Nt1310 Unit 3 Data Analysis

Nt1310 Unit 3 Data Analysis
15. AH – an extension header to provide message authentication; the current specification is RFC
4302, IP Authentication header; ESP – consists of an encapsulating header and trailer used to
provide encryption or combined encryption/authentication; current specific is RFC 4303, IP
Encapsulating Security Payload (ESP)
https://www.cs.ucy.ac.cy/courses/EPL475/slides/Lecture_12.pdf
16. Sequence numbers within the anti–replay window allows IPsec to detect replay messages. This
number indicates the packet number sent over the SA and incrementally increases as a packet is
sent. This number cannot repeat for the life of the security association. Every time a packet is sent,
the receiver checks this number to verify that a packet for a security association ... Show more
content on Helpwriting.net ...
The security measures taken place are fairly simple. The phone is protected by a 4 digit user created
code. A user has ten times to enter in the correct code. Each time an incorrect code is entered, a time
delay is hit. After 5 attempts, the user will have to wait one minute to try again. After attempt 7 and
8, 15 minutes an hour the ninth try. If the wrong password is entered in for the tenth time, then all
the memory in the phone is deleted through an "auto–erase" function. In addition, this code must be
punched in manually and cannot be automated. A 4 digit code has 9,999 unique
... Get more on HelpWriting.net ...

C6520 Unit 2 Assignment 2
ASSIGNMENT 2
CS6525 NETWORK SECURITY
1.
Generally, the horse of Trojans is coded programs coded for the purpose of harming the computer
devices which appears to be harm free, but when the code is executed by users, the data & file
systems are corrupted leading to damaging the computer devices.
Preventions
 The quality of monitoring system is very important, so that its used to scan & detect different
kind of attacks preventing them from striking the system.
 Safety parameters should be taken while establishing any connection with the systems.
 We shouldn't allow any work station to access which cannot be trusted.
 Software update in the workstations should be very regular, as the hackers can intrude the older
version assuming it's still running, newer versions of software cannot be updated that easily.
 Strong passwords prevent the access of unauthorized intruders to the workstation.
Flaws in Kerberos
Authentication ... Show more content on Helpwriting.net ...
Right after this process of Kerberos Alice will be receiving two kinds of messages from the system
of Kerberos
 The first one is contained of the session–key for the encrypted Alice– B0b using the Alice– TGS
session–key.
 Secondly, the next one will be contained of similar session–key as Alice & B0b's but the
difference is it's obtained by using the B0b– TGS's secret–key.
 Alice is able to extract from the session–key &decrypt the message sent first.
 Alice will also be sending the next message to B0b, and now bob is able to extract from the same
kind of session–key &decrypt the message.
 Now they both will be having the same kind of session–keys.
 Therefore this key will used for further more mode of communication in between both of them.
5.

PKI is abbreviated as the Public–Key infrastructures, which is a system of cryptographic
mechanisms, wherein we will have to use mainly two kinds of keys, they are:
 Public–key o This is being shared.
 Private–key o This is kept secretive. o Utilizes asymmetric form of

Security Analysis Of A Protocol For Pollution Attack...
ABSTRACT
The following technical paper "Security Analysis of a Protocol for Pollution Attack Detection" is
based on the concept of network coding. Since we have a limited bandwidth it becomes imperative
for us to optimize our network in such a way that we can make maximum use of the network
resources. Network coding allows us to do that. It achieves this by combining different packets that
it receives at a node into one single packet for transmission, instead of simply taking and forwarding
the packets. However, network coding is vulnerable to pollution attacks where a single malicious
node can disrupt the operation of the complete network. Several protocols to detect pollution attacks
have been proposed previously. In the following paper the author has described a new pollution
attack detection protocol that extends the existing SpaceMac protocol. This paper describes how we
have modelled the protocol in order to carry out a security analysis and presents the results of that
analysis.
INTRODUCTION
Network coding allows multiple packets to be transmitted using a smaller number of packets thereby
increasing throughput. Here a common single base station transmits data from a common single
base station to intermediate stations where it is kept and sent out to the ﬁnal destination or to any
other intermediate stations at a later time. For a traditional network that employs multicast network,
the stations receive a packet and forward it to the next node. Under network coding,

Locking Control And Anti Theft Essay
SECURE AUTOMATIVE LOCKING CONTROL AND ANTI THEFT USING GPS &
BLUETOOTH
Abstract: At present there is no innovative solution to unlock car doors and to provide car Anti–theft
mechanism. We tried here to implement car door unlocking using Bluetooth technology and anti–
theft system using GSM technology. This paper strives to achieve an efficient and inexpensive
solution for scenarios like we may forget our car keys inside the car in which it was equipped with
central locking system. This central locking system after certain period of time (which is pre–
configured) the car doors will be automatically locked leaving keys inside the car. Whenever a car
has been theft we register a complaint against it, though we know we can't find the car immediately.
Our paper comprises of trending technologies such as android, blue tooth and GSM. We have
developed a personal android application using with which the system is controlled. We
implemented three level authentication mechanism in which only car owner can operate the system
with his mobile. We came out with a solution for the above two mentioned problems.
Keywords: Arduino Uno, HC–05 Bluetooth Module, MAC Authentication, Android, GPSystem.
Key Words:(12Bold)
Introduction:(12Bold)
Materials:
Method:
Related Work
The paper shows the function of controlling car doors using mobile Bluetooth Technology. This
technology will help the user to access his/her car with an ease. The function was executed and
implemented by using

Authentication System for Identifying Internet Users
OpenID is a decentralized, single sign–on authentication system for internet sites that require
authentication for use. It was developed out of the need to create a different, easier and more secure,
type of authentication system than using a password. OpenID was developed using the open source
software model to be an interoperable protocol independent from any single organization OpenID
allows users to log into websites with one single ID, instead of the user having to create and manage
multiple accounts. To use OpenID, a user must first register with a website that supports OpenID.
When viewing other sites that use OpenID, the user logs in with a redirect to a secure URL. With
OpenID, the user's email address will be available to websites requesting authentication, however
it's not the identifier. OpenID uses URLs as an identity; users will leave a site and return after
authenticating with a third–party website. The user would connect to an OpenID enabled website,
enter credential information, and then a POST is made with a BASE64 which is a website to
provider request. The website would then redirect the user to the providers for login. The user's
password would be entered in automatically by OpenID and submitted; once verification is done the
user is logged in to the site. Currently there are over one billion OpenID user accounts and over
50,000 websites that use OpenID.
As illustrated below, OpenID has three basic features: a user with a Web browser, a Relying Party or

