The openness of networks and the Internet has undoubtedly led to the success and growth of public networks. New applications and features have flourished out of the lack of strict security requirements and the anonymity offered by public networks. However, this openness has also been arguably the single greatest enabler of annoyance and malicious use of networks and the Internet. Spam, denial-of-service attacks, address spoofing, routing attacks, and a myriad of other malicious uses are, at least partially, the result of allowing unauthenticated network traffic. This leaves network applications and protocols on their own to implementing security and attack prevention. In this essay, I will argue that we need to take at a different approach: strong authentication for network traffic. Network traffic authentication will enable security and protection from applications that demand it while still allowing for innovation in network applications.
Strong authentication of network traffic would provide a means for all traffic to be verified for integrity and identity of sender. Currently, most network traffic, especially IP traffic, provides no means for verifying the sender. IP specifically only requires a source address to as means to identify a sender. This is far from a strong form of authentication as IP addresses are easily faked. A strong authentication system, on the other hand, may utilize public key cryptography and multi-factor identification or some new technology to guarantee the identity of a sender and integrity of data sent. It is not my intention to argue in favor of a particular network traffic authentication mechanism but rather to show that one is needed and indeed feasible.
Problems with Unauthenticated Traffic
...
... middle of paper ...
...anisms for authenticating network traffic were never included in the design. To make matters worse, as the need for some sort of authentication or security measures began to arise, network devices where not yet powerful enough to where it was practical to implement authentication mechanisms. The cryptographic calculations involved in authentication were too computationally demanding to be performed in real-time. However, much more than just the uses of networks have changed since then, and it is time to move forward.
There is no longer a lack of processing power or foresight preventing us from implementing strong authentication for network traffic. We must be able to accept these original limitations as facts of the evolution of networks, recognize the current need for authentication, and move networking forward towards strong authentication of all network traffic.
DoS attacks are defined as an effort to make a computer resource unavailable to its users. (Hackers usually use this type of attack on web servers for banks, credit card payment gateways or DNS root servers.) A DoS attack uses the IP address to flood the user’s network and obstruct the communication between the intended user and the victim. It has been proposed that a Shared Authentication Information (SAI) protocol could be used to offer a defense mechanism against DoS attacks, without incurring over- head at the ASN gateway and the base station.
Sabu M. Thampi, Pradeep K. Atrey, Chun I. Fan, Gregorio Martinez Perez (Eds.), Security in Computing and Communications: International Symposium, SSCC 2013, Mysore, India, August 22-24, 2013. Proceedings (Communications in Computer and Information Science) (p. 418). New York, NY: Springer Publishing.
One issue which could plague Internet Key Exchange is the clogging attack. The clogging attack occurs when an attacker uses forged IP addresses to initiate many (thousands) connections which stay in the open state for a period of time, which ties up the target system’s resources. To combat the clogging attack the Cookie Exchange was adopted from the Photuris
Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.
TOR (Roger Dingledine) is a circuit based low-latency anonymous communication service. TOR is now in its second generation and was developed from the Onion routing program. The routing system can run on several operating systems and protect the anonymity of the user. The latest TOR version supports perfect forward secrecy, congestion control, directory servers, integrity checking and configurable exit policies. Tor is essentially a distributed overlay network which works on the application layer of the TCP protocol. It essentially anonymizes all TCP-based applications like web-browsing, SSH, instant messaging. Using TOR can protect against common form of Internet surveillance known as “traffic analysis” (Electronic Frontier Foundation). Knowing the source and destination of your internet traffic allows others to track your behavior and interests. An IP packet has a header and a dat...
Over the years, many people have developed security systems that can actually authenticate a person. This report will be looking at these advancements as well as my thoughts of them.
With the increase of digital communications and transactions, a stronger level of security is required to protect the user and their data transactions. Systems, servers, personal computers, mobile devices, tokens and smart cards are all being used ubiquitously to view protected communications. With the influx of data management, there is an ever-apparent contest between the two adversaries in the game of Information Security: the developers and the hackers. PKI was designed to leverage the Internet infrastructure for communications (CITE Samuelle 2009). While minimizing hostile exploitation of data, decreasing data theft, and providing an additional layer of trust through keys pairs and digital certificates, PKI is used to verify the identity of the user and the authenticity of the data.
In the past 60 years technology has grown by leaps and bounds. Computers are a common fixture of most homes. The Internet was created. Everyone carries cell phones that have more computing power than desktop PC’s did just ten years ago. And this march forward in technology also effected the aviation industry as well. The Boeing 787-8 Dreamliner is Boeing’s newest, most modern, and most technologically advanced commercial aircraft. However, it’s development also raised some security concerns. Fears that the Dreamliner’s network could be vulnerable to hackers or other cyber attacks lead the Federal Aviation Administration (FAA) to issue a Special Conditions Notice to Boeing to prove that the Dreamliner’s network is secure.
Kerberos is an attractive technology, but it's not a network security solution. We were disappointed to learn that Kerberos wasn't going to solve our problems of networkwide user management. Kerberos doesn't replace even aged technology such as Sun Microsystems' Network Information Ser...
...vantage of the overall network design and implement usable subnets with virtual local area networks. Use encryption and encapsulation to secure communications of public segments to enable extranets and cross-Internet company traffic. Use items such as intrusion detection systems and firewalls to keep unauthorized users out and monitor activity. Taken together, these pieces can make a secure network that is efficient, manageable, and effective.
One of the largest parts of commerce is transaction. Transactions are needed anytime two parties exchange money or information. Since the Information Age has begun, transactions are more common over the Internet, where it is more imperative that transactions are secure (Klein x). Corporations have also become more widespread, which means that cryptography is needed to secu...
In this era when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for security becomes a tremendously important issue to deal with, So it is important to deal with it. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. Cryptography is the science of writing in secret code and is an ancient art; In the old age people use to send encoded message which can be understand by the receiver only who know the symbolic and relative meaning of that encoded message .The first documented use of cryptography in writing dates back to circa 1900 B.C. Egyptian scribe used non-standard hieroglyphs in an inscription. After writing was invented cryptography appeared spontaneously with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In telecommunications and data cryptography is necessary when communicating in any untrusted medium, which includes any network, particularly the Internet [1].Within the context of any application-to-application communication, there are some security requirements, including:
Protocols are a common focus of attack because of the number of devices that can be targeted. Devices made by different vendors are able to communicate and work with each other because of standard protocols that allow them to understand each other. The wide use of these protocols makes them an appealing target to attackers. If a flaw can be found in a popular protocol, then many devices made by different vendors will be vulnerable to the attack. There are a number of different protocols over the years that have been updated due to vulnerabilities found in their original versions, a prime example being the SSH protocol.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
Rayne, PB, Kulkarni, P, Patil, S & Meshram, BB 2012, ‘Authentication and Authorization:Tool for Ecommerce Security’, Engineering Science and Technology: An International Journal, vol. 2, no. 1, pp. 150-157.