2. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 2
1. INTRODUCTION
Network security deals with the problems of legitimate messages being captured and
replayed. Network security is the effort to create a secure computing platform. The action in
question can be reduced to operations of access, modification and deletion. Many people pay
great amounts of lip service to security but do not want to be bothered with it when it gets in
their way. It’s important to build systems and networks in such a way that the user is not
constantly reminded of the security system. Users who find security policies and systems to
restrictive will find ways around them. It’s important to get their feed back to understand
what can be improved, the sorts of risks that are deemed unacceptable, and what has been
done to minimize the organizations exposure to them. Network security problems can be
divided roughly into four intertwined areas: Secrecy, Authentication, Non-repudiation, and
Integrity control.
Secrecyhas to do with keeping information out of the hands of unauthorized users.
Authenticationdeals with whom you are talking to before revealing sensitive
information or entering into a business deal.
Non-repudiation deals with signatures.
Integrity control deals with long enterprises like banking, online networking.
1.1 WHAT IS NETWORK SECURITY?
System and network technology is a key technology for a wide variety of applications.
Security is crucial to networks and applications. Although, network security is a critical
requirement in emerging networks, there is a significant lack of security methods that can be
easily implemented.
There exists a “communication gap” between the developers of security technology and
developers of networks. Network design is a well‐developedprocess that is based on the Open
Systems
3. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 3
Interface (OSI) model. The OSI model has severaladvantages when designing networks. It
offersmodularity, flexibility, ease‐of‐use, andstandardization of protocols. The protocols
ofdifferent layers can be easily combined to createstacks which allow modular development.
Theimplementation of individual layers can be changedlater without making other
adjustments, allowingflexibility in development. In contrast to networkdesign, secure
network design is not a well-developedprocess. There isn’t a methodology tomanage the
complexity of security requirements.
Secure network design does not contain the sameadvantages as network design.When
considering network security, it must beemphasized that the whole network is
secure.Network security does not only concern thesecurity in the computers at each end of
thecommunication chain. When transmitting data thecommunication channel should not be
vulnerableto attack. A possible hacker could target thecommunication channel, obtain the
data, and decrypt itand re‐insert a false message. Securing the networkis just as important as
securing the computers andencrypting the message.
When developing a secure network, the following need to be considered
1. Access – authorized users are provided the means to communicate to and from
aParticular network
2. Confidentiality – Information in the network remains private
3. Authentication – Ensure the users of the network are who they say they are
4. Integrity – Ensure the message has not been modified in transit
5. Non‐repudiation – Ensure the user does not refute that he used the network
An effective network security plan is developedwith the understanding of security issues,
potentialattackers, needed level of security, and factors thatmake a network vulnerable to
attack.
The stepsinvolved in understanding the composition of asecure network, internet or
otherwise, is followedthroughout this research endeavor.To lessen the vulnerability of the
computer to thenetwork there are many products available. Thesetools are encryption,
authentication mechanisms, intrusion‐detection, security management andfirewalls.
Businesses throughout the world areusing a combination of some of these tools.
“Intranets” are both connected to the internet andreasonably protected from it. The internet
4. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 4
Architecture itself leads to vulnerabilities in thenetwork. Understanding the security issues of
theinternet greatly assists in developing new securitytechnologies and approaches for
networks withinternet access and internet security itself.
The types of attacks through the internet need toalso be studied to be able to detect and
guardagainst them. Intrusion detection systems areestablished based on the types of attacks
mostcommonly used.
Network intrusions consist ofpackets that are introduced to cause problems forthe following
reasons:
To consume resources uselessly
To interfere with any system resource’s intended function
To gain system knowledge that can be exploited in later attacks
The last reason for a network intrusion is mostcommonly guarded against and considered by
mostas the only intrusion motive. The other reasonsmentioned need to be thwarted as well.
5. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 5
1.2 WHAT IS CRYPTOGRAPHY
Cryptography is the science of using mathematics to encrypt and decrypt
data.Cryptographyenables you to store sensitive information or transmit it across insecure
networks (like the internet) So that it cannot be read by anyone expect the intended recipient.
