Security Algorithm in Computer Networks: A SurveyPaper Rutvi Dresswala16BCE0310* *Under the guidance of Prof.
Anand M, VelloreInstitute of Technology, Vellore, Tamil Nadu Abstract: We live in a world where computer are nolonger a luxury but a need. Everything and everyone is connected throughcomputer networks. With every passing day, we are more dependent on computernetworks for communication. The threats to this system is increasing andtherefore securing this system is of utmost importance. This paper outlines thevarious algorithms and protocols used to secure this networks at the rootlevel.
1. Introduction: A computer network refers to theconnections of a set of computers to share data and resources. Shared resourcesincludes hardware like a printer, a file server or the most common of all, Internet.
Thus, we can conclude that these networks play an integral role inour day to day activities. There are two kinds of computer networkmodels1: 1. 1OSI Model : OSI (open system interconnection) is a setof protocol developed by ISO that allows communication between differentsystems. It is a layered framework that provides interoperability. 1. 2TCP/IP Model: TCP/IP (transmission control protocol/internet protocol) is the internet model. It was developed by ARPANET (AdvancedResearch Project Agency Network) Both of these models have various layersas shown in figure1. In this paper we are going to summarize the algorithmsand protocols used in four of these layers.
2. Application Layer It is the user interface layer. Itprovides access to the network resources and support services. This layerprovides services like email, file transfer, etc. In this section we are goingto discuss two important security mechanisms for applications layer. 2. 1PGP(Pretty Good Privacy) PGP was invented by phil Zimmermann toprovide e-mail message to store a file securely for future retrieval. In PGP, the sender signs the message and creates a digest of the message.
He then signsthe digest with his private key. The receiver verifies the message by using thesender’s public key. A further improvement to this system is the compression ofthe message and the digest for ease of traffic. Algorithms used in PGP: 2. 1. 1Public Key Algorithms: The public keyalgorithms that are used for signing the digest or encrypting the messages arelisted: ID Description 1 RSA(encryption or signing) 2 RSA(for encryption only) 3 RSA(for signing only) 16 ELGamal (encryption only) 17 DSS 18 Reserved for elliptic curve 19 Reserved for ECDSA 20 ELGamal (for encryption or signing) 21 Reserved for Diffie-Hellman 100-110 Private algorithms 2. 1. 2.
Symmetric-key Algorithms: The symmetric-keyalgorithms that are used for conventional encrypting: ID Description 0 NO ENCRYPTION 1 IDEA 2 Triple DES 3 CAST-128 4 Blowfish 5 SAFER-SK128 6 Reserved for DES/SK 7 Reserved for AES-128 8 Reserved for AES-192 9 Reserved for AES-256 100-110 Private Algorithms 2. 1. 3. HashAlgorithms: The hash algorithm that are used forcreating hashes in PGP: ID Description 1 MD5 2 SHA-1 3 RIPE-MD/160 4 Reserved for double width SHA 5 MD2 6 TIGER/192 7 Reserved for HAVAL 100-110 Private algorithms 2. 1. 4. Compression Algorithm: The compressionalgorithms that are used for compressing the text: ID Description 0 Uncompressed 1 ZIP 2 ZLIP 100-110 Private Methods 2.
2. S/MIME: MIME is a supplementary protocol thatallows non ASCII data to be sent through email. MIME transforms non-ASCII dataat the sender site to NVT ASCII data and delivers it to the client MTA to besent through the internet.
The message at the receiving side is transformedback to the original data. MIME supports the following type of data:? Text? Plain: Unformatted? HTML: HTML Format? Multipart? Mixed: Body contains ordered parts of different type of data? Parallel: Same as above, but no order.? Digest: Similar to mixed, but the default is message/RFC822? Alternative: Parts are different versions of the same message? Message? RFC822: Body is an encapsulated message.? Partial: Body is a fragment of a bigger message.? Externalbody: Body is a reference to another message.? Image? JPEG: Image is in JPEG format? GIF: Image in GIF format? Video? MPEG: Video in MPEG format? Audio? Basic: Single encoding of voice at 8KHz? Application? PostScript: Adobe PostScript? Octet-stream: General binary data (eight-bit bytes) A MIME message has five headers tocomplete its transformation. Each header defines a particular parameter thatsupports this transformation. The five header fields are the following: 01.
MIME-Version02. Content-type03. Content-Transfer-Encoding: This is the way to encode the data into 0’s and 1’sa. 7bitb. 8bitc. Binaryd. Radix-64e. QuotedPrintable04.
Content-Id05. Content-Description The SMIME adds a few new content types tothe existing 7 data type of mime with added security measures. In this paper wewill no go into details of the following types. The following are the addeddata types: 1.
Single-datacontent type2. Enveloped-datacontent type3. Digested-datacontent type4. Encrypted-datacontent type5. Authenticated-datacontent type Cryptographic Algorithms used in S/MIME Algorithm Sender must support Receiver must support Sender should support Receiver should support Content-encryption algorithm Triple DES Triple DES AES RC2/40 Session-key encryption algorithm RSA RSA Diffie-Hellman Diffie-Hellman Hash algorithm SHA-1 SHA-1 MD5 Digest-encryption algorithm DSS DSS RSA RSA Message-authentication algorithm HMAC with SHA-1 3. Transport Layer End-to-end communication in a computernetwork system is provided by transport layer.
It ensures logical communication inbetween application processes that are running on different hosts in a layeredarchitecture of protocols and other network components. There are two majorarchitectures to secure this layer. 3. 1 Secure Sockets Layer (SSL)Protocol SSL provides numerous services to the data that it receives from theapplication layer.
