Printer Friendly

A survival study of security attacks, security mechanisms and security challenges in network security.

INTRODUCTION

Network Security is the most crucial module in information security because it is answerable for securing all information dissipated through networked computers. Network Security refers to all hardware and software exerts, characteristics, features, operational procedures, accountability, measures, access control, and administrative and management policy essential to afford an tolerable rank of fortification for Hardware and Software, and information in a network. Network security evils can be separated approximately into four strongly entangled areas: secrecy, authentication, no repudiation, and integrity control. Secrecy, also called confidentiality, has to do with maintaining information away from the hands of illegal users. This is what typically comes to people's mind when they think about network security. Authentication accords with paramounting whom you are chatting to before proclaiming perceptive information or entering into a business deal. No repudiation deals with signatures. Message Integrity: Even if the sender and receiver are able to authenticate one another, they also desire to cover that the data of their communication is not distorted, either maliciously or by disaster, in transference. Expansion to the make sure reckoning procedures that we sustained in trustworthy transfer and data link protocols. Cryptography is an emerging technology, which is important for network security. The widespread use of computerized data storage, processing and transmission makes sensitive, valuable and private information exposed to unauthorized access while in storage or transmission. Due to long-lasting encroachment in communications and snooping technologies, business organizations and private folks are starting to defend their information in computer systems and networks using cryptographic techniques, which, freshly and solely used by the military and diplomatic group of people. Cryptography is the essence of today's computer and communications networks, protecting the whole thing from business e-mail to bank transactions and internet shopping .While conventional and contemporary cryptography make use of various arithmetical techniques to stay away from eavesdroppers who are learning the stuffings of encrypted messages. Computer systems and networks which are storing, processing and communicating responsive or valuable information entail safety against such unauthorized access

A. Cryptography Principles:

Cryptography has some principles while mounting a secure network the following principles should be followed. The cryptographic goals are listed and explained as below:

a. Authentication: The practice of identifying an individual usually based on username and password.

b. Confidentiality: Information in the network remains private

c. Integrity: Assurance that information can only be accessed or modified by those authorized to do so.

d. Non-repudiation: Assurance that someone cannot deny something and ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message.

e. Access: Authorized users are provided the means to communicate to and fro from a particular network

B. Primordial Concepts And Mechanisms:

a. Computer security: Computer Security is the process of hindering and discovering unauthorized use of the computer. It involves the process of stewarding against intruders from using the computer resources for malicious intents.

b. Network security: Protecting the data during the transmission on a network.

c. Information security: The practice of prohibiting illicit admission, usage, accession, cataclysm, fickle, assay, track mark or destruction of information.

d. Plain text: Message in its original-human readable-form. Plain text is the input of an encryption process.

e. Cipher text: Cipher text is data that has been encrypted. Cipher text is unreadable until it has been converted into plain text.

f. Encryption: Encryption is the method of indoctrinating messages or ammo in such a way that only certified parties can access it.

g. Decryption: Decryption is generally the reverse process of encryption. It is the course of decoding the data which has been encrypted into a covert design. An endorsed user can only decrypt data because decryption requires a secret key or password.

Cryptography involves three patent mechanisms: Symmetric-Key Encipherment, Asymmetric-Key Encipherment, and Hashing. Symmetric-Key Encipherment uses a solitary undisclosed key for both encryption and decryption whereas Asymmetric-Key Encipherment uses two keys: one community key and one confidential key. The sender encrypts the data using the public key and the receiver decrypts the message using a privy key. In Hashing, a fixed-length memo digest is composed out of a volatile-length message, and both the message and digest are transmitted which ensures data integrity.

Literature Survey:

This section discusses about the literature survey on some following papers in cryptography and network security.

Dr. G. Padmavathi, Mrs. D. Shanmugapriya [1] focused on the attacks and their classifications in wireless sensor networks and also an attempt has been made to explore the security mechanism widely used to handle those attacks. The challenges of Wireless Sensor Networks are also briefly discussed.

Khaleel Ahmad, Shikha Verma, Nitesh Kumar and Jayant Shekhar [2] worked on Internet security threats and offers a classification and few security solutions for Internet security attack.

Shio Kumar Singh, M P Singh and D K Singh [3] worked on various security schemes of wireless sensor network have introduced some security issues, threats, and attacks in WSNs and some of the solutions.

Sumedha Kaushik, Ankur Singh [4] studied various cryptographic techniques to increase the security of the network.

Vikas Lokesh, Srivathsan Jayaraman, Dr. H S Guruprasad [5] describe some of the recent research going on in the field of cryptography and network security. Classify the research topics based on their implementation across the seven layers of the familiar OSI reference model.

