Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Smart x


Published on

Published in: Technology
  • Be the first to comment

Smart x

  1. 1. 2012 Third International Conference on Intelligent Systems Modelling and Simulation SmartX – Advanced Network Security for Windows Opearating System Rushabh Luniya, Ankit Agarwal, Mayank Bhatnagar, Vishal Rathod, Delnaz Unwalla Department of Information Technology, Pune Institute of Computer Technology Pune, India Abstract—A software framework for secure and efficient communication between two nodes using the Windows II. CURRENT SCENARIO Operating system is proposed. The proposed system aims to Virtual Private Network is a private network which overcome the drawbacks of virtual private network, by makes use of the public network (mostly Internet) in order reducing the number of buffer copies and the protocol to associate remote sites or users together. Its fundamental overhead. It involves only a single copy of the data and a single context switch thus creating a tunnel between the two objective is to provide a secure and reliable private end points. It uses the patent mutual identity algorithm to connection. It allows a legitimate remote user to become secure the two end points of a tunnel. It uses a 128 bit an active component of a central network, using the advanced encryption standard algorithm for identical network scheme and addressing as the users on encryption/decryption. This framework resides on the NDIS the central network. VPN’s necessitate accurately (Network Driver Interface Specification). It performs a set authenticating the remote users, and often securing data of modifications on each network packet which is about to with encryption technologies to preclude disclosure of hit the wire. The system eliminates the drawback of VPN confidential information to unauthorized parties [3] [6]. A system by increasing the throughput and reducing the Secure VPN involves IPSec. processing overhead. Keywords- TCP protocol, NDIS, Windows Opearting System, Network security I. INTRODUCTION In the world of computers, security is the most imperative and foremost aspect. High data transfer rates and high throughput computers are of utmost importance. Therefore, various security aspects come into picture. Present system employs TCP/IP protocol for data exchange. Virtual Private Network allow any valid remote user to become part of a corporate central network, using the same network scheme and addressing as users on this central network. In the current Virtual Private Network Fig. 1 Virtual Private Network (VPN) scenario, there are certain drawbacks. Firstly, if a computer is connected to a VPN based network, all additional devices connected to it will also gain access A. Advantages to it. So, the network is vulnerable to attacks. Secondly, the number of copies created during context switching, • Extended connections across various geographic when a packet travels from one terminal to another, results locations without using a leased line. in inefficient memory management [8]. Hence, it • Enhanced security for exchanging data using consumes considerable amount of CPU time. To advanced encryption and authentication protocols. overcome this SmartX is being developed that would reside in Network Driver Interface Specification (NDIS). • Allows adding unlimited amount of capacity to the It deals to authenticate the end users using Mutual-Identity network without adding significant infrastructure [7]. which is a patent product and to encrypt and decrypt every packet of data that is being sent or received. The basic B. Disadvantages aim of the project is to eliminate the drawbacks of Virtual Private Networks and provide an additional level of • If a workstation is connected to an IPSec based security to the current communication system. network, all additional devices connected to it will also gain access to that workstation. Hence, the978-0-7695-4668-1/12 $26.00 © 2012 IEEE 680 678DOI 10.1109/ISMS.2012.43
  2. 2. network is vulnerable to attacks.• An off-site user has intricacy connecting to the private network, due to corporate firewalls.• IPSec can inflict high CPU overhead on VPN gateways due to the processing obligatory for packet encryption/decryption and authentication.• There is packet loss in VPN networks [8]. II. DETAILS OF NDIS ARCHITECTURE NDIS is an acronym for Network Driver InterfaceSpecification. It performs a set of functions for thenetwork adapter drivers’ for instance registering and Fig. 3 Detailed NDISapprehending hardware interrupts or communicating withunderlying network adapters. There are two major types of NDIS drivers which are It permits a range of transport protocols like IPX, described here:TCP/IP and Native ATM to communicate with networkadapters and other hardware devices. Once the A. NDIS Intermediate Driverscommunication between the network adapter and the Intermediate drivers or IM drivers are situated betweentransport protocols has been accomplished, then the the Internet Protocol Layers and the MAC. The entireexchange of packets or data can take place