Identifying Voice And Sms Api Providers For Two Factor...
A guide to evaluating voice and SMS API providers for two–factor authentication solutions
Introduction
Today, users of online services are very familiar with the process of typing in a username and
password, to securely access their accounts. Passwords however, are no longer considered very safe,
as they can be easily stolen, sniffed, guessed, or obtained through methods such as phishing and
malware attacks. Even strong and complicated passwords are susceptible to theft and therefore not
the best line of defense against hackers. That's why online service providers including banks, social
media websites, e–commerce portals, and email providers, among others, all understand the need to
protect the confidential data of their customers ... Show more content on Helpwriting.net ...
When building a two–factor authentication solution, you will need to integrate with a reliable voice
API and SMS API provider, to easily manage the sending of one–time passwords using text
messages or voice calls. This whitepaper will: Provide details on how two–factor authentication
works.
Highlight and explain the 'must–have' features in a robust two–factor authentication solution.
Help you evaluate the right SMS and Voice API provider to partner with, by explaining the
important factors that should influence your decision.
How two–factor authentication works
The two–step verification process in 2FA, often uses a combination of two of the following three
identification factors: 1. The Knowledge Factor:
This is something that only the user knows. It could be a password, a PIN, or an unlock pattern that
the user must enter, before accessing an account. Using this factor of identification alone is not very
secure. 2. The Possession Factor:
This is something that the user has, such as a device that can receive or generate a unique one–time
password (OTP) or randomized code that should be entered when prompted. The device could be a
mobile phone that receives an OTP via an SMS or voice call, or it could be a physical hardware
device such as a key fob that generates the code. An authenticator software could also be installed
on a device – this is a specialized application that many services now support. It has

The Surveillance Of Cctv Cameras
Over the years, banks have housed several of their branches in large buildings, sharing their space
with other occupants. Although security is a key factor in consideration of the location of a bank,
smart individuals use this positioning to their advantage. Access is gained by cutting a hole in the
floor, and theft occurs. With the passing years, security in banks has been evident with the reliance
of CCTV cameras. This ensures monitoring of the users activities in banks by security officers who
take turns in watching the screens for any uneventful, unexpected happenings. The CCTV cameras
are placed strategically in every corner to ensure each detail of the activities taking place is
recorded. The ATMs are also monitored in anticipation ... Show more content on Helpwriting.net ...
This made the people hesitate to invest any significant amount of money at the time. The idea
slowly began to catch on after easing into E–commerce. Major and minor banks are trying to
enhance the security of their firms using different methods. The security system of some banks
requires highly trained, capable individuals who can protect progression of activities in their
allocated areas, be it inside the bank, at ATM portals and in monitoring CCTV cameras.
Use of laser beams that generate intense beams of coherent monochromatic light through simulated
emission of photons has been used as a security measure. They are used either as sensors to trigger
alarms or as penetrative destructive beams in highly confiscated areas, which allow limited or no
access at all. Online banking security measures are kept to plan by the banks allowing software
developers to create antivirus software and sell the software to them. Users are required to download
this antivirus for themselves without necessarily consulting the bank's security operators. Recent
trends have shown the use of biometric analysis in the form of hand writing recognition, hand
finger, and geometry (Taylor, 2013).
Unlike the current system, the working of this system will provide accurate data storage, since any
transaction is recorded on the device and can be easily traced. The system will also create more
client confidentiality since any unauthorized individual cannot access the data stored in the system.
This

What Makes A Brand Products Sell Very Quickly?
HauteLook is a members–only site using flash sales for some products. HauteLook offers discounts
of 50 to 75 percent off to its members and membership is free and open to everyone. Customers
have to decide to buy the products in limited to one day, or even less. If customers hesitant about to
buy products, what you put in shopping bag will be canceled. Flash sales create buy it or lost the
opportunity, consumers shopping in such an environment must be clear–cut and causing panic
buying. The manufacturers deliberately use flash sales and consumers are easily to fear that they
cannot buy the products. Some good products will be sold out in just a few hours or even a few
minutes. It is easy to miss the opportunity because the famous brand products sell very quickly.
HauteLook is headquartered in Los Angeles, California by Adam Bernhard. In 2007, he launched
HauteLook with four employees. "The company works with major labels to offer goods that appeal
to California casual customer base" (Chang, 2011). Nordstrom acquires HauteLook for $180 million
in 2011and "this is the first time that a traditional retailer has acquired a company specializing in
online private sales" (Lattman & Clifford, 2011). In 2014, HauteLook launched nordstromrack.com,
an e–commerce site that gives customers access to shop Nordstrom Rack merchandise and the
opportunity to participate in flash sales (Mayer, 2014). According to Statista (2016), the Nordstrom–
owned flash sale website generated a total

XML Signature Essay
1.1. XML Signature
Due to increased distribution of XML in cloud computing, the demand for strong and active safety
mechanism on XML signature enlarged as well. A dangerous possible risk for cloud computing
security is the XML signature. XML Signature is a method, which is used to deliver consistency,
integrity and message confirmation, for various types of data. An XML signature would describe a
sequence of XML elements that could be inserted in, or otherwise link with, any XML file. It would
allow the receiver to confirm that the message has not been altered from what the sender planned.
XML signature used remote key and free key to mark a message and authenticate the file,
respectively. When fleeting the message, signature will be ... Show more content on Helpwriting.net
...
The hacker then uses your FTP code word to access your website and add malicious iframe coding
to infect other visitors who browse your website.
We want to install a Hypervisor in the provider's end. This Hypervisor will be considered the most
secure and sophisticated part of the cloud system whose security cannot be breached by any means.
Another way is to store a hash value on the new service case's image file. By performing an integrity
check between the original and new service instance's images, malicious instances can be identified.
1.3 Metadata Spoofing Attack
In this type of attack, an opponent alters or changes the service's Web Services Description
Language file where explanations about service examples are stored. If the opponent succeeds to
interrupt service request code from WSDL file at distributing time, then this attack can be possible.
Since Metadata documents are distributed using communication procedures like HTTP or e–mail
they are expected to open the options of spoofing attacks. It is likely for attackers to maliciously
modify the content of the WSDL file and allocate them across all the Web service clients. This has
serious costs and security effects.
To overcome such an attack, information about services and applications should be kept in
encrypted form. Strong authentication (and authorization) should be enforced for accessing such
critical in– formation.
1.4 Cross Site Scripting (XSS) Attack
Cross site scripting (XSS) is a

