final project on computer
TRANSCRIPT
-
7/30/2019 Final Project on Computer
1/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
1
May 2012
DALEWARES INSTITUTE OF TECHNOLOGY
a creative industry focused polytechnic
ENCRYPTION AND CRYTOGRAPHY IN NETWORK
SECURITY
(A case study of Skye Bank PLC)
BY
AKINDELE OLAWUNMI
A project to be submitted to department of networking
And system security engineering for the award of
NATIONAL INNOVATION DIPLOMA
May, 2012.
-
7/30/2019 Final Project on Computer
2/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
2
May 2012
DALEWARES INSTITUTE OF TECHNOLOGYa creative industry focused polytechnic
ENCRYPTION AND CRYTOGRAPHY IN NETWORKSECURITY
(A case study of Skye Bank PLC)
BY
AKINDELE OLAWUNMI
A project to be submitted to department of networking
And system security engineering for the award of
NATIONAL INNOVATION DIPLOMA
May, 2012.
-
7/30/2019 Final Project on Computer
3/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
3
May 2012
DECLARATION
I hereby declared that this project work is based on my original work and personal findings.
SIGNATURE: -------------------------------------------
NAME: ---------------------------------------------------
MATRIC NO: ------------------------------------------
DATE: ---------------------------------------------------
-
7/30/2019 Final Project on Computer
4/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
4
May 2012
APPROVAL FOR SUBMISSION
I certify that this project report entitled ENCRYTION AND CRYTOGRAPHY IN
NETWORK SECURITY was prepared by AKINDELE OLAWUNMI has met the required
standard in the submission of the fulfillment for the award of NATIONAL INNOVATION
DIPLOMA at DALEWARES INSTITUTE OF TECHNOLOGY.
Approved by,
Signature: --------------------------------------
Supervisor: -------------------------------------
Date: --------------------------------------------
-
7/30/2019 Final Project on Computer
5/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
5
May 2012
COPY RIGHT
The copyright of this report belongs to the author under the term of the copyright ofACT 1997
as qualified by intellectual property policy ofDALEWARES INSTITUTE OF
TECHNOLOGY. Due acknowledgement shall always be made of the use of any of the
materials contained in, or derived, from this reports.
(Copy right) May, 2012.
Akindele Olawunmi
All right reserved.
-
7/30/2019 Final Project on Computer
6/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
6
May 2012
DEDICATION
I specially dedicate this tasking and worth doing project to the Almighty God, the God of
yesterday, today and forevermore, and to the entire Akindeles family.
-
7/30/2019 Final Project on Computer
7/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
7
May 2012
ACKNOWLEDGEMENT
I would want to appreciate God for the success of the completion of this project. I would
also like to express my gratitude to all my lecturers and to my research supervisor in person of
Mr. Fems Steven for his invaluable advice, patience and guidance throughout the development of
research.
In addition, I would like to express my gratitude to friends Kunle, Samuel, Chinedu and
Shedrack for their support in my life and to my classmate Layo and Co. for their tireless effort.
Lastly, my gratitude goes to my loving parent Mr. and Mrs. Akindele for love, kindness and
words of encouragements. I say thank you to you all.
-
7/30/2019 Final Project on Computer
8/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
8
May 2012
ENCRYPTION AND CRYTOGRAPHY IN NETWORK
SECURITY
ABSTRACT
Networking as the name implies is the interconnection of devices be it computing and
communicating devices so as to share resources. Resources can either be hardware such as
printer, scanner etc and software such as antivirus. As such a network is very important in every
organization as the sharing of files will be very easy. For the functionality of a network
performance and security are the main issues.
Network Security is the way at which your network is been secured. Securing a network can be
achieved either by setting password, configure access-list, applying port security, enabling
firewalls, setting of SSID etc. All these are part of the way at which network is been secured be it
LAN (Local Area Network), WLAN (Wireless Local Area Network), WAN (Wide Area
Network).
-
7/30/2019 Final Project on Computer
9/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
9
May 2012
Applying all these measures are not a enough prove to avoid network security breach because as
the day goes by there a whole lot of work been done by some professional network breakers
called hackers whose intentions is to break network and collect useful information using
software.
To avoid all these, the use of encryption and cryptography technology in network security should
be introduced in an organization where clear written password (plaintext) will be changed to
encrypted word (cipher text). Files stored in database can also be encrypted so that any no
unauthorized access will able to access the stored information.
However, every organization should be security conscious on their files because of spies whose
intentions is to steal organizations protected useful information. In regard to this, organization
such as banks, security firms, IT firms, government establishments etc are to adopt the measure
of been security wise.
On this note, the Lagos State established bank popularly known as Skye bank PLC, a branch in
the Mainland Area of Lagos State was put into consideration. Skye Bank was in inception in the
year 1999 and as been in operation since then with its branches spread across the country and
even outside the country.
Skye bank is known for different operations such as ATM (Automated Teller Machine) services,
POS (Point Of Sales) services, Mobile banking, Internet banking, e-cash etc. With all this given
to customers there is need for trusted security measure to be put in place such as assigning of
PIN (Personal Identification Number) in respect to POS service and other services.
-
7/30/2019 Final Project on Computer
10/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
10
May 2012
To guarantee all these measures and other banking affairs across all its branches it is very
mandatory that there is an effective and efficient secured network that is put in place to avoid
any form of security breaches. To ensure that, it will always be advisable that a database of all
files and informations should secured implementing strong security measures such as encryption
and cryptography technology where files and informations will be encrypted i.e. (cipher text)
and can also be decrypted (plain text).
