An analytical survey on Network Security Enhancement Services

Shared by: ijcsis

Stats

views:: 202
posted:: 4/9/2011
language:: English
pages:: 4

Public Domain

Document Sample

(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011

An analytical survey on Network Security
Enhancement Services
Deshraj Ahirwar Manish K. Ahirwar Piyush K. Shukla Pankaj Richharia
Da.sati13061987@gmail.com ahirwarmanish@gmail.com pphdw@yahoo.com pankajrichharia.com@gmail.com
PG Scholar, CSE, SATI, Vidisha CSE, UIT, RGPV CSE, UIT, RGPV CSE, BITS, Bhopal

Abstract: - Internet has also become an active field of crackers security attacks like Denial of Service (DoS) attacks, packet
and intruders. The whole development in this area can become spoofing and session hijacking attacks. Packet Level
null and void if fool-proof security of the data is not ensured Authentication (PLA) provides an elegant network level
without a chance of being adulterated. Dependence on the solution to the aforementioned attacks by allowing every
Internet as an information highway and knowledge bank is node in the network to validate the authenticity and integrity
exponentially increasing so that a going back is beyond
imagination. Transfer of critical information is also being
of a packet without any prior contact with the originator of
carried out through the Internet. This widespread use of the the packet.
Internet coupled with the tremendous growth in e-commerce
and m-commerce has created a vital need for information In Open System authentication, the WLAN client need not
security. provide its credentials to the Access Point during
authentication. Thus, any client, regardless of its WEP keys,
The cornerstone of PLA is public key cryptography based can authenticate itself with the Access Point and then
digital signature which is added do every outgoing packet by attempt to associate. In effect, no authentication (in the true
the packet originator. Therefore, signature generation and sense of the term) occurs. After the authentication and
verification schemes of PLA become infeasible in resource-
constrained devices if dedicated hardware accelerator is not
association, WEP can be used for encrypting the data
used. Hence studies were conducted on various types of frames. At this point, the client needs to have the right keys.
algorithms being used in this area. Focus was given to identify it might seem as though Shared Key authentication is more
the properties imparting security at this stage. By making use secure than Open System authentication, since the latter
of a perception derived from these studies, new algorithms offers no real authentication. However, it is quite the
were designed. We present Wireless Packet Level reverse. It is possible to derive the keystream used for the
Authentication (WPLA) that extends PLA to offer an adaptive handshake by capturing the challenge frames in Shared Key
hop-by-hop signature verification scheme. WPLA includes a authentication.[10] Hence, it is advisable to use Open System
lightweight signature verification approach for resource- authentication for WEP authentication, rather than Shared
constrained devices while retaining the public key
cryptography based signature verification scheme for strong
Key authentication.
authentication. Furthermore, to ensure end-to-end data Security controls are implemented commensurate with the
confidentiality over the unsecured channels, we integrate a identified impact.
symmetric encryption scheme along with secret key generation
and distribution process. Finally, we implement the proposed
solution and evaluate the performance of our implementation.

Keywords: http, Datagram, administrative and management
policy, Encryption, Weighted Matrix, Authentication,
Authorization. D

I - INTRODUCTION
D

Internet today has become a vital part of day to day life, S
owing to the revolutionary changes it has brought about in
various fields. Secure user authentication, authorization and
access control have become the major challenges in any
wireless security system, often due to certain wireless S
network characteristics such as lack of infrastructure, low
power availability and mobility. Taking advantage of such
network characteristics, an attacker can launch several

259 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011

The Gartner Group defines (Witty, et al., 2001) risk history of the Internet. Any historical facts that are not
assessment as —ensuring that the impact to the business referenced explicitly are taken from the general literature.
(e.g. , financial, reputation, operational, legal/regulatory,
competitive advantage) is assessed prior to a security breach
occurring such that