Types of Attacks in Comnputer Security
This paper is presenting types of attacks in security of TCP/IP protocol and also defense to security
problems. Flaws in such system are due to attackers' access over machine and due to insecurity of
machine. Paper proposed solutions to the problems and discuss problems without considering their
implementation.
Attack like "TCP sequence number prediction" where spoofing is allowed on host on a local
network. A variant in TCP sequence number attack exploits the netstat service where the intruder
impersonates a host that is down. If netstat is on the target host it supplies the necessary sequence
number information on another port. Defense to this is by randomizing the increment, good logging
and alerting mechanisms.
"The joy of routing" This is the simple attack that basically depend on routing protocols that has
been used. It is further categorized in different attacks that can be "Source Routing" In which target
host reverses source route in a TCP for traffic that is returning. So facilities can be exchanged
between host and attacker. The idea to protect from attacks is to put gateways into the local net for
rejection of external packets that acting as part of the local net or to do rejection of pre–authorized
connections. Another attack is "The Routing Information Protocol (RIP)" attack is mostly used on
local networks like broadcast media. As information here sent is not checked so intruder can change
or send modified information due to which protocols that depends on

Radio Frequency Identification ( Rfid )
"Message Authentication in RFID"
Proposal for topic
Radio–frequency identification (RFID) is the remote utilization of electromagnetic fields to
exchange information, for the reasons of consequently distinguishing and following labels joined to
questions. The labels contain electronically put away data. A few labels are fueled by
electromagnetic impelling from attractive fields created close to the peruse. A few sorts gather
vitality from the examining radio waves and go about as a detached transponder. Different sorts
have a nearby power source, for example, a battery and may work at several meters from the peruse.
Not at all like a scanner tag, the tag does not so much need to be inside viewable pathway of the
peruse, and may be ... Show more content on Helpwriting.net ...
Be that as it may, to begin operation of aloof labels, they must be lit up with a force level about three
sizes stronger than for sign transmission. That has any kind of effect in impedance and in
introduction to radiation.
RFID labels contain no less than two sections: an incorporated circuit for putting away and
preparing data, adjusting and demodulating a radio–frequency (RF) sign, gathering DC power from
the episode peruse sign, and other particular capacities; and a reception apparatus for accepting and
transmitting the sign. The label data is put away in a non–unpredictable memory. The RFID tag
incorporates either a chip–wired rationale or a modified or programmable information processor for
transforming the transmission and sensor information, separately.
A RFID peruse transmits an encoded radio sign to cross examine the tag. The RFID tag gets the
message and then reacts with its identification and other data. This may be just an extraordinary
label serial number, or may be item related data, for example, a stock number, parcel or clump
number, creation date, or other particular data.
Readers
RFID frameworks could be arranged by the kind of label and peruse. A Latent Peruse Dynamic
Label (PRAT) framework has an aloof peruse which just gets radio signs from dynamic labels
(battery worked, transmit just). The gathering scope of a PRAT framework peruse could be balanced
from 1–2,000 feet (0.30–609.60 m), permitting adaptability in applications, for example,

Evaluation Of A Central Security Management System Essay
4.1.3 ENDPOINT ATTACK RESPONSE
When an endpoint is attacked, it should defend itself, report the attack and reconfigure itself to
thwart the attack based on policy. The responsible security management should provide the policy to
the secure agent in the endpoint in response to the attack, or a priori for use when communication
with the server is severed.
4.1.4 REMOTE POLICY MANAGEMENT
A central security management system defines the configuration of the security controls and
functions as a form of a security policy for each endpoint. The security policy is communicated to
the secure agent that authenticates and enforces the policy at the endpoint. Policies can be modified
and updated to the security agent on–demand to address new vulnerabilities or changing concerns in
response to changing circumstances.
4.1.5 LOGGING AND EVENT MONITORING
The security agent must be able to monitor and record events as they occur at the endpoint including
events pertinent to security violation, user login/logout, data access, configuration update,
application execution and communication.
4.1.6 APPLICATION WHITELISTING
Mechanisms should be in place at the endpoint to ensure that only known and authorized application
code (whitelist) including binaries, scripts, libraries are allowed to execute on the endpoint to
prevent the endpoint from being compromised by malicious code. All other execution attempts
should be halted, logged and reported. The security management system may update the

Cryptography Vs. Modern Cryptography Essay
Introduction
Cryptography is the practice and study of techniques for secure communication in the presence of
third parties called adversaries. More generally, cryptography is about constructing and analyzing
protocols that prevent third parties or the public from reading private messages; various aspects in
information security such as data confidentiality, data integrity, authentication, and non–repudiation
are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines
of mathematics, computer science, and electrical engineering. Applications of cryptography include
ATM cards, computer passwords, and electronic commerce.
Main Concept of Cryptography
Cryptography is the science of writing in secret code and is an ancient art; the first documented use
of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non–
standard hieroglyphs in an inscription. Some experts argue that cryptography appeared
spontaneously sometime after writing was invented, with applications ranging from diplomatic
missives to war–time battle plans. It is no surprise, then, that new forms of cryptography came soon
after the widespread development of computer communications. In data and telecommunications,
cryptography is necessary when communicating over any un–trusted medium, which includes just
about any network, particularly the Internet.
Within the context of any application–to–application communication, there are some specific

Security Enhancements Ieee 802.11 Wireless Lans Through...
Sri Harsha Maddineni Z1725592 CSCI 630–3 Security Enhancements in IEEE 802.11 Wireless
LANs through Wired Equivalent Privacy protocol
Introduction:
Wireless networks are less secure when compared to wired networks. Wired networks such as
Ethernet are physically connected, where as in wireless networks are connected through wireless
radio waves without physical connection between them. As a result, a security breach is easier in
wireless networks when compared to wired networks. In the current world, electronic gadgets like
cell phones, ipads and laptops are interconnected with other devices. In wireless device, a network
radio receiver is able to hear the conversations on a wireless channel as per its range. Therefore it is
easier to breach the conversations that are occurring in wireless networks. The data that is
transferred on the internet should be reliable and secure because it might contain personal data
information like bank login details or insurance details etc. To prevent the issues that are happening
over the network, there are different algorithms used in day to day life by software engineers while
designing the network. Among them Wired Equivalent privacy algorithm is most important one. The
main purpose of this algorithm is to produce integrity, reliability and security to data that is
transferred on a wireless network. The thesis that I am writing is used for software engineers who
are interested in implementing WEP protocol for their network designs and

