A security risk within the context of data communication is described as any action of inaction that poses a threat to the integrity and security of data communicated between a sender and a receiver. Security threats in communication are all too real and pervasive and mischief makers always try to exploit the vulnerabilities of system design and architecture in order to perpetrate illegal activities. As the waves of the threats increase, different methods and techniques are also deployed in order to guarantee the security and integrity of data exchange. Some of the techniques involve the protection of networks from unwanted data traffic while others deal with the communication between browsers and servers (client - server security). The protection of networks include the use of firewalls while that of client-server security include the use of data encryption techniques like Secure Socket Layer (SSL) encryption to manage web transactions.
Security and Reliability Safeguards
Safeguards are measures put in place to check threats or prevent compromise to a system. Security safeguards are meant to check security threats while reliability safeguards are meant to ensure that a system continues to deliver its normal services even in the face of attacks or failure of parts of the system. Security safeguards include the use of firewalls and data encryption while reliability safeguard include the use of data backup, which is a form of redundancy.
Encryption has been described as the process of converting plain text into hidden text (or cyphertext) in order to save the transmitted text from data thieves (Ramdeo, 2012). The process of encryption and decryption (to recover the plain text) is known collectively as cryptography. Cryptographic techniques are employed to make sure that any transmitted information that is intercepted by an unauthorized third party will not be readable. The technique of cryptography involves the transmission of a ciphertext which is the output of an encryption process that is achieved using a key to transform a plaintext. The key used is a short length of string that is known generally and may be changed as often as possible. Encryption techniques are basically classified into two categories which form the foundation of the modern techniques employed today– substitution ciphers and transposition ciphers.
Substitution ciphers, as the name implies, entails substituting a letter or a group of letters in a plaintext in order to produce the ciphertext. For instance all the occurrence of the alphabet ‘a’ in a plain text may be replaced by the alphabet ‘g’. This substitution is done for all the characters in the plaintext. Similarly a group of words may be substituted with a letter or another group of words. This then results in a mapping between each of the original characters in the plaintext to a substitution character. Cryptanalysis of a substitution cipher is based on the statistics of the occurrence of certain characters or group of characters in a ciphertext in comparison with the known statistical frequency of occurrence of characters of natural languages.
Transposition ciphers unlike substitution ciphers do not keep the order of arrangement of the plaintext but changes it. The plaintext is not changed as in transposition cipher but they are re-arranged in an order that is determined by the key. The decoding of this cipher is done with the use of the key to retrieve the plaintext in the correct order. This technique is more difficult for an unauthorized intruder to decode unless with a prior knowledge of the key. Unlike the substitution cipher, the intruder must first realize and establish that this particular crypt is not a substitution cipher. The decoding techniques based on statistics of the characters will not be useful in this scheme.
Types of Encryption
Encryption algorithms are generally of two types which is based on the type of key used for the encryption – Symmetric Key and Non-symmetric key encryption.
Symmetric key cryptographic algorithms make use of the same key for encryption of the plaintext and decryption of the ciphertext. This key has to be exchanged between the sender and recipient of the data. Block ciphers are a subset of this symmetric key cryptography. In block ciphers, a block of n-bit plaintext is transformed using the symmetric key into an n-bit block of ciphertext. The longer the length of the key chosen, the stronger the algorithm and the ciphertext produced. A weak key will be easily decrypted. Data Encryption Standard (DES), 3DES (an improvement on DES) and Advanced Encryption Standard (AES) are some algorithms of symmetric key cryptography in use.
DES encrypts plaintext in blocks of 64 bits into ciphertext in blocks of 64 bits. 3DES is an improvement on DES (Singh and Supriya, 2013), that makes use of three stages of encryption and uses 2 keys, K1 and K2. AES is a replacement for DES and 3DES due to its better performance over the other two (Gupta and Chawla, 2012). The AES algorithm encodes plaintext into ciphertext in block sizes of 128 bits using a key length that is either 128 bits or 256 bits.
Non-symmetric key cryptographic algorithms, also known as public key algorithms, use two different keys for the encryption of the plaintext and the decryption of the ciphertext. A public key and a private key are used in this encryption algorithm. The receiver’s public key is used for the encryption while the private key of the receiver is used to decrypt the information. The public key is made public since it is used by anyone wishing to send a message to the receiver (hence the term public key cryptography), but the private key used by the receiver is known only to the receiver and kept secret. The key distribution problem in symmetric cryptography is solved by asymmetric cryptography (Patil and Gouder, 2013). Many techniques have been proposed based on this principle. However, any algorithm following this technique must satisfy three conditions as stated below:
- If the decryption algorithm is applied to the encrypted message, we must get the original plaintext back.
- It is extremely difficult to deduce the decryption algorithm from the encryption algorithm.
- The encryption algorithm cannot be broken by any plaintext attack.
So many algorithms have been proposed that claims to satisfy all the conditions stated above. One of such algorithm is RSA.
