Network VPN and Web Security Cryptography Essay

Securing earnings commercial transactions and sensitive banking entropy is increasingly becoming critical as threats to computer meshings continue to rush signifi senst monetary losses resolventing from information damage, loss or degeneracy by spy w ar, vir substance ab substance ab designs and former(a) selective information corrupting hostile codes (Mogollon, 2007). The consequences of having purposeless warrantor organization administration become enormous and companies should step up their hostage measures measures to encourage sensitive entropy by cryptological methods. In online transactions, the secure Web legion communicates with the clients computer by authenticating each an otherwise(prenominal).They do this by en nobodying the data which is transmitted by intend specialised protocols such(prenominal)(prenominal) as transport layer shelter (TLS), lucre protocol bail (IPsec) and secure socket layer (SSL). All Web web browsers such as Internet Expl orer and Netscape eat up in-built TLS and SSL protocols. To make internet transactions safe, the problems associated with end- applyr certificate distri plainlyion give up to be solved and this was the challenge that lead to the fall of secure electronic transaction (SET) technologarithmy after(prenominal) its launch in 1990s (Mogollon, 2007).This paper depart discuss important technologies cig artte VPN SSL and website encoding paying critical attention to algorithmic programs which make autographion in financial strategys such as the Internet commercial transactions assert fitted and secure. In particular, the paper addresses advanced and critical issues in online transactions as one of the aras applying cryptogram and net security. The Need for earnings pledge in Financial Systems The modern online commerce and financial systems ar rapidly growth partly beca persona several protocols for Web encoding ar often use hence ensuring secure transactions.In a practi cal scenario, online clients buying commodities reckon the credit card add up online and then hit the Submit button. victorion this information is stomachd online and piece of tail be de computeed by hackers, the Web browser commits to secure this online transaction by enciphering the transmitted data (Mogollon, 2007). Secure intercourse surrounded by the client and the server requires client-server stylemark which is a cryptographic identify exchange involving an mark offment of both parties. The client and the server will agree on a common pre-master secret code or blusher. info is then enciphered using the learns which argon generated from the agreed pre-master pick up. This chat agreement amongst the client and server in addition involves the decisions on which versions and protocols to use such as SSL2, SSL3, TLS1. 0, and TLS 1. 1 (Mogollon, 2007). They will besides agree on which cryptographic algorithm to use and whether to authenticate to each other or no n. The use of indisputable techniques of earth-key encoding which generate the pre-master secret key will as well be agreed on.Both have to make an agreement that session keys be to be prepared to help in the enciphering of the messages. Virtual Private Network (VPN) A virtual clubby earnings (VPN) serves as an extension of a close internet which encompasses ties across public or dual-lane vanes such as the Internet (Mogollon, 2007). VPN enables users to send data between two unite computers across a public or shared out network in a way that it emulates point-to-point cloak-and-dagger link properties. Virtual semiprivate networking is the technique of creating and configuring VPN and it emulates point-to-point links (Mogollon, 2007).There should be data encapsulation or wrapping with headers to interpret routing information thus throw ining it to pass through the public or shared pass across internetwork and attain its endpoint. At the same sentence, to emula te private links, the sent data must be encrypted for security and confidentiality (Microsoft Corporation, 2003). The packets intercepted on public or shared networks gouge non be deciphered without the use of encoding keys. Private data is encapsulated in a affiliation portion known as the tunnel and it is encrypted in a connection portion known as the VPN connection (Microsoft Corporation, 2003). design 1. 