Disadvantages Of SAML: Security Assertion Markup Language
1 INTRODUCTION SAML is an XML based framework for crafting "security assertions" and
exchanging them between entities. SAML is abbreviated as "Security Assertion Markup Language"
and as the name suggests SAML holds a predominant position in the terms of industry acceptance of
identity deployments. With the recent dramatic growth in the web world, industries/ organizations
were able to communicate with each other over internet and the productivity has soared because of
this. Now, SAML facilitates the exchange of the information over the internet. SAML enables
different organizations (with different security domains) to securely exchange authentication and
authorization information. SAML is a flexible and extensible protocol designed to be used. ... Show
more content on Helpwriting.net ...
It allows security systems and application software to be developed and evolve independently. This
is because SAML provides a set of interoperable standard interfaces. Standardizing the interfaces
between systems allows for faster, cheaper, and more reliable integration. Following are some more
concrete benefits of SAML: Platform neutrality: SAML abstracts the security framework away from
platform architecture and particular vendor implementation. This Service–Oriented Architecture
makes the security more independent of application logic Loose coupling of directories: SAML does
not require user information to be maintained and synchronized between directories. Improved
online experience for end users: SAML enables single sign–on by allowing users to authenticate at
an identity provider and then access service providers without additional authentication. Better–
customized user experience is provided by SAML at each service while promoting privacy through
identity federation (linking of multiple identities). Reduced administrative costs for service
providers: Using SAML to 'reuse' a single act of authentication (such as logging in with a username
and password) multiple times across multiple services can reduce the cost of maintaining account
information. This burden is transferred to the identity

Kerberos Essay
Kerberos and Firewalls
Kerberos
Kerberos is defined as an authentication protocol combined with a suite used in implementing the
software (Nicola & Aargau). The authentication protocol has its name derived from the three–
headed dog in the Greek mythology used for guarding the entrance to the underworld. The protocol
involves three entities; the first two are aimed at authenticating one another i.e. the resource center
and user while the third party acts as the key distribution center or the mediator between the two
keys.
Kerberos authentication protocol is based on symmetric key cryptography where the key used for
encryption and decryption is the same. The formula for the protocol is
DK (E K(M)) = M
Where D stands for decryption, K stands for the key, E stands for encryption, M stands for
encrypted text. In case the key is the same for both encryption and decryption procedures, the
decryption process leads to the same plain text as the original text before encryption.
The key distribution center comprises of two components, integrated into one server. These
components are the authentication server and the ticket–granting server. Considering three entities,
that is, the resource center, client and user Z, the request and authentication process works in the
following way. The user Z feeds in a username and password into the client machine, which is
encrypted to form a secret key. The user Z through the client then contacts the authentication server,
which in turn sends the

Implementation Of The Security System
Chapter Five Implementation of the Security System 5.1 Introduction In this chapter will be discuss
the implementation of the security model through the illustrative examples to explain functionality
of the model. In order to test the functionality of the system, a case study application is used. The
proposed case study is a messaging system used to exchange messages between clients under the
control of the server. 5.2 Implementation Tools The proposed system has been built by means of the
following tools: Apache Web Server. Java Script Language. MySQL Database. PHP (Hypertext
Preprocessor) Language. CSS (Cascading Style Sheets) Language. HTML(Hypertext Markup
Language) Language. 5.3 Implementation of the Security System The security system has been
implemented using three layer architecture. The functions of the system will be described briefly as
follow. 5.3.1 Client layer: Home–Page: The implementation of the security system to exchange
messages between the first party (client) and the second party (server) is done by entering through
any browser on the web such as (Opera,Netscape,Google Chrome or Internet Explorer) and load the
home web–page www.myzkp.net . After that the applicant or the first party (client) must enter secret
number such as x. At the same time, the second party (server) will also enter a secret number , such
as y. Both values (x,y) are defined within a specific period agreed in advance between the parties.
The x value entered by

Case Study: Can Backlog And Cloud BPM Be Cooperation?
Can Backlog and Cloud BPM be Cooperation? How to check whether Questetra can cooperate with
other services Since I was consulted by a certain customer about cooperation on Questetra and
Backlog which Nulab Inc. is providing, I organized how to do it. This time, I tried to summarize
how to investigate whether it is possible to collaborate with Questetra and other services, not only
with the Backlog. (fig) * I will supplement since there may be some people who are thinking both
Questetra and Backlog are for managing tasks. Questetra is suited to the work whose flow has been
decided, while Backlog is suitable for flexible work flow. Therefore, they are often used depending
on the characteristics of the target work. This example here, is also one of them. ... Show more
Not limited to Backlog, the points to be confirmed on the side of service which calling Questetra are
as

Mobile Ad Hoc Network Essay
Mobile ad hoc network (MANTE) is a group of wireless mobile computers (nodes) in where they
help each other to forward packets when out of range of direct wireless transmission. When out of
range could mean constantly moving, no base station infrastructure or infrastructure destroyed. Ad
hoc networks can effortlessly and inexpensively be established. Ad hoc network can be easily set up
due to the fact it doesn't require a centralized administrator and doesn't require a fixed network
infrastructure (base station/ access point). With the creation of Ad hoc networks came the problem
of secure routing protocols for this type of network.
Ariadne is one the secure routing protocol which was created to improve ad hoc networking
security. ... Show more content on Helpwriting.net ...
Ariadne can be implemented in three ways to authenticate routing messages: sharing of secret keys
between all pair of nodes, TESLA (broadcasting authentication) with sharing of secret keys, and
digital signatures. Sharing secret keys between nodes "requires n (n–1)/2 keys to be established in
the network" (Anjum, 2007), the keys can be installed by the key distribution center before message
routing. This type of approach creates administrative (someone to distribute the keys) and scalability
(time delay) challenges¬¬. The TESLA approach requires the same type of process as the first, but it
adds a single message authentication code (MAC) to a request message, this creates a security issue
when broadcasting the message where the receiver can impersonate the sender. TESLA then uses
one–way hash chain and clock synchronization to prevent this. The third implementation requires
each node to have a set of asymmetric key and in short requires each node to have certain
computational capability. The focus will be on TESLA implementation assuming each commination
share a MAC key, every node has one–way hash chain capability, all nodes know the authentication
key of the TESLA one–way key chain of every other node, and sender trust the destination source.
Route Discovery consist of two parts: Route Request and Route Reply. Route request message is

Essay on Ethical Issues in Secured Communications
Ethical Issues in Secured Communications
1. Introduction
The outstanding growth of network technologies in the past decade have contributed to millions of
new applications and industries. Literally millions of companies around the world were created to
serve this huge growth. Even though many of those companies did not survive until the present time,
most of the applications did survive and they are still widely used among consumers of all ages,
cultures, and backgrounds.
Most of the widely used applications are not secured. I will define what is meant by a secured
communication later in the paper. However, this paper is more concerned in the way people use
these applications in terms of identity. Many applications allow ... Show more content on
Helpwriting.net ...
2. Background
2.1 Security Background
2.1.1 Secured Communications
Security and privacy are not new concepts. At 400 BC the Greeks used a transposition cipher.
Individual letters were written on a long thin sheet of paper and then wrapped around a cylinder. The
diameter of the cylinder was the key to find out the original letter. In this context, I find it necessary
to give some definitions of related vocabulary in this field.
–Plain text or PT is the original message that we need to send. Usually we do not want others to be
able to know our original message.
–Cipher text or CT is the encrypted plain text which is not readable for others.
–Encryption is the process of changing a secret message (plain text) into a disguised one (cipher
text).
–Decryption is the process of changing the Cipher text back to the original Plain text.