RSA is a public key algorithm that was designed by three scientists Rivest, Shamir and Adleman and the algorithm is so named with the first alphabets of the names of the scientists. RSA is a very strong public key encryption algorithm that has survived many unsuccessful attempts at breaking it to expose flaws in it. It uses a very strong key length of 1024 bits but is slower because of this but secure all the same.
A firewall is a network element (can be software or hardware) that controls the movement of network data packets across the set boundaries of a network that has been secured based on a specific security policy (Rao, Rama and Mani). The firewall security policy contains a list of rules used to filter data packets. The filtering action is carried out either by accepting or rejecting packets destined for the secure part of the network. Each packet is checked against the list of rules to ascertain whether the packet has been defined to be accepted or rejected based on the security policy. The task of a firewall has also been described as controlling network traffic having various zones of trust - internet (non-trusted zone) and internal network or intranet (trusted zone) (Walia and Panda).
In order to control the traffic flow into and out of the network, firewall uses one or more methods - packet filtering, proxy servers and stateful inspection. In packet filtering, each packet is analyzed against the rules that have been defined in the security policy. In the use of proxy service, a proxy server serves as n intermediary between the communicating entities and there is no direct communication between them. Stateful inspection does not examine the contents of the packets but some key information is matched in order to determine if it is trusted (Walia and Panda).
Firewalls are used to block access to some sites on the internet or control access to some particular servers and services. Firewalls are also used to control and monitor the flow of data traffic at the boundary of an external and internal network by using set rules. In a Virtual Private Network where each physical location has its own firewall, the firewalls can help encrypt the packets exchanged over the network.
Secure Socket Layer (SSL) Encryption
Secure Socket Layer (SSL) is a protocol designed to enable secure internet transactions between a client and a server irrespective of the type of application (Kartit et al., 2010). SSL uses a handshake protocol where the session capabilities (encryption algorithms) are negotiated and the client authenticates the server. The basic elements of SSL include confidentiality, message integrity and authentication. SSL achieves these elements through the use of cryptography, digital signatures and certificates. In the use of cryptography, SSL ensures the confidentiality of communication across public networks by using one of the two encryption types - symmetric cryptography or asymmetric cryptography.
Digital signatures ensure the integrity of data communicated with the use of a digital signature attached to the exchanged data. The digital signature is a hashed message digest with public key information which is checked and compared after computation by both the sending and receiving parties. If the results are matched, then it signifies that the message was unaltered and has not been compromised during transit.
The use of digital certificates by SSL is to authenticate servers. These certificates are digital documents that attest to the binding of a public key to an individual or an entity by verifying the claim that a particular public key actually belongs to the entity specified.
Data backup entails keeping multiple copies of data in different physical locations to prevent loss either through deletion or corruption of the data or in the in the event of hardware failure or other unforeseen circumstances. Copies of the backup are easily used to restore the lost data.
The backup is done with the use of storage media such as magnetic tapes, optical storage devices, hard drives, solid state backup or even cloud technology.
The threats to the security of networks and data are real and pervasive. In a world where data communication between networks is critical to the survival of many economies and organizations, these threats are meant to be taken seriously and measures taken to neutralize them. The measures in place include the protection of networks with firewalls and protection of data integrity with encryption techniques. Due to the fact that attackers device new methods of attack every day, better techniques of security are being sought and developed. In order to effectively protect networks and data, the latest techniques of attack must be known as well as applying the best and latest methods of security to check the threats.
Cisco Systems (2002). Introduction to Secure Sockets Layer. White Paper: Cisco Systems Inc., 1 - 12.
Gupta, G. and Chawla, R. (2012). Review on Encryption Ciphers of Cryptography in Network. International Journal of Advanced Research in Computer Science and Software Engineering, 2(7), 211 - 213.
Kartit, A., El Marraki, M., Radi, A. and Regragui, B. (2010). On the Security of Firewall Policy Deployment. Journal of Theoretical and Applied Information Technology, 84 - 92.
Patel, H.B., Patel, R.S. and Patel, A.V. (2011).To Study the Risk or Issues of Firewall: Solution with different approach. International Journal of P2P Network Trends and Technology, 1(3), 36 - 39.
Patil, A. and Goudar, R. (2013). A Comparative Survey of Symmetric Encryption Techniques for Wireless Dvices. International Journal of Scientific & Technology Research, 2(8), 61 - 65.
Ramdeo,N. (2012). Evaluation of Data Encryption Algorithms. International Journal of Scientific & Engineering Research, 3(9), 1 - 3.
Rao, C.S, Rama, B.R., and Mani, K.N. (2011). Firewall Policy Management Through Sliding Window Filtering Method Using Data Mining Techniques. International Journal of Computer Science & Engineering Survey (IJCSES), 2(2), 39 - 55.
Singh, G. and Supriya (2013). A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security. International Journal of Computer Applications, 67(19), 33 - 38.
Tanenbaum, A.S., & Wetherall, D.J. (2011). Computer Networks (5th ed.) Boston, MA: Pearson Education, Inc.
Walia, K. and Panda, S.N. (2012). Firewall: Tool of Network Security. International Journal of Computing and Business Research (IJCBR), 3(3), ISSN (Online): 2229-6166.