1 patternure 1.1 Virtual private network connection (Microsoft Corporation, 2003) The VPN connection provide the capabilities for contrary users date at homes, branch offices or even while traveling to securely connect to remote organizations servers by the use of routing infrastructure which is provided by a shares or public network like the Internet(Microsoft Corporation, 2003). Since the creation of VPN connection is facilitated by the Internet from anywhere, these networks require un bombardmentable security mechanisms to avoid any unwelcome private network admissio n charge and to nurse private data while traversing the public network (Microsoft Corporation, 2003).These security mechanisms include data encoding and authentication as well as other advanced VPN security measures such as certificate-based authentication. Virtual private network security (VPNs) is provided by the Internet protocol security (IPsec), TLS and SSL (Mogollon, 2007). IPsecVPN are commonly employ in several enterprises but they are not as easy to use as SSLVPN. some other difference between IPsec VPN and SSL VPN is that IPsec VPN works at horizontal surface 3 and creates a tunnel into networks. This way, IPsec allows for devices to log on as if they have physical connections to the local area network (LAN) (Mogollon, 2007).On the other hand, the SSL VPN work at the application seam 4 and users sens have access to individual applications through the Web browser. In SSLVPN, the administrators can dictate the access by applications instead of providing entire networ k access. VPN emulates the facility of private wide area network (WAN) by the use of private Internet Protocol (IP) and public internet backbones (Mogollon, 2007). Secure Socket Layer Virtual Private Network (SSLVPN) Security networks curiously those utilize in online transactions demand increasingly complex cryptographic systems and algorithms (Lian, 2009).Therefore, there is take away for individuals concerned with the applyation of security policies in companies to use technical fellowship and skill in information technology in order to implement critical security mechanisms. Unlike the traditional IPsec VPN which requires the use of special client software on computers of end users, the SSL VPN such as Web SSL VPN requires no installation of such software (Lian, 2009). SSLVPN is mainly designed to provide remote users access to various client-server applications, Web application as well as internal network connections.SSL VPN authenticates and encrypts client-server communi cation (Lian, 2009). Two subjects of SSL VPNs are recognized the SSL gateway VPN and SSL turn everywhere VPN (Lian, 2009). The SSL Portal VPN ordinarily allows a single SSL to connect to the website while allowing secure access to a number of network service by end users. This common website is known as the portal because it serves as a single door leading to a number of resources. The site is usually a single page having links to other pages.The second face of SSLVPN is the SSL Tunnel VPN which allows Web browsers, and thus users to safely access a number of multiple network services as well as protocols and applications which are not Web-based (Lian, 2009). Access is mainly provided via a tunnel which runs under SSL. The SSL Tunnel VPN requires all browsers to have the capacity to support active content that makes them to have more functionality not possible with SSL Portal VPN. The active content support by SSL Tunnel VPN includes Active X, Java, JavaScript and plug-ins or Flash applications (Lian, 2009).Secure Socket Layer (SSL) provides a measuring stickized communication encoding deployed for the purpose of protecting a number of protocols (Lian, 2009). For instance, most online transacting sites such as PayPal, AlertPay and MoneyBookers have their Universal election Locator (URL) address beginning with https// instead of http//. This means that the Hypertext Transfer Protocol (Http) is wrapped inside the SSL (Lian, 2009). cryptology and encryption Cryptography is concerned with the nurture of algorithms where data is written secretly thus the stools, crypto-meaning secret and graphy, meaning report (Li, n.d). Cryptography basically provides a number of ways to confirm data security during VPN communication. These various means or algorithms include hash, cipher, digital signature, authentication and key times (Lian, 2009). Cryptography endeavors to conceal the actual context of data from everyone except the recipient and the sender hence maintaining secrecy or privacy. Cryptography also verifies or authenticates the correctness or validity of data to recipients in virtual private network.As a result of this, cryptography has been the base of trading operations of a number of technological solutions to problems such as communication and network security in share networks such as that in VPN. In general, cryptography can be defined as the technique exploiting the methods and principles of converting limpid data into unintelligible one and then changing it back to the legitimate form (Li, n. d). SSL VPN encryption involves the adoption of traditions and novel algorithms of encryption in the shield of sensitive data such as the one exchanged during online transactions.The accepted data is changeed into secure data with detail algorithm of encryption by the use of the encryption key. At the same time, the encrypted data can be decrypted back into its original state with the help of algorithms of decryption. Some quantify, fill outs to data are common in networked systems where hackers break into systems to obtain the original data which has not been encrypted. The present research focuses on the economical algorithms of encryption and decryption which are secure against these attacks (Lian, 2009). Typical VPN Encryption AlgorithmsVPN encryption utilizes a number of encryption algorithms to secure flowing traffic across a shared or public network (Malik, 2003). The encryption of VPN connections is adopte so as to allow VPN and Web traffic to traverse share or public network like the Internet. Example of encrypted VPN is the SSL VPN and IPsec which uses encryption algorithms to safely allow traffic across shared or public network such as the Internet (Malik, 2003). Apart from classifying VPN in terms of encryption, salmagundi of VPN can also be based on the model of OSI layer which they are constructed in.this is an important classification as the encrypted VPN only allows specific amoun t of traffic which gets encrypted and the degree of hydrofoil to VPN clients (Malik, 2003). Classification of VPN based on the OSI model layers recognizes three instances of VPNs data link layer, network layer and application layer VPNs (Malik, 2003). Algorithms use for encryption can be classified into partial encryption, direct encryption and compaction-combined encryption (Lian, 2009). fit to the number of keys used, algorithms can also be classified into a isobilateral and cruciateal algorithms.In general, different encryption algorithms encrypt data volumes hence acquiring different efficiency and security. It hence remains a decision of system security administrators to select which algorithm to use which will provide the scoop VPN security (Microsoft Corporation, 2005). There is no single encryption algorithm which is efficient to address all situations (Microsoft Corporation, 2005). However, there are basic factors to consider when selecting the oddball of algorithm to use in VPN security. Strong encryption algorithms constantly hire more resources in computer systems compared to weaker encryption algorithms.Long encryption keys are considered to disco biscuiting stronger securities than the shorter keys. Therefore, Chief Security Officer (CSOs) should decide on seven-day keys to call forth system securities (Microsoft Corporation, 2005). noninterchangeable algorithms are also considered stronger than the symmetric ones since they use different keys (Microsoft Corporation, 2005). However, unsymmetric algorithms of encryption are slower compared to symmetric ones. Experts also prefer block ciphers as they use loner keys hence offer stronger security compared to stream ciphers.Passwords that are long and complex seem to offer better security than shorter and simpler passwords which can be broken easily by hackers. It should be factor to consider the amount of data which is being encrypted. If sizable amounts of data are to be encrypted, then symmetric keys are to be used to encrypt the data and unsymmetric keys should be used to encrypt the symmetric keys. It is also critical to compress data before encrypting because it is not easy to compress data once it has been encrypted (Microsoft Corporation, 2005). Direct encryption involves the encryption of data content with either traditional or novel cipher directly.Partial encryption involves the encryption of only significant portions of data and other parts are left unencrypted (Microsoft Corporation, 2003). Compression-combined encryption involves the combinations of encryption operation with compression operation which are simultaneously implemented. Comparably, direct encryption offers the loftyest data security as it encrypts largest volumes of data. However, this method has the lowest efficiency as it takes much time encrypting all data volumes. The reduction of data volumes in partial and compression-combined encryptions result to lower security but with high est efficiency (Lian, 2009).There are specific examples of ciphering algorithms used by most online companies to protect sensitive and private data such as business data, personal messages or passwords for online banking. The commonly used ciphering algorithms include the diethylstil better(p)rol/3 DES, RC4, SEAL and Blowfish (MyCrypto. net, n. d). selective information encryption in VPN client-server communications is critical for data confidentiality. This is because data is passed between VPN clients and VPN servers over a public or shared network which often poses risks of unlawful data interception by the hackers. However, VPN servers can be configured to force communication encryption.The encryption will force VPN clients connecting to VPN servers to encrypt their data or else be denied connections. Microsoft Windows Server 2003 employs two different types of encryptions the Internet