–Cryptography (literally means secret writing) is the science encompassing the principles and
methods of transforming a PT message into a CT one, and then retransforming that message back to
its original form.
–cryptanalysis the study of principles and methods of transforming a CT message back into a PT
message without knowledge of the key. Also called code breaking
–cryptology both cryptography and cryptanalysis
We encrypt the PT to get the CT and then send it on a communication channel. The channel

Information Security Breach
Title: Report on recent breach at First Union Bank
Name: Sandeep K Reddy Udumala
Course: Information Security technology
Professor Name: Mr. Janos Mako
University: Northeastern University
Date: February 15, 2015 Deliverable #1 Hackers and their motives
This current generation of attacks, which includes the advanced persistent threats (APTs), is mainly
focused on acquiring something valuable–sensitive personal details, intellectual property,
authentication credentials, insider information, and the like. Skilled potential hackers tend to spread
malicious bank Trojan viruses that allow remote access to a computer, manipulate a financial
institution's online information system, corrupt data, and impede the quality of an information ...
Show more content on Helpwriting.net ...
Their motivation is pure financial gain.
A data breach, one of the threat exists allows the information and data to go out from the banking
system, making it viewable to others. Some of the examples of potential hazards and which remain
the main motives of the electronic banking system are during on–line transactions, transferring
funds, and minting electric currency, etc.
In a recent report published at the end of last year, it was found that Trojans had been used to target
more than 1,400 financial institutions in 2014, with the top US banks being the main target.
The main reason these attackers pop is for the violation of system security is all about the money,
challenges to intercept data, challenges with acquaintance, data breach, and poor authentication and
authorization. These Hackers have an infinite amount of time to craft a new attack while blacklist–
based security solutions only have a split second to react. If the attack is a zero–day exploit, it will
bypass definition–based security, such as WAFs. The integrity of the system can also be affected,
when these irresponsible people alter and changing the data information in the system, for example
exchange a sum of money to their own account.
It is important to realize how the security aspects in a banking system can influence such

Cryptography : Applied Cryptography Rough Draft
Running Head: Cryptography 1 Cryptography 12
Applied Cryptography Rough Draft
ISSC 431
Professor Christopher Weppler
October 6, 2015
Introduction
Over the years, cryptography has been used to protect secrets, in a military capacity to make sure
that either hackers, enemies of the countries, do not intercept sensitive formation. Ciphers, and
encryption blocks are becoming so hard to break even the best super computers cannot break the
codes in a timely fashion. Encryption has been improved over the years, also has been around for
thousands of years and this paper is intended to explain about different forms of cryptography that
either has been used or is still in use to this day. This paper is about ... Show more content on
Helpwriting.net ...
When coming to creating these types of security is predominately affiliated with the military, federal
agencies, governments and so forth. When talking about computer security cryptography this started
back in the 60?s and this came from a huge demand for the civilian sector to protect critical
information and to transform data into a digital form. Years later in the 70?s IBM took up the
contract and started to create an encryption system for communication systems, and that was known
as DES (Digital Encryption Standard). Now with that being said let 's discuss about identification/
entity authentication technique. There are differences between identification and entity
authentication, states about weak, strong and zero knowledge–based authentication. Entity
authentication procedure is in ?actual time? procedure in the sense that provides a guarantee that the
parties that are involved in carrying out some of the action of validation is functioning at the time of
protocol execution. When passwords come to entity authentication would be considered a weak
authentication. When coming to conventional password schemes that involve time natural outlines,
which involved so–called weak authentication general is between 6 to 10 characters and is a
dictionary word. According to this passage ?Conventional password schemes involve time–invariant
passwords, which provide so–called weak authentication. (Menezes & Oorschot & Vanstone, 1996)
Now, when coming to

Data Security Using Text Based Graphical Essay
DATA SECURITY USING TEXT BASED GRAPHICAL
PASSWORD AND QR CODE
Vishal Pokarne, Pratik Bhosale, Akshay Sanga, ShivamNirhali,
Prof. D. S. Gaikawad
Department of Computer Engineering
SavitribaiPhule Pune University, Pune–411041, India
(vishalpokarne@gmail.com, pratikbhosale8484@gmail.com)
Abstract – Conventional password schemes are vulnerable to shoulder surfing attack and many other
attacks like brute force attack and dictionary based attack. Traditional alphabetical and numeric
passwords have disadvantages from a usability standpoint, and these usability problems translate
into security problems.The system combines the applications effectively in a way to transfer data
securely. System provides data security with the help of ColorCombination authentication, and
cryptography using QR Code Techniques. The universal technique for providing confidentiality of
transmitted data is cryptography. The system provides a method to encoding the data using QR
Code. The information is mainly present in the Color Strip of 8 bits color combination. In this
system data is securely transmitted with the help of 8 bit colors acting as security element thereby
providing authentication using The QR Code.
Keywords –Text Based Graphical Password, Encryption of QR Code, Decryption of OR Code.
I.INTRODUCTION
Here, we are proposing a method for Data Security using Text based Graphical password Scheme &
the color Combination for E–mail system for securing the

Annotated Bibliography On Mobile Cloud Computing
A
REPORT ON
"AUTHENTICATION IN MOBILE CLOUD COMPUTING"
By
SIVA SANTOSH VARMAALLURI
K00351411
JULY 2015
CSEN 5303–002 MOBILE CLOUD COMPUTING
SUMMER–I 2015
TABLE OF CONTENTS
1.0 Introduction
2.0 Authentication Levels
2.1 Cloud Computing Providers
2.2 Third Party
3.0 Existing Authentication Services
3.1 Kerberos
3.2 OpenID
3.3 OAuth
3.4 MDA: A Secure Authentication Scheme
4.0 Authentication Using Finger Print Recognition In Mobile Clouds
5.0 Authentication In GPS Directed Mobile Clouds
6.0 Product Authentication Using QR Codes
6.1 Quick Response Code
6.2 Authentication Performance
6.3 Security Mechanism
6.4 Implementation Data Flow
7.0 Cloudlets Authentication In NFC Based Mobile Computing
8.0 Authentication Using Profiling In Mobile Cloud Computing
8.1 Structure Of User Profile
9.0 Conclusion
References
1.0 INTRODUCTION