-
7/30/2019 Final Project on Computer
11/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
11
May 2012
TABLE OF CONTENTS
TITLE PAGE ------------------------------------------------------------------------------ 1
DECLARATION -------------------------------------------------------------------------- 3
DEDICATION ----------------------------------------------------------------------------- 4
ACKNOWLGEDEMENT --------------------------------------------------------------- 5
ABSTRACT -------------------------------------------------------------------------------- 8-10
TABLE OF CONTENTS ----------------------------------------------------------------- 11
CHAPTER 1 -- INTRODUCTION -------------------------------------------------------------- 12
1.1BACKGROUND OF STUDY --------------------------------------------------------------- 13-151.2 PROBLEM OF DEFINATION -------------------------------------------------------------- 16
1.3 PURPOSE OF STUDY ----------------------------------------------------------------------- 17
1.4 SCOPE OF THE PROJECT ----------------------------------------------------------------- 17
1.5 BRIEF HISTORY OF SKYE BANK------------------------------------------------------- 17-19
CHAPTER 2 -- LITERATURE REVIEW (TECHNICAL BACKGROUND) ----------- 20
2.1 INTRODUCTION ------------------------------------------------------------------------- 20
2.2 CONCEPT OF ENCRYPTION AND CRYTOGRAPHY -------------------------- 20-26
2.3 EFFECTIVENESS OF THESE TECHNOLOGIES ---------------------------------- 26-28
CHAPTER 3 -- RESEARCH METHODOLOGY (DESIGN ) ------------------------------ 29
3.1 INTRODUCTION ---------------------------------------------------------------------------- 29-30
3.2 DESIGN OF ENCRYPTION AND CRYTOGRAPHY TECHNOLOGY --------- 30-49
-
7/30/2019 Final Project on Computer
12/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
12
May 2012
CHAPTER 4 --- IMPLEMENTATION AND DEPLOYMENT --------------------------- 50
4.1 INTRODUCTION ------------------------------------------------------------------------- 50-53
4.2 MODE OF DEPLOYMENT ------------------------------------------------------------- 53-55
4.3 IMPLEMENTATION ----------------------------------------------------------------------56-57
CHAPTER 5RESULT AND DISCUSSION--------------------------------------------------58-59
CHAPTER 6CONCLUSION AND FUTHER IMPLICATION---------------------- 60-61
REFERENCE PAGE----------------------------------------------------------------------------- 62
-
7/30/2019 Final Project on Computer
13/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
13
May 2012
CHAPTER 1
INTRODUCTION
1.1 BACKGROUND OF STUDYThese days, as organizations are becoming aware of building networks that will help in
communication, data integrity, authentication of data(s), and its non- repudiation. As such there
is need for strong security that ought to be put in place so as to check and avoid any form of
network threats that will get unauthorized access to organizations resources such as protected
information, files and data(s).
Furthermore, in this ever-changing world of global data communications, inexpensive Internet
connections, and fast-paced software development, security is becoming more and more of an
issue. Security is now a basic requirement because global computing is inherently insecure. As
your data goes from point A to point B on the Internet, for example, it may pass through several
other points along the way, giving other users the opportunity to intercept, and even alter, it.
Even other users on your system may maliciously transform your data into something you did
not intend.
Unauthorized access to your system may be obtained by intruders, also known as "crackers",
who then use advanced knowledge to impersonate you, steal information from you, or even deny
you access to your own resources. Often there has been a need to protect information from
'prying eyes'. In this electronic age, information that could otherwise benefit or educate a group
or individual can also be used against such groups or individuals. Industrial espionage among
-
7/30/2019 Final Project on Computer
14/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
14
May 2012
highly competitive businesses often requires that extensive security measures should be put into
place.
At this adverse, Encryption and Cryptography technology was introduced which has long been
used by the militaries and governments to facilitate secret communication. These technologies
have now been commonly used in protecting information within many kinds of civilian systems.
For example, the Computer Security Institute reported that in 2007, 71% of companies surveyedutilized encryption for some of their data in transit, and 53% utilized encryption for some of their
data in storage. Encryption can be used to protect data "at rest", such as files on computers and
storage devices (e.g. USB flash drives).
In recent years there have been numerous reports of confidential data such as customers' personal
records being exposed through loss or theft of laptops or backup drives. Encrypting such files at
rest helps protect them should in case physical security measures fails.
This technology has help protect data in transit, for example data being transferred via networks
(e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom
systems, Bluetooth devices and bankautomatic teller machines popularly known as ATM. There
have been numerous reports of data in transit being intercepted in recent years.Encrypting data
in transit also helps to secure it as it is often difficult to physically secure all access to networks.
