Security Anand M, Vellore Institute of Technology, Vellore,

Security Algorithm in Computer Networks: A Survey
Paper

 

Rutvi Dresswala*

 

*Under the guidance of Prof. Anand M, Vellore
Institute of Technology, Vellore, Tamil Nadu

 

Abstract:

 

We live in a world where computer are no
longer a luxury but a need. Everything and everyone is connected through
computer networks. With every passing day, we are more dependent on computer
networks for communication. The threats to this system is increasing and
therefore securing this system is of utmost importance. This paper outlines the
various algorithms and protocols used to secure this networks at the root
level.

 

 

1. Introduction:

 

A computer network refers to the
connections of a set of computers to share data and resources. Shared resources
includes hardware like a printer, a file server or the most common of all,
Internet. Thus, we can conclude that these networks play an integral role in
our day to day activities.

 

There are two kinds of computer network
models1:

 

1.1
OSI Model :

OSI (open system interconnection) is a set
of protocol developed by ISO that allows            communication between different
systems. It is a layered framework that provides interoperability.

 

1.2
TCP/IP Model:

TCP/IP (transmission control protocol/
internet protocol) is the internet model.It was developed by ARPANET (Advanced
Research Project Agency Network)

 

Both of these models have various layers
as shown in figure1. In this paper we are going to summarize the algorithms
and protocols used in four of these layers.

 

 

2. Application Layer

 

It is the user interface layer. It
provides access to the network resources and support services. This layer
provides services like email,file transfer, etc. In this section we are going
to discuss two important security mechanisms for applications layer.

 

2.1
PGP(Pretty Good Privacy)

 

PGP was invented by phil Zimmermann to
provide e-mail message to store a file securely for future retrieval. In PGP,
the sender signs the message and creates a digest of the message. He then signs
the digest with his private key. The receiver verifies the message by using the
sender’s public key. A further improvement to this system is the compression of
the message and the digest for ease of traffic.

 

Algorithms used in PGP:

 

2.1.1
Public Key Algorithms: The public key
algorithms that are used for signing the digest or encrypting the messages are
listed:

 

ID

Description

1

RSA(encryption
or signing)

2

RSA(for
encryption only)

3

RSA(for
signing only)

16

ELGamal
(encryption only)

17

DSS

18

Reserved
for elliptic curve

19

Reserved
for ECDSA

20

ELGamal
(for encryption or signing)

21

Reserved
for Diffie-Hellman

100-110

Private
algorithms

 

2.1.2.
Symmetric-key Algorithms: The symmetric-key
algorithms that are used for conventional encrypting:

ID

Description

0

NO
ENCRYPTION

1

IDEA

2

Triple
DES

3

CAST-128

4

Blowfish

5

SAFER-SK128

6

Reserved
for DES/SK

7

Reserved
for AES-128

8

Reserved
for AES-192

9

Reserved
for AES-256

100-110

Private
Algorithms

 

2.1.3.Hash
Algorithms: The hash algorithm that are used for
creating hashes in PGP:

 

ID

Description

1

MD5

2

SHA-1

3

RIPE-MD/160

4

Reserved
for double width SHA

5

MD2

6

TIGER/192

7

Reserved
for HAVAL

100-110

Private
algorithms

 

2.1.4.
Compression Algorithm: The compression
algorithms that are used for compressing the text:

 

ID

Description

0

Uncompressed

1

ZIP

2

ZLIP

100-110

Private
Methods

 

2.2.
S/MIME:

MIME is a supplementary protocol that
allows non ASCII data to be sent through email. MIME transforms non-ASCII data
at the sender site to NVT ASCII data and delivers it to the client MTA to be
sent through the internet. The message at the receiving side is transformed
back to the original data. MIME supports the following type of data:

?      Text

?      Plain:
Unformatted

?      HTML
: HTML Format

?      Multipart

?      Mixed:
Body contains ordered parts of different type of data

?      Parallel:
Same as above, but no order.

?      Digest:
Similar to mixed, but the default is message/RFC822

?      Alternative:
Parts are different versions of the same message

?      Message

?      RFC822:
Body is an encapsulated message.