2.1 Single hop transfer when S and D are in radio-range.
2.2 Multiple hops (5) transfer when S and D are NOT in
radio-range. Security controls are implemented
commensurate with the identified impact.“ Risk
Management, as applicable to Information Systems, can be
categorized into two primary groups: Project Risk
Management and Security Risk Management. The discipline
of Project Risk Management largely deals with
implementation success and related areas. Many authors
observe that IS projects, software projects in general, are
notoriously difficult to manage and too many of them end in
failure security risks associated with networked enterprise
systems. As will be seen elsewhere, networked enterprise
systems are vulnerable to a number o find igneous problems.
This project is a systematic attempt to evaluate security risks
associated with such systems.
The statistics and figures fro m the United States may not be
totally representative of the other parts of the world;
however, the under lying issues and solutions are mo re
universal. It is also attributed to the global nature of the
Inter net and the global business models that are being
adopted by corporations. Internet has also become an active
field of crackers and intruders. The whole development in
this area can become null and void if fool-proof security of
the data is not ensured without a chance of being
adulterated. It is, hence a challenge before the professional
community to develop systems to ensure security of the data
sent through the Internet.
Risk is defined as the possibility o f something happening
II - RELATED WORK that will have an impact upon objectives. It is measured in
terms of consequences and likelihood. Risk management is
The goals of network security are no different from those of an iterative process consisting o f well-defined steps which,
any effort to protect information: availability guarantees that taken in sequence, support better decision making by
requested information can be provided when needed, contributing a greater insight into risk and their impacts
confidentiality restricts access to information to authorized Nodes mobility has greatest impact on available routes.
individuals, while integrity ensures that information remains Mobility leads to dynamic topologies of the network which
unmodified and complete. Attacks on networked systems enforces nodes to update their neighbor information and
attempt to exploit one or more vulnerabilities in those associated routes to a node. Different routing protocols
systems that allow the mechanisms that enforce these goals update this information in different ways. The primary goal
to be bypassed. A successful attack can be composed of of routing protocols in ad-hoc network is to establish
many steps; Schneider’s attack trees structure these steps. optimal path (min hops) between source and destination
Malicious activity generally means any activity that aims to with minimum overhead and bandwidth consumption so that
find or exploit vulnerabilities. packets are delivered in a timely manner. A MANET
protocol should function effectively over a wide range of
In the following I present an overview of the evolution of networking contexts--from small, collaborative, ad hoc
network security over the decades, focusing on the groups to larger mobile, multi-hop networks.
awareness, understanding of the problem, and measures
taken, rather than trying to give a complete account of the III - RESEARCH APPROACH

260 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011

An over view of business research is provided, along with bigger than the improvement itself. Third, it is also a race in
the justification of selecting sing as conclusive evidence to a more literal sense: the involved timescales are constantly
determine a solution to the problem is not the purpose le- decreasing. This holds for both the time from discovery of
case study as the research strategy for this project. This is vulnerability to attempted exploitation as well as to the
followed by a brief description of the various tools and development of a fix for the vulnerability and of signatures
methods used during the course o f the research. Subsequent identifying exploitation attempts [6]. The development of a
research will be required to pro vide conclusive evidence, technique to derive such signatures without human
this type of research. intervention is the main contribution of Chapter 5 of this
dissertation. Fourth, the race is here to stay. While there can
Previous understanding of the nature of the research be no doubt that present-day software engineering produces
problem where and how questions (Zik mund, 1997). Due to suboptimal products due to economic disincentives and
nature of these questions, accuracy is the most important in lacking expertise, no matter how well the architecture of the
descriptive research. It is also point out that unlike future Internet will work, people will always attempt to
exploratory research, descriptive research is based on some attack it. The question is only how easy it will be for them to
understanding o f the dimensions of the problem. succeed. From a technical point of view, the arms race is a
Exploratory research fits into this initial phase, or the exp lo constantly driving factor behind the development of more
ration stage of analysis. Zikmund (1997) points out that sophisticated attack and defense techniques.
exploratory research is usually conducted with the
expectation that nature. For example, there might be a V - FUTURE WORK
common understanding of the problem at large by the
stakeholders; however, research might be needed to gain a Any kind of network-based traffic analysis necessarily
better. This thesis followed the first two of these methods at involves inspection of the packets observed on the wire.
various phases; however, the strong emphasis is on Starting from the raw packets, the analysis can be performed
descriptive research. The researcher conducted exp up to varying levels of depth. This depth corresponds
laboratory studies at the beginning o f the research project to roughly to the layer in the network layering model at which
explore the topic being investigated. The specifics of the the analysis is performed; the higher up, the deeper is the
problem and the variables involved were largely unclear at analysis, the more costly in terms of CPU cycles, and the
the beginning of the project. As Zikmund‘s observed, the more invasive to the actual content transferred in the flows.
project was started with a general statement that —there are The following list proceeds pward through the layers of the
security risks associated with networked information OSI network model [173], describing each layer’s relevance
systems.“ This opinion was for med upon the researcher‘s to network monitoring.
knowledge and practical experience working in the industry
in this area. • Physical Layer: the physical layer defines how a
monitoring station can tap into the traffic. For shared media
IV - PROPOSED WORK this is typically easy since the standard access method is
sufficient to observe all traffic. For optical networks the task
is complicated by having to split off a fraction of the optical
A major shift in attacks in recent years is commercial
input signal to be fed into the monitoring engine.
motivation for exploitation of vulnerabilities. Instead of only
bragging about the latest break-ins, the control of large
• Data Link Layer: here one can perform statistical
numbers of machines becomes automated to the degree that
analysis of elementary attributes of frames passing the
allows attackers to control such botnets for extorting money:
location of the monitor, such as the frame frequency, byte
only after payment is the victim relieved of DDoS attacks,
size, and particularly inter-arrival times. Flow granularity is
or returned encrypted files. Delivery of unsolicited email,
typically irrelevant at this level, though MAC addresses can
often happening through the infected machine’s legitimate
be used to identify LAN-wide endpoints if necessary.
SMTP server, is another common application. Current
botnets have a large command set suitable for automated
• Network Layer: at this level, analysis leverages per-
updates of the malware, sniffing user input, scanning for
packet protocol header information, typically to extract IP
vulnerabilities, etc. At present, they often use IRC and IRC-
addresses and focus flow granularity to the host-pair level.
like systems as the communications layer since IRC lends
Technologies such as network address translation and
itself well to commanding large numbers of clients.
proxying weaken the value of IP addresses.
Several aspects of the network security arms race are worth
Analysis of traffic at the application layer requires
noting. First of all, it is of limited predictability: external
recombination of the content of TCP segments (for TCP
influences can shift motivations of the involved parties in
connections) and UDP datagram (for UDP flows), as
unforeseeable ways. Second, not taking a step that makes
observed at the monitoring location, into the byte sequences
life harder for the other side is a chance missed, unless
that the peering applications are exchanging.
taking that step brings with it negative side effects that are

261 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011

[9] M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The
Internet motion sensor: A distributed black hole monitoring system..
Other types of traffic analysis aim to detect weaknesses in
aspects of individual distributed applications. In context of [10] F. Baker and P. Savola. Ingress Filtering for Multihomed Networks.
privacy-enhancing communication services [55], traffic RFC 3704, IETF, March 2004. URL http://www.ietf.org/rfc/ rfc3704.txt. (
analysis aims to assign network-level activity to individual Page 111.)
[11] Paul Baran. On Distributed Communication Networks. IEEE
communicating entities [110]. In context of cryptographic Transactions on Communications, 12:1–9, Mar 1964. (Page 7.)
protocols, traffic analysis aims to identify weaknesses in [12] S.A. Baset and H. Schulzrinne. An analysis of the Skype peer-to-peer
individual aspects of the protocols. An enormous body internet telephony protocol. Technical report, Columbia University, New
exists on variants of statistical traffic analysis at low levels York, NY, 2004. (Pages 59, 86.).
of the network model for predicting traffic queuing
behavior, router buffer size requirements, and quality of
service guarantees. AUTHOR’S PROFILE
VI - CONCLUSION