Cryptography
From Wikipedia, the free encyclopedia "Secret code" redirects here. For the Aya Kamiki album,
see Secret Code.
http://en.wikipedia.org/wiki/Computer_Security_Institutehttp://en.wikipedia.org/wiki/Computer_Security_Institutehttp://en.wikipedia.org/wiki/Computershttp://en.wikipedia.org/wiki/USB_flash_driveshttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/E-commercehttp://en.wikipedia.org/wiki/Mobile_telephonehttp://en.wikipedia.org/wiki/Wireless_microphonehttp://en.wikipedia.org/wiki/Wireless_intercomhttp://en.wikipedia.org/wiki/Bluetoothhttp://en.wikipedia.org/wiki/Automatic_teller_machinehttp://en.wikipedia.org/wiki/Secret_Codehttp://en.wikipedia.org/wiki/Secret_Codehttp://en.wikipedia.org/wiki/Automatic_teller_machinehttp://en.wikipedia.org/wiki/Bluetoothhttp://en.wikipedia.org/wiki/Wireless_intercomhttp://en.wikipedia.org/wiki/Wireless_microphonehttp://en.wikipedia.org/wiki/Mobile_telephonehttp://en.wikipedia.org/wiki/E-commercehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/USB_flash_driveshttp://en.wikipedia.org/wiki/Computershttp://en.wikipedia.org/wiki/Computer_Security_Institute -
7/30/2019 Final Project on Computer
15/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
15
May 2012
Cryptography (or cryptology; from Greek, "hidden, secret"; and,graphein,
"writing", or -,-logia, "study", respectively) is the practice and study of techniques for
secure communication in the presence of third parties called adversaries.
More generally, it is about constructing and analyzing protocols that overcome the influence of
adversaries and which are related to various aspects in information security such as data
confidentiality, data integrity, and authentication.. Applications of cryptography include ATM
cards, computer passwords, and electronic commerce. Cryptography prior to the modern age was
almost synonymous withencryption, the conversion of information from a readable state toapparent nonsense.
The sender retained the ability to decrypt the information and therefore avoid unwanted persons
being able to read it. Since World War I and the advent of the computer, the methods used to
carry out cryptology have become increasingly complex and its application more widespread.
Before the modern era, cryptography was concerned solely with message confidentiality (i.e.,
encryption)conversion ofmessages from a comprehensible form into an incomprehensible one
and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without
secret knowledge (namely the key needed for decryption of that message). Encryption was used
to (attempt to) ensure secrecy in communications, such as those ofspies, military leaders, and
diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include
techniques for message integrity checking, sender/receiver identity authentication, digital
signatures, interactive proofs and secure computation, among others.
http://en.wikipedia.org/wiki/Ancient_Greekhttp://en.wiktionary.org/wiki/en:%CE%BA%CF%81%CF%85%CF%80%CF%84%CF%8C%CF%82http://en.wiktionary.org/wiki/en:%CE%BA%CF%81%CF%85%CF%80%CF%84%CF%8C%CF%82http://en.wiktionary.org/wiki/en:%CE%BA%CF%81%CF%85%CF%80%CF%84%CF%8C%CF%82http://en.wiktionary.org/wiki/en:%CE%B3%CF%81%CE%AC%CF%86%CF%89#Ancient_Greekhttp://en.wiktionary.org/wiki/en:%CE%B3%CF%81%CE%AC%CF%86%CF%89#Ancient_Greekhttp://en.wiktionary.org/wiki/en:%CE%B3%CF%81%CE%AC%CF%86%CF%89#Ancient_Greekhttp://en.wiktionary.org/wiki/en:-%CE%BB%CE%BF%CE%B3%CE%AF%CE%B1#Greekhttp://en.wiktionary.org/wiki/en:-%CE%BB%CE%BF%CE%B3%CE%AF%CE%B1#Greekhttp://en.wiktionary.org/wiki/en:-%CE%BB%CE%BF%CE%B3%CE%AF%CE%B1#Greekhttp://en.wikipedia.org/wiki/-logyhttp://en.wikipedia.org/wiki/-logyhttp://en.wikipedia.org/wiki/-logyhttp://en.wikipedia.org/wiki/Adversary_%28cryptography%29http://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Data_confidentialityhttp://en.wikipedia.org/wiki/Data_confidentialityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Nonsensehttp://en.wikipedia.org/wiki/World_War_Ihttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Secrecyhttp://en.wikipedia.org/wiki/Communicationshttp://en.wikipedia.org/wiki/Spyhttp://en.wikipedia.org/wiki/Diplomathttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Interactive_proof_systemhttp://en.wikipedia.org/wiki/Secure_multiparty_computationhttp://en.wikipedia.org/wiki/Secure_multiparty_computationhttp://en.wikipedia.org/wiki/Interactive_proof_systemhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Diplomathttp://en.wikipedia.org/wiki/Spyhttp://en.wikipedia.org/wiki/Communicationshttp://en.wikipedia.org/wiki/Secrecyhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/World_War_Ihttp://en.wikipedia.org/wiki/Nonsensehttp://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Data_confidentialityhttp://en.wikipedia.org/wiki/Data_confidentialityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Adversary_%28cryptography%29http://en.wikipedia.org/wiki/-logyhttp://en.wiktionary.org/wiki/en:-%CE%BB%CE%BF%CE%B3%CE%AF%CE%B1#Greekhttp://en.wiktionary.org/wiki/en:%CE%B3%CF%81%CE%AC%CF%86%CF%89#Ancient_Greekhttp://en.wiktionary.org/wiki/en:%CE%BA%CF%81%CF%85%CF%80%CF%84%CF%8C%CF%82http://en.wikipedia.org/wiki/Ancient_Greek -
7/30/2019 Final Project on Computer
16/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
16
May 2012
1.2 PROBLEM OF THE DEFINATIONThe problem of the study is the efficiency and effectiveness of these technologies is the secret
key which is encrypt and decrypt data(s). Within the various sectors be it banking, law, health,
IT sectors the problem of network becomes an issue and challenging.
As a result, it is believe that encryption and cryptography technology should completely solve
the issue but due to inadequacies of strong network devices such as switches, routers,
sophisticated software etc. and weakness of strong security policy put in place there is
continuous existence of security breaches which goes along way to affect the network, thus there
is need to carry out further research studies into the effectiveness of network security within
various organization.
Specifically, this inconclusive study on encryption and cryptography technology on network
security policy is the major problem and that is what the study is set out to achieve.
1.3 PURPOSE OF STUDY
The existence of network without adequate and water proof security measures is tantamount to
be treading on a dangerous ground. As this is very paramount to network, encryption and
cryptography technology which is an important measure in security is meant to enhance
connectivity and communication from source to destination but where these technologies are put
into practice, its inadequacies can lead to security breaches, non- repudiation and non- integrity
of data(s).
-
7/30/2019 Final Project on Computer
17/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
17
May 2012
Having realized that the degree of flaws in organization network security which has risen to
considerable number traceable to various network threats and the likes. The following are the
enlisted points that illustrate the purpose of the study and what the objective is set to achieve are:
1. To determine the performance of encryption and cryptography technology as a means of files
and protected information in a secured network in an organization.
2. To determine how effective and efficient this technology will be beneficial to man, society
and the whole wide world.
1.4 SCOPE OF THE PROJECTThe scope of this project is limited to Skye Bank PLC in the Lagos Mainland Local Government
Area of Lagos State. Moreover, this study deals with the security of the network which goes
beyond the affair of the bank.
1.5 BRIEF HISTORY OF SKYE BANK
Skye Bank PLC has evolved into one of the top financial institutions in Nigeria, after its very
seamless consolidation exercise in 2006. It operates as a group that provides facets of financial
products and services powered by a purpose built technological framework that supports the
service delivery process to customers.
With a cumulative wealth of experience that spans over 50 years, Skye Bank is historically one
of the oldest banks in Nigeria and West Africa. We are quoted on the Nigerian Stock Exchange
with over 450,000 diverse shareholders with a shareholding structure that puts no more than
-
7/30/2019 Final Project on Computer
18/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
18
May 2012
5% in the control of any individual or company.
Skye Bank;
- has shareholders' fund in excess of N94 billion.
- has excellent customer service driven by passionate staff and supported by
Investment in world class Information Technology.
- has strong Corporate, Commercial, retail and investment banking.
- has over 220 online and real-time branches across Nigeria, with presence in Sierra
Leone, the Gambia and Guinea Republic.
- is a major in player in Telecommunications, Oil & Gas, Power, Manufacturing,
Transportation and Infrastructural financing.
- has investments in subsidiary and associate companies in growth potential sectors of
Insurance, Capital Markets, Mortgage Finance and Trustee/Asset Management.
Management
The Executive Management is made up of a team of seasoned bankers all of whom have over
Many years of varied experience from diverse areas of banking and finance including:
- Strategic planning and management
- Corporate banking
-
7/30/2019 Final Project on Computer
19/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
19
May 2012
- Project finance, development & structured finance
- International trade finance
- Consumer & retail banking
- Audit & Accounting
- Treasury & Money market operations
The Board of the Bank is comprised of accomplished men and women with proven track record
Of integrity and service.
The Board provides strategic policy planning and direction, and establishes risk management
And internal control systems for the Bank establish and ensure the integrity of the Bank's
Information and accounting systems. The vision of Skye Bank is to continuously challenge ourselves to
provide limitless possibilities
-
7/30/2019 Final Project on Computer
20/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
20
May 2012
CHAPTER 2
LITERATURE REVIEW ( TECHNICAL BACKGROUND )
2.1 INTRODUCTION
In this chapter some relevant theoretical empirical literature were reviewed to some give solid
background and necessary support to this technologies.
The order of such review is as follows:
i. Concept Of Encryption And Cryptographyii Its Effectiveness.
2.2 CONCEPT OF ENCRYPTION AND CRYPTOGRAPHY
In the ever-changing world of global data communications, inexpensive Internet connections,
and fast-paced software development, security is becoming more and more of an issue. Security
is now a basic requirement because global computing is inherently insecure. As your data goes
from point A to point B on the Internet, for example, it may pass through several other points
along the way, giving other users the opportunity to intercept, and even alter, it. Even other users
on your system may maliciously transform your data into something you did not intend.
Unauthorized access to your system may be obtained by intruders, also known as "crackers",
who then use advanced knowledge to impersonate you, steal information from you, or even deny
-
7/30/2019 Final Project on Computer
21/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
21
May 2012
you access to your own resources. If you're wondering what the difference is between a "Hacker"
and a "Cracker".
Before you attempt to secure your system, you should determine what level of threat you have to
protect against, what risks you should or should not take, and how vulnerable your system is as a
result. You should analyze your system to know what you're protecting, why you're protecting it,
what value it has, and who has responsibility for your data and other assets.
Riskis the possibility that an intruder may be successful in attempting to access yourcomputer. Can an intruder read or write files, or execute programs that could cause
damage? Can they delete critical data? Can they prevent you or your company from
getting important work done? Don't forget: someone gaining access to your account, or
your system, can also impersonate you.
Additionally, having one insecure account on your system can result in your entire
network being compromised. If you allow a single user to login using a .rhosts file, or
to use an insecure service such as tftp, you risk an intruder getting 'his foot in the door'.