Anupriya Shrivastava, M A Rizvi [6] analyzed the various authentication techniques such as Knowledge-based, Token-based and Biometric-based techniques.

Syed Muhammad Jamil Shah, Ammar Nasir, Hafeez Ahmed [7] explored the importance of security, trivial and currently deployed security tools, and the limitations to be considered while deploying such security techniques and protocols for securing satellite communication.

Madhumita Panda [8] wireless sensor network suffers from many constraints such as limited energy, processing capability, and storage capacity, etc. There are many ways to provide security, one is cryptography. Selecting the appropriate cryptography method for sensor nodes is fundamental to provide security services in WSNs. Public Key based cryptographic schemes were introduced to remove the drawbacks of symmetric based approaches. compared two schemes in this paper ECC, and RSA and found out that ECC is more advantageous compared to RSA, due to low memory usage, low CPU consumption and shorter key size compared to RSA. ECC 160 bits is two times better than RSA 1024 bits when code size and power consumption are the factors of consideration.

Kritika Acharya, Manisha Sajwan, Sanjay Bhargava [9] well-known cryptographic algorithms have been analyzed in this paper to demonstrate the basic differences between the existing encryption techniques. Regardless of the mathematical theory behind an algorithm, the best algorithm are those that are well-known and well-documented because they are well-tested and well studied.

Kartikey Agarwal, Dr. Sanjay Kumar Dubey [10] focused on different types of network security and defense against security attacks and recent advances in network security.

Blessy Rajra, A J Deepa [11] summarizes the attacks and their classifications in wireless sensor networks and also an attempt has been made to explore the security mechanism widely used to handle those attacks.

Rajesh R Mane[12] reviewed three basic cryptography algorithms different types of attacks to slow down network are defined. Basic tools of encryption for secure messaging, transactions and connectivity are pointed out.

M. Guru Vimal Kumar, U.S. Ragupathy [14] worked on some of the basic concepts of cryptography performance metrics and some of the important parameters that are used in cryptography. Some of the important points which contribute to cryptography system such as key selection for security and encryption, decryption process are focused.

Cryptography Attacks:

Attack:

An attack is an premeditated hazard and is an operation performed by an dude with the motive to abuse security. Examples of attacks are destruction, modification, fabrication, interruption or interception of data. An attack is a negligence of data modesty and often results in revealment of information, a violation of the confidentiality of the information, or in modification of the data. An attacker can hike access to hyper sensitive information by striking in a number of steps, where each step involves an illegal access to the system. An intentional threat can be caused by an abettor or invader can be a undercover agent, techie, corporate hijacker, or a sulky employee. Any attack on the security of a system can be a direct and indirect attack. A direct attack targets directly at the appropriate sector of the facts or assets. A couple of peripherals in a frame of reference may be attacked before the intended (final) information can be accessed. In an indirect attack, information is acknowledged from or about the preferred data/resource without straightly attacking that resource. Indirect attacks are often troublesome in database systems where it is possible to obtain hushed information by posturing crooked query to the directory. Such an devious attack is often called inference.

Passive Attacks:

Passive attacks are formed by observing a system undertaking its tasks and capturing propaganda. Worldwide, it is very tough to determine passive attacks since they do not interweave or annoy normal system functions. Inspecting network traffic, CPU and disk usage, etc are examples of passive attacks. Encryption of network traffic can only partly solve the problem since even the existence of traffic on a meshwork may exhibit some intelligence. Traffic investigation such as calibrating the length, time and frequency of emissions can be very productive to discover peculiar activities

Active Attack:

An active attack swaps the systems course of action in some mode. Exemplars of an active attack can be to enclose unique data, to remodel, replicate or eliminate subsisting data in a database, to intentionally harm system software provoking it to decline and to pirate magnetic tapes, etc. A elementary operation such as the transition of a negative acknowledgment (NACK) from a database server into a positive acknowledgment (ACK) could arise in great mess and/or wreck. Active attacks are promptly easier to sense if suitable foresights are taken.

Routing attack: Network layer attacks like routing data spoofing, alteration or replay, black hole and selective forwarding attacks, depression attacks, Sybil attacks, hole attacks flood attacks, and acknowledgement spoofing.

Denial of Service attack: A denial of service attack (Dos attack) Could be a cyber attack where ever the offender seeks to form a machine or network resource in accessible to its supposed users by briefly or indefinitely disrupting services of a bunch connected to the web. Denial of service is usually accomplished by flooding the targeted machine or resource with superfluous requests in an endeavor to overload systems and forestall some or all legitimate requests from being consummated.

