UNIVERSITI PUTRA MALAYSIA SECURITY STUDY AND ENCRYPTION / DECRYPTION METHOD MAJDI TAYSIR AL-QDAH FK

Similar documents
AN IMPROVED PACKET FORWARDING APPROACH FOR SOURCE LOCATION PRIVACY IN WIRELESS SENSORS NETWORK MOHAMMAD ALI NASSIRI ABRISHAMCHI

DEVELOPMENT OF A MOBILE ROBOT SPATIAL DATA ACQUISITION SYSTEM OOI WEI HAN MASTER OF SCIENCE UNIVERSITI PUTRA MALAYSIA

DETECTION OF WORMHOLE ATTACK IN MOBILE AD-HOC NETWORKS MOJTABA GHANAATPISHEH SANAEI

UNIVERSITI PUTRA MALAYSIA KEY TRANSFORMATION APPROACH FOR RIJNDAEL SECURITY

BORANG PENGESAHAN STATUS TESIS

ENHANCING TIME-STAMPING TECHNIQUE BY IMPLEMENTING MEDIA ACCESS CONTROL ADDRESS PACU PUTRA SUARLI

SYSTEMATIC SECURE DESIGN GUIDELINE TO IMPROVE INTEGRITY AND AVAILABILITY OF SYSTEM SECURITY ASHVINI DEVI A/P KRISHNAN

HARDWARE AND SOFTWARE CO-SIMULATION PLATFORM FOR CONVOLUTION OR CORRELATION BASED IMAGE PROCESSING ALGORITHMS SAYED OMID AYAT

IMPLEMENTATION OF UNMANNED AERIAL VEHICLE MOVING OBJECT DETECTION ALGORITHM ON INTEL ATOM EMBEDDED SYSTEM

STATISTICAL APPROACH FOR IMAGE RETRIEVAL KHOR SIAK WANG DOCTOR OF PHILOSOPHY UNIVERSITI PUTRA MALAYSIA

ISOGEOMETRIC ANALYSIS OF PLANE STRESS STRUCTURE CHUM ZHI XIAN

INTEGRATION OF CUBIC MOTION AND VEHICLE DYNAMIC FOR YAW TRAJECTORY MOHD FIRDAUS BIN MAT GHANI

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

OPTIMIZE PERCEPTUALITY OF DIGITAL IMAGE FROM ENCRYPTION BASED ON QUADTREE HUSSEIN A. HUSSEIN

DEVELOPMENT OF COMMERCIAL VEHICLE SPEED WARNING SYSTEM NGO CHON CHET

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

IMPROVED IMAGE COMPRESSION SCHEME USING HYBRID OF DISCRETE FOURIER, WAVELETS AND COSINE TRANSFORMATION MOH DALI MOUSTAFA ALSAYYH

THE COMPARISON OF IMAGE MANIFOLD METHOD AND VOLUME ESTIMATION METHOD IN CONSTRUCTING 3D BRAIN TUMOR IMAGE

A SEED GENERATION TECHNIQUE BASED ON ELLIPTIC CURVE FOR PROVIDING SYNCHRONIZATION IN SECUERED IMMERSIVE TELECONFERENCING VAHIDREZA KHOUBIARI

SECURE-SPIN WITH HASHING TO SUPPORT MOBILITY AND SECURITY IN WIRELESS SENSOR NETWORK MOHAMMAD HOSSEIN AMRI UNIVERSITI TEKNOLOGI MALAYSIA

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

SUPERVISED MACHINE LEARNING APPROACH FOR DETECTION OF MALICIOUS EXECUTABLES YAHYE ABUKAR AHMED

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

ENHANCEMENT OF UML-BASED WEB ENGINEERING FOR METAMODELS: HOMEPAGE DEVELOPMENT CASESTUDY KARZAN WAKIL SAID

Computers and Security

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Overview. SSL Cryptography Overview CHAPTER 1

COLOUR IMAGE WATERMARKING USING DISCRETE COSINE TRANSFORM AND TWO-LEVEL SINGULAR VALUE DECOMPOSITION BOKAN OMAR ALI

Network Security and Cryptography. 2 September Marking Scheme

HARDWARE/SOFTWARE SYSTEM-ON-CHIP CO-VERIFICATION PLATFORM BASED ON LOGIC-BASED ENVIRONMENT FOR APPLICATION PROGRAMMING INTERFACING TEO HONG YAP

A NEW STEGANOGRAPHY TECHNIQUE USING MAGIC SQUARE MATRIX AND AFFINE CIPHER WALEED S. HASAN AL-HASAN UNIVERSITI TEKNOLOGI MALAYSIA

UNIVERSITI PUTRA MALAYSIA A WEB-BASED CONTROL AND MONITORING SYSTEM AHMAD ABDUSALAM FIRJANI FK

THREE BIT SUBTRACTION CIRCUIT VIA FIELD PROGRAMMABLE GATE ARRAY (FPGA) NOORAISYAH BINTI ARASID B

UNIVERSITI PUTRA MALAYSIA DEVELOPMENT OF A REAL-TIME EMBEDDED REMOTE TRIGGERING AND MONITORING SYSTEM CHUI YEW LEONG FK

SEMANTICS ORIENTED APPROACH FOR IMAGE RETRIEVAL IN LOW COMPLEX SCENES WANG HUI HUI

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

MODELLING AND REASONING OF LARGE SCALE FUZZY PETRI NET USING INFERENCE PATH AND BIDIRECTIONAL METHODS ZHOU KAIQING

PERFORMANCE OF TRANSMISSION CONTROL PROTOCOL (TCP) CONGESTION CONTROL OVER WIRELESS LINKS USING MODIFIED SNOOP PROTOCOL


DEVELOPMENT OF VENDING MACHINE WITH PREPAID PAYMENT METHOD AMAR SAFUAN BIN ALYUSI

Distributed Systems. Lecture 14: Security. Distributed Systems 1

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Distributed Systems. Lecture 14: Security. 5 March,

UNIVERSITI PUTRA MALAYSIA FACE DETECTION TECHNIQUE BASED ON SKIN COLOR AND FACIAL FEATURES

Cryptography (Overview)

UNIVERSITI PUTRA MALAYSIA

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

DYNAMIC TIMETABLE GENERATOR USING PARTICLE SWARM OPTIMIZATION (PSO) METHOD TEH YUNG CHUEN UNIVERSITY MALAYSIA PAHANG

Service Managed Gateway TM. Configuring IPSec VPN

BLOCK-BASED NEURAL NETWORK MAPPING ON GRAPHICS PROCESSOR UNIT ONG CHIN TONG UNIVERSITI TEKNOLOGI MALAYSIA

This item is protected by original copyright

Information Security: Principles and Practice Second Edition. Mark Stamp

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

HP Instant Support Enterprise Edition (ISEE) Security overview

Signature :.~... Name of supervisor :.. ~NA.lf... l.?.~mk.. :... 4./qD F. Universiti Teknikal Malaysia Melaka

HERMAN. A thesis submitted in fulfilment of the requirements for the award of the degree of Doctor of Philosophy (Computer Science)

MICRO-SEQUENCER BASED CONTROL UNIT DESIGN FOR A CENTRAL PROCESSING UNIT TAN CHANG HAI

MICRO-MOBILITY ENHANCEMENT IN MULTICAST MOBILE IPv6 WIRELESS NETWORKS. By YONG CHU EU

BORANG PENGESAHAN STATUS TESIS

NETWORK SECURITY & CRYPTOGRAPHY

Indicate whether the statement is true or false.

CyberP3i Course Module Series

Chapter 9. Firewalls

LOGICAL OPERATORS AND ITS APPLICATION IN DETERMINING VULNERABLE WEBSITES CAUSED BY SQL INJECTION AMONG UTM FACULTY WEBSITES NURUL FARIHA BINTI MOKHTER

Network Security Issues and Cryptography

(2½ hours) Total Marks: 75

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Introduction and Overview. Why CSCI 454/554?

UNIVERSITI PUTRA MALAYSIA RANK-ORDER WEIGHTING OF WEB ATTRIBUTES FOR WEBSITE EVALUATION MEHRI SAEID

AUTOMATIC APPLICATION PROGRAMMING INTERFACE FOR MULTI HOP WIRELESS FIDELITY WIRELESS SENSOR NETWORK

RGB COLOR IMAGE WATERMARKING USING DISCRETE WAVELET TRANSFORM DWT TECHNIQUE AND 4-BITS PLAN BY HISTOGRAM STRETCHING KARRAR ABDUL AMEER KADHIM

Configuring SSL. SSL Overview CHAPTER

ACKNOWLEDGEMENT. my PhD Supervisor Dr. Vidhyacharan Bhaskar, Professor, Department of

Configuring SSL. SSL Overview CHAPTER

QOS-AWARE HANDOVER SCHEME FOR HIERARCHICAL MOBILE IPv6 USING CONTEXT TRANSFER WITH LINK LAYER TRIGGER

Certification Report

DESIGN ANALYSIS OF EXTERIOR CAR BODY PART BASTIAN WIBAR BIN MOMANG

CHAPTER 8 FIREWALLS. Firewall Design Principles

CS 356 Internet Security Protocols. Fall 2013

UNIVERSITI PUTRA MALAYSIA DEVELOPMENT OF CLASS 2 AND CLASS 3 SURGE PROTECTION DEVICES FOR LOW VOLTAGE PROTECTION SYSTEMS

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

ADAPTIVE ONLINE FAULT DETECTION ON NETWORK-ON-CHIP BASED ON PACKET LOGGING MECHANISM LOO LING KIM UNIVERSITI TEKNOLOGI MALAYSIA

EEC-682/782 Computer Networks I

SMART AQUARJUM (A UTOMATIC FEEDING MACHINE) SY AFINAZ ZURJATI BINTI BAHARUDDIN

HOME APPLIANCE CONTROL SYSTEM TAN WEI SYE

Configuring SSL CHAPTER

UNIVERSITI PUTRA MALAYSIA ROBOT MANIPULATION TRAJECTORY PLANNING IN COMPLEX POSITION RAZALI SAMIN ITMA

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper

Why Firewalls? Firewall Characteristics

UNIVERSITI MALAYSIA PAHANG

MAC PROTOCOL FOR WIRELESS COGNITIVE NETWORK FARAH NAJWA BINTI MOKHTAR

HIGH SPEED SIX OPERANDS 16-BITS CARRY SAVE ADDER AWATIF BINTI HASHIM

M2-R4: INTERNET TECHNOLOGY AND WEB DESIGN

UNIVERSITI TEKNOLOGI MARA A PROCEDURAL FRAMEWORK FOR EXTENSION OF TIME (EOT) CLAIM SETTLEMENT IN THE MALAYSIAN CONSTRUCTION INDUSTRY

CHAPTER 3 : OSI MODEL

FAKULTI TEKNOLOGI & SAINS MAKLUMAT. PROGRAM KELAYAKAN MASUK SENARAI KURSUS Sarjana Sistem Maklumat

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

PERFOMANCE ANALYSIS OF SEAMLESS VERTICAL HANDOVER IN 4G NETWOKS MOHAMED ABDINUR SAHAL

"Charting the Course... Enterprise Linux Security Administration Course Summary

COMPUTER NETWORK SECURITY

Transcription:

UNIVERSITI PUTRA MALAYSIA SECURITY STUDY AND ENCRYPTION / DECRYPTION METHOD MAJDI TAYSIR AL-QDAH FK 2000 26

SECURITY STUDY AND ENCRYPTION I DECRYPTION METHOD By MAJDI TAYSIR AL-QDAH Thesis Submitted In Fulillment of the Requirements for the Degree of Master of Science in the Faculty of Engineering Universiti Putra Malaysia October 2000

To my parents 11

Abstract of thesis submitted to the Senate of Universiti Putra Malaysia in fulfilment of the requirements for the degree of Master of Science. SECURITY STUDY AND ENCRYPTION/ DECRYPTION METHOD By MAJDI TAYSIR AL-QDAH October 2000 Chairman: Abd Rahman Ramli, PhD Faculty: Engineering Secure data transmission is done with a technology called encryption. Encryption software scrambles the data with a secret code so that no one can make sense of it while it's being transmitted. When the data reaches its destination, the same software unscrambles the information. Often the objectives of information security systems like encryption can only be achieved by following procedural techniques and abidance of laws. This work presents an Encryption/ Decryption System that relies on a method of data rotation and XOR operations to obtain an encryption key. It uses an encryption Master Key that is a combination of both an input password Male Key and a randomly generated number called the Female Key. The decryption procedure relies on flipping of the master key to obtain the Negative Master Key iii

and then follows the same procedure of encryption but with a reversed Master Key. Creating the Encryption/ Decryption System was achieved by programming with Object-Oriented Pascal under Delphi 5.0 software. Testing the system was done by taking different types of files like text, image, and video and encrypting and then decrypting them using the system. The results obtained showed that in fact the system is able to perform both encryption and decryption for all sorts of files. iv

Abstrak tesis yang dikemukakan kepada Senat Universiti Putra Malaysia sebagai memenuhi keperluah untuk ijazah Master Sains. KAJIAN KESELAMATAN DAN KAEDAH LERAIANI NYAHLERAIAN Oleh MAJDI TAYSIR AL-QDAH October 2000 Pengerusi: Abd Rahman Ramli, PhD Fakulti: Kejuruteraan Penghantaran data yang selarnat dilakukan dengan teknologi yang dipanggil leraian. Peri sian leraian memecahkan data dengan kod rahsia dimana tiada siapa pun boleh mengetahui semasa penghantaran. Apabila data telah sarnpai kepada destinasinya, peri sian yang sarna akan menyatukan semula maklumat tersebut. Kebiasaannya, objektif sistem maklumat keselarnatan seperti leraian hanya boleh dicapai dengan menggunakan teknik -teknik berprosedur dan hukum kepatuhan. Kajian ini menerangkan tentang sistem leraian/ nyahleraian yang bergantung kepada prosedur pusingan data dan operasi eksklusif ATAU untuk memperolehi kunci leraian. Ia menggunakan kunci tuan yang menggabungkan kedua-dua kata laluan kunci tuan dan nombor yang dihasilkan secara rawak dikenali sebagai kunci perempuan. Prosedur nyahleraian bergantung kepada kibasan v

kunci master untuk memperolehi kunci master negatif dan kemudiannya mengikut prosedur leraian yang sarna tetapi dengan kunci master yang terbalik. Penciptaan sistem leraian/ Nyahleraian dicapai dengan pengaturcaraan Pascal berdasarkan objek menggunakan perisian Delphi 5.0. Ujikaji sistem telah dijalankan dengan mengarnbil perbezaan bentuk fail seperti teks, imej, video dan sebagainya; kemudian menggunakan sistem leraian/ nyahleraian. Keputusan menunjukkan sistem tersebut berkeupayaan mengendalikan keduadua sistem leraian/ nyahleraian pada semua bentuk fail. vi

ACKNOWLEDGMENTS I would like to express my sincere gratitude to my supervisor Dr. Abd Rahman Ramli. This work would not have been completed without his supervision, support, and encouragement. Also, my thanks go to the members of the supervisory committee Dr. Ishak B. Aris and Dr. Sinan M. Bashi. I would like also to extend all my thanks to the chairperson of the committee Dr. Sabira Khatun. I would also like to express my gratitude to the staff of the graduate school for their assistance and directions in rapping up this work. My gratitude goes also to all of the individuals at the Department of Computer and Communication System Engineering who have been very supportive. vii

I certify that an examination Committee met on 31 October, 2000 to conduct the final examination of Majdi Taysir AI-Qdah on his Master of Science thesis entitled "Security Study and Encryption! Decryption Method" in accordance with Universiti Pertanian Malaysia (Higher Degree) Act ]980 and Universiti Pertanian Malaysia (Higher Degree) Regulations 1981. The committee recommends that the candidate be awarded the relevant degree. Members of the Examination Committee are as follows: Dr. Sabira Khatun Faculty of Engineering Universiti Putra Malaysia (Chairperson) Dr. Abd Rahman Ramli Faculty of Engineering Universiti Putra Malaysia (Member) Dr. Ishak B. Aris Faculty of Engineering Universiti Putra Malaysia (Member) Dr. Sinan M. Bashi Faculty of Engineering Universiti Putra Malaysia (Member) GHA A I MOHA YIDIN, Ph.D rl Deputy Dean of Graduate School Universiti Putra Malaysia Date: 0 9 NOV 2000 VIII

This thesis submitted to the Senate of Universiti Putra Malaysia and was accepted as fulfilment of the requirement for the degree of Master of Science. K G,Ph.D, Associate Professor, Dean of Graduate School, Universiti Putra Malaysia Date: 14 DEC 2000 ix

DECLARA TION I hereby declare that the thesis is based on my original work except for quotations and citations which have been duly acknowledged. I also declare that it has not been previously or concurrently submitted for any other degree at UPM or other institutions. (MAJDI TAYSIR AL-QDAH) Date: 07 - /J - 200a x

TABLE OF CONTENTS Page DEDICATION ABSTRACT ABSTRAK ACKNOWLEDGEMENTS APPROVAL SHEETS DECLARATION FORM LIST OF TABLES LIST OF FIGURES LIST OF ABBREVIATIONS ii iii v vii V111 x xiii xiv xv CHAPTER I INTRODUCTION 1 Introduction to Internet Security 1 Objectives 3 Thesis Organizations 3 II REVIEW OF SECURITY SYSTEMS AND ENCRYPTION 4 Review of Security Systems 4 Encryption 9 Decryption 12 Basic Cryptographic Algorithms 12 Digital Signatures 15 Cryptographic Hash Functions 17 Enciphering and Deciphering 17 The Encryption Key Algorithms 18 Block Ciphers and Stream Ciphers 21 Methods of Encrypting Data 24 Examples of Cryptographic Algorithms 28 Cryptographic Random Number Generators 30 Intrusions 33 Conclusion 35 III REVIEW OF THE DELPHI 5.0 SOFTWARE 37 Delphi 5.0 software 37 Using Delphi 5.0 Software 37 Programming with Object Pascal under Delphi 5.0 40 IV SYSTEM ARCHITECTURE 44 Introduction 44 Implementation 45 Conclusion 53 xi

V RESULTS AND DISCUSSION Discussion Conclusion 54 64 66 VI CONCLUSIONS AND RECOMMENDATIONS Conclusion Limitations Recommendations and Directions 67 67 70 71 REFERENCES APPENDICES A Pascal Code Under Delphi 5.0 B Delphi 5.0 Interface Program C ASCII Codes D XOR Operation VITA 72 74 75 85 97 99 103 xii

LIST OF TABLES Table Page 4.1 Rotation of Data Bits by Three Bits to the Right 60 4.2 Rotation of Data by Two Bits to the Left 61 4.3 Operations of the Master Key 64 5.1 Different Types of Files and their Encoding Time and Size 73 xiii

LIST OF FIGURES Figure Page 2.1 Firewall between a System and Network Hosts 5 2.2 An Integrated Security System 7 2.3 Basic Operation of Encryption 11 2.4 Basic Operation of Decryption 12 3.1 Delphi 5.0 Interface Snapshot 38 4.1 The Encoding Process Flow Chart 46 4.2 The Decoding Process Flow Chart 47 4.3 The Encoding Function Flow Chart 48 4.4 The Master Key Generation Flow Chart 52 5.1 The Text File Used for Testing the System 5.2 The Snapshot of the Form 55 56 5.3 The entered Information in the Form Input Fields 56 5.4 The Encrypted result in both Hex and ASCII Format 57 5.5 The Resulting Female key File Majdi.Key 57 5.6 The Resulting Decrypted File Majdi.dec 58 5.7 The Form Used to Encrypt the Delphi Image 59 5.8 The Delphi 5.0 Snapshot Encrypted 59 5.9 The Decrypted Delphi 5.0 File 60 5.10 The Theses Encrypted 61 5.11 The Theses Decrypted 62 5.12 Graphic View of Files and their Encoding Times 63 xiv

LIST OF ABBREVIATIONS DNS FTP IP LAN NFS NTP NIS SMTP TCP WORM WWW CGI GUI HTML HTI'P TCP/IP DES RSA X Y KDS Domain Name Service File Transfer Protocol Internet Protocol local Area Network Network File System Network Time Protocol Network Information System Simple Mail Transfer Protocol Transmission Control Protocol Write Once, Read Many World Wide Web Common Gateway Interface Graphical User Interface Hypertext Markup Language Hypertext Transfer Protocol Transmission Control Protocol/Internet Protocol Data Encryption Standard Rivest, Adelman, Shamir (public key) Algorithm Plaintext (text before enciphering) Cipher text (Text after enciphering) Key Distribution Center xv

CHAPTER I INTRODUCTION Introduction to Security Data communication is an important feature in today's society because it is the mean by which people tend to communicate and it gives the power to computers to be useful to access many sites and reach different people. Through the emerging and improving networking technology many software and information components support many systems with a variety of applications (Agnew et al., 1995). Over the centuries, an elaborate set of protocols and mechanisms have been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve the desired result. For example, one of the fundamental tools used in information security is the signature. It is a building block for many other services such as non-repudiation, data origin authentication, identification, and witnessing, to mention few (Brickell and Odlyzko, 1988).

In the Internet, specifically, the World Wide Web (WWW) has become an important platform to access many services. It provides an effective mechanism for conveying and sharing information. The WWW is an effective method to examine and monitor remote locations because it integrates many platforms. This brings the discussion to the security issues that the Internet and the WWW has to employ in order to secure delivering the data. Special equipment and material for specific applications are designed to protect data. In software developments new languages such as Java have made the Internet more interactive and more visual to the user in order to design a special graphic protection systems. All of this have made the security technology an important part of people's life. Advance programs in electronics and micro-controllers have been employed to communication lines and network connections to monitor the legal access of different systems against any intrusions. So the protection of computer systems is the aim of any security procedure, which ranges from the private protection to various public protections, for example, home, business buildings and government agencies. 2

Objectives The objectives of the Encryption/ Decryption System are as follows: 1. To develop an Encryption/ Decryption system for secure data transfer and usage. 2. To write the Encryption/ Decryption program using Object Oriented Pascal Programming (Delphi 5.0). Thesis Organization The thesis consists of six chapters. Chapter I presents a brief introduction and objectives of the Project. Chapter II gives a literature review of general security systems as well as the encryption theoretical background needed for the Encryption/ Decryption security systems. Chapter III gives a brief introduction to the Delphi 5.0 software and Object Oriented Pascal Programming used to develop the Encryption/ Decryption system. Chapter IV presents an Encryption/ Decryption system with the program flow charts and interfaces to the Delphi 5.0 software used for the Encryption/ Decryption System. In Chapter V, results of the written programs are given. Finally, the thesis is concluded in Chapter VI by giving the summary and directions of future work. 3

CHAPTER II REVIEW OF SECURITY ISSUES, GENERAL SECURITY SYSTEMS AND ENCRYPTION METHODS Review of Security Systems The first thing that comes to mind when mentioning security is Firewalls; a firewall is an intermediate system that can be plugged between a trusted network and the insecure Internet in order to provide a single choke point where security and audit can be imposed (Zeng et al., 1997). A firewall provides a controlled access to internet systems, concentrated security, enhanced security by hiding addresses, logging for security audits and billing, notification of security related events, integration with strong authentication keys, and policy enforcement. A firewall provides a static traffic routing service either at the network layer using screening router, or at the application level using proxy servers or application-layer gateways. Figure 2.1 shows the interaction that a Firewall does between the Host and a Network. Though very effective when dealing with some classes of attacks, firewalls fail in many cases due to their nature. A simple study of firewalls will show that they are not enough to get a network of safety because for example at the router-based level, TCP/IP package information that can be filtered is inadequate to provide the level of resolution often needed. Also, at the application level, 4