Once the intruder has a user account on your system, or someone else's system, it can be
used to gain access to another system, or another account.
Threatis typically from someone with motivation to gain unauthorized access to yournetwork or computer. You must decide whom you trust to have access to your system,
and what threat they could pose.
There are several types of intruders, and it is useful to keep their different characteristics
in mind as you are securing your systems.
-
7/30/2019 Final Project on Computer
22/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
22
May 2012
The Curious - This type of intruder is basically interested in finding out what type ofsystem and data you have.
The Malicious - This type of intruder is out to either bring down your systems, or defaceyour web page, or otherwise force you to spend time and money recovering from the
damage he has caused.
The High-Profile Intruder - This type of intruder is trying to use your system to gainpopularity and infamy. He might use your high-profile system to advertise his abilities.
The Competition - This type of intruder is interested in what data you have on yoursystem. It might be someone who thinks you have something that could benefit him,
financially or otherwise.
The Borrowers - This type of intruder is interested in setting up shop on your system andusing its resources for their own purposes. He typically will run chat or irc servers, porn
archive sites, or even DNS servers.
The Leap forger - This type of intruder is only interested in your system to use it to getinto other systems. If your system is well-connected or a gateway to a number of internal
hosts, you may well see this type trying to compromise your system.
Vulnerability describes how well-protected your computer is from another network, andthe potential for someone to gain unauthorized access.
What is at stake if someone breaks into your system? Of course the concerns of a dynamic PPP
home user will be different from those of a company connecting their machine to the Internet, or
another large network.
-
7/30/2019 Final Project on Computer
23/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
23
May 2012
How much time would it take to retrieve/recreate any data that was lost? An initial time
investment now can save ten times more time later if you have to recreate data that was lost.
Have you checked your backup strategy, and verified your data lately?
As such there has been a need to protect information from 'prying eyes'. In the electronic age,
information that could otherwise benefit or educate a group or individual can also be used
against such groups or individuals. Industrial espionage among highly competitive businesses
often requires that extensive security measures be put into place. And, those who wish to
exercise their personal freedom, outside of the oppressive nature of governments, may also wish
to encrypt certain information to avoid suffering the penalties of going against the wishes of
those who attempt to control.
Encryption is a process that takes information and transcribes it into a different form that is
unable to read by anyone who does not have the encryption code. Depending on the type of
encryption, information can be displayed as various numbers, letters, or symbols.
Those who work in cryptography fields make it their job to encrypt information or to break codes
to receive encrypted information.
Data normally comes in plaintext or clear text form. In order to disguise or hide the message
from an unintended recipient, some choose to encrypt the data. When one encrypts a message, it
becomes unreadable. The encryption converts the plaintext to "cipher text," thereby securing the
integrity of the data. The way the process works is that the sender will provide a passphrase to
the recipient in a separate email or by secured phone call.
-
7/30/2019 Final Project on Computer
24/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
24
May 2012
When the recipient receives the encrypted message, using the passphrase will decrypt the
message back to its original clear text or plaintext format. In order to encrypt and decrypt data,
one should use a process called cryptography. It is a method using mathematics to store sensitive
information. One can transmit the encrypted sensitive information via an unsecured network
without fear of compromising the content.
A mathematical function called a "cryptographic algorithm" or a cipher, works in combination
with a key, whether that is a word, number or phrase to encrypt a message in plaintext. The
plaintext becomes a cipher text using different keys. It is important to use a strong cryptographic
algorithm and keep the key or passphrase in secrecy. A key is necessary for encrypting
messages into cipher texts. It has a value that works with cryptographic algorithm. Bits measure
the size of a key; the bigger the key, the more secure the cipher text is.
In conventional cryptography, the 80-bit key is similar in strength as that of a 1,024-bit key used
in public cryptography. It is important when picking keys that they are large enough to be
secured but small enough for quick application.
Larger keys stay secure longer than smaller ones. Therefore, it is good to keep this in mind when
trying to encrypt a message that would last for many years. The keys used are stored in encrypted
form. In the case of PGP (Pretty Good Privacy) keys, they are stored in the hard drive as files,
called key rings, either as public or private keys. The public keys sent to recipients should be
stored in the public key ring, while the private keys that the sender uses should be stored in the
private key ring. Losing a private key ring poses a problem in decrypting messages encrypted to
keys using that key ring.
-
7/30/2019 Final Project on Computer
25/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
25
May 2012
Encryption Program
1. Securing your data is crucial for protecting your personal information.
Saving data to your hard drive isn't very secure, as anyone can insert a disc to your computer and
copy sensitive information. If you're looking to scramble or encrypt the data and information that
is on a certain disk of yours, an encryption program is necessary. You can use free open-sourced
programs, as well as pricier applications that boast more features for securing your data-sensitive
items
True Crypt
2. True Crypt is a free program that keeps data safe and secure.
True Crypt is a completely free open-sourced program to quickly download and use. True Crypt
allows users to encrypt from storage devices (such as USBs and external hard drives), as well as
CDs and floppy disks. The program runs on Windows 7, Vista, XP, Mac OS X, and Linux.
-
7/30/2019 Final Project on Computer
26/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
26
May 2012
2.3 EFFECTIVENESS OF THESE TECHNOLOGIES
Encryption and Cryptography technology are both technologies deployed today for securing
files, passwords, and folders etc. in organizations where security is the watchword. Most of the
time we ask the question WHY DO WE NEED SECURITY OF FILES? .