Fabrication: In this attack users use some accessing service, that they are not eligible for its attainable within the absence of correct authentication mechanisms.

Eavesdropping: Eavesdropping is that the unauthorized time period interception of a non public communication like telephony instant message, videoconference or fax transmission. The term listen drives from the observe of truly standing beneath the overhang of a house, taking note o conversations

Cryptography Denominations:

Cryptography is largely divided into 2 mechanisms. They are a) Bilateral Cryptography b) Uneven Cryptography

A. Bilateral coding: A single key is employed for encrypting and decrypting the message .There are some bilateral algorithms like DES, 3DES, AES, RC2, RC6.

B. Uneven Cryptography: In this type of cryptography 2 keys are used for secret writing and decoding of message. There are many asymmetric algorithms they are Rivest Shamir Adleman (RSA), Diffie--Hellman, Digital Signature algorithm (DSA).

The principal aspects of the two encryption methods (symmetric and Asymmetric key) are compared in the table below

Security Mechanism:

The security mechanism is a mechanism that is designed to detect, prevent or recover from a security attack. A vast variety of security schemes can be improvised to mischievous attacks and these can be put down as high-level and low-level

A. Low-Level Mechanism:

Low-level security primitives for securing networks consist of:

1. Key establishment and trust setup

2. Secrecy and authentication

3. Privacy

4. Robustness to communication denial of service

5. Secure routing

6. Resilience to node capture

1) Key Establishment And Trust Setup:

The crucial imperatives of mounting up the sensor network are buy the enactment of cryptographic keys. Predominantly the sensor devices have narrow data processing capability and the public key cryptographic natives are too steep to follow. Key-formulation skills need to reach to networks with hundreds or thousands of knots. In extension, the utterance template of sensor networks differ from conventional networks; sensor nodes may need to set up keys with their bystander and with data heap nodes. The prejudice of this afflux is that rivals who negotiated decently and many nodes could also renovate the entire key group and crack the method.

2) Secrecy And Authentication:

Nearly every single sensor network functions entail shield against intermeddling, infusion, and amendment of packets. Cryptography is the established defense. Incredible system trade-offs arise when aggregating cryptography into sensor networks. For point-to-point communication end-to-end cryptography score a high level of security but depend upon that keys be set up along with all end points and be incoherent with inert involvement and regional publication. Link-layer cryptography with a network wide shared key shortens key setup and urge passive concurrence and regional publication, but transitional nodes might snoop or modify messages. The most basic sensor networks are likely to use link coat cryptography, because this loom affords the greatest ease of grouping with presently vacant network cryptographic approaches

3) Privacy:

Similar to other habitual networks, the sensor networks have also pushed concealment. At the beginning the sensor networks are extended for reasonable purpose might latterly be used in precipitous ways. Contributing aliveness of the presence of sensor nodes and data accretion is distinctly essential.

4) Robustness To Communication Denial Of Service:

An attacker tries to mess up with the network's activity by telecasting a high-energy signal. If the transference is vigorous enough, the entire system's utterance could be barred. Most refined attacks are also possible; the opponent might arrest communication by resisting the802.11 medium access control (MAC) protocol by, transmitting while a neighbor is also forwarding or by steadily demanding channel access with a request-to send signal.

5) Secure Routing:

Routing and knowledge forwarding is a critical service for sanctioning communication in device networks. Miserably, existing routing protocols undergo many security obligations. For example, an invader might start denial of-service attacks on the routing protocol, prohibiting communication. The effortless attacks involve infusing malicious routing information into the network, ensuing in routing inequality. Simple certification might safeguard against injection attacks, but some routing protocols are prone to repeat by the attacker of genuine routing messages.

6) Resilience To Node Capture:

One of the most demanding topics in sensor networks is pliancy against node capture attacks. In most operation, sensor nodes are likely to be placed in position easily reached to attackers. Such coverage set-up the liability that an invader might hook sensor nodes, dissociate cryptographic secrets, vary their program, or put back them with malicious nodes under the power of the invader. Tamper-opposing wrapping may be one guard, but it's costly, since present technology does not offer a high level of security. Algorithmic key to the problem of node detain is desirable.

B. High-Level Mechanism:

High-level security methods for securing sensor networks, include secure group management, intrusion detection, and secure data aggregation.

1) Secure Group Management:

Each and every node in a network is narrow in its computing and communication means. However, fascinating in-network data collection and scrutiny can be done by groups of nodes. For example, a group of nodes might be in charge for mutually tracking a action through the network. The actual nodes containing the group may change frequently and rapidly. As a result, secure protocols for group management are necessary; strongly accept new group members and aiding secure group communication. The effect of the group key computation is usually conveyed to a base station. The output must be authenticated to guarantee that it comes from a legal group.

