Enhancing Network Security Using Dynamic Encryption

Kavitha S#1, Sourabh Belekar !, Nikhil "aikwa# #$ Kamalesh %unka# #& U#ay 'atil #(
Department Of Computer Engineering ,MIT Academy Of Engineering, Pune University Alandi D! ,India
1

kavithas@comp.maepune.ac.in

#EE$s of Pune %ot&rud , Pune India

2

"

amitkale@geeksofpune.in

Abstract: Most security mechanisms rely on data encryption, which is a message combined with a secret key to generate a cipher text that cannot be revived without the original key. This encryption mechanism can prevent any unauthorized user from gaining access to the secured communication. However, a fixed secret key is vulnerable to deciphering by capturing sufficient packets or by launching a dictionary attack. Therefore, the most efficient way to protect the network from such attacks is to generate the secret key dynamically and replace it periodically. Furthermore, the protocol applied to the mobile ad hoc wireless network should be sufficiently flexible to ad!ust to different levels of security protection to fit the needs of applications in different environments and with varied communication speeds. Keywords) "acket interception, "acket #ynthesis, $ynamic %ncryption, libpcap

over security o0 network, an# hence spee#ing up the communication is secon#ary task+ **+ EN/-:',*.N Because o0 globali6ation, now #ays most o0 the 0inancial transactions an# personal in0ormation is trans0erre# on the internet+ Because o0 this process #ata encryption is become a necessary part 0or e00ective computer security system+ ;e sent all sensitive in0ormation via internet an# because o0 this we nee# to secure our #ata an# which in turn we nee# #ata encryption+ By using a computer it become a #i00icult task to secure our personal in0ormation+ ;henever you are sen#ing your sensitive in0ormation on the net, it can be easily viewable 0or anyone who wants to see that in0ormation+

*+ *N,-.DU/,*.N Networking is a vital part o0 /omputer Science+ *t provi#es communication between #i00erent #igital #evices which involves computers, routers, switches etc+ Data communicate# over networks goes through stan#ar# mo#el 1ow+ ,hough there is much a#vancement in this process, their always lies 2uestion o0 security+ During 0ew #eca#es, wireless technology is improve# very 0ast but there is still improvement re2uire# in 3el# o0 security+ 4ost security mechanisms rely on #ata encryption, which is a message combine# with a secret key to generate a cipher te5t that cannot be revive# without the original key+ ,his encryption mechanism can prevent any unauthori6e# user 0rom gaining access to the secure# communication+ 7owever, a 35e# secret key is vulnerable to #eciphering by capturing su03cient packets or by launching a #ictionary attack+ 8n# hence there is nee# to #esign a mechanism to prevent 0rom such attacks+ ,hus pro9ect i#ea revolve# aroun# this thing an# we have #eci#e# to work 0or the security o0 network, over single %8N which may be e5pan#e# later 0or subnets+ .ur pro9ect i#ea thus restricte#

;hen we are sen#ing the #ata on the net it goes 0irst to our near local network+ ,he people who are living in the same area are uses the same network+ ,hen #ata will goes to the internet service provi#er <*S'= who in turn can see the #ata which we are sen#ing on net+ ,hen our #ata reaches through #i00erent way to the *S' o0 receivers an# 0inally it receive# by the party where we #esire#+ 4any people can see our #ata in this process+ Now you can guess that why #ata encryption system is nee#e#+ *n the worl# o0 #ata encryption, you have