To answer this various factors would have been put into consideration. Such factors can be
1. Security consciousness of the organization.2. What is the organization into in terms of product rendering and servicing.3. What is the communication channel between branched networks.
When all these factors are been put together then the question could be answer. From this point
the following could be summarized:-
Think about the number of personal identification numbers (PINs), passwords, or passphrases
you use every day: getting money from the ATM (Automated Teller Machine) or using your
debit card in a store, logging on to your computer or email, signing in to an online bank account
or shopping cart. This list seems to just keep getting longer.
Keeping track of all of the number, letter, and word combinations may be frustrating at times,
and one would have wondered if all of the fuss is worth it. After all, what attacker cares about
your personal email account. Or why would someone bother with your practically empty bank
account when there are others with much more money?
-
7/30/2019 Final Project on Computer
27/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
27
May 2012
Often, an attack is not specifically about your account but about using the access to your
information to launch a larger attack.
And while having someone gain access to your personal email might not seem like much more
than an inconvenience and threat to your privacy, think of the implications of an attacker gaining
access to ones social security number ormedical records.
One of the best ways to protect information or physical property is to ensure that only authorized
people have access to it.
Verifying that someone is the person they claim to be is the next step, and this authentication
process is even more important, and more difficult, in the cyber world. Passwords are the most
common means of authentication, but if you don't choose good passwords or keep them
confidential, they're almost as ineffective as not having any password at all. Many systems and
services have been successfully broken into due to the use of insecure and inadequate passwords,
and some viruses and worms have exploited systems by guessing weak passwords. As a result of
this, password is not the only measure for security when there is need for
1. Data integrity 2. Authentication of data 3. Non repudiation of data.
With these the use of encryption and cryptography technology is the answer which gives good
security measures in a way of using either
PGP (Pretty Good Privacy) which use Public-key cryptography such that one key for
encryption, and one key for decryption. Traditional cryptography, however, uses the same key
for encryption and decryption; this key must be known to both parties, and thus somehow
transferred from one to the other securely.
-
7/30/2019 Final Project on Computer
28/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
28
May 2012
To alleviate the need to securely transmit the encryption key, public-key encryption uses two
separate keys: a public key and a private key.
Each person's public key is available by anyone to do the encryption, while at the same time each
person keeps his or her private key to decrypt messages.
DES (Data Encryption Standard) is use to encrypt passwords. This encrypted password is then
stored in (typically) /etc/passwd (or less commonly) /etc/shadow. When you attempt to login,
the password you type in is encrypted again and compared with the entry in the file that stores
the passwords. If they match, it must be the same password, and you are allowed access.
Although DES is a two-way encryption algorithm (you can code and then decode a message,
given the right keys).
IPSEC IMPLEMENTATIONS: - IPSEC is an effort by the IETF to create cryptographically-
secure communications at the IP network level, and to provide authentication, integrity, access
control, and confidentiality. These services allow you to build secure tunnels through untrusted
networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway
machine and decrypted by the gateway at the other end. The result is Virtual Private Network or
VPN. This is a network which is effectively private even though it includes machines at several
different sites connected by the insecure Internet.
-
7/30/2019 Final Project on Computer
29/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
29
May 2012
CHAPTER 3
RESEARCH METHODOLOGY (DESIGN )
3.1INTODUCTIONIn this chapter, research methodology i.e. design of these technologies was treated. This
chapter explains how both technologies can be implemented. As we have been exposed to
what these technologies was all about such as its definition, its usefulness and the likes then
the research methodology should be treated in its fledge. Often there is need to Often there
has been a need to protect information from 'prying eyes'. In this electronic age, information
that could otherwise benefit or educate a group or individual can also be used against such
groups or individuals. Industrial espionage among highly competitive businesses often
requires that extensive security measures be put into place. And, those who wish to exercise
their personal freedom, outside of the oppressive nature of governments, may also wish to
encrypt certain information to avoid suffering the penalties of going against the wishes of
those who attempt to control.
As such the method of encryptions is summarized below:-
Traditionally, several methods can be used to encrypt data streams, all of which can easily be
implemented through software, but not so easily decrypted when either the original or its
encrypted data stream are unavailable. (When both source and encrypted data are available,
code-breaking becomes much simpler, though it is not necessarily easy).
The best encryption methods have little effect on system performance, and may contain other
benefits (such as data compression) built in. The well-known 'PKZIP' utility offers both
-
7/30/2019 Final Project on Computer
30/39
-
7/30/2019 Final Project on Computer
31/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
31
May 2012
which should easily meet the performance requirements of even the most performance-intensive
application that requires data to be encrypted.
In a translation table, each 'chunk' of data (usually 1 byte) is used as an offset within one or more
arrays, and the resulting 'translated' value is then written into the output stream. The encryption
and decryption programs would each use a table that translates to and from the encrypted data.
While translation tables are very simple and fast, the down side is that once the translation table
is known, the code is broken. Further, such a method is relatively straightforward for code
breakers to decipher - such code methods have been used for years, even before the advent of the
computer. Still, for general "unread ability" of encoded data, without adverse effects on
performance, the 'translation table' method lends itself well.
A modification to the 'translation table' uses 2 or more tables, based on the position of the bytes
within the data stream, or on the data stream itself. Decoding becomes more complex, since you
have to reverse the same process reliably. But, by the use of more than one translation table,
especially when implemented in a 'pseudo-random' order, this adaptation makes code breaking
relatively difficult.