While cryptography is the science of securing data, cryptanalysts are also called attackers.
Cryptology embraces both cryptography and cryptanalysis.
Fig 1.2 : Cryptography
7. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 7
2. LITERATURE SURVEY
Xinmiao Zhang et al (2002) have presented variousapproaches for efficient hardware
implementation of theAdvanced Encryption Standard algorithm. Theyoptimization methods
can be divided into two classes:architectural optimization and algorithmic optimization.
Architectural optimization exploits the strength ofpipelining, loop unrolling and sub-
pipelining. Speed isincreased by processing multiple rounds simultaneously atthe cost of
increased area. Architectural optimization is notan effective solution in feed-back mode.
Loop unrolling is theonly architecture that can achieve a slight speedup withsignificantly
increased area. In non feedback mode, sub pipelining can achieve maximum speed up and the
bestspeed/area ratio. Algorithmic optimization exploitsalgorithmic strength inside each round
unit. Various methods to reduce the critical path and area of each roundunit are presented.
Resource sharing issues between encryptor and decryptor are also discussed. They
becomeimportant issues when both encryptor and decryptor need tobe implemented in a
small area.
P .Prasithsangaree et al(2003) have presented and analyzed the Energy Consumption of RC4
and AES Algorithms in WirelessLANs. The performance metrics were encryptionthroughput,
CPU work load, energy cost and key sizevariation. Experiments show that the RC4 is fast and
energyefficient for encrypting large packets and AES was moreefficient than RC4 for a
smaller packet size. From the results,it appears that we can save energy by using a
combination ofRC4 and AES to provide encryption for any packet size. Pachamuthu
Rajalakshmi et al (2010) havepresented a compact hardware-software co-design ofAdvanced
Encryption Standard (AES) on the fieldprogrammable gate arrays (FPGA) designed for low-
costembedded systems. The design uses Micro Blaze, a soft-core processor from Xilinx. The
computationally intensiveoperations of the AES are implemented in hardware forbetter
speed. By incorporating the processor in the AESdesign, the total number of slices required to
implement theAES algorithm on FPGA is proved to be reduced. The entire AES system
design is validated using 460 slices inSpartan-3E XC3S500E, which is one of the low-cost
FPGAs.
8. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 8
ArchnaGarg et al (2013) has presents an efficient FPGAimplementation approach of the
Advanced EncryptionStandard (AES) Algorithm. In this paper they present twodifferent
architectures of AES named Basic AES and FullyPipelined AES have been designed in
VHDL. The codes havebeen synthesized using Xilinx ISE 9.2i software for a Virtex 3 FPGA
device. AES and Fully Pipelined AES algorithmresult comparison on the basis of power
consumption, Maximum pin Delay, Clock delay, Slice Flip flops. Pallavi Atha et al (2013)
have present The AES algorithm usescryptographic keys of 128, 192, and 256 bits to encrypt
and decrypt datas and This methodology uses VHDLimplementation over FPGA. They have
programmed in Xilinx – 10.1 xst software and implemented on FPGAfamilies which are
Spartan2, Spartan3 and Virtex2 andcalculations of Time, Speed & power have been done
forappropriate output.M. komala subhadra et al (2013) haveproposes an efficient FPGA
implementation of AES usingVHDL. An AES encryptor is designed and implemented
inFPGA. An AES decryptor is also designed and integrated with the AES encryptor to yield a
full functional AESen/decryptor. Xilinx software is used for the simulation andoptimization
of the synthesizable VHDL code. All thetransformations of both Encryption and Decryption
aresimulated using an iterative design approach in order tominimize the hardware
consumption.
10. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 10
3. EXISTING SYSTEM
3.1 KEY PROCESS TECHNIQUE
There are three key process techniques. They are:
Symmetric-key encryption
A symmetric-key encryption
Hash functions
3.1.1 Symmetric-key encryption (one key):
There is only one key in this encryption. That is private key. This key is only used for
both encryption and decryption. This is also called as private-key encryption. In this
method the sender encrypt the data through private key and receiver decrypt that data
through that key only.