Protocol security (IPSec) encryption that uses the Layer Two Tunneling Protocol (L2TP) and M icrosoft draw-to-Point Encryption (MPPE) which used Point to Point Tunneling Protocol (Microsoft Corporation, 2005). In telephone communication or dial-up clients, data encryption is not necessary between the clients and their Internet Service Providers (ISP) since the encryption is unceasingly carried out with VPN client-VPN server connections.This implies that mobile users using dial-up connections to dial local ISPs emergency not to encrypt anything since once the Internet connection has been established, the users can create VPN connection with corporate VPN servers. In case VPN connections are encrypted, there is no need for encryption between users and ISPs in dial-up connections (Microsoft Corporation, 2005). VPN encryption generally allows for the growth of the highest possible security standards do possible by key generation in a certified centre using the RSA, 1024 while (MyCrypto.net, n. d). smarting card technology especially the TCOS-2. 0 Net Key SmartCard OS (op erating system) grant a safe mode for key storage which complies with the valuation criteria of information security systems (Li, n. d). Different types of encryption algorithms employ proprietary specific methods to generate the secret keys and thus the encryption algorithms become useful in different types of applications (MyCrypto. net, n. d). The length of keys generated by these algorithms determines the strength of encryption.The most common algorithms, DES/3DES, BLOWFISH, radical, SEAL, RC4 and RSA have different qualities and capabilities which network security administrators may choose to use in providing VPN security (MyCrypto. net, n. d). The RSA algorithm, developed in 1979 was named after its developers Ron Rivest, Shamir and Adleman hence the name RSA (Riikonen, 2002). RSA supports digital signatures and encryption and it is so the most widely used type of public key algorithm. RSA takes advantage of the problem of integer factoring to enhance security and it utili zes both private and public keys.It is one of the algorithms which is easy to see and it has been patent-free since the year 2000 (Riikonen, 2002). RSA is commonly used for securing IP data, transport (SSL/TSL) data, emails, terminal connections and conferencing services. Its security entirely depends on the information of the numbers generated by the Pseudo stochastic Number Generator (PRNG). entropy Encryption Standard/ Triple Data Encryption Standard (DES/3DES) has widely been used as a standard in banking institutions in Automatic Teller Machines (ATMs) as well as in UNIX OS password encryption (MyCrypto. net, n. d).DES/3DES allows the authentication of individualised Identification Number (PIN) to be made possible. While DES is basically a 64-bit block cipher, it uses 56-bit keys in encryption and most users dont regard it as advances in computer technology continue to transform the banking and online industry (MyCrypto. net, n. d). DES has been found to be vulnerable to nigh cyberattacks and experts have now recommended 3DES as the stronger option. 3DES has the ability to encrypt data 3 times hence the name 3DES. It uses different keys for all the three passes and this gives it a innate cumulative of 112-168 bit key size (MyCrypto.net, n. d). IDEA (International Data Encryption Algorithm) is another type of algorithm first developed by Prof. Massey and Dr. Lai in the wake of 1990s in Switzerland (MyCrypto. net, n. d) . It was meant to replace DES algorithm but one of the weaknesses of DES is that it uses a common key for both encryption and decryption and it only operates on 8 bytes at every incident. The success of IDEA in enhancing security lies on the length of its 128-bit key which makes hackers backbreaking to break especially those who try out every key.To present, there are no known means of breaking the IDEA 128-bit key other than trying each key at a time which is also difficult (MyCrypto. net, n. d). This then makes the algorithm bette r for security. Since it is a desist algorithm, IDEA has been implemented in most hardware chip mountains to male them run hurried (MyCrypto. net, n. d). Just like IDEA and DES, Blowfish represent another type of a symmetric block cipher which tales a varying key length ranging from 32 to 448 bits (MyCrypto. net, n. d). This makes it ideal for both exportable and domestic use. unquestionable in 1993 by Bruce Schneier, Blowfish became not only a fast alternative but also a free option to the other existing algorithms of encryption. Blowfish is now becoming more accepted by many experts because of its strong encryption properties (MyCrypto. net, n. d). Software-optimized Encryption Algorithm (SEAL), developed by Coppersmith and Rogaway is an example of a stream cipher where data is encrypted continuously (MyCrypto. net, n. d). flow rate ciphers represent a group of algorithms which are faster compared to block ciphers such as IDEA, Blowfish and DES.However, stream ciphers have an e xtended initialization bod whereby a secure harsh algorithm is used to complete the set of tables (MyCrypto. net, n. d). It is considered a very fast algorithm as it uses 160 bit key for the purpose of encryption. In addition, SEAL is considered one of the safest algorithms used to protect data from hackers and thus, it can be used in managing passwords in financial systems (MyCrypto. net, n. d). Ciphers and Encryption Ciphers transform plaintext into secured ciphertext and then recover it back from ciphertext with the help of keys (Li, n.d). This way, data is kept private during client-server communication this providing maximum VPN and Web security. The transformation into plaintext and the recuperation from ciphertext is commonly known as encryption and decryption respectively. During the decryption process, a key is required and without the key, correct plaintext recovery is not possible. There are several types of ciphers widely known and have been classified according to the ir properties. Ciphers can be classified as to either symmetric or asymmetric ciphers (Li, n.d). In symmetric ciphers, the decryption key used in cryptography is the same as that used in encryption. The operation for decrypting is often symmetric to the encrypting operation in symmetric ciphers (Li, n. d). In asymmetric ciphers, the decryption operations are never symmetric to encryption operations hence the keys used might differ (Lian, 2009). A simple model for showing asymmetric and symmetric ciphers is as shown below in Fig 2. 1 (a) and (b). Fig 2. 1(a) and (b) (a) proportionate cipher (b) Asymmetric cipher Fig 2.1 (a) and (b) Symmetric and asymmetric ciphers (Lian, 2009) In the models shown above, symmetric cipher use same key (K0) in encryption and decryption while asymmetric cipher use different keys (K1) and (K1) for encryption and decryption respectively (Lian, 2009). Since in asymmetric cipher the key is similar in both encryption and decryption operations, the key is kno wn both to the sender and the receiver but not to the deuce-ace company and it should evermore be kept private. Otherwise, the third party can decrypt the ciphertext and expose the ciphertext as plaintext.This is why the asymmetric cipher is also known as the private cipher. However, symmetric ciphers such as in advance(p) Encryption Standard (AES), Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA) have widely been used despite some vulnerabilities of ciphertext decryption by third parties (Lian, 2009). Asymmetric ciphers offer advanced security as the encryption key (K1) can securely be made public but the decryption key (K2) is safely kept private only made known to the receiver.This means that if the sender and the third party only knows one key (the encryption key), he is not able to decrypt the ciphertext hence maintaining maximum network security. The asymmetric cipher is therefore known as the public cipher and the symmetric cipher, private cipher. Asymmetric cipher or public ciphers are regarded more sufficient particularly for key exchanges in online communications and internet commercial transactions. The reasons which make public ciphers suitable for VPN securities are for instance the difficulties in large number factorization in RSA cipher.The problem of the discrete logarithm is the concept behind the suitability of Elliptic Curve Cryptography (ECC). The ElGamal encryption is also regarded to offer suitable securities because of the problem with complex computing of discrete logarithms as the encryption is incessantly defines over a wide range of cyclic groups. steganography and Security Attacks Crypt compend techniques allow hackers to break easily into cipher systems in VPN. correspond to Kerckhoffs principle, the hacker clearly knows the cipher per se and the security of the cipher is generally depended on the private key (Lian, 2009).Cryptanalysis techniques employed by attackers repulse to get access to the ciphers private key with the goal of knowing the information as plaintext, ciphertext or even encryption algorithm. Cryptanalysis methods can be grouped into four categories according to the information best known to the attackers (Lian, 2009). The attack based on only ciphertext means that the attack only progresses after the attacker has known ciphertext collection. This method is known as ciphertext-only attack (Lian, 2009).Known-plaintext attack is another cryptology method which means that the attack method will only be successful when the hacker has obtained pairs of plain-text-ciphertext sets. Another attack method is the chosen-plaintext attack which progresses only when the hacker has ciphertexts which correspond to supreme plaintexts sets. The last possible method of attack is the related-key attack which works after the attacker has obtained ciphertext which are encrypted using two dissimilar keys (Lian, 2009).Encryption algorithms security is determined by the r esistance to cryptanalysis techniques including attacks like differential analysis, statistical attack and relate-key attacks. Ciphers used for network VPN and Web security should be examine thoroughly before they can be used, otherwise, attackers will break into systems when ciphers dont provide the required maximum network security. Simple metrics can be employed in measuring resistance to cryptographic analysis and common attacks of ciphers. These metrics include plaintext sensibility, key sensitivity and ciphertext randomness (Lian, 2009).It can therefore be said that the cryptographic algorithm is of high security only when the encryption algorithm is heavily secured against cryptographic analysis and attacks. In case the algorithm doe not provide this essential requirement, the encryption algorithm is then considered to be of low security. Key sensitivity refers to changes in ciphertext as a result of changes in keys. Good ciphers will recognize the slightest difference in keys and cause significant changes in ciphertext. line of business text sensitivity is almost similar to plaintext sensitivity and is defines as the regeneration in ciphertext as a result of plaintext changes.Good ciphers should also be able to recognize any slight difference in plaintext changes and therefore cause significant ciphertext changes. Ciphertext randomness basically differs from the plaintext. In good ciphers, the ciphertext perpetually has good randomness which makes it hard for attackers to establish holes in statistical properties of ciphertexts (Lian, 2009). Ciphers transform original intelligible data into a form which is unintelligible by the help of keys. This method is used to secure data confidentiality.Hash always uses the original data to generate short strings used to protect data integrity. Digital signatures employ the key-based hash in the generation of hash values for the data which is to be protected. Digital signatures are often used in the detectio n whether operations are done by the authenticated owner or not. This is critical in online transactions such as those involving online payment methods such as AlertPay, PayPal and MoneyBookers. Key generation and authentication provide critical methods which help in the generation and distribution of multiple keys during communication.Hackers use cryptoanalytical methods to analyze and break into networked systems through cryptographic means. Cryptoanalysis provides some special or common means to analyze hash, cipher, digital signatures or key generation and authentication algorithms securities. The best cryptographic methods in VPN and Web security should be immune to cryptoanalytical methods before they can be applied in system network security. Conclusion Encryption algorithms offer secure communication against cryptanalysis used by attackers such as known-plaintext attack, ciphertext-only attack and select-plaintext attacks.Complete encryption offers security to traditional a nd novel ciphers against cryptanalysis by hackers. Partial encryption allows some parameters to be encrypted using ciphers which are immune to cryptographic attacks. Compression-combined encryption involves the combination of encryption and comprension operations which make it secure from the perspective of cryptanalysis. VPN encryption utilizes basic encryption mechanisms which secure the traffic flowing across shared or public network. The encryption is critical in allowing VPN traffic to traverse public or shared network like the Internet.Banking systems have always employed complex security measures such as SSL VPN and IPsec VPN to encrypt traffics by the use of encryption algorithm in shared VPN connections. References Malik, S (2003). Network security principles and practices. Indianapolis, IN Cisco Press. Mogollon, M (2007). Cryptography and security services mechanisms and applications. Hershey, New York Cybertech Publishing. Lian, S (2009). Multimedia content encryption Tec hniques and applications. New York Taylor & Francis Group. Li, X (n. d). Cryptography and network security.Retrieved July 31, 2010 from, http//www. cs. iit. edu/cs549/lectures/CNS-1. pdf. Microsoft Corporation (2005). Data encryption between VPN server and client. Retrieved August 4, 2010 from, http//technet. microsoft. com/en- us/library/cc778013%28WS. 10%29. aspx Microsoft Corporation (2003). Virtual private networking with Windows Server 2003 Overview. Retrieved August 1, 2010 from, http//www. microsoft. com/windowsserver2003 MyCrypto. net (n. d). Encryption algorithm. Retrieved August 4, 2010 from, http//www. mycrypto. net/encryption/crypto_algorithms. html Riikonen, K (2002). RSA algorithm. Retrieved August 4, 2010 from, http//www. cs. uku. fi/kurssit/ads/rsa. pdf