Thiscipherisnotusedforday-to-dayusebutis warranted in matters of national security. A popular stream cipher is RC4. RC4 –It has been invented to encrypt software on the 8-bit machine.ItiscurrentlybeingimplementedinSSL/TSL 2 ED P.C.P.T
protocols. This algorithm has many pitfalls still it is able to stop and restrain key recovery attacks. In last 20 years, many stream ciphers ensure developed that can operate on 32-bit and 64bit processors. MUGI and SNOW are two new stream ciphers that are included in ISO. 2.2.3 MAC (Message Authentication Code) Message Authentication Codes are utilized for authentication purpose between parties, sharing a key. They are used in communicationnetworksastheyaremoreefficientin performance than any other encryption process. User M1 wants to send M2 a text. He encodes the message by means of a secret key which knows to M2. M2 will receive the message and will decrypt it using the key (Sharma, 2015). Figure5MAC Process In the constrained environment is like cellular phones where complex computation is not possible due to non-availability of the resources. The cellular environment can capacitate less power consumption otherwise the battery can run out. In this context nested MAC or HMAC (Hash MAC) is used for security purposes. HMAC is widely used for wireless communication environment (Gaubatz, 2005) Implementation of HMAC: 1.Divide the message to be input into blocks of n-bits. 2.A key K, which should be equal to the length of b (length of the message), is XORed with a constant called i-pad. 3.Theoutputreceivedfromabovestepisthen appended to the message. 4.Apply the hash function to the output received from the above step. 5.Now, the key K is XORed with another constant I-pad. 6.This output is then appended to the result received in step 4. 7.Apply a hash function to the above string. 8.Select the leftmost t bytes of the above result as the MAC. ThemoststandardMACusedaimedatthemonetary transaction is the CBC-MAC. CBC-MAC –The CBC-MAC is grounded on an n-bit block cipher. In this, the plain text is appended with the multiple of the length of the plaintext and then the output is separated into t n-bit blocks ranging from x1to tx. C1: Ek(x0) Ci: Ek(xi⨁ci-1), 1< i <=t Where⨁denotes the exclusive-or bitwise operator. 2.2.4.Hash Function A hash function produces an output of fixed size and the input can be of varying size. It is very easy to calculate the hash. The result generated by the hash function is called as digest it is typically of the formula: h(x)=y Where x ϵ Z and y ϵ Zn Properties of a hash function: We have seen that the hash function tends to decrease the input given that means that we can find two or more inputs for the same output. Preimage Resistance –It means that if we have a message digest y, then it is not possible to find x like that h(x) = y. Weak Collision Resistance –If we are given two values, x and y then it is computationally not possible to find x’ ≠ x such that h(x) = h (x’). CollisionResistance–Itmeansthatitis computationally not possible to find x and x’ where x ≠ x’ such that h(x) = h (x’). Here, we can choose the messages so it is called as strong resistance (Sharma, 2015). 2.3.Asymmetric Cryptosystems In asymmetric cryptosystems, two keys are used, one is the key for public and another one is the private key. Both these keys are mathematically linked to one another. If user M1 desires to conduct a message to M2, he will encrypt it using M2’s public key. On receiving the message, M2 will decrypt it using his private key (Diffie, 1976). Fig 5: Asymmetric or public key cryptosystems Where M1: user 1, M2: User 2, E: Encryption, D: Decryption. One such public-key algorithm is RSA. RSA is grounded at the difference among the convenience of locating two massive prime numbers and the difficulty of factoring huge prime numbers. The attacks that can be performed on RSA are Forward Search Attack and Common Modulus Attack(Jasuja, 2015). Steps to implement RSA: 1.Choice two large prime digits p & q. 2.Compute n = p*q; 3.Compute Φ = (p-1)(q-1) 4.Select an integer e, 1<e< Φ, such that gcd (e, Φ) = 1. 5.Compute the secret component d, 1<d< Φ, such that ed = 1. 6.The public key is (n, e) and the private key (d, p, q). All these values are kept secret. 3
Digital Signature –Digital Signature is a method to encrypt messagessuchasdocuments,contracts,andinformation which will be transferred using data exchanging and data encrypting protocols. In this process, an abstract is created which is a signature or a seal which can be used by the receiver to verify the sender(Jasuja, 2015). 2.4.MD5 (Message Digest) The MD5 hashing algorithm is a one-way algorithm which produces an output of fixed length by taking the input of any length. It was originally developed to authenticate digital signatures. But now its value has depreciated to such extent that now it is only used as a checksum for data integrity and data corruption. It is no longer considered reliable because some techniques havebeendetectedwhichareeasilycapableof generating MD5 collisions. MD5 hashing algorithm works on data blocks of 512 bits, which are further divided into 16 words of 32 bits each. The process works in multiple stages. In each stage, 512-bit block is processed taking along the result obtained in the previous stage. In the primary stage, the message process esteem is introducedutilizingthehexadecimalnumerical qualities. Each stage incorporates four message process passes which control the qualities in the square. The last esteem processed from the last square is considered as the message process. The point of MD5 is to deliver a yield that looks irregular. To be viewed as secure, the hash work needs to meet these two prerequisites: it ought to be difficult to make a message coordinating a particular hash esteem and it ought to be difficult to make two messages that make a similar hash esteem(Jasuja, 2015). Steps in MD5: 1.Attach the padding bits: The text is padded so that its size converts 64 bits fewer than the multiple of 512. In padding, first one bit “1” is appended to the textandthenthe“0s”areappendedtillthe measurement becomes 64 bits which is less than the several of 512. 2.Append the length: The size of the text is counted and is transformed to binary. It is then appended to the output in step 1. These are the remaining 64 bits. 3.Initializing MD buffer: A 4-word buffer – A, B, C, and D are utilized with compute the message digest (MD). AB, C, and D are 32-bit registers. 4.ProcesstheMessage:Here,foursupporting functions are definite. These functions take in 32- bit expression input and yield a 32-bit word output (Patil, 2013). 2.5.SHA(Secure Hash Algorithm) The Secure Hash Algorithms are the series of cryptographic hash utilities. Few of the popular SHA are SHA-1, SHA-2, and SHA-5. SHA is better than MD5 as it is strongly encrypted in response to the hackers attack. A very common application of SHA is encrypting passwords. This is very helpful in the case any hacker tries to attack the database as now he will only find the random hashed values rather than the actual password. These algorithms are also used in security applications such as TLS, SSL<, IPsec, MIME etc. 3.Network Security Threats For any organization, it’s IT structure is an asset as it is the essential part of which all the employees depend upon to do their job. Nowadays, an IT infrastructure has madeproductiveworkandprofit-makingfastand reliable.Butthequestionariseshere:Isthis infrastructure really safe? Is there any threat to it? If there is any threat, what can it be? (Patil, 2013) IT security is very important as it can prevent many threatswhichcanharmorganizationsvaluable information. Not only the data of the company is leaked but also the formula of success of that company falls into the wrong hands which can devastate the company. In 2017, Tesco Bank faced a cyber raid on one of its customer’s accounts. Types of security risks to organizations are: Hackers– Organizations are targeted by hackers for financial gains. A hacker is a person who has technical skills to overcome any computer security (Jasuja, 2015). Viruses –Virus is a computer program that replicates and executes itself and intervenes in the process a computer operates. It is costly and dangerous. Spyware –It is harmful software that spies the user without his knowledge or permission. If a criminal is able to install a spyware on an organization’s system then he can monitor all the activities of the device. Adware –The unwanted advertisements appearing on the screen are mostly infected by adware. A person may download this adware by mistake. It can retrieve your information without your knowledge. Phishing –Phishing can be done by sending packets to the internal user by tricking the packet filter using the exact IP address as of the internal user so that sensitive and critical information like username and password can be retrieved of an organization’s system. Worms –This malicious software reproduces itself in massivequantitymomentarily.Itcandegradeyour network performance and can be used to launch other malicious software through your system (Patil, 2013). Spam –Spams are the junk emails, which may contain harmful links. It can also take over your system and generate and distribute more spams. These can overload your mail server and may also clog an organization’s server. Botnets –A botnet involves many computers, connected to the internet which runs and controls one or more bots. Deployed by a botmaster, this security threat, commands 4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
other bots to run and perform malicious activities over the internet. These are sometimes called “zombie army”. Rootkits–Itisacollectionofsoftware,whichare malicious that can access a computer that is not allowed. Itprovidesaccesstoamaliciousprogramupto administrative-level. It first gains access to the user-level and then it could crack the password of administrative- level. DOS (Denial-of-Service) Attacks –In this kind of an attack,theattackermakesthecompany’sresources unavailable to it. These are mostly done for blackmailing and ransom. The most famous kind of DOS attack is DDOS (DistributedDenial-of-Service)attack,whichinvolves swamping your server with traffic and request so that the server gets filled and shut down (Sharma, 2015). PROPOSED DESIGN In the proposed design, the network security issue has been resolved. The private conversation between M1 and M2 could have been listened by the attacker who might get into the network and get to know the private information. But now, by encrypting the text using the above-described algorithms, confidentiality can be achieved. Also by using the public and private key, we have also achieved authentication as the data has been signed by the sender. CONCLUSION Wehavesuccessfullyfoundthesolutionfornetwork securityissuesusingcryptographictechniques.Thereare many techniques to encrypt the text like a stream cipher, block cipher, MAC, SHA, RSA. In this paper, we have also seen the detailed description of some of the algorithms which can bedirectlyrealizedintheprogramminglanguages.The research in the area of cryptography is increasing which is giving better solutions for securing our data. REFERENCES [1]Sharma, R., & Bollavarapu, S. (2015). Data Security using Compression andCryptographyTechniques.InternationalJournalofComputer Applications,117(14). [2]Patil, M., & Sahu, V. (2013). A Survey of Compression and Encryption technique for SMS.International Journal of Advancements in Research & Technology,2(5). [3]Jasuja,B.,&Pandya,A.(2015).Crypto-CompressionSystem:An Integrated Approach using Stream Cipher Cryptography and Entropy Encoding.International Journal of Computer Applications,116(21). [4]Diffie, W., & Hellman, M. (1976). New directions in cryptography.IEEE Transactions on Information Theory,22(6), 644-654. [5]Gaubatz, G., Kaps, J. P., Ozturk, E., & Sunar, B. (2005, March). State of the art in ultra-low power public key cryptography for wireless sensor networks.InPervasiveComputingandCommunicationsWorkshops, 2005. PerCom 2005 Workshops. Third IEEE International Conference on(pp. 146-150). IEEE. 5