2) Intrusion Detection:

Networks are prone to many forms of infringement. Networks entail a solution that is totally scattered and economical in terms of communication, energy, and memory necessities. The use of secure groups may be a gifted move towards decentralized intrusion detection.

3) Secure Data Aggregation:

One gain of a network is the top grain sense that hefty and opaque sets of nodes can provide. The sensed values must be a pile to avoid amazing quantity of traffic back to the pedestal position. Relaying on the structural design of the network, gathering may take place in different places in the network. All accumulation locations must be secured

Challenges of Network Security:

The networks present noteworthy challenges in crafting security schemes. Let's review this list of challenges and evaluate how to reduce risks.

1. State-sponsored espionage

2. Distributed denial of service (DDoS) attacks

3. Password Management

4. Sabotage

5. Botnets

6. Insider threat

7. Mobility

8. Internet

The detailed description of security challenges is listed as below:

1. State-sponsored espionage: This challenge draws attention to the need to protect critical data from governmentally or economically aggravated threats. Critical data includes the information needed to run network appended infrastructure as well as the cerebral assets used to manage business and drive pioneering solutions.

2. Distributed denial of service (DDoS) attacks: Security specialists in the economic services industry are likely to concur to our subsequent challenge: attacks. We can look forward to see a superior threat of business embed threats with the swing from computer-based attacks, producing huge number of lower bandwidth trial, to virtual server or cloud-based attacks, spawning ultra-high bandwidth events. With these new attack vectors it becomes even more advantageous to identify and moderate large DDoS events while traffic is in the network cloud.

3. Password Management: Our challenge is putting in place and reinforcing stronger user-controlled countersign that are less likely to be broken. This enlightening and secretarial challenge requires ingenious key and imposed strategies. Or, we can look at options to usual passwords, such as the use of a syndicatedID.

4. Sabotage: Sabotage of computer networks can stir critic groundwork and eventually bang corporate and vertebrae networks. This challenge is so probably wicked because it bunch up social engineering with software based tools to supply a complex multi-vectored attack silhouette.

5. Botnets: Botnets are present all over the place. The challenge is that many botnet owners design systems that are more flexible and superfluous than many corporate and government networks. Controlling this nimble attack vector before it can be used as an advanced persistent threat (APT) and emigrates into smart mobile devices is pivotal.

6. Insider threat: A disgruntled employee base yields a vector for insider security events, while the unintentional inoculation of malware through detachable medium or web interconnections can make any employee the commencing point for a network security abuse.

7. Mobility: Administration and security of mobile networks and smart mobile devices becomes even more demanding when employees want to use their personal devices for business purposes. The bring-your-owndevice drift aggravate this challenge when we look at shielding the significant information desired to handle the organization and the network without immolating the aloofness of employee's private information and behavior.

8. Internet: One of the utmost confront to security proficient is the insight that the internet, a preeminent shot network, is a secure analytical framework. The internet is an unlock correlation of assorted networks.

Conclusion:

In this survey paper, the deliberations are made for some of the basic concepts in cryptography, and some of the essential parameters that are used in cryptography ... These are some different looms to secure the system to achieve high level of security. Some of the attacks are also been discussed. Thus by picking a suitable encryption algorithm will result in secured information system that may beat several attacks. As the significance and magnitude of privacy of data is continuously increasing, the value of network security and cryptography is increasing laterally. Furnishing Network Security is never an sheer process, but rather an cyclic one. And so, Network Security and Cryptography are on the spiteful edge of research today. This survey will hopefully prompt future researchers to come up with adequate and more vigorous security mechanisms and make their network free from danger.

REFERENCES

[1.] Dr. Padmavathi, G and D. Mrs Shanmugapriya, 2009. 'A Survey of Attacks, Security Mechanisms, and Challenges in WSN,' IJCSIS 4: 1&2.

[2.] Khaleel Ahmad, Shika Verna, Nitesh Kumar and Jayant Shekar, 2011. 'Classification of Internet Security Attack,' Proceedings of the 5th National Conference.

[3.] Shio Kumar Singh, Singh M.P and D.K. Singh, 2011. ' A Survey on Network Security and Attack Defense Mechanism in WSN,' International Journal Of Computer Trends and Technology.

[4.] Sumedha Kaushik, and Ankur Singhal, 2012. 'Network Security Using Cryptography Techniques, 'International Journal Of Advanced Research in Computer Science and Software Engineering, 2(12): 2277 128X.