3.1.2 Asymmetric-key encryption (two keys):
There are two keys in this encryption. They are:
Public key
Private key
Two keys – a public key and a private key, which are mathematically related, are used in
public-key encryption. To contrast it with symmetric-key encryption, public-key encryption
is also sometimes called public-key encryption. In public key can be passed openly between
the parties or published in a public repository, but the related private key remains private.
Data encrypted with the public key can be decrypted only using the private key. Data
encrypted with the private key can be decrypted only using the public key. In the below
figure, a sender has the receiver’s public key and uses it to encrypt a message, but only the
receiver has the related private key used to decrypt the message.
11. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 11
3.1.3 Hash functions:
An improvement on the public key scheme is the addition of a one-way hash function in the
process. A one-way hash function takes variable length input. In this case, a message of any
length, even thousands or millions of bits and produces a fixed-length output; say, 160-bits.
The function ensures that, if the information is changed in any way even by just one bit an
entirely different output value is produced.
Fig : 3.1.3 Hash Function
As long as a secure hash function is used, there is no way to take someone’s signature from
one documents and attach it to another, or to alter a signed message in any way. The slightest
change in signed documents will cause the digital signature verification process to fail.
13. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 13
4. PROPOSED SYSTEM
Elliptic Curve Cryptography (ECC) has already been invented but its advantages and
disadvantages are not yet fully understood. ECC allows to perform encryption and
decryption in a drastically lesser time, thus allowing a higher amount of data to be passed
with equal security. However, as other methods of encryption, ECC must also be tested and
proven secure before it is accepted for governmental, commercial, and private use.
Quantum computation is the new phenomenon. While modern computers store data using
a binary format called a "bit" in which a "1" or a "0" can be stored; a quantum computer
stores data using a quantum superposition of multiple states. These multiple valued states
are stored in "quantum bits" or "qubits". This allows the computation of numbers to be
several orders of magnitude faster than traditional transistor processors.
To comprehend the power of quantum computer, consider RSA-640, a number with 193
digits, which can be factored by eighty 2.2GHz computers over the span of 5 months, one
quantum computer would factor in less than 17 seconds. Numbers that would typically take
billions of years to compute could only take a matter of hours or even minutes with a fully
developed quantum computer.
In view of these facts, modern cryptography will have to look for computationally harder
problems or devise completely new techniques of archiving the goals presently served by
modern cryptography.
15. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 15
5.1ADVANTAGES
Cryptography is an essential information security tool. It provides the four most basic
services of information security −
Confidentiality − Encryption technique can guard the information and communication
from unauthorized revelation and access of information.
Authentication − The cryptographic techniques such as MAC and digital signatures can
protect information against spoofing and forgeries.
Data Integrity − The cryptographic hash functions are playing vital role in assuring the
users about the data integrity.
Non-repudiation − The digital signature provides the non-repudiation service to guard
against the dispute that may arise due to denial of passing message by the sender.
All these fundamental services offered by cryptography has enabled the conduct of business
over the networks using the computer systems in extremely efficient and effective manner.
16. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 16
5.2 DISADVANTAGES
Apart from the four fundamental elements of information security, there are other issues that
affect the effective use of information −
A strongly encrypted, authentic, and digitally signed information can bedifficult to
access even for a legitimate user at a crucial time of decision-making. The network or
the computer system can be attacked and rendered non-functional by an intruder.
High availability, one of the fundamental aspects of information security, cannot be
ensured through the use of cryptography. Other methods are needed to guard against the
threats such as denial of service or complete breakdown of information system.
Another fundamental need of information security of selective access control also
cannot be realized through the use of cryptography. Administrative controls and
procedures are required to be exercised for the same.
Cryptography does not guard against the vulnerabilities and threats that emerge from
the poor design of systems, protocols, and procedures. These need to be fixed through
proper design and setting up of a defensive infrastructure.
Cryptography comes at cost. The cost is in terms of time and money −
o Addition of cryptographic techniques in the information processing leads to
delay.
o The use of public key cryptography requires setting up and maintenance of public
key infrastructure requiring the handsome financial budget.