The blend of cloud computing and mobile computing presents mobile cloud computing, which
likewise show new issues of security dangers, for example, unapproved access to resources in
mobile cloud. Shielding portable distributed computing from illegitimate access turns into an
imperative concern to mobile clients. Definition of Cloud computing cloud computing is a sort of
on–interest registering strategy that lets clients use IT assets, for example, system, server,
stockpiling, administration, application, so on through Internet when requiring them instead of
owning them. Distributed computing can be considered as a whole of SaaS

Secure Protocols For Wsn : A Comparative Study Of Protocols
SECURE PROTOCOLS FOR WSN A COMPARATIVE STUDY OF PROTOCOLS NAME:
RITIKA SANJEET RUSTAGI USC ID NUMBER: 4205911885 CSCI 530 COMPUTER
SECURITY SYTEMS TILES OF THE PAPER: Abstract Introduction Security requirements of
WSNs Choosing efficient encryption algorithm SPINS TinySec Evaluation of SPINS and TinySec
Conclusion Acknowledgment References I have read the Guide to Avoiding Plagiarism published by
the student affairs office. I understand what is expected of me with respect to properly citing
sources, and how to avoid representing the work of others as my own. The material in this paper was
written by me, except for such material that is quoted or indented and properly cited to indicate the
sources of the material. I understand that using the words of others, and simply tagging the sentence,
paragraph, or section with a tag to the copied source does not constitute proper citation and that if
such materiel is used verbatim or paraphrased it must be specifically conveyed (such as through the
use of quotation marks or indentation) together with the citation. I further understand that overuse of
properly cited quotations to avoid conveying the information in my own words, while it will not
subject me to disciplinary action, does convey to the instructor that I do not understand the material
enough to explain it in my own words, and will likely result in a lesser grade on the paper. Signed
by: ______________________________________ SECURE PROTOCOLS FOR WSN A
COMPARATIVE STUDY

Questions On Amazon, Apple, Google, And Honan Himself
(1) For each of the following actors, make a list of assumptions made by the following actors that
may have appeared valid in isolation, but were not valid in the combination described in Honan 's
article: Amazon, Apple, Google, Twitter, and Honan himself. The following are the list of
assumptions made in isolation by the following actors: Amazon: 1) Amazon allows adding of credit
card information through requests from telephone calls. This makes it convenient for the customer,
but in this case it allowed the hacker to add a part of identity information by just knowing basic
details 2) Amazon allows the user to add an email address by telephone if the credit card
information among other details are known. This seems like a valid procedure by in Honan 's case
the hacker used the self added credit card information. Apple: 1) In a normal case a user who has
information about the billing address, last 4 digits of credit card and email can usually be trusted.
The hacker knew the last 4 digits of the credit card through the Amazon exploit and was able to
access the Apple account 2) Apple 's feature of remote wipe is particularly for the scenario wherein
the customer loses his Mac or iPhone. But by gaining access to the account, the hacker was able to
remote wipe all the devices. 3) As mentioned in the case of Amazon, administration of account
settings through the telephone for the sake of convenience was how the hacker gained control of the
account. Google: 1) Google allows

Unit 7 Wpa2
Wi–Fi Protected Access 2, the follow on security method to WPA for wireless networks that
provides stronger data protection and network access control. It provides enterprise and consumer
Wi–Fi users with a high level of assurance that only authorized users can access their wireless
networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by
implementing the National Institute of Standards and Technology (NIST) FIPS 140–2 compliant
AES encryption algorithm and 802.1x–based authentication. WPA2 resolved vulnerabilities of WEP
to "hacker attacks such as 'man–in–the–middle',
Authentication forging, replay, key collision, weak keys, packet forging, and 'brute–force/dictionary'
attacks By using government grade AES ... Show more content on Helpwriting.net ...
The AES block cipher iterative encryption algorithm as implemented in WPA2 is considered to be
so strong an encryption standard that the National Security Agency uses its 192–bit and 256–bit key
lengths to encrypt Top Secret documents. For now and into the foreseeable future, the use of AES as
implemented in WPA2 should be considered to be unbreakable. The WPA2–Enterprise mode
provides the security needed for wireless networks in business environments. Though more
complicated to set up, it offers individualized and centralized control over access to your Wi–Fi
network. Users are assigned login credentials they must present when connecting to the network,
which can be modified or revoked by administrators at any time. The authentication method used to
verify the user (and server) credentials on WPA/WPA2–Enterprise networks is defined in the IEEE
802.1X standard. This requires an external server called a Remote Authentication Dial In User
Service (RADIUS) or Authentication, Authorization, and Accounting (AAA) server, which is used
for a variety of network protocols and environments including

Application And Device / Hardware Level
The Future
The future of security for IoT needs to be proactive and not reactive, preventive and not remedial. It
is important that we bake in the security into IoT platforms right from the ground up instead of
doing it in piecemeal way as was the case with evolution of modern day operating systems or
internet revolution. Future IoT initiative shall have security shall be holistically implemented at
network, application and device/hardware level. We should definitely leverage wide knowledge base
and research investments we have already made in the embedded systems, OS, web and mobile
security space. Top security software providers, market leaders in the technical corporate space and
federal institutions, and tight laws shall be built to ... Show more content on Helpwriting.net ...
Firewalls: The devices need firewall to block any malicious packets to reach the device. It shall
proper evasive security embedded in the hardware and network layer.
Upgrades: Manufacturers and operators need to be able to remotely upgrade the devices with
patches and upgrades once the device is live. This action shall ensure that functionality of the
devices is not compromised in any way and requires due importance with respect to authentication.
Relationship of Things
Identity Relationship Management is another unique approach to identity management in the world
of IoT. This approach is highly supported by kantara initiative. Few of the interesting things in IRM
approach are:
Internet Scale over Enterprise Scale: In traditional world we used to build castles, borders and
perimeters in the form of VPNs, corporate networks to secure our assets but in the new paradigm
users are accessing from different locations, different devices and times. We need to able to handle
millions of additional identities simultaneously in a scalable way and that too in inter–connected
way.
Modular over Monolithic: IRM solutions of today shall be designed from ground up in integrated,
scalable and modular fashion. Traditional approach to IAM simple doesn't scale in today's world of
acquisitions, mergers and constantly increasing number of connected devices, users and access
points.
Dynamic Intelligence

Terminal Data Capability Emv
Terminal Data Capability
[What is it?]
– Generally, It is a data element that stores information particularly on terminal that can be
individually addressed by tag ID.
Data element resident in the terminal shall be under control of one of the following parties:
Terminal manufacturer: For example, IFD Serial Number
Acquirer/Agent: For example, Merchant Category Code
Merchant: For example, Local Date and Local Time (these may be controlled by either merchant or
acquirer)
Terminal should be constructed in such a way that data which is under control of acquirer is only
initialised and updated by the acquirer (or its agent).
[Types]
1. Application Independent[1] Data:
Terminal ... Show more content on Helpwriting.net ...
|
| | |SDA failed |If SDA is performed but unsuccessful. |
| | |Offline Data Authentication was not performed |If neither SDA nor DDA nor CDA is performed. |
| | |RFU | |
| | | |Reserved for future use |
|2 | | | |
| |Processing Restriction | | |
| |