An example of this method might use translation table 'A' on all of the 'even' bytes, and
translation table 'B' on all of the 'odd' bytes. Unless a potential code breaker knows that there are
exactly 2 tables, even with both source and encrypted data available the deciphering process is
relatively difficult. Similar to using a translation table, 'data repositioning' lends itself to use by a
computer, but takes considerably more time to accomplish. This type of cipher would be a trivial
example of a BLOCK CIPHER. A buffer of data is read from the input, then the order of the
-
7/30/2019 Final Project on Computer
32/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
32
May 2012
bytes (or other 'chunk' size) is rearranged, and written 'out of order'. The decryption program
then reads this back in, and puts them back 'in order'. Often such a method is best used in
combination with one or more of the other encryption methods mentioned here, making it even
more difficult for code breakers to determine how to decipher your encrypted data. As an
example, consider an anagram. The letters are all there, but the order has been changed. Some
anagrams are easier than others to decipher, but a well written anagram is a brain teaser
nonetheless, especially if it is intentionally misleading
PUBLIC KEY ENCRYPTION ALGORITHMS
One very important feature of a good encryption scheme is the ability to specify a 'key' or
'password' of some kind, and have the encryption method alter itself such that each 'key' or
'password' produces a unique encrypted output, one that also requires a unique 'key' or 'password'
to decrypt.
This can either be a symmetric or asymmetric key. The popular 'PGP' public key encryption, and
the 'RSA' encryption that it's based on, uses an 'asymmetrical' key, allowing you to share the
'public' encryption key with everyone, while keeping the 'private' decryption key safe. The
encryption key is significantly different from the decryption key, such that attempting to derive
the private key from the public key involves too many hours of computing time to be practical. It
would NOT be impossible, just highly unlikely, which is 'pretty good'.
RSA ENCRYPTION ALGORITHM
In the case of the RSA encryption algorithm, it uses very large prime numbers to generate the
public key and the private key. Although it would be possible to factor out the public key to get
-
7/30/2019 Final Project on Computer
33/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
33
May 2012
the private key (a trivial matter once the 2 prime factors are known), the numbers are so large as
to make it very impractical to do so.
The encryption algorithm itself is ALSO very slow, which makes it impractical to use RSA to
encrypt large data sets. So PGP (and other RSA-based encryption schemes) encrypt a
symmetrical key using the public key, and then encrypt the remainder of the data with a faster
algorithm using the symmetrical key. The symmetrical itself key is randomly generated, so that
the only (theoretical) way to get it would be by using the private key to decrypt the RSA-
encrypted symmetrical key.
DATA ENCRYPTION ALGORITHMS
The data encryption algorithm is used to encrypt part of the messages, including the body and the
signature. Data encryption algorithms specify the algorithm uniform resource identifier (URI) for
each type of data encryption algorithms.
The following pre-configured data encryption algorithms are supported:
Data encryption algorithm name Algorithm URI
WSSEncryption.AES128 (the default
value)
A URI of data encryption algorithm, AES 128:
http://www.w3.org/2001/04/xmlenc#aes128-cbc
WSSEncryption.AES192 A URI of data encryption algorithm, AES 192:
http://www.w3.org/2001/04/xmlenc#aes192-cbc
WSSEncryption.AES256 A URI of data encryption algorithm, AES 256:
http://www.w3.org/2001/04/xmlenc#aes256-cbc
http://www.w3.org/2001/04/xmlenc#aes128-cbchttp://www.w3.org/2001/04/xmlenc#aes192-cbchttp://www.w3.org/2001/04/xmlenc#aes256-cbchttp://www.w3.org/2001/04/xmlenc#aes256-cbchttp://www.w3.org/2001/04/xmlenc#aes192-cbchttp://www.w3.org/2001/04/xmlenc#aes128-cbc -
7/30/2019 Final Project on Computer
34/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
34
May 2012
Data encryption algorithm name Algorithm URI
WSS Encryption. TRIPLE_DES A URI of data encryption algorithm, TRIPLE DES:
http://www.w3.org/2001/04/xmlenc#tripledes-cbc
KEY ENCRYPTION ALGORITHMS
This algorithm is used to encrypt and decrypt keys. This key information is used to specify the
configuration that is needed to generate the key for digital signature and encryption. The signing
information and encryption information configurations can share the key information. The key
information on the consumer side is used for specifying the information about the key that is
used for validating the digital signature in the received message or for decrypting the encrypted
parts of the message. The request generator is configured for the client.
Key encryption algorithms specify the algorithm uniform resource identifier (URI) of the key
encryption method. The following pre-configured key encryption algorithms are supported:
Table 2. Supported pre-configured key encryption algorithms. The algorithms are used to encrypt
and decrypt keys.
WSS API URI
WSSEncryption.KW_AES128 A URI of key encryption algorithm, key wrap AES
128: http://www.w3.org/2001/04/xmlenc#kw-aes128
WSSEncryption.KW_AES192 A URI of key encryption algorithm, key wrap AES
192: http://www.w3.org/2001/04/xmlenc#kw-aes192
http://www.w3.org/2001/04/xmlenc#tripledes-cbchttp://www.w3.org/2001/04/xmlenc#kw-aes128http://www.w3.org/2001/04/xmlenc#kw-aes128http://www.w3.org/2001/04/xmlenc#tripledes-cbc -
7/30/2019 Final Project on Computer
35/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
35
May 2012
Table 2. Supported pre-configured key encryption algorithms. The algorithms are used to encrypt
and decrypt keys.