several types o0 options available these #ays+ Encryption coul# be #e0ine# as a process that takes in0ormation an# uses a mathematic algorithm to transcribe #ata into a #i00erent 0orm+ *t then re2uires a special >key? to rea# the encrypte# #ata an# translate it back to a useable 0orm+ ***+ ,:'ES .@ EN/-:',*.N A' (oft)are *ased Encryption ,his type o0 encryption will typically consist o0 a stan#ar# storage #evice <7ar# Drive, @lash Drive, Digital 4e#ia /ar#, etc+= an# a so0tware program to 0acilitate the encryptions+ @or e5ample, the stan#ar# Disk ". secure #rive comes with a program calle# /rypt8rchiver+ ,his so0tware allows the user to create an encrypte# >Aault? on the #rive, with all 0iles store# in the Aault area to be encrypte# in either !(BCbit 8ES or &&DCbit Blow0ish algorithms+ ,he #rawback to this type is encryption is that your system har#ware </'U, -84= is responsible 0or all the encryption tasks #one #uring a 0ile trans0er+ ,his is compoun#e# by the 0act that USB itsel0 relies on your system har#ware </'U, -84, an# har# #rive spee#s= to maintain reliable spee#s+ Because o0 this, you tra#e security 0or per0ormance+ Data trans0ers ma#e using this encryption metho# can cause #ramatically re#uce# spee#s 0or 0ile trans0ers+ @or e5ample, letEs say a 0lash #rive can be copie# to at an average minimum o0 &4BFs+ *0 you a##e# so0tware encryption to the mi5, your trans0er spee#s coul# #rop to as low as 14BFs 0or certain types o0 0iles+ +' ,ard)are *ased Encryption ,he only signi0icant #i00erence with 7ar#ware Base# Encryption is that all #ata intensive encryption tasks are #one on boar# the storage #evice, rather than relying on system resources to #o the work+ ;ith this metho# o0 encryption, 0ile trans0er spee#s will remain more stable #uring the encryption process+ 8lso, most har#ware encrypte# #rives are built with more robust materials an# are typically highly resistant to physical #amage an# are likely to be water resistant+ ,he #rawback to this type o0 encryption is higher costs to manu0acture, which means higher costs 0or consumers+ 7ar#ware base# encryption o0 0lash #rives can sometimes be !C$ times as e5pensive as so0tware base# options+ *A+ SE/U-*,: 8N8%:S*S A' Man-in- t&e Middle Attac$

or all tra00ic coming 0rom the computer, collects the #ata, an# then 0orwar#s it to the #estination the user was originally inten#ing to visit+ +' (ession ,i.ac$ing Session 7i9acking is an act that attackers take the authori6e# an# authenticate# session away 0rom the owner an# use it to establish a vali# connection with the server then snoop or mo#i0y the secret #ata+ *n or#er to success0ully e5ecute Session 7i9acking, the attacker must accomplish two tasks G stop the target 0rom continuing session an# #isguise itsel0 as the client+ 8 Deny o0 Services <DoS= or @loo# attack might temporarily interrupt the target session connection but the attacker still cannot obtain the #ynamic iCkey to mas2uera#e himsel0 as the target+ Since the key stream remains secret, this Session 7i9acking #oes not work+ C' Dictionary Attac$ 8 #ictionary attack is a metho# o0 breaking into a passwor#C protecte# computer or server by systematically entering every wor# in a #ictionary as a passwor#+ 8 #ictionary attack can also be use# in an attempt to 0in# the key necessary to #ecrypt an encrypte# message or #ocument+ Dictionary attacks work because many computer users an# businesses insist on using or#inary wor#s as passwor#s+ Dictionary attacks are rarely success0ul against systems that employ multipleCwor# phrases, an# unsuccess0ul against systems that employ ran#om combinations o0 uppercase an# lowercase letters mi5e# up with numerals+ *n those systems, the bruteC0orce metho# o0 attack <in which every possible combination o0 characters an# spaces is trie# up to a certain ma5imum length= can sometimes be e00ective, although this approach can take a long time to pro#uce results+ D' /eplay Attac$ -eplay attacks are H4an in the mi##leH attacks that involve intercepting #ata packets an# replaying them, that is, resen#ing them as is <with no #ecryption= to the receiving server+ 8s a result, #epen#ing on the conte5t, the hacker can bene0it 0rom the userIs rights+ *magine a scenario in which a client sen#s an encrypte# user name an# passwor# to a server to log in+ *0 a hacker intercepts the communication <using monitoring so0tware= an# replays the se2uence, he will obtain the same rights as the user+ *0 the system enables passwor# mo#i0ication, he coul# even replace it with another, #epriving the user o0 his access+ A+ '8/KE, /8',U-*N" 'acket capture is a computer networking term 0or intercepting a #ata packet that is crossing or moving over a speci0ic computer network+ .nce a packet is capture#, it is store# temporarily so that it can be analyse#+ ,he packet is inspecte# to help #iagnose an# solve network problems an# #etermine whether network security policies are being

8n attack where a user gets between the sen#er an# receiver o0 in0ormation an# sni00s any in0ormation being sent+ *n some cases, users may be sen#ing unencrypte# #ata, which means the manCinCtheCmi##le <4*,4= can obtain any unencrypte# in0ormation+ *n other cases, a user may be able to obtain in0ormation 0rom the attack, but have to unencrypt the in0ormation be0ore it can be rea#+ *n the below picture is an e5ample o0 how a manC inCtheCmi##le attack works+ ,he attacker intercepts some

0ollowe#+ 7ackers can also use packet capturing techni2ues to steal #ata that is being transmitte# over a network+ Network managers analyse an# manage overall network tra00ic an# per0ormance+ ,o e5amine an# capture realCtime running packets over a network, #i00erent packet capturing techni2ues are use#+ .ne type o0 packet capturing is 0iltering, in which 0ilters are applie# over network no#es or #evices where #ata is capture#+ /on#itional statements #etermine which #ata is capture#+ @or e5ample, a 0ilter might capture #ata coming 0rom 8B/ route an# having ;+J+:+K *' a##ress+ *nstea# o0 0iltering a speci0ic portion o0 a packet, complete packets can also be capture#+ ,he 0ull packet inclu#es two things) a payloa# an# a hea#er+ ,he payloa# is the actual contents o0 the packet, while the hea#er contains e5tra in0ormation, inclu#ing the packetIs source an# #estination a##ress+

8ll #ata on the network travels in the 0orm o0 packets, which is the #ata unit 0or the network+ /apturing packets means collecting #ata being transmitte# on the network+ Every time a network car# receives an Ethernet 0rame, it checks i0 its #estination 48/ a##ress matches its own+ *0 it #oes, it generates an interrupt re2uest+ ,he routine that han#les this interrupt is the network car#Es #riverL it copies the #ata 0rom the car# bu00er to kernel space, then checks the Ethernet type 0iel# o0 the Ethernet hea#er to #etermine the type o0 the packet, an# passes it to the appropriate han#ler in the protocol stack+ A**+ /.N/%US*.NS *n this pro9ecrt much o0 the meaning0ul work in %inu5 network programming consists o0 capturing these in0ormationC rich packets, an# e5tracting or manipulating the in0ormation they contain+ ;hat we mean by packet capturing is some mechanism to catch hol# o0 a packet until our re2uire# purpose is solve# an# then release it, so that it can 0ollow its regular route through any remaining processing+ .ther terms 0or the same or similar actions inclu#e packet 0iltering, packet sni00ing, network sni00ing, an# packet or network monitoring+ A***+
M1N

Deep packet capturing is primarily a network analysis, monitoring an# optimi6ation techni2ue to evaluate all the #i00erent packets that 0low within a network or #evice+ *t is implemente# using speciali6e# networking so0tware, har#ware or a combination o0 both an# is usually a component o0 a 0irewall+ D'/ is generally per0orme# by network a#ministrators or system a#ministrators+ Unlike stan#ar# packet capture, which only reviews the in0ormation in the packet hea#er, D'/ captures an# reviews the packet hea#er as well as the #ata or payloa# the packetIs carrying+ A*+ '8/KE, /8',U-*N" US*N" %*B'/8' %*B-8-: %ibpcap provi#e the packetCcapture an# 0iltering engines o0 many open source an# commercial network tools, inclu#ing protocol analysers <packet sni00ers=, network monitors, network intrusion #etection systems, tra00icCgenerators an# networkCtesters+ %ibpcap also support saving capture# packets to a 0ile, an# rea#ing 0iles containing save# packets, applications can be written, using libpcap, to be able to capture network tra00ic an# analyse it, or to rea# a save# capture an# analyse it, using the same analysis co#e+

-E@E-EN/ES

M!N M$N M&N M(N

:ao Sun, :ashan 4ao, ,ing %iu, :anan Sun, :ang %iu, 8 Dynamic SecretCbase# Encryption 4etho# inSmart "ri#s ;ireless /ommunication 4amoun S+ 8% -ababaa, 4ahamma# 8+ 8l -ababah, Dynamic Key 0or Encryption 'eter 7+ :u an# U#o ;+ 'ooch, 8 D:N84*/ *CKE: EN/-:',*.N '-.,./.% @.- ;*-E%ESS NE,;.-KS 7am#y S+ Soliman an# 4ohamme# .mari, New Design Strategy o0 Dynamic Security *mplementation 7uiCyi Khang OinCsheng Khou an# :ong ,ao 7uiCyi Khang OinCsheng Khou an# :ong ,ao, 8 kin# o0 Dynamic Encryption 8lgorithm an# *ts 8pplication