?      Partial:
Body is a fragment of a bigger message.

?      External
body: Body is a reference to another message.

?      Image

?      JPEG:
Image is in JPEG format

?      GIF:
Image in GIF format

?      Video

?      MPEG:
Video in MPEG format

?      Audio

?      Basic:
Single encoding of voice at 8KHz

?      Application

?      PostScript:
Adobe PostScript

?      Octet-stream:
General binary data (eight-bit bytes)

 

A MIME message has five headers to
complete its transformation. Each header defines a particular parameter that
supports this transformation. The five header fields are the following:

01.  MIME-Version

02. Content-type

03. Content-Transfer-Encoding:
This is the way to encode the data into 0’s and 1’s

a.     7
bit

b.    8
bit

c.     Binary

d.    Radix-64

e.     Quoted
Printable

04. Content-Id

05. Content-
Description

 

The SMIME adds a few new content types to
the existing 7 data type of mime with added security measures.In this paper we
will no go into details of the following types. The following are the added
data types:

1.    Single-data
content type

2.    Enveloped-data
content type

3.    Digested-data
content type

4.    Encrypted-data
content type

5.    Authenticated-data
content type

 

Cryptographic Algorithms used in S/MIME

 

Algorithm

Sender
must support

Receiver
must support

Sender
should support

Receiver
should support

Content-encryption
algorithm

Triple
DES

Triple
DES

 

AES
RC2/40

Session-key
encryption algorithm

RSA

RSA

Diffie-Hellman

Diffie-Hellman

Hash
algorithm

SHA-1

SHA-1

 

MD5

Digest-encryption
algorithm

DSS

DSS

RSA

RSA

Message-authentication
algorithm

 

HMAC
with SHA-1

 

 

 

3. Transport Layer

 

End-to-end communication in a computer
network system is provided by transport layer.It ensures logical communication in
between application processes that are running on different hosts in a layered
architecture of protocols and other network components. There are two major
architectures to secure this layer.

 

3.1 Secure Sockets Layer
(SSL) Protocol

 

SSL provides numerous services to the data that it receives from the
application layer.

?     
Fragmentation: The received data is divided into
blocks of 2^14 or less.

?     
Compression: The fragmented data is compressed.  This is an optional service thus there isn’t
a specific default compression algorithm. The default is method is NULL.

?     
Message Integrity: Data integrity is preserved using
key-hash function to create MAC. The following algorithms can be used for this:

?     
Null

?     
MD5

?     
SHA-I

?     
Confidentiality: Symmetric key cryptography is used
to encrypt the MAC and original data. The following algorithms can be used for
the same:

?     
Null

?     
Stream RC4

?     
RC4_40

?     
RC4_128

?     
Block RC2_CBC_40

?     
Block DES

?     
DES40_CBC

?     
DES_CBC

?     
3DES_EDE_CBC

?     
Block IDEA_CBC

?     
Block FORTEZZA_CBC

?     
Framing: The encrypted payload is given a header and
then given further to the transport layer protocol.

 

The key exchange in the following system is done through the following
algorithms:

?     
NULL

?     
RSA(encryption)

?     
Anonymous Diffie-Hellman

?     
Ephemeral Diffie-Hellman(RSA or DSS)

?     
Fixed Diffie-Hellman(RSA or DSS)

?     
Fortezza

 

3.2. Transport Layer
Security(TLS)

 

TLS protocol is the IETF standardized version of SSL. The two protocols
are very similar apart from the minor differences. For example, the key
exchange algorithm in TLS does not support Fortezza. These differences does not
necessarily give a more secure network. Both, TLS and SSL are equally secure
protocols.

 

4. Network
layer

 

In the seven-layer OSI model
of computer networking, the network layer is layer three. The network layer is
accountable for packet forwarding as well as routing through intermediate
routers. It provides the means of transferring variable-length network packets
from a source to a destination host via one or a lot of networks. among the
service layering semantics of the OSI network architecture, the network layer
responds to requests from the layer above and problems service requests to the
data link layer.

 

In this section we are going to discuss only one security protocol.

 

4.1. IPSec

 

IP Security(IPSec) is a collection of protocol that is designed by the
engineers at Internet Engineering Task Force(IETF). It was designed to cater to
the security at the network layer. The important security functions of IPSec
are:

·      
Confidentiality

o          
Enables communicating nodes to encrypt messages

o          
Prevents eavesdropping by third parties

·      
Origin authentication and data integrity

o  
Provides assurance that a received packet was
actually transmitted by the part identified as the source in the packet header

o  
Confirms that the packet has not been altered or
otherwise.

·      
Key Management

o  
Allows secure exchange of keys

o  
Protection against certain types of security
attacks, such as replay attacks

 

 

 

5. Data Link Layer

 

The data link layer or layer two is the
second layer of the seven-layer OSI model of pc networking. This layer is that
the protocol layer that transfers information between adjacent network nodes in
a wide area network (WAN) or between nodes on a similar local area network
(LAN) phase. The data link layer offers the purposeful and procedural means to
transfer data between network entities and would {possibly} provide the means
to discover and possibly correct errors which will occur within the physical
layer.

 

In this section we are going to look at
the algorithms used to secure wireless networks.

 

5.1
Wired Equivalence Privacy (WEP)

 

It
is an encryption algorithm built into the 802.11 standard to secure wireless
networks. WEP encryption uses the RC4 (Rivest Cipher 4) stream cipher with
40-bit/104-bit keys and a 24-bit initialization vector. It can also provide
endpoint authentication.

It is, however, the weakest
encryption security mechanism, as a number of flaws have been discovered in WEP
encryption. WEP also does not have authentication protocol. Hence, using WEP is
not highly recommended.

 

5.2
Wifi Protected Access(WPA)

 

This protocol implements
the majority of the IEEE 802.11i standard. It existed before IEEE 802.11i and
uses RC4 algorithm for encryption. It has two modes of operation. In
‘Enterprise’ mode, WPA uses authentication protocol 802.1x to communicate with
authentication server, and hence pre-master keys (PMK) is specific to client
station. In ‘Personal’ mode, it does not use 802.1x, PMK is replaced by a
pre-shared key, as used for Small Office Home Office (SOHO) wireless LAN
environments

 

6.Conclusion

 

Throughout the paper we have gone through
various protocols and the algorithms used in them to protect a computer
network. All of this protocols are very difficult to break and thus shows the
emphasis of security in computer networks. Therefore, we can conclude that for
a very secure network a combination of these protocols is required rather than just
one.

 

 

 

 

 

 

 

References

 

1.    Mohan
V Pawar, Anuradha J, “Network Security and Types Of Attack in Network”.

2.    Behrouz
A. Forouzan, “Cryptography & Network Security”.

3.    Raghvendra
K., Sumith Nireshwalya, “Application Layer security issues and its solutions”.

4.    M.
Elkins, “MIME Security with Pretty Good Protocol(PGP)”.

5.    Alma
Whitten, J.D. Tygar, “A usability evaluation of PGP 5.0”.

6.    S.
Dusse, P. Hoffman, “S/MIME Version 2 Message Specification”.

7.    William
Stallings, “Cryptography and Network Security”.

8.    T.  Dierks, E. Rescorla, “The Transport Layer
Security Protocol”

9.    J.F.
Zandbelt, “Transport Layer Security using DNSSEC”.

10. J.
Salowey, “TLS session resumption without Server-Side state”.

11. P.
Chown, “Advanced Encryption Standard (AES) ciphersuites for Transport Layer
Security(TLS)”.

12. Timothy
G Shoriak, “SSL/TLS Protocol Enablement for Key Recovery”.

13.  Bernardo C.V Camilo, “Assessing the impact of
IPSec cryptographic algorithm on a virtual network embedding problem”.

14. Taskin
Kochar, “A WEP post processing algorithm for a robust 802.11 WLAN
implementation”.

15. Poonam
Jindal, “Quantitative Analysis of security performance in wireless LANS”.