[5.] Vikas lokesh, Srivathsan Jayaraman and Dr.Guruprasad H.S., 2014. 'A Survey on Network security and cryptography' IJARSE, 3(10): 2319-8354.

[6.] Anupriya Shrivastava and Rizvi M.A., 2014. 'Network Security Analysis Based on Authentication Technique,' IJCSMC, 3(6): 2320-088X.

[7.] Syed Muhammad Jamil Shah, Ammar Nasir and HAfeez Ahmed, 2014. 'A Survey Paper on Security Issue inSatellite Communication Network Infrastructure,' International Journal of Engineering Research and General Science., 2(6): 2091-2730.

[8.] Madhumita Panda, 2014. 'Security in Wireless Sensor using Cryptographic Techniques,' AJER 3(1): 50-56 ISSN: 2320-0936.

[9.] Kirtika Archarya, Manisha Sajwan, and Sanjay Bhargava, 2014. 'Analysis of Cryptographic Algorithms for Network Security,' IJCATR 3: 2.

[10.] Kartikey Agarwal, Dr. Sanjay Kumar Dubey, 2014. 'Network Security: Attack and Defence,'IJAFRSE 1: 3.

[11.] Blessy Rajra M.B. and A.J. Deepa, 2015., 'A Survey On Network Security Attacks and Prevention Mechanism,'Journal of Current Computer Science and Technology, pp: 231-5411.

[12.] Rajesh, R Mane, 2015. 'A Review on Cryptography Algorithms, Attacks and Encryption Tools,'IJIRC 3(9): 2320-9801.

[13.] Joselin, J., S.J. Brintha and V. Magesh Babu, 2015. 'Role of Digital Signature in Network Security and Cryptgraphy,' IJCSIT 6: 0975-9646.

[14.] Guru Vimal Kumar, M and U.S. Ragupathy, 2016. ' A Survey on Current Key Issues and Status in cryptography',IEEE Transactions on IEEE WiSPNET, 27: 6.

[15.] Mohammed AbuTaha, Mousa Farajallah, Radwan Tahboub and Mohammad Odeh, 2011. 'Survey Paper: Cryptography is the Science,' IJCSS, 5: 3.

(1) Jayasmruthi. A, (2) Parthasarathi. P, (3) Sathishkumar

(1) Pg Scholar Akshaya College Of Engineering And Technology Coimbatore, Tamilnadu.

(2) Assistant Professor Akshaya College Of Engineering And Technology Coimbatore, Tamilnadu.

(3) Ap/Cse--Snsct

Received 28 January 2017; Accepted 22 April 2017; Available online 1 May 2017

Address For Correspondence:

Jayasmruthi. A, Pg Scholar Akshaya College Of Engineering And Technology Coimbatore, Tamilnadu

E-mail: jayasmruthi@gmail.com

Caption: Fig. 1: Cryptography Pattern

Caption: Fig. 2: Security Goals

Caption: Fig. 3: Symmetric key encryption

Caption: Fig. 4: Asymmetric key encryption

Caption: Fig. 5: Hashing Algorithm

Caption: Fig. 6: Collection of general security attacks

Caption: Fig. 7: Security Mechanisms of Network security
Table. 1: Symmetric algorithm Vs Asymmetric algorithm

                 Symmetric Encryption        Asymmetric Encryption

Functionality    Allows efficient            Enables security in
                 communication between two   settings in which
                 parties in a closed         symmetric encryption
                 environment.                simply does not work or
                                             is more difficult to
                                             implement.

Computational    Computes incredibly fast,   Computes slowly, using
efficiency'      since the relatively        computationally heavy and
                 simple operations used      complex operations, based
                 are executed very           on the difficulty of
                 efficiently.                solving number-theoretic
                                             problems.

Key size         Uses 128-bit symmetric      Employs key sizes of at
                 keys, which are             least 1000 bits to
                 considered very secure.     achieve sufficient,
                                             lasting security.

Hardware         Performs simple             Implements complex and
                 algorithms, requiring       time-consuming algorithms
                 relatively inexpensive      that need more powerful
                 hardware.                   hardware.

Security         No difference. Security is based on the strength
                 of the algorithm and size of the key. Good
                 algorithms exist for both encryption methods and
                 key size effectiveness.
COPYRIGHT 2017 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2017 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Jayasmruthi, A.; Parthasarathi, P.; Sathishkumar
Publication:Advances in Natural and Applied Sciences
Article Type:Report
Date:Apr 15, 2017
Words:3948
Previous Article:Probabilistic framework for transient stability assessment of power systems with high penetration of renewable generation--solar and wind energy...
Next Article:Energy efficiency improvement in distribution system using distributed energy resources.
Topics:

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters