The Advanced Encryption Standard

Published Date: 02 Nov 2017

Ref 15

Authentication can be viewed as an important factor in communication security as it is the basic mechanism used by principals for identification purpose which involves some operation before communication. If the principal knows something about the connection, then it comes under port knocking authentication mechanism. In the case of port knocking authentication, the password is in port sequence and not in character sequence. A server normally keeps all of its ports closed when no communication happens. When a communication has to be established these closed ports should be knocked in the correct order of sequence so that the desired communication port is opened. This procedure of knocking, consist of sending packet to the desired port so that the server will notice the connection attempt and open the closed port. However port knocking authentication has some weaknesses which makes it vulnerable to attacks. NAT-Knocking attack and DoS-Knocking attack are two main attacks seen in port knocking authentication.

In port knocking, as to identify the clients, the sequence is made dependent on the client’s network address. But this becomes confusing when two clients share the same address; e .g. if network address translation (NAT) is being used. The NAT-Knocking attack can be seen as a problem of sharing network addresses. This mainly happens because when the inside packets exit the private network they share the same source address, this makes it impossible to use the packet for identifying the source without accessing the NAT tables in the router. So it becomes infeasible to determine the source of the ingoing packet, from the outside of the NAT. Moreover network address is used by port knocking to open required ports to trusted clients, but in the above situation the clients behind the same NAT device would not be differentiable. Hence as a NAT using network client identifies itself to the server that allows port knocking and gains access to the service port, the server might have given access to every device that uses the same NAT.

A port knocking server is said to work properly if it could control the connection attempts made against it, so that authentication patterns can be checked and ports can be opened when requested by authorized users. While examining the way in which port knocking fulfills its duty, it can be seen that a buffer is used by parser process for different client that makes a connection at a closed port, this makes it possible to track every authentication sequence. If a forged packet is sent by an attacker with any random network address, an address is created by the parser process, this is a reason for high memory usage. Parser performance and parameter encryption are two main considerations about DoS attacks on port knocking. Parameter encryption was recommended in order to achieve integrity and confidentiality; it also proposed a one-time-password solution to abstain replay attacks

Ref 22

NetFlow is a technology used in routers and switches having Cisco IOS. This technology was initially created by Cisco but later on it was supported by many vendors. NetFlow technique supports the network administrator by providing tools to understand why, where and how the traffic flows in the network. By observing the traffic flows in the network one can easily troubleshoot the network problems and it also provides an audit trial for every packet to the administrator. Network usage and applications can be tracked by using NetFlow. Internet service providers (ISP) use NetFlow to calculate the network resource consumption by each customer. An exporter and a collector are the two main components of the NetFlow. A router or switch which is enabled by Cisco can be an exporter and so if the network already consists of a Cisco equipment, then additional equipment may not be added to start up the collection of NetFlow data. A centralized host that receives NetFlow data from all the exporters is set to be a collector. Since the collector is centralized the administration can get a complete idea about the traffic in the network. A set of IP packet attributes are used to examine every forwarded packet within the NetFlow. Fingerprint of the packet or identity of the IP packet are the identifications used to understand if the packet is unique or if its replicated. Packets having the same source and destination address protocol interface and so on can be grouped into the same flow. This grouping makes NetFlow more scalable even though it gives only little information to the administrator. A cache is used by the NetFlow to store all the flows before it is transported from the exporter to the collector. Flows are unidirectional in nature. Security vulnerabilities and network anomalies can be detected or identified by using NetFlow. If a specific port is being affected by an internet worm or if the communication happens in a certain pattern, the machines which are infected by the worm can be detected with high surety. Thus NetFlow plays a vital role in the protection of local network. Cryptography of any form is not used by NetFlow while data is sent between the exporter and the collector. As a result, the transferred data in NetFlow are in clear text format which can be easily attacked by external vectors. If a attacker can access the NetFlow export network, he or she can silently listen to the conversation on the traffic. Hence the attacker gains information about the flows which are active in the network, communication endpoints and traffic patterns. Further attacks and spying could be planned by using these informations. There could be various kinds of data that can be reported. The behaviour of the attacks depends on the behaviour of the reported data. If both source and destination IP addresses are received by the attacker, he or she could attain sensitive information about the activity of the user. In another case, if only source and destination IP network is contained, then classified or sensitive information about business relations. Integrity checking of any form is not supported by NetFlow. Hence exported flow records can be forged easily. So alteration of the flow records on the exporter – collector path could lead to preventing the detection of any attack. This can be also done by the injection of forged flow records.

Ref 1

A digital computer is a machine that is expected to do operation like a human computer. The human computer follows many fixed rules. On any account he or she does not have the authority to deviate from those rules. Store, executive unit and control are the three main parts that is to be regarded while discussing about digital computers. A store unit is basically the memory of the digital computer. It stores the information needed and retrieves it whenever required. The execution unit is responsible for the various operations that take place in the machine. These operations for each machine vary on the basis of the machine configuration.

Ref 4

A security policy is used to define the security for a site under consideration or for a set of sites. Most of the security policies are provided for trustworthy users for whom either the policy is not applicable or for whom some part is not applicable. As an example if Bell-LaPadula model is considered, it has a strong tranquillity and there will not be any change in the labels of entities. But this is not practical in real, so labels can be set and changed by a trusted user which is allowed to do so. For convenience, most computers avail such a user. UNIX or systems like UNIX uses "superuser" or "root" as such users. On Windows systems, "Administrator" is used as such a user. The fundamental reason of employing such users is that they can interfere when something does not work properly or if anything goes wrong and resolve the problem or avoid such problems in future. Trust is the basis of every security. It can be visible in security policies in a number of ways. First, if the rule entitles in a policy are violated by a trusted source, then it will be for a good cause. If the above mentioned consideration is incorrect, then a trusted entity fails to do its duty and can cause harm to the system. As a result the policy can be summarized as ineffective. Second, all states of the system are partitioned as "allowed" and "disallowed" states by the security policy. If there are any states that are not specified by the security policy, this assumption is violated, as it is unclear about the states. An insider threat is a threat created by an insider using the access, information and knowledge. Thus the insider must be trustworthy not to break the confidence entrusted on him or her. While considering an insider in computer security, it is someone who has some behaviour different from others. This property allows the insider to take action even by violating the security policy if attacked by an un-trusted user. This different property that distinguishes the insider from others varies with the situation. Some of the properties that distinguish the insider are having access to the computer physically, getting login on a computer and having administrator login to a computer. In the case of an attack, some rules in the security policy must be violated. At certain situations the trusted sources will need to violate some of the rules in the security policy but this is not taken as an attack. So the trusted entity is not blocked from violating the security policy by the enforcement mechanisms. A problem of dealing with the insider threat is called the insider problem.

Atj2

Peer to peer (P2P) network come with easy configuration, high robustness against failure and are basically economic compared to their counterparts. This is some of the reasons why it is used in applications like television, voice over IP (VoIP) which is a centralized application and real - time communications. So the security of pure peer to peer networks is still an area of research. Peer to peer network overlay can be generally classified into structured and unstructured. Unstructured overlay is simple but their search operations are inefficient. While on the other hand, structured overlay performs better and more efficient search operations since it uses distributed hash tables (DHT) which enables it to carry out direct searches. It is very important to understand the behaviour of the attacker and its resources before analyzing the attacks. Admission control is the primary step which is to be in consideration, once the threat is identified. The basis of peer to peer networks is really simple: a distributed database is maintained by the co operation of peers willing to use the service. This database is used to index file and user locations. These indexed data are used to establish direct connections for file transfers and media exchange. Rather than centralized solutions, DHTs are less vulnerable to denial of service attacks. Security issues regarding confidentiality and integrity are addressed on endpoints and both centralized and distributed environments give same solution for these security concerns. In peer to peer networks, there is direct involvement of users in provisioning of service and control over the networks is also very less. Because of these reasons peer to peer networks are subjected to malicious threats from inside the overlay. There are several reasons for attacks on networks. Some of them may be enmity to a particular person, money gain or even to gain popularity in the hacker community. The services provided by peer to peer networks have high robustness against failure. But if the attackers have required resources, then they can still attack even though P2P networks provide high security against failures. Other than money there are many more benefits for attackers. As the illegal practice of file sharing and copyrights are increasing, record companies have been trying to pollute the contents in the overlay. This is known to be done by adding chunks of corrupt data to the nodes but with the correct file name in order to degrade the service so that the users will get perturbed and stop using it. Beginners in attacking can also do such sort of malicious thing for fun or for popularity. However their threats are less successful and can cause little damage since they have only limited resources. Availability of resources plays a very important part in the character of attack. IP addresses are a very important parameter in attacks where a single node imitates multiple identities. If an attacker can control a botnet, then he or she can utilize an internet relay channel to initiate distributed rejection of service attack beside another node. The target for the attack may be either a single node or a specific content or even an entire service overlay. Once a harmful node is tactically located in the overly, it could obstruct a node from utilizing its services. One could even degrade the quality of the overlay by strategically dropping or uploading contents that are malicious. There is no specific time for the malicious node to initiate its attack. It can be as soon as it enters the overlay or may be after it has travelled through the overlay more than a thousand times. The decision of whether to allow or deny a node is done by the admission control. Some of the previous researchers have defined admission into a peer group by two elements, one being the group charter and another being the group authority. An electronic article that contains the method of admission into the overlay is named as group charter. Any entity that is used as a certificate to get admission to the group is called a group authority. For a potential member, the requirements can be satisfied by getting a copy of the group charter and then the member has to approach the group authority. Then the group authority does the verification part of the request for admission and once it is satisfied, the group membership certificate is granted. The peers themselves or a centralized certificate authority or even a trusted third party can provide group charter and group authority verification. A group charter is more practical and certification process can be made much simpler. The group authority is based on the total number of members in the group; it can either be a dynamic number of peers or a fixed number. A distinct entity is assigned to issue group membership certificate, even if instigators contend that a prospective member is required by the group charter to obtain votes from peers. This is because if the voters need to cast their votes they need to come with the certification of their membership. By compromising the peers that surround a specific ID, DHTs that are used in real time communication can be used to carry out the denial of service attack in opposition to a node. Some peers which are known as proxy servers fake the response of the victim by sending malicious messages in response to the peer and try to establish connection. IP addresses of one spiteful node can be returned by another spiteful node if it is questioned for a specific node. In this case, the peer on the requesting side will establish a session with a subsequent malicious node which in response will give a harmful reply. Employing a iterative routing is one of the simpler way to verify the precisions of the routing lookup. There are also different ways to lessen the effect of malicious peer by setting up trust within the overlay. Certificates which are assigned by exterior agency can be used for this purpose. But it also comes with a demerit which is that it needs a centralized element. Certificates which are mutually signed by peers are another method for introducing trust in the overlay. However there are many practical difficulties for this method. Sharing out the details of a trusted peer to future neighbours is another method. By replacing centralized entities with distributed services, real-time communication overlays can be implemented in signalling protocols. At certain situations this would mean the reuse of existing protocol mechanism. By using any end - to – end encryption technique signalling can be protected which in turn will limit what peers can do. One of the ways to ensure a protected end – to – end connection is to allow extension of the existing signalling protocol and also modification of their message routes. It is a necessity that the registered location of the user is returned to the requested party. In other cases the integrity of the pair should be verified by the entities that allot the lookup request. In real time communication the content has to pass through many intermediate peers in order to reach its destination. Communication sessions are preferred to be private rather public. This is a contrary to publicly shared files. So it is very important for the media to encrypt the client applications and at the same time ensure that it is properly and safely transported. A protocol like SRTP can be used for the transporting purpose. A more specified economic model is used to recognize threats linked to peer to peer networks.

Atj3

A few years ago the Advanced Encryption Standard (AES) was a high security offering algorithm. But later on when side channel attacks started compromising its security, it became less reliable. Sense amplifier based logic and Wave dynamic differential logic are some of the formerly projected counter – measures. But these measures have problems related with timing issues which resulted in leakage of side channel data. Acquiring the merits of null convention logic (NCL) a scalable dual rail Advanced Encryption Standard round function design was proposed. The design is said to have improved defiance opposed to power analysis. This is attained by reduced switching activity in cryptosystems. Side – channel attack (SCA) is one of the main drawbacks of synchronous AES implementation. Side – channel attack gains the secret algorithm key by utilizing any of the data like consumption of power, various timing information, and leaks in electromagnetic or switching activity which are originated from cryptosystem. The information about the power consumption contains information about the performance of the module. Once this information is leaked, the system is prone to attacks. Such kinds of attacks are known as power analysis side channel attacks. There are many power analysis attacks, out of which differential power analysis is the most dangerous in revealing the hidden key. The electromagnetic radiation that is emanation from a cryptosystem is data dependent and it is again a reason for side channel attacks. Null convention logic is a concept which is not sensitive of delay and is asynchronous in nature. Quad-rail logic and dual – rail logic are the basics that has enabled Null convention logic to attain delay insensitivity. Four states can be represented by dual – rail; out of which three are valid, which are DATA0, DATA1 and NULL. The forth state is an illegal state in which both the rails are asserted. DATA0 and DATA1 correspond to Boolean logic 0 and Boolean logic 1 respectively. The NULL signal is used for handshaking purpose which is asynchronous in this case. By using dual – rail, constant power consumption can be achieved.