Monday, June 25, 2012

Network and Security




Network and security

ABSTRACt:
                 In this modern fast world network is a very important factor to share our data with our friends / relatives. But in this competitive world many intruders are hacking the precious data that we are sending. Here in this paper we are going to discuss about network and some valuable steps/algorithms to protect the data in the network. Beyond that we are going discuss something about firewall which is the latest trend in network security.

INTRODUCTION:

We know that network is nothing but interconnection of systems for sharing of information. In that network there will be loss of data due to some external disturbances. Beyond that there is no security for the data that we are sending through the network by the hackers. To safeguard our data we are going to handle some methods, which is more efficient to have secure communication over insecure channels.

Common threats overview:
                           Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. The effects of various threats vary considerably: some effect the confidentiality or integrity of data while others affect the availability of IP’s.

HACKERS TECHNICS:
  • Eavesdrop and replay.
  • Spoofing.
  • Session hijacking.
  • Sniffing.
  • Man in the middle.
  • Exploring back doors.
  • Scanning through fire walls.
  • Denial of services.
 

 TECHNIQUES FOR SECURITY:

Ø Cryptography
Ø Authentication
Ø Message integrity
Ø Key distribution

CRYPTOGRAPHY:

Ø Cryptography is a branch of mathematics based on the transformation of data.

Ø Cryptography is a science and art of manipulating messages to make them secure.

CRYPTOGRAPHY USED FOR VARIOUS PURPOSES:
     
  • To authenticate remote users.
  •  To verify that files were not tempered with.
  • To certify digital documents.


Cryptography is traditionally associated only with keeping data secret. However, modern cryptography can be used to provide many security services, such as electronic signatures and ensuring that data has not been modified. There are two basic types of cryptography: "secret key" and "public key.". It provides an important tool for protecting information and is used in many aspects of computer security. For example, cryptography can help provide data confidentiality, integrity, electronic signatures, and advanced user authentication. Although modern cryptography relies upon advanced mathematics, users can reap its benefits without understanding its mathematical underpinnings. This chapter describes cryptography as a tool for satisfying a wide spectrum of computer security needs and requirements. It describes fundamental aspects of the basic cryptographic technologies and some specific ways cryptography can be applied to improve security. The chapter also explores some of the important issues that should be considered when incorporating cryptography into computer systems.

Basic Cryptographic Technologies:
Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a key. In modern cryptographic systems, algorithms are complex mathematical formulae and keys are strings of bits. For two parties to communicate, they must use the same algorithm (or algorithms that are designed to work together). In some cases, they must also use the same key. Many cryptographic keys must be kept secret; sometimes algorithms are also kept secret. There are two basic types of cryptography: Secret key systems (also called symmetric systems) and public key systems (also called Asymmetric systems). Table 19.1 compares some of the distinct features of secret and public key systems. Both types of systems offer advantages and disadvantages. Often, the two are combined to form a hybrid system to exploit the strengths of each type. To determine which type of cryptography best meets its needs, an organization first has to identify its security requirements and operating environment.


   DISCREET                 FUNCTIONS
SECRET KEY CRYPTOGRAPHY
PUBLIC KEY CRYPTOGRAPHY
NUMBER OF KEYS
Single key.                                                                                             
Pair of keys.
TYPES OF KEYS
Key is secret.
One key is private 
& one key is public.
PROTECTION OF KEYS
Disclosure and
Modification.
Disclosure and Modification for private
keys and modification for public keys.
RELATIVE SPEEDS
Faster.                                                                                                    
Slower.                                           Slower.                                           Slower.                                           Slower.

Secret Key Cryptography:
In secret key cryptography, two (or more) parties share the same key, and that key is used to encrypt and decrypt data. As the name implies, secret key cryptography relies on keeping the secret. If the key is compromised, the security offered by cryptography is severely reduced or eliminated. Secret key cryptography assumes that the parties who share a key rely upon each other not to disclose the key and protect it against modification.
The best known secret key system is the Data Encryption Standard (DES), published by NIST as Federal Information Processing Standard (FIPS) 46-2. Although the adequacy of DES has at times been questioned, these claims remain unsubstantiated, and DES remains strong. It is the most widely accepted publicly available cryptographic system today. The American National Standards Institute (ANSI) has adopted DES as the basis for encryption, integrity, access control, and key management standards. The Escrowed Encryption Standard, published as FIPS 185, also makes use of a secret key system.

Secret key cryptography has been in use for centuries. Early forms merely transposed the written characters to hide the message.

Public Key Cryptography:
Whereas secret key cryptography uses a single key shared by two (or more) parties, public key cryptography uses a pair of keys for each party. One of the keys of the pair is "public" and the other is "private." The public key can be made known to other parties; the private key must be kept confidential and must be known only to its owner. Both keys, however, need to be protected against modification. Public key cryptography is particularly useful when the parties wishing to communicate cannot rely upon each other or do not share a common key. There are several public key cryptographic systems. One of the first public key systems is RSA, which can provide many different security services. The Digital Signature Standard (DSS), described later in the chapter, is another example of public key system.

Hybrid Cryptographic Systems:
Public and secret key cryptography have relative advantages and disadvantages. Although public key cryptography does not require users to share a common key, secret key cryptography is much faster: equivalent implementations of secret key cryptography can run 1,000 to 10,000 times faster than public key cryptography. To maximize the advantages and minimize the disadvantages of both secret and public key cryptography, a computer system can use both types in a complementary manner, with each performing different functions. Typically, the speed advantage of secret key cryptography means that it is used for encrypting data. Public key cryptography is used for applications that are less demanding to a computer system's resources, such as encrypting the keys used by secret key cryptography (for distribution) or to sign messages.

Key Escrow:
                          Because cryptography can provide extremely strong  encryption, it can thwart  the government's efforts to lawfully perform electronic surveillance. For example, if strong cryptography is used to encrypt a phone conversation, a court-authorized wiretap will not be effective. To meet the needs of the government and to provide privacy, the federal government has adopted voluntary key escrow cryptography. This technology allows the use of strong encryption, but also allows the government when legally authorized to obtain decryption keys held by escrow agents. NIST has published the Escrowed Encryption Standard as FIPS 185.
Voluntary key escrow initiative, the decryption keys are split into parts and given to separate escrow authorities. Access to one part of the key does not help decrypt the data; both keys must be obtained.

Uses of Cryptography:
Cryptography is used to protect data both inside and outside the boundaries of a computer system. Outside the computer system, cryptography is sometimes the only way to protect data. While in a computer system, data is normally protected with logical and physical access controls (perhaps supplemented by cryptography). However, when in transit across communications lines or resident on someone else's computer, data cannot be protected by the originator's logical or 134 physical access controls. Cryptography provides a solution by protecting data even when the data is no longer in the control of the originator.



conclusion:
            This document provides the readers with introductory information to network and security. Cryptography and watermarking are core technologies. Every new technology will bring new security problems, so achieving 100% security is impossible. Many algorithms have been introduced to safely send our data through the network. We are also having the implementation for transposition cipher cipher. If we got the opportunity to present the paper we will do it well with our implementation.






Posted by at
Labels:

1 comment:

  1. UnknownNovember 13, 2013 at 8:41 AM

    This article do covers all about network and security concepts. You have briefly mentioned all the benefits of cryptography in this post. I am highly benefited from the detail provided in this article.
    electronic signature

    ReplyDelete

Subscribe to: Post Comments (Atom)