The security of cryptographic technique is based on the computational difficulty of
mathematical problems. Any breakthrough in solving such mathematical problems or
increasing the computing power can render a cryptographic technique vulnerable.
18. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 18
6. APPLICATION
6.1 SECRECY IN TRANSMISSION
Most current secrecy systems for transmission use a private key system for transforming
transmitted information because it is the fastest method that operates with reasonable
assurance and low overhead.
If the number of communicating parties is small, key distribution is done periodically with a
courier service and key maintenance is based on physical security of the keys over the period
of use and destruction after new keys are distributed.
If the number of parties is large, electronic key distribution is usually used. Historically, key
distribution was done with a special key-distribution-key (also known as a master-key)
maintained by all parties in secrecy over a longer period of time than the keys used for a
particular transaction. The "session-key" is generated at random either by one of the parties or
by a trusted third party and distributed using the master-key.
The problem with master-key systems is that if the master-key is successfully attacked, the
entire system collapses. Similarly, if any of the parties under a given master-key decides to
attack the system, they can forge or intercept all messages throughout the entire system.
Many complex private-key systems for reducing some of these problems have been proposed
and used for various applications.
With the advent of public-key systems, secrecy can be maintained without a common master-
key or a large number of keys. Instead, if Bob wants to communicate with Alice, Bob sends
Alice a session-key encrypted with Alice's public key. Alice decrypts the session-key and
uses that over the period of the transaction.
These are examples of cryptographic protocols, methods for communicating while attaining a
particular cryptographic objective. These protocols are used primarily to deal with key
management and system misuse problems. Many other protocols are applied to eliminate
other attacks on these systems.
19. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 19
6.2 SECRECY IN STORAGE
Secrecy in storage is usually maintained by a one-key system where the user provides the key
to the computer at the beginning of a session, and the system then takes care of encryption
and decryption throughout the course of normal use. As an example, many hardware devices
are available for personal computers to automatically encrypt all information stored on disk.
When the computer is turned on, the user must supply a key to the encryption hardware. The
information cannot be read meaningfully without this key, so even if the disk is stolen, the
information on it will not be useable.
Secrecy in storage has its problems. If the user forgets a key, all of the information encrypted
with it becomes permanently unusable. The information is only encrypted while in storage,
not when in use by the user. This leaves a major hole for the attacker. If the encryption and
decryption are done in software, or if the key is stored somewhere in the system, the system
may be circumvented by an attacker. Backups of encrypted information are often stored in
plaintext because the encryption mechanism is only applied to certain devices.
21. CRYPTOGRAPHY & NETWORK SECURITY
J.I.E.M.S AKKALKUWA Page 21
CONCLUSION:
Network security is a very difficult topic. Everyone has a different idea of what “security” is,
and what levels of risks are acceptable. The key for building a secure network is to define
what security means to your organization. Once that has been defined, everything that goes
on with. The network can be evaluated with respect to the policy. Projects and systems can
then be broken down into their components, and it becomes much simpler to decide whether
what is proposed will be conflict with your security policies and practices.
Security is everybody’s business, and only with everyone’s cooperation, intelligent policy,
and consistent practices, will it be achievable.
Cryptography protects users by providing functionality for the encryption of data and
authentication of other users. This technology lets the receiver of an electronic messages
verify the sender, ensures that a message can be read only by the intended person, and assures
the recipient that a message has not be altered in transmit. The Cryptography Attacking
techniques like Cryptanalysis and Brute Force Attack. This paper provides information of
Advance Cryptography Techniques.
FUTURE SCOPE:
The update technology has many characteristics that, new policy is established and appended
at the initiation ofthe present policy. New updated policy is created without any similar
protocols. After the firewall updating andnew configuration, the present implemented firewall
has the uniqueness that the firewalls security policiesprotocols are based on the defined and
develop rules’to manage the firewall to be utilized. For accuracy indetection and removing
possible misconfiguration from the updated policy, it seems rectification algorithms,which
determine potential errors, and also investigation in redundancy and shadowing is required