application-layer gateways must be built for every single application. Host Firewall Network Application Application Application TCP Transport TCP Transport TCP Transport IPNetwork.----- IPNetwork IPNetwork Datal ink Datalink Datalink Physical Physical Physical Application Gateway Circuit Gateway (relay) Packet Filter Figure 2.1: Firewall Functions as a Link between the System Host and A Network Host Using the Internet communication lines, Encrypted Tunneling IS used to provide the basis for private communications. It gives an Authenticated and Encrypted connections and a free of modifications normal working applications. For a secured network, an essential point-to-point communication must be guaranteed. To safeguard the open network as the Internet, it must provide authentication and data confidentiality services to both the sender and the receiver. Encryption has been successfully used to achieve the confidentiality. DES (Data encryption standard) is the present prevailing standard on Internet among hundreds of algorithms 5

and protocols. Authentication, based on the technologies of encryption, is well established and used. To expand security from point to point communication to multi-node open network, a lot of parameters should be added for consideration. Figure 2.2 shows where Encryption and Authentication lie in a system security. Since encryption is the basis of point to point communication security, the issue of how to manage encryption keys in open network has become a hot topic. KDS (Key Distribution Systems) systems; which are to establish and store keys, and distribute them to network resources requesters, have been developed in succession, e.g. MIT's Kerberos and IBM's KryptoKnight (Brown et al., 1990). Access control mechanism, which determines user's access authority, play a key role within KDS systems. Both of the above mentioned KDS systems are weak in this respect. For example, Kerberos relies heavily on static and one-time check of user's ID and password, thus providing a so-called 'All or nothing' mechanism, which is somehow easy to be penetrated. On the other hand, while cryptography is valuable for Internet security, it is not a feasible way to control access to documents. Cryptography can only control secrecy and authentication aspects, but cannot handle different types of access by different users, access to portions of documents, and other content restrictions (Anand et al., 1997). 6

Physical Security Encryption & Authentication Computer Security Policies Procedures & Awareness Figure 2.2: An Integrated Security Rangachari, et ai., (1997) presented a protection domain system for downloading content dynamically over the Internet. In this system, downloading principals retrieve content and content stamps that attach descriptive information to content in a secure manner. The system architecture uses content stamps to authenticate content and derive its protection domain. The content stamp specifies the authentication information and execution requirements of the content from the manufacture's and/ or rating service's viewpoint. The architecture is designed to utilize such information, as well as user input, to determine the content's protection domain. The domain enforcer must determine which content is being executed and enforce the appropriate protection domain upon it. Baraka, et ai., (1998) presented a new model of Intranet security that is connected to the Internet based on a hybrid model 7

technique; the new model integrated the Prevention model (Firewall) and the Detection model (Intrusion Detection System). Zeng, et ai., (1997) proposed an Internet Security System for only one network domain (subnet); four kinds of agents are deployed in the system. They are User agent, Domain Security Agent (DS Agent). Access Control Agent (AC Agent), and Audit Agent. A Security Information Repository was used to store security information for network domain, including access information, user profiles, application profiles, authentication keys, etc. These agents communicated to each other through the Information Broker which runs as a co-ordinator not only for the security agents but also for all of the accessible applications in the subnet. A firewall was used as the interface between the subnet and the Internet. Its main function is to filter out the requests which intend to bypass the Information Broker. Additionally, in order to handle the requests from users in other subnets, agents may contact through Internet with their peer agents in the remote network. This system integrated many available technologies such as firewall, authentication, encryption, and access control, etc. By which is able to provide a somewhat comprehensive and overall solution. Dauerer, et ai., (1997) described a system called the Web Access Control Front End (WAC FE) for managing security on 8

World Wide Web applications. The system provided a method for managing the security of applications consisting of many files located in many directories with a minimum of effort on the part of the system administrators. So this brings the discussion to what the security protocols and systems are being developed to do. Securing data actually is the objective of any security system. All the above systems were designed in order to secure delivering the data or storing them in addition to managing and manipulating them. Encryption has been used and implemented for a long period of time to do just that: protect the data while in mobile and while being stored In server locations. Encryption is changing of the actual data to something that is not the original so that if being intercepted, the interceptor will not be able to use the data. Encryption Suppose that someone wants to send a message to a receiver and wants to be sure that no one else can read the message. However, there is the possibility that someone else opens the letter or hears the electronic communication. In cryptographic terminology, the message is called plaintext or c1eartext. Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption. The 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback