IJRIT International Journal of Research in Information Technology, Vol 1, Issue 2, February 2013, Pg. 6-9

International Journal of Research in Information Technology (IJRIT) (IJRIT) www.ijrit.com

ISSN 2001-5569

Influence of IPS and AES in Security Region: DOD Uma Maheswary1 1

Msc. Computers, Rajeev Nagar, Hyderabad Andhra Pradesh, INDIA [email protected]

Abstract There are so many methods and implementations for developing a secured communication with the users that our located within the security domain. Now days as technologies and number of users is increasing day by day we need to provide high secure for each and every new established connection. But the problem arises when any new communication is established outside the security domain. To avoid this problem, this paper investigates the requirements and technologies for securely sharing information with the tactical user.

1. Introduction The Defense Technical Information Center (DTIC) [1] is the premier repository for research and engineering information for the United States Department of Defense. DTIC's collections contain over 4 million documents including technical reports, research in progress and Independent Research and Development (IR&D) summaries. The DOD Directive also states that wireless intrusion detection systems (WIDS) [2] should be for protection of profiles for basic or medium robustness environments. The WIDS that NSA has developed was designed to meet many of the requirements specified in the draft version of the medium robustness protection profile for a wireless intrusion detection system, which is currently undergoing the ratification process. The WIDS has the ability to detect and alert on: rogue access points and clients, rogue devices actively communicating with valid devices, ad-hoc networks, bridged networks, deviations from the network security policy, devices running the program Netstumbler, packet flooding denial-of-service attacks, MAC spoofing, and frames having 802.11 protocol violations.

2. Solution Since, we cannot change the entire infrastructure and all existing applications so we apply new methods and technologies to the existing architecture. Some of the methods are: 2.1 C2 and P2P botnet networking Since for the communication between the organizations, the DOD uses botnet network, which is a network of hundreds, thousands or even millions of compromised computers. The botnet is monitored and controlled automatically by Command & Control (C&C) servers, with the human “botnet herder” exercising overall supervisory control. Over the past two decades, a variety of malware and communication technologies and botnet topologies have been developed. Many of these are an advance on those seen in present-day military Command & Control (C2) systems. Later the C2 botnets are easily trapped by the hijackers. Thus DOD has been easily trapped by the unauthorized users. To overcome this type of negative features we request the DOD to use peer-to-peer botnets, where the main advantage is there is no centralized point for C&C. Nodes in a peer-to-peer

6 Uma Maheswary, IJRIT

IJRIT International Journal of Research in Information Technology, Vol 1, Issue 2, February 2013, Pg. 6-9

network act as both clients and servers such that there is no centralized coordination point that can be incapacitated. If nodes in the network are taken offline, the gaps in the network are closed and the network continues to operate under the control of the attacker. In this paper, we focus our work on peer-to-peer botnets [3]. The long term goal of our work is to develop methods of detecting, mitigating, and preventing peer-to-peer botnets. In order to reach this goal, this work focuses on increasing the understanding of peerto-peer botnets by providing an overview and historical perspective.

Fig 1: An Advanced Hybrid Peer-to-Peer Botnet

The proposed hybrid P2P botnet has the following features: · The botnet requires no bootstrap procedure. · The botnet communicates via the peer list contained in each bot. However, unlike Slapper, each bot has a fixed and limited size peer list and does not reveal its peer list to other bots. In this way, when a bot is captured by defenders, only the limited number of bots in its peer list is exposed. · A botmaster could easily monitor the entire botnet by issuing a report command. This command instructs all (or partial) bots to report to a specific compromised machine which is called a sensor host) that is controlled by the botmaster. The IP address of the sensor host, which is specified in the report command, will change every time a report command is issued to prevent defenders from capturing or blocking the sensor host beforehand. · After collecting information about the botnet through the above report command, a botmaster, if she thinks necessary, could issue an update command to actively let all bots contact a sensor host to update their peer lists. This effectively reorganizes the botnet such that it has a balanced and robust connectivity, and/or reconnects a broken botnet. · Only bots with static global IP addresses that are accessible from the Internet are candidates for being in peer lists (they are called servant bots according to P2P terminologies since they behave with both client and server features). This design ensures that the peer list in each bot has a long lifetime. · Each servant bot listens on a self-determined service port for incoming connections from other bots and uses a self-generated symmetric encryption key for incoming traffic. This individualized encryption and individualized service port design makes it very hard for the botnet to be detected through network flow analysis of the botnet communication traffic.