WSS API URI
WSSEncryption.KW_AES256 A URI of key encryption algorithm, key wrap AES
256: http://www.w3.org/2001/04/xmlenc#kw-aes256
WSSEncryption. KW_RSA_OAEP (the
default value)
A URI of key encryption algorithm, key wrap RSA
OAEP: http://www.w3.org/2001/04/xmlenc#rsa-oaep-
mgf1p
WSSEncryption.KW_RSA15 A URI of key encryption algorithm, key wrap RSA
1.5: http://www.w3.org/2001/04/xmlenc#rsa-1_5
WSSEncryption.KW_TRIPLE_DES A URI of key encryption algorithm, key wrap TRIPLE
DES: http://www.w3.org/2001/04/xmlenc#kw-
tripledes
CRYTOGRAPHY TECHNOLOGY
There are many aspects to security and many applications, ranging from secure commerce and
payments to private communications and protecting passwords. One essential aspect for secure
communications is that of cryptography, which the focus of this section is. But it is important to
note that cryptography is compulsory for secure communication. It is the method of writing in
secret code. In data and telecommunications, cryptography is necessary when communicating
over any untrusted medium, which includes just about any network, particularly the Internet.
Within the context of any application-to-application communication, there are some specific
security requirements, including:
http://www.w3.org/2001/04/xmlenc#kw-aes256http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1phttp://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1phttp://www.w3.org/2001/04/xmlenc#rsa-1_5http://www.w3.org/2001/04/xmlenc#rsa-1_5http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1phttp://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1phttp://www.w3.org/2001/04/xmlenc#kw-aes256 -
7/30/2019 Final Project on Computer
36/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
36
May 2012
Authentication: The process of proving one's identity. (The primary forms ofhost-to-host authentication on the Internet today are name-based or address-
based, both of which are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the message except theintended receiver.
Integrity: Assuring the receiver that the received message has not been altered inany way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this message.
TYPES OF CRYPTOGRAPHIC ALGORITHMS
There are several ways of classifying cryptographic algorithms. For purposes of this paper, they
will be categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The three types of algorithms that
will be discussed below:
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt"
information.
-
7/30/2019 Final Project on Computer
37/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
37
May 2012
This fig shows the 3 types of cryptography: hash function, secret key and public key.
SECRET KEY CRYPTOGRAPHY
With secret key cryptography, a single key is used for both encryption and decryption. As shown
in Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the
cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message
and recover the plaintext. Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption. With this form of cryptography, it is obvious
that the key must be known to both the sender and the receiver; that, in fact, is the secret. The
biggest difficulty with this approach, of course, is the distribution of the key. Secret key
-
7/30/2019 Final Project on Computer
38/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
38
May 2012
cryptography schemes are generally categorized as being either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer word) at a time and implement some
form of feedback mechanism so that the key is constantly changing. A block cipher is so-called
because the scheme encrypts one block of data at a time using the same key on each block. In
general, the same plaintext block will always encrypt to the same cipher text when using the
same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a
stream cipher.
Stream ciphers come in several flavors but two are worth mentioning here. Self-synchronizing
stream ciphers calculate each bit in the key stream as a function of the previous n bits in the key
stream. It is termed "self-synchronizing" because the decryption process can stay synchronized
with the encryption process merely by knowing how far into the n-bit key stream it is. One
problem is error propagation; a garbled bit in transmission will result in n garbled bits at the
receiving side. Synchronous stream ciphers generate the key stream in a fashion independent of
the message stream but by using the same key stream generation function at sender and receiver.
While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so
that the key stream will eventually repeat.
Block ciphers can operate in one of several modes; the following four are the most
important:
Electronic Codebook (ECB) mode is the simplest, most obvious application: the secretkey is used to encrypt the plaintext block to form a cipher text block. Two identical
plaintext blocks, then, will always generate the same cipher text block. Although this is
-
7/30/2019 Final Project on Computer
39/39
Encryption and Cryptography Technology Akindele OlawunmiIn Network Security
the most common mode of block ciphers, it is susceptible to a variety of brute-force
attacks
Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryptionscheme. In CBC, the plaintext is exclusively-ORed (XORed) with the previous cipher
text block prior to encryption. In this mode, two identical blocks of plaintext never
encrypt to the same cipher text.
Cipher Feedback (CFB) mode is a block cipher implementation as a self-synchronizingstream cipher. CFB mode allows data to be encrypted in units smaller than the block size,
which might be useful in some applications such as encrypting interactive terminal input.
If we were using 1-byte CFB mode, for example, each incoming character is placed into a
shift register the same size as the block, encrypted, and the block transmitted. At the
receiving side, the cipher text is decrypted and the extra bits in the block (i.e., everything
above and beyond the one byte) are discarded
Secret key cryptography algorithms that are in use today include:
Data Encryption Standard (DES): The most common SKC scheme used today, DES wasdesigned by IBM in the 1970s and adopted by the National Bureau of Standards (NBS)
[now the National Institute for Standards and Technology (NIST)] in 1977 for
commercial and unclassified government applications. DES is a block-cipher employing
a 56-bit key that operates on 64-bit blocks. DES has a complex set of rules and
transformations that were designed specifically to yield fast hardware implementations
and slow software implementations, although this latter point is becoming less significant