? Fragmentation: The received data is divided intoblocks of 2^14 or less.? Compression: The fragmented data is compressed. This is an optional service thus there isn’ta specific default compression algorithm. The default is method is NULL.
? Message Integrity: Data integrity is preserved usingkey-hash function to create MAC. The following algorithms can be used for this:? Null? MD5? SHA-I? Confidentiality: Symmetric key cryptography is usedto encrypt the MAC and original data. The following algorithms can be used forthe same:? Null? Stream RC4? RC4_40? RC4_128? Block RC2_CBC_40? Block DES? DES40_CBC? DES_CBC? 3DES_EDE_CBC? Block IDEA_CBC? Block FORTEZZA_CBC? Framing: The encrypted payload is given a header andthen given further to the transport layer protocol. The key exchange in the following system is done through the followingalgorithms:? NULL? RSA(encryption)? Anonymous Diffie-Hellman? Ephemeral Diffie-Hellman(RSA or DSS)? Fixed Diffie-Hellman(RSA or DSS)? Fortezza 3.
2. Transport LayerSecurity(TLS) TLS protocol is the IETF standardized version of SSL. The two protocolsare very similar apart from the minor differences.
For example, the keyexchange algorithm in TLS does not support Fortezza. These differences does notnecessarily give a more secure network. Both, TLS and SSL are equally secureprotocols. 4. Networklayer In the seven-layer OSI modelof computer networking, the network layer is layer three. The network layer isaccountable for packet forwarding as well as routing through intermediaterouters.
It provides the means of transferring variable-length network packetsfrom a source to a destination host via one or a lot of networks. among theservice layering semantics of the OSI network architecture, the network layerresponds to requests from the layer above and problems service requests to thedata link layer. In this section we are going to discuss only one security protocol. 4.
1. IPSec IP Security(IPSec) is a collection of protocol that is designed by theengineers at Internet Engineering Task Force(IETF). It was designed to cater tothe security at the network layer. The important security functions of IPSecare:· Confidentialityo Enables communicating nodes to encrypt messageso Prevents eavesdropping by third parties· Origin authentication and data integrityo Provides assurance that a received packet wasactually transmitted by the part identified as the source in the packet headero Confirms that the packet has not been altered orotherwise.
· Key Managemento Allows secure exchange of keyso Protection against certain types of securityattacks, such as replay attacks 5. Data Link Layer The data link layer or layer two is thesecond layer of the seven-layer OSI model of pc networking. This layer is thatthe protocol layer that transfers information between adjacent network nodes ina wide area network (WAN) or between nodes on a similar local area network(LAN) phase. The data link layer offers the purposeful and procedural means totransfer data between network entities and would {possibly} provide the meansto discover and possibly correct errors which will occur within the physicallayer. In this section we are going to look atthe algorithms used to secure wireless networks. 5. 1Wired Equivalence Privacy (WEP) Itis an encryption algorithm built into the 802. 11 standard to secure wirelessnetworks.
WEP encryption uses the RC4 (Rivest Cipher 4) stream cipher with40-bit/104-bit keys and a 24-bit initialization vector. It can also provideendpoint authentication. Itis, however, the weakest encryption security mechanism, as a number of flawshave been discovered in WEP encryption. WEP also does not have authenticationprotocol.
Hence, using WEP is not highly recommended. 5. 2WIFI Protected Access(WPA) This protocol implementsthe majority of the IEEE 802. 11i standard. It existed before IEEE 802. 11i anduses RC4 algorithm for encryption.
It has two modes of operation. In’Enterprise’ mode, WPA uses authentication protocol 802. 1x to communicate withauthentication server, and hence pre-master keys (PMK) is specific to clientstation. In ‘ Personal’ mode, it does not use 802. 1x, PMK is replaced by apre-shared key, as used for Small Office Home Office (SOHO) wireless LANenvironments 6.
Conclusion Throughout the paper we have gone throughvarious protocols and the algorithms used in them to protect a computernetwork. All of this protocols are very difficult to break and thus shows theemphasis of security in computer networks. Therefore, we can conclude that fora very secure network a combination of these protocols is required rather thanjust one.
7. References 1. MohanV Pawar, Anuradha J, “ Network Security and Types Of Attack in Network”. 2. BehrouzA. Forouzan, “ Cryptography & Network Security”.
3. RaghvendraK., Sumith Nireshwalya, “ Application Layer security issues and its solutions”. 4. M. Elkins, “ MIME Security with Pretty Good Protocol(PGP)”.
5. AlmaWhitten, J. D.
Tygar, “ A usability evaluation of PGP 5. 0”. 6.
S. Dusse, P. Hoffman, “ S/MIME Version 2 Message Specification”. 7.
WilliamStallings, “ Cryptography and Network Security”. 8. T. Dierks, E. Rescorla, “ The Transport LayerSecurity Protocol” 9. J. F.
Zandbelt, “ Transport Layer Security using DNSSEC”. 10. J. Salowey, “ TLS session resumption without Server-Side state”. 11.
P. Chown, “ Advanced Encryption Standard (AES) ciphersuites for Transport LayerSecurity(TLS)”. 12. TimothyG Shoriak, “ SSL/TLS Protocol Enablement for Key Recovery”. 13. Bernardo C. V Camilo, “ Assessing the impact ofIPSec cryptographic algorithm on a virtual network embedding problem”.
14. TaskinKochar, “ A WEP post processing algorithm for a robust 802. 11 WLANimplementation”. 15. PoonamJindal, “ Quantitative Analysis of security performance in wireless LANS”.