Network traffic exhibits structural properties which, given 1. Deshraj Ahirwar was born in 1987.He
suitable filtering and vantage points, permit fully automated has done his BE in CSE branch from is
derivation of fingerprints of previously unknown network pursuing his M.Tech from SATI Vidisha
applications and attacks. The generated fingerprints enable
(MP).His Research Interests includes
accurate detection as well as filtering of such network
activity. Network Security, Security of mobile
The literature review revealed that a large pro portion of the Adhoc network and Cryptography.
security incidents reported were attributed to various
2. Manish Kumar Ahirwar was born in 1982.He has done his BE
human-related matters such as application bugs and failure
in CSE branch from MITS Gwalior Rajeev Gandhi Proudyogiki
to update software patches. The literature suggested that
these problems were largely attributed to the speed of University. He received his M.Tech from IIITM Gwalior [Deemed
evolution of technology and the associated complexity over University] (MP).
the past decade, and the lack o f resources for IS
.He is an Assistant Professor in RGPV
departments to stay constantly on the top of developments in
the technology and security arena. The literature review also Bhopal. His Research Interests includes
identified a number of security technologies that provided a Network Security, Security of mobile
meta-view of contemporary security solutions, and public Adhoc network, Software Testing,
security for ums that would help keep security personnel up- Architecture, Parallel computing.
to-date on developments in this arena.
3. Piyush K. Shukla Completed his Masters in Computer Science
REFERENCES: & Engineering from SATI, Vidisha he is also pursing His Ph. D
[1] Christopher Alberts and Audrey Dorofee. Managing Information from RGPV, Bhopal, and his research area is Computer Network
Security Risks: The OCTAVE (SM) Approach. Addison-Wesley, July
& Engineering, Network Security, Data Communication,
2002. (Page 7.)
[2] S.F. Altschul,W. Gish,W. Miller, E.W. Myers, and D.J. Lipman. Basic Operating System, Cryptography, Wireless Networks, MANET
local alignment search tool. J. Mol. Biol, 215(3):403–410, 1990. (Page and High Speed Network, Web Engineering & Analog & digital
119.) Communication. He has membership of different academic
[3] James P. Anderson. Computer security threat monitoring and organizations, including IEEE/ he has published more then 20
surveillance. Technical report, James P. Anderson Co., Ford Washington, research papers in IEEE, ACM, and other International and
PA, April 1980. (Page 8.) National Conferences and Journals. He is also Reviewed so many
[4] R.J. Anderson. Security Engineering: A Guide to Building Dependable papers for IEEE conferences and Journals.
Distributed Systems. John Wiley &
Sons, Inc. New York, NY, USA, 2001. ISBN 0471389226. (Pages 18, 87.)
[5] Bass, T. 2000. —Intr usion detection systems and multisenso r data 4. Pankaj Richharia has completed Master in Computer Science
fusio n. Communications of the ACM, New York; Apr; Vo l. 43, Iss. 4, pg from SATI Vidisha, He is an Associate Professor & Head of Dept.
99-105 of CSE in Bhopal Institute of Technology and Science, Bhopal
[6]. Bielski, L. 1999. —Enter the ”supersmart car d. ‘“ ABA Banking his area of interest is computer networks, ADA, CGM, OOT,
Journal, New Yo rk; Jun; Vo l. 91, Iss. 6, pg 56-60 SEPM, Neural Networks, Data Mining, He has membership of
[7] K. Argyraki and D. Cheriton. Network Capabilities: The Good, the Bad different academic organizations, has written so many research
and the Ugly. Proc of 4th ACM Workshop on Hot Topics in Networks,
papers in different subjects. He is in teaching and academic since
2005. (Page 116.)
[8] Stefan Axelsson. Intrusion Detection Systems: A Survey and more then one decades. Hi is also writing a book for well known
Taxonomy. Technical Report 99-15, Depart. of Computer Engineering, publication.
Chalmers University, March 2000. (Page 13.).

262 http://sites.google.com/site/ijcsis/
ISSN 1947-5500