An analytical survey on Network Security Enhancement Services by ijcsis


									                                                       (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                         Vol. 9, No. 3, March 2011

               An analytical survey on Network Security
                        Enhancement Services
       Deshraj Ahirwar                       Manish K. Ahirwar           Piyush K. Shukla              Pankaj Richharia
       PG Scholar, CSE, SATI, Vidisha        CSE, UIT, RGPV               CSE, UIT, RGPV               CSE, BITS, Bhopal

Abstract: - Internet has also become an active field of crackers          security attacks like Denial of Service (DoS) attacks, packet
and intruders. The whole development in this area can become              spoofing and session hijacking attacks. Packet Level
null and void if fool-proof security of the data is not ensured           Authentication (PLA) provides an elegant network level
without a chance of being adulterated. Dependence on the                  solution to the aforementioned attacks by allowing every
Internet as an information highway and knowledge bank is                  node in the network to validate the authenticity and integrity
exponentially increasing so that a going back is beyond
imagination. Transfer of critical information is also being
                                                                          of a packet without any prior contact with the originator of
carried out through the Internet. This widespread use of the              the packet.
Internet coupled with the tremendous growth in e-commerce
and m-commerce has created a vital need for information                   In Open System authentication, the WLAN client need not
security.                                                                 provide its credentials to the Access Point during
                                                                          authentication. Thus, any client, regardless of its WEP keys,
  The cornerstone of PLA is public key cryptography based                 can authenticate itself with the Access Point and then
digital signature which is added do every outgoing packet by              attempt to associate. In effect, no authentication (in the true
the packet originator. Therefore, signature generation and                sense of the term) occurs. After the authentication and
verification schemes of PLA become infeasible in resource-
constrained devices if dedicated hardware accelerator is not
                                                                          association, WEP can be used for encrypting the data
used. Hence studies were conducted on various types of                    frames. At this point, the client needs to have the right keys.
algorithms being used in this area. Focus was given to identify           it might seem as though Shared Key authentication is more
the properties imparting security at this stage. By making use            secure than Open System authentication, since the latter
of a perception derived from these studies, new algorithms                offers no real authentication. However, it is quite the
were designed. We present Wireless Packet Level                           reverse. It is possible to derive the keystream used for the
Authentication (WPLA) that extends PLA to offer an adaptive               handshake by capturing the challenge frames in Shared Key
hop-by-hop signature verification scheme. WPLA includes a                 authentication.[10] Hence, it is advisable to use Open System
lightweight signature verification approach for resource-                 authentication for WEP authentication, rather than Shared
constrained devices while retaining the public key
cryptography based signature verification scheme for strong
                                                                          Key authentication.
authentication. Furthermore, to ensure end-to-end data                    Security controls are implemented commensurate with the
confidentiality over the unsecured channels, we integrate a               identified impact.
symmetric encryption scheme along with secret key generation
and distribution process. Finally, we implement the proposed
solution and evaluate the performance of our implementation.

Keywords: http, Datagram, administrative and management
policy,  Encryption,  Weighted   Matrix,   Authentication,
Authorization.                                                                                                D

                   I - INTRODUCTION

Internet today has become a vital part of day to day life,                            S
owing to the revolutionary changes it has brought about in
various fields. Secure user authentication, authorization and
access control have become the major challenges in any
wireless security system, often due to certain wireless                                                        S
network characteristics such as lack of infrastructure, low
power availability and mobility. Taking advantage of such
network characteristics, an attacker can launch several

                                                                                                   ISSN 1947-5500
                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                             Vol. 9, No. 3, March 2011

The Gartner Group defines (Witty, et al., 2001) risk                    history of the Internet. Any historical facts that are not
assessment as —ensuring that the impact to the business                 referenced explicitly are taken from the general literature.
(e.g. , financial, reputation, operational, legal/regulatory,
competitive advantage) is assessed prior to a security breach
occurring such that