Implementation Of The Proposed System
Chapter Five Implementation of the Proposed System 5.1 Introduction In this chapter will be discuss
the implementation of the proposed security model through the illustrative examples to explain
functionality of the model. In order to test the functionality of the system, a case study application is
used. The proposed case study is a messaging system used to exchange messages between clients
under the control of the server. 5.2 Implementation Tools The proposed system has been built by
means of the following tools: 1. AppServ is a merging open source software installer package for
Windows includes. a. Apache Web Server. b. PHP Script Language. c. MySQL Database. d.
phpMyAdmin Database Manager. 5.3 Proposed System Implementation The proposed system has
been implemented using three layer architecture. The functions of the system will be described
briefly as follow. 5.3.1 Client layer : A. Home–Page: The first step in the proposed security system
is through the load the home web–page (www.myzkp.net), after that the applicant should enter a
number like x where x represents a secret number here, this secret number will be used in the
authentication process as well as key exchange function as the shown in Figure 5–1 below. Figure
5–1 Home web–page Home page will pass the secret number to the authentication and key exchange
module, which is an implementation of the zero–knowledge proof protocol, that accomplish the
authentication procedure with the addition

Using Lightweight Dynamic User Authentication Scheme
There are many popular authentication protocol schemes and some of them are as follows.
Lightweight Dynamic User Authentication Scheme – In Wireless Sensor Networks the authorized
users can access and communicate with the sensor nodes. This scheme comprises of registration,
login and authentication phases. Based on the predefined period the user registers and gets access to
secure data and restarts if period expires. It states it is secure only against replay and forgery attacks.
And provides many benefits like efficiency, avoiding leakage of password, etc. Lightweight Trust
Model – Usage of this scheme benefits in reducing the memory consumption and energy. And it is
done by three steps such as computing bytes, not storing the value in the transaction table,
consuming 3 bits of memory and also avoids promiscuous operation mode. Lightweight
Authentication Scheme – This requires HMAC and encryption algorithms and decrease the effects
of resource consumption attack. It consists of three phases such as key predistribution phase,
network initialization phase and authentication protocol. Secured Energy Conserving Slot–Based
Topology Maintenance Protocol uses a symmetric key–based authentication mechanism for a
sleep/wake–up schedule of nodes for better energy efficiency and increase in lifetime the network.
Lightweight Key Management Scheme – This reduces the resource consumption and acts as
building block for all mechanisms. It requires less key storage with minimal number of

Sql Injection Attack And Its Effects On The Security Threats
With the advent of Internet, web applications have become a day to day feature in our lives. Also
with the constant usage of online services increasing every day, there has been an equally growing
concern regarding the security threats in web applications. One of the most common attacks
exploiting the vulnerabilities of various types of applications along with web applications is through
the Structured Query Language Injection Attack also known as SQL Injection Attack. Based on a
recent study by OWASP, SQL injection attack has the highest rank in revealing web based
vulnerabilities. One of the major motivation for the attacker to perform SQL injection attack is for
retrieving all the contents from the database without any authorization or permission. It is a code
injection technique where an attacker inserts a malicious query in the original legitimate SQL query.
After the execution of the query, the attacker has the access to the database and can obtain, change,
and update data for which he/she does not have any permission.
In this paper we introduce and expound the SQL Injection attacks. Additionally, we present and
discuss two SQL injection detection and prevention techniques in detail. First of which is utilizing
query tokenization for tackling against SQL Injection (SQLI) attacks. The second one is a hidden
web crawler technique which is an innovative process for discovering SQLI attacks.
2. Introduction
SQL injection attack is one of the most common type of attack

AIS 510 PBL REPORT
ACCOUNTING INFORMATION SYSTEM AIS510 PBL REPORT SEMESTER MARCH–JUNE
2012 Problem Based Learning Session 1 TESCI STORES (MALAYSIA) SDN BHD a. What kind
of information do you think Tesci gathers? (40 marks) Accounting information system is systems
that collect, record, stored and process the data into information for the users for decision making.
However, information is data that organized and process to provide meanings to users. Users
typically need information to make decisions or to improve decisions making process. As a general
rule, users can make better decision as the quantity and quality of information increase. Tesci gather
the information from various type of technology such as computer, mobile phone, ... Show more
First, Tesci need to list out all name of the supplier. After that, Tesci need to compare among the
supplier whose give the reasonable price in buying goods in bulk. Tesci then must evaluate which
supplier they want to cooperate in the long run operation. Besides that Tesci also can gather
information by doing a survey and contents. "A survey is a data collection tool used to gather
information about individuals. Surveys are commonly used in psychology research to collect self–
report data from study participants. A survey may focus on factual information about individuals, or
it might aim to collect the opinions of the survey takers". This survey is to ensure the organization
can get a lot of information from outsiders. By doing this, the organization can allocate the
information according to the various type of people. In addition, "Surveys and Contests, from time
to time, we can requests information from users via surveys or contests. Participation in these
surveys or contests is completely voluntary and the user therefore has a choice whether or not to
disclose this information. Information requested may include contact information (such as name and
address), personal opinion and demographic information (such as zip code, age group, purchasing
influence). Contact information will be used to notify the winners and award prizes. Survey
information will be used for purposes of monitoring or improving the use

A Novel Tree Based Method For Data Hiding And Authentication
A Novel Tree Based Method for Data Hiding and Authentication in Medical Images Sreejith.R
Dr.S.Senthil Research Scholer Associate Professor Reva University Reva University Bangalore
Bangalore. r_sreejith@hotmail.com senthil.s@reva.edu.in Abstract – Telemedicine focus on use of
information and communication technologies in the situation when health care center and the patient
are remotely located. That means that health care services are provided remotely over the distance.
There are several telemedicine services which include transmission of information about patient's
health through text, sound, images and other data forms for the diagnosis treatment, prevention and
follow up of the patient's health status. The role of telemedicine services contributes a lot in health
improvement and its application should be considered favorably valuable. However, it is so much
necessary to be aware that the utilization of different telemedicine solutions includes processing of
patient's data and transferover open network. Thus, this issue should be considered from the
perspective of data protection. Medical images which are stored in health information systems,
cloud platform or other systems seeks attention. Privacy and security of such images