over the network traffic that is being received by the NIC card cannetwork in-use [2]. An imperative aspect of NDIS is that be controlled and scrutinized by the NDIS IM allows the components of higher-level protocols to be Two types of interfaces are implemented by the NDISindependent of the network adapter by means of a IM drivers: the protocol interface and the miniportstandard interface. interface. The miniport driver and protocol driver both reside in the IM driver, and they communicate with the miniport interface and the protocol interface respectively. There are two types of NDIS IM drivers: • LAN Emulation IM Driver: It is accountable for transmuting the connectionless Transport’s LAN format to the connection oriented format. ATM is a paradigm of such a connection oriented format. It transforms the packets in a format that can be dispatched over a separate and a diverse medium. • Filter Driver: Their objective is to perform exclusive operations and procedures on those packets that are transferred using or through them. Exclusive operations resembling packet tracing, encryption and compression can be performed on the packets. Fig. 2 Communication between NDIS’ of terminals B. NDIS Protocol Drivers The Windows library offers a fully standardizedinterface to implement a customized network adapter The second type of NDIS driver is the NDIS Protocoldriver for the Windows Operating system. The network Driver designed for the purpose of exporting a completearchitecture of Windows 2000 supports NDIS. NDIS in set of functions to the lower edge of the transport protocolWindows 2000 encompasses of a special code file by the stack. The Protocol driver communicates with the NDISname Ndis.sys, also known as the NDIS wrapper. The in order to receive or transmit the packets. It binds to anNDIS drivers are completely bounded by the NDIS IM driver or an underlying miniport driver which thenwrapper. Its key functionality is to provide a consistent exports interface to the upper edge of the stack. Aninterface between the NDIS device drivers and the imperative aspect of the NDIS Protocol Driver is that itprotocol drivers. Additionally, the NDIS wrapper also may also sustain the Transport Driver Interface or the TDIencloses certain supporting routines that assist in at the Upper edge. Additionally, it can also exportdeveloping the NDIS drivers and make the overall interface to a high-level KM (Kernel-Mode) driver [2]. Itdevelopment process easier [4] [5]. can be achieved through a transport stack of drivers, 681 679
  3. 3. which can include the stack that supports the TransportDriver Interface. NDIS protocol drivers continuously make use of thefunctions provided by the NDIS in order to communicatewith the underlying NDIS drivers. For instance, there is aprotocol driver using a connectionless lower-edge (maybe using Token Ring or Ethernet) that wishes to transmitpackets to the underlying NDIS driver; in such a case, theprotocol driver has to make a call of NdisSendPackets orNdisSend. In order to set the Object Identifiers (OIDs) ofthe connectionless drivers, the protocol driver has tosummon NdisRequest. If a protocol driver makes use of a Fig. 4 Internals of SmartXconnection oriented lower edge (e.g. ATM) then theprotocol driver must call NdisCoSendPackets in order to Wireless networks are particularly prone to suchdispatch network packets to the lower-edge or lower level sniffing attacks and applications within anNDIS driver. For setting those OIDs that are supported by organization customarily do not secure the data.connection oriented drivers, the protocol driver has to call Hence, by securing the data at the network level it isNdisCoRequest [4]. ensured that all the data flowing out of a particular node is safeguarded. When an out-bound packet Protocol Drivers are more portable and manageable arrives at the NDIS module, the module encrypts theamongst Microsoft OS that makes use of NDIS versions entire packet (i.e. from the start of the Ethernet headerof such functions. For the operating system to support till the end of the data) and creates one or more UDPthese protocol drivers, it must also support the Win32 packets out of it. If the size of the encrypted packetinterface. exceeds the MTU then it is split into two UDP packets. The UDP packets are then dispatched to the destination III. PROPOSED SOLUTION nodes where they are reassembled, if required and then decrypted [1]. The software to be developed would SmartX is a framework which secures the data provide a more efficient and secure method of packet flowing in a network. The framework employs an exchange over a network. Packets transmitted using infrastructure, called Mutual-Identity, to authenticate VPN are prone to both active and passive attacks. The two workstations in a network and create a secure authentication of the 2 workstations trying to exchange tunnel between the two endpoints. It is obligatory for packets over the network is done using Mutual- each endpoint to contain a SmartX enabled module Identity. After successful authentication a tunnel is which performs