2.1 Single hop transfer when S and D are in radio-range.
2.2 Multiple hops (5) transfer when S and D are NOT in
radio-range.     Security     controls    are    implemented
commensurate with the identified impact.“                 Risk
Management, as applicable to Information Systems, can be
categorized into two primary groups: Project Risk
Management and Security Risk Management. The discipline
of Project Risk Management largely deals with
implementation success and related areas. Many authors
observe that IS projects, software projects in general, are
notoriously difficult to manage and too many of them end in
failure security risks associated with networked enterprise
systems. As will be seen elsewhere, networked enterprise
systems are vulnerable to a number o find igneous problems.
This project is a systematic attempt to evaluate security risks
associated with such systems.
The statistics and figures fro m the United States may not be
totally representative of the other parts of the world;
however, the under lying issues and solutions are mo re
universal. It is also attributed to the global nature of the
Inter net and the global business models that are being
adopted by corporations. Internet has also become an active
field of crackers and intruders. The whole development in
this area can become null and void if fool-proof security of
the data is not ensured without a chance of being
adulterated. It is, hence a challenge before the professional
community to develop systems to ensure security of the data
sent through the Internet.
                                                                        Risk is defined as the possibility o f something happening
                  II - RELATED WORK                                     that will have an impact upon objectives. It is measured in
                                                                        terms of consequences and likelihood. Risk management is
The goals of network security are no different from those of            an iterative process consisting o f well-defined steps which,
any effort to protect information: availability guarantees that         taken in sequence, support better decision making by
requested information can be provided when needed,                      contributing a greater insight into risk and their impacts
confidentiality restricts access to information to authorized           Nodes mobility has greatest impact on available routes.
individuals, while integrity ensures that information remains           Mobility leads to dynamic topologies of the network which
unmodified and complete. Attacks on networked systems                   enforces nodes to update their neighbor information and
attempt to exploit one or more vulnerabilities in those                 associated routes to a node. Different routing protocols
systems that allow the mechanisms that enforce these goals              update this information in different ways. The primary goal
to be bypassed. A successful attack can be composed of                  of routing protocols in ad-hoc network is to establish
many steps; Schneider’s attack trees structure these steps.             optimal path (min hops) between source and destination
Malicious activity generally means any activity that aims to            with minimum overhead and bandwidth consumption so that
find or exploit vulnerabilities.                                        packets are delivered in a timely manner. A MANET
                                                                        protocol should function effectively over a wide range of
In the following I present an overview of the evolution of              networking contexts--from small, collaborative, ad hoc
network security over the decades, focusing on the                      groups to larger mobile, multi-hop networks.
awareness, understanding of the problem, and measures
taken, rather than trying to give a complete account of the                          III - RESEARCH APPROACH

                                                                                                 ISSN 1947-5500
                                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                              Vol. 9, No. 3, March 2011

An over view of business research is provided, along with                bigger than the improvement itself. Third, it is also a race in
the justification of selecting sing as conclusive evidence to            a more literal sense: the involved timescales are constantly
determine a solution to the problem is not the purpose le-               decreasing. This holds for both the time from discovery of
case study as the research strategy for this project. This is            vulnerability to attempted exploitation as well as to the
followed by a brief description of the various tools and                 development of a fix for the vulnerability and of signatures
methods used during the course o f the research. Subsequent              identifying exploitation attempts [6]. The development of a
research will be required to pro vide conclusive evidence,               technique to derive such signatures without human
this type of research.                                                   intervention is the main contribution of Chapter 5 of this
                                                                         dissertation. Fourth, the race is here to stay. While there can
Previous understanding of the nature of the research                     be no doubt that present-day software engineering produces
problem where and how questions (Zik mund, 1997). Due to                 suboptimal products due to economic disincentives and
nature of these questions, accuracy is the most important in             lacking expertise, no matter how well the architecture of the
descriptive research. It is also point out that unlike                   future Internet will work, people will always attempt to
exploratory research, descriptive research is based on some              attack it. The question is only how easy it will be for them to
understanding o f the dimensions of the problem.                         succeed. From a technical point of view, the arms race is a
Exploratory research fits into this initial phase, or the exp lo         constantly driving factor behind the development of more
ration stage of analysis. Zikmund (1997) points out that                 sophisticated attack and defense techniques.
exploratory research is usually conducted with the
expectation that nature. For example, there might be a                                      V - FUTURE WORK
common understanding of the problem at large by the
stakeholders; however, research might be needed to gain a                Any kind of network-based traffic analysis necessarily
better. This thesis followed the first two of these methods at           involves inspection of the packets observed on the wire.
various phases; however, the strong emphasis is on                       Starting from the raw packets, the analysis can be performed
descriptive research. The researcher conducted exp                       up to varying levels of depth. This depth corresponds
laboratory studies at the beginning o f the research project to          roughly to the layer in the network layering model at which
explore the topic being investigated. The specifics of the               the analysis is performed; the higher up, the deeper is the
problem and the variables involved were largely unclear at               analysis, the more costly in terms of CPU cycles, and the
the beginning of the project. As Zikmund‘s observed, the                 more invasive to the actual content transferred in the flows.
project was started with a general statement that —there are             The following list proceeds pward through the layers of the
security risks associated with networked information                     OSI network model [173], describing each layer’s relevance
systems.“ This opinion was for med upon the researcher‘s                 to network monitoring.
knowledge and practical experience working in the industry
in this area.                                                            • Physical Layer: the physical layer defines how a
                                                                         monitoring station can tap into the traffic. For shared media
                 IV - PROPOSED WORK                                      this is typically easy since the standard access method is
                                                                         sufficient to observe all traffic. For optical networks the task
                                                                         is complicated by having to split off a fraction of the optical
A major shift in attacks in recent years is commercial
                                                                         input signal to be fed into the monitoring engine.
motivation for exploitation of vulnerabilities. Instead of only
bragging about the latest break-ins, the control of large
                                                                         • Data Link Layer: here one can perform statistical
numbers of machines becomes automated to the degree that
                                                                         analysis of elementary attributes of frames passing the
allows attackers to control such botnets for extorting money:
                                                                         location of the monitor, such as the frame frequency, byte
only after payment is the victim relieved of DDoS attacks,
                                                                         size, and particularly inter-arrival times. Flow granularity is
or returned encrypted files. Delivery of unsolicited email,
                                                                         typically irrelevant at this level, though MAC addresses can
often happening through the infected machine’s legitimate
                                                                         be used to identify LAN-wide endpoints if necessary.
SMTP server, is another common application. Current
botnets have a large command set suitable for automated
                                                                         • Network Layer: at this level, analysis leverages per-
updates of the malware, sniffing user input, scanning for
                                                                         packet protocol header information, typically to extract IP
vulnerabilities, etc. At present, they often use IRC and IRC-
                                                                         addresses and focus flow granularity to the host-pair level.
like systems as the communications layer since IRC lends
                                                                         Technologies such as network address translation and
itself well to commanding large numbers of clients.
                                                                         proxying weaken the value of IP addresses.
Several aspects of the network security arms race are worth
                                                                         Analysis of traffic at the application layer requires
noting. First of all, it is of limited predictability: external
                                                                         recombination of the content of TCP segments (for TCP
influences can shift motivations of the involved parties in
                                                                         connections) and UDP datagram (for UDP flows), as
unforeseeable ways. Second, not taking a step that makes
                                                                         observed at the monitoring location, into the byte sequences
life harder for the other side is a chance missed, unless
                                                                         that the peering applications are exchanging.
taking that step brings with it negative side effects that are

                                                                                                   ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                      Vol. 9, No. 3, March 2011

                                                                                 [9] M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The
                                                                                 Internet motion sensor: A distributed black hole monitoring system..
Other types of traffic analysis aim to detect weaknesses in
aspects of individual distributed applications. In context of                    [10] F. Baker and P. Savola. Ingress Filtering for Multihomed Networks.
privacy-enhancing communication services [55], traffic                           RFC 3704, IETF, March 2004. URL rfc3704.txt. (
analysis aims to assign network-level activity to individual                     Page 111.)
                                                                                 [11] Paul Baran. On Distributed Communication Networks. IEEE
communicating entities [110]. In context of cryptographic                        Transactions on Communications, 12:1–9, Mar 1964. (Page 7.)
protocols, traffic analysis aims to identify weaknesses in                       [12] S.A. Baset and H. Schulzrinne. An analysis of the Skype peer-to-peer
individual aspects of the protocols. An enormous body                            internet telephony protocol. Technical report, Columbia University, New
exists on variants of statistical traffic analysis at low levels                 York, NY, 2004. (Pages 59, 86.).
of the network model for predicting traffic queuing
behavior, router buffer size requirements, and quality of
service guarantees.                                                              AUTHOR’S PROFILE
                    VI - CONCLUSION

Network traffic exhibits structural properties which, given                                               1. Deshraj Ahirwar was born in 1987.He
suitable filtering and vantage points, permit fully automated                                             has done his BE in CSE branch from is
derivation of fingerprints of previously unknown network                                                  pursuing his M.Tech from SATI Vidisha
applications and attacks. The generated fingerprints enable
                                                                                                          (MP).His Research Interests includes
accurate detection as well as filtering of such network
activity.                                                                                                 Network Security, Security of mobile
The literature review revealed that a large pro portion of the                                            Adhoc network and Cryptography.
security incidents reported were attributed to various
                                                                                 2. Manish Kumar Ahirwar was born in 1982.He has done his BE
human-related matters such as application bugs and failure
                                                                                 in CSE branch from MITS Gwalior Rajeev Gandhi Proudyogiki
to update software patches. The literature suggested that
these problems were largely attributed to the speed of                           University. He received his M.Tech from IIITM Gwalior [Deemed
evolution of technology and the associated complexity over                                                University] (MP).
the past decade, and the lack o f resources for IS
                                                                                                            .He is an Assistant Professor in RGPV
departments to stay constantly on the top of developments in
the technology and security arena. The literature review also                                               Bhopal. His Research Interests includes
identified a number of security technologies that provided a                                                Network Security, Security of mobile
meta-view of contemporary security solutions, and public                                                    Adhoc network, Software Testing,
security for ums that would help keep security personnel up-                                                Architecture, Parallel computing.
to-date on developments in this arena.
                                                                                 3. Piyush K. Shukla Completed his Masters in Computer Science
REFERENCES:                                                                      & Engineering from SATI, Vidisha he is also pursing His Ph. D
[1] Christopher Alberts and Audrey Dorofee. Managing Information                 from RGPV, Bhopal, and his research area is Computer Network
Security Risks: The OCTAVE (SM) Approach. Addison-Wesley, July
                                                                                 & Engineering, Network Security, Data Communication,
2002. (Page 7.)
[2] S.F. Altschul,W. Gish,W. Miller, E.W. Myers, and D.J. Lipman. Basic          Operating System, Cryptography, Wireless Networks, MANET
local alignment search tool. J. Mol. Biol, 215(3):403–410, 1990. (Page           and High Speed Network, Web Engineering & Analog & digital
119.)                                                                            Communication. He has membership of different academic
[3] James P. Anderson. Computer security threat monitoring and                   organizations, including IEEE/ he has published more then 20
surveillance. Technical report, James P. Anderson Co., Ford Washington,          research papers in IEEE, ACM, and other International and
PA, April 1980. (Page 8.)                                                        National Conferences and Journals. He is also Reviewed so many
[4] R.J. Anderson. Security Engineering: A Guide to Building Dependable          papers for IEEE conferences and Journals.
Distributed Systems. John Wiley &
Sons, Inc. New York, NY, USA, 2001. ISBN 0471389226. (Pages 18, 87.)
[5] Bass, T. 2000. —Intr usion detection systems and multisenso r data           4. Pankaj Richharia has completed Master in Computer Science
fusio n. Communications of the ACM, New York; Apr; Vo l. 43, Iss. 4, pg          from SATI Vidisha, He is an Associate Professor & Head of Dept.
99-105                                                                           of CSE in Bhopal Institute of Technology and Science, Bhopal
[6]. Bielski, L. 1999. —Enter the ”supersmart car d. ‘“ ABA Banking              his area of interest is computer networks, ADA, CGM, OOT,
Journal, New Yo rk; Jun; Vo l. 91, Iss. 6, pg 56-60                              SEPM, Neural Networks, Data Mining, He has membership of
[7] K. Argyraki and D. Cheriton. Network Capabilities: The Good, the Bad         different academic organizations, has written so many research
and the Ugly. Proc of 4th ACM Workshop on Hot Topics in Networks,
                                                                                 papers in different subjects. He is in teaching and academic since
2005. (Page 116.)
[8] Stefan Axelsson. Intrusion Detection Systems: A Survey and                   more then one decades. Hi is also writing a book for well known
Taxonomy. Technical Report 99-15, Depart. of Computer Engineering,               publication.
Chalmers University, March 2000. (Page 13.).

                                                                                                              ISSN 1947-5500

To top