Summary: Public Key Infrastructure
As an Information Security Director at a small software company that utilizes a Microsoft Server
2012 Active Directory. The company is made up of software developers and a relatively small
number of administrative. It would be in the best interest of the company to use a public key
infrastructure (PKI) in order to provide a framework that fosters confidentiality, integrity,
authentication, and nonrepudiation. Email clients, virtual private network (VPN) products, Web
server components, and domain controllers would utilize digital certificates issued by the certificate
authority (CA). Additionally, the company would use digital certificates to sign software developed
by the company in order to demonstrate software authenticity to the customer. PKI supports the
distribution and identification of public encryption keys, enabling users and computers to both
securely exchange data over networks and verifies the identity of the other party. It enhances the
security of data by ... Show more content on Helpwriting.net ...
CAs can be public or in–house. Each have positive and negative characteristics. In–house is easy to
use and manage because the company is not dependent on an external entity for certificates. There is
no per–certificate cost. The down side of in–house is that it is more complicated than using external.
With in–house CA, the security and accountability of Public Key Infrastructure (PKI) is completely
on the organization's shoulder. This is bad if the company is small and does not understand or have
the resources to put toward PKI. External parties tend to trust a digital certificate signed by a trusted
external CA over a certificate from an in–house CA. Integration between an external Certification
Authority (CA) and the infrastructure of the organization is limited. External CA also means
organization need to pay per certificate. Lastly, external CA provides limited flexibility when
configuring, expanding and managing

Cryp Essay
Homework 5 4.2 Consider a "CCA–type" extension of the definition of secure message
authentication codes where the adversary is provided with both a Mac and Vrfy oracle. (a) Provide a
formal definition and explain why such a notion may make sense. (b) Show that when the Mac
scheme is deterministic, your definition is equivalent to Definition 4.2. (c) Show that when the Mac
scheme may be probabilistic, the definitions are not equivalent. (That is, show that there exists a
probabilistic scheme that is secure by Definition 4.2 but not by your definition.) Consideration The
message authentication experiment Mac–forge, Π(n): 1. A random key k ← {0, 1}n is chosen. 2.
The adversary is given oracle access to Mack (·) and Vrfyk (·, ·) and outputs a ... Show more content
on Helpwriting.net ...
Note that in this case the Vrfy oracle behaves exactly the same to the actual Vrfy alogrithm, and the
adversary cannot use the Vrfy oracle to increase its probability of success (see comparison below for
further clarification). To rephrase this, an oracle access to Vrfy does not augment the adversary's
power. If the Mac scheme is probabilistic there exist muiltple tags that one message can possibly
correspond to. Hence, in sharp contrast to the deterministic case, the adversary cannot be certain of
exactly which tag corresponds the message. Now, with an oracle access to Vrfy, the adversary can
simply query this oracle to eliminate some of the possible tags, therefore dramatically increase the
probability of success (Roughly speaking, multiplied by the number of all possible corresponding
tags. But this is limited to polynomial many). That being said, an adversary with oracle access to
Vrfy is more powerful than one without such access. (The adversary can still output any message m
previously queried to the oracle! The definition says nothing about this.) Therefore, This definition
differs from Definition 4.2. 1 4.3 Prove that Construction 4.5 remains secure for each of the
following modifications: (a) Instead of using a pseudorandom function, use any fixed–length MAC
with the appropriate parameters. (b) Instead of including d in every block, set t i = Fk (r ||b ||i ||m i )
where b is a single bit such that b = 0 in all blocks but the last one, and b =

Wireless Network Security ( Cs6526 / Fall 2014 )
WIRELESS NETWORK SECURITY (CS6526/FALL 2014)
ASSIGNMENT # 2
NAME: VIDYA PANGA
NET ID: KS9877
1. What are the security requirements and challenges of MANETs?
Answer:
MANETs (Mobile ad–hoc network) is defined as autonomous collection of wireless mobile nodes
that are self–configure to construct a network that can communicate over relatively bandwidth
constrained wireless links.
In MANETs the security depends on the several parameters are as follows:
Authentication: It enables the mobile nodes to ensure the identity of the nodes they are
communicating with. With this it provides the secure communication among the nodes. It also helps
in identifying the false identity of nodes. This avoids the unauthorized nodes to gain access of the
other nodes.
Confidentiality: It prevents the access to the data for unauthorized users or nodes when two
authorized nodes are communicating .Since MANETs use the open medium, all users present within
the transmission range will have access to the data. The data can be kept confidentially by
performing encryption on it.
Integrity: It prevents the data from being modified or unchanged by the unauthorized users while
transmitting the data. It never discloses the data to the unauthorized users. With this it provides the
users a secure communication without any modifications in the data.
Non repudiation: It ensures that nodes in the MANETs should not deny their responsibility of
actions while sending and receiving the data packets. With the help of

A Brief Note On Peer Communication And The Client Server...
Data Networking
Assignment No: 2
Ans 1.Peer to peer communication provides reliable connection, all the resources are available with
its users, inexpensive and is more robust as compared to the client–server model which is why most
applications use this type of communication. However, certain applications instant messaging, e–
mailing and video calling prefer client–server model to perform certain functions for the reasons that
follows:
 Client–server model is centralized which means all the files that are stored in the same place and
can be easily administered.
 The servers can be accessed remotely making its accessibility easier
 The peers don't need any storage space as the server keeps all the resources and information like
peer to ... Show more content on Helpwriting.net ...
 If about ten computers are connected at a time, then the quality of the communication
deteriorates.
 Back–up and recovery of every workstation connected in the system makes it tedious.
 Full–time system administrator is required.
Ans 2.No, the immediate response will not be sent to the new IP address. When a user access
www.google .com the DNS resolvers through which the website is accessed will cache the
information like the IP address for a particular TTL time which could be few hours. Now, when
changes are made, the DNS resolver all over the world that has not accessed www.google.com
which is very rare will get immediately updated but the ones that have the information cached will
not get updated till the TTL time is over. Hence, the web–cache server will send the information
with the old IP of the website to the user who is accessing the DNS server that has the information
cached and once the TTL time is over the user will be able to access the website with the new IP
address(167.45.45.46).
When a domain name resolving is done, the first place the PC will look into is the root name server(
root NS).
Ans 3.
a) TCP and SSL
Transmission Control Protocol (TCP) Secure Socket Layer (SSL)

 Transport Layer Protocol, helps in transportation of packets  Application layer protocol
 It provided error free and reliable communication  It is a communication security protocol
 TCP is a main protocol  TCP uses SSL to make

Nt1310 Unit 3 Data Analysis

Recommended

Recommended

More Related Content

Similar to Nt1310 Unit 3 Data Analysis

Similar to Nt1310 Unit 3 Data Analysis (15)

More from Jasmine Culbreth

More from Jasmine Culbreth (20)

Recently uploaded

Recently uploaded (20)

Nt1310 Unit 3 Data Analysis