a set of alterations on each network established between the 2 workstations. An entry point packet which is about to hit the wire. would be programmed in the NDIS code by means of For Windows based systems, the module is a NDIS which the packets would be captured. These packets (Network Driver Interface Specification) module which would then be processed by a 128-bit Advanced is installed just above the network driver module. When Encryption Standard (AES 128-bit) encryption scheme a network packet originates from one of the applications and would then be passed on to the tunnel for and is to be passed on to the NIC driver, the NDIS delivery.At the receiver’s end, the packet would be module intercepts the packet, encrypts it and then seized and would undergo the decryption to obtain the forwards it to the NIC. When a packet arrives at the original packet. The output packet obtained would NIC and is about to be forwarded to the application, then be sent up to the OSI layers for processing. the NDIS module decrypts the packet and forwards it to the concerned application. The keys used for the encryption/decryption are IV. APPLICATIONS provided by the Mutual-Identity key management infrastructure. Each participating node has a set of • Systems using SmartX will have better CPU user-space applications which perform Mutual-Identity performance due to reduced context switches and authentication with the other nodes before transacting memory copies and improved security aspects. data. Once the Mutual-Identity authentication is over, • It will eliminate the drawbacks involved in VPN each of the two sides arrive at a set of keys which systems by usage of Mutual-Identity, which is a more they utilize for data protection. The data flowing in a secure way of performing online transactions. given network can be sniffed unless the applications transacting the data have taken adequate measures in protecting the data. 682 680
  4. 4. • SmartX proves to be helpful particularly in resistant over the network. Applications like encryption of applications such as e-banking, defense, e-life data, compression of packets, and increased transfer rate insurance. can be easily added to this software. It will also provide• Provides Cloud Security. security in Cloud and will be beneficial for various applications such as e-banking, e-life Insurance. V. RESULT REFERENCESWhen a packet arrives at NIC, the packet is encryptedusing a session key for mutual authentication which is [1]. Suk Lee, Jee Hun Park, Kyoung Nam Ha, Kyung Chang Leeprovided by patent mutual identity algorithm. When this “WirelessNetworked Control System Using NDIS-based Four-Layer Architecture for IEEE 802.11b” – 2008packet hits the wire for transmission it is highly secured [2]. He chaokai “Design and implementation of a personaland resistant to the attack on the network. The throughput firewall Based on NDIS Intermediate Drivers”, Eighth ACISof the system is increased to a large extent by avoiding International Conference on Software Engineering, Artificialthe creation of multiple copies of the same data and Intelligence, Networking, and Parallel/Distributedreducing the number of context switches. The processing Computing, 2007.overhead of the system is also reduced by [3]. Yunhe Zhang, Zhitang Li, Song Mei, Cai Fu “Session-basedencrypting/decrypting the packet within the system itself Tunnel Scheduling Model in Multi-link Aggregate IPSecby eliminating the need of extra protocol overhead. VPN”, 2009 Third International Conference on Multimedia and Ubiquitous Engineering. VI. CONCLUSION [4]. Jee Hun Park, Kyoung Nam Ha, Suk Lee, Kyung Chang Lee “Performance Evaluation of NDIS-based four-layer architecture with virtual scheduling algorithm for IEEE Currently, VPN systems are being utilized throughout 802.11b”, International Conference on Control, Automationthe world. SmartX will eliminate the drawbacks involved and Systems 2007 Oct. 17-20, 2007 in COEX, Seoul, the Virtual Private Networks. It will thus improve the [5]. Shuo Dai, Ye Du “Design and Implementation of Dynamicprocessing time of CPU and allow CPU to perform other Web Security and Defense Mechanism based on NDISwork simultaneously during context switching. SmartX is Intermediate Driver”, 2009 Asia-Pacific Conference onfor the Windows operating system and it can also be Information Processing.implemented for the Linux based system. It improves the [6]. William Sax, Carleton Jillson, William Wollman, Harrymemory management scheme. The major contribution of Jegers, “Experience with Prefix Discovery Servers and IPSecthe paper is to demonstrate the drawbacks of the Virtual VPN Gateways”.Private Network and show how the SmartX will eliminate [7]. Olalekan Adeyinka, “Analysis of IPSec VPNs Performance inits drawback and make the communication more secure A Multimedia Environment”. [8]. Olalekan Adeyinka, “Analysis of problems associated withand efficient. The SmartX will provide the additional IPSec VPN Technology”.level of security to the current world of communicationsystem. It makes the packet more secure and attack 683 681