7 Uma Maheswary, IJRIT

IJRIT International Journal of Research in Information Technology, Vol 1, Issue 2, February 2013, Pg. 6-9

2.2 Intrusion Detection System The IDS [4] shall be either an approved DOD standardized system (Joint Services Interior Intrusion Detection System (J-SIIDS)) or an Integrated Commercial Intrusion Detection System (ICIDS) or an Alarm Monitor Group (AMG)), or a commercial equivalent approved by a DOD Component. IDS shall include point sensors on doors, other human-possible openings, and interior motion or vibration sensors. To overcome the disadvantages of the IDS, The DOD used IDS with Intrusion Prevention Systems (IPS). Since IDS simply detect possible intrusions and possibly notify the administrators, Whereas Intrusion Prevention Systems will not only detect the intrusions but will take actions like terminating the connection.

Fig 2: IPS AND IDS WORKING SYSTEM Basically all traffic is directed through the IPS, which can then block or allow the packets based on policy. It can also perform a level of correction or modification if required. An IDS on the other hand is purely a monitoring device; it cannot act directly on anything it detects. Typically connected via network tap or a span port on a switch / router it sees a copy of traffic but does not interact with it. You rely on humans usually in a 24x7 Security Operations Center (SOC) to monitor the alerts, investigate and take appropriate action. The obvious benefit of IPS is that it can take automated action in real time. This can be to block an attack in action or stop the malware connecting to a command and control server or with application layer IPS prevent data loss. 2.3 AES algorithm The DOD (department of defense) uses organizations for file transfers. Since it contains a huge amount of departments there may be the rise of the security regions in these organizations. That’s the main focus is to be done in the database which contains important information of the DOD. Thus AES [5] is needed for the best encryption and decryption of the files with the authorized persons. The AES algorithm is a block-cipher operating on 128-bit data blocks supporting three different cipherkey lengths of 128, 192 and 256 bits. These three flavors of the AES algorithm are also referred to as AES-128, AES-192 and AES-256, for 128, 192, and 256-bit cipherkeys, respectively. An AES encryption process consists of a number of encryption rounds (Nr) that depends on the length of the cipherkey. The standard calls for 10 rounds for AES-128, 12 rounds for a AES-192, and 14 rounds for a AES-256. During encryption, each round is composed of a set of four basic operations. The decryption process applies the inverse of these operations in reverse order. Figure shows the basic structure of the AES encryption and decryption.

8 Uma Maheswary, IJRIT

IJRIT International Journal of Research in Information Technology, Vol 1, Issue 2, February 2013, Pg. 6-9

Figure 3: Basic structure of the AES algorithm: encryption (left), decryption (right)

3. Conclusion To be well prepared for future botnet attacks study of advanced botnet attack techniques that could be developed by botmasters in the future. Having IPS and IDS technologies are only two of many resources that can be deployed to increase visibility and control within a corporate computing environment. The most important aspect of security is defense in depth. The AES (Advanced encryption standard) is best, which has high efficiency and high secured. Advanced Encryption Standard not only assures security but also improves the performance in a variety of settings such as smartcards, hardware implementations etc. AES is federal information processing standard and there are currently no known non-brute-force direct attacks against AES. AES is strong enough to be certified for use by the US government for top secret information.

References [1] Harary, Frank, and Edgar M. Palmer. Graphical enumeration. MICHIGAN UNIV ANN ARBOR DEPT OF MATHEMATICS, 1973. [2] Farshchi, Jamil. "Wireless intrusion detection systems." URL: http://www. securityfocus. Com/infocus/1742 Retrieved 5.7 (2003): 05. [3] Dittrich, David, and Sven Dietrich. "P2P as botnet command and control: a deeper insight." Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on. IEEE, 2008. [4] Rowland, Craig H. "Intrusion detection system." U.S. Patent No. 6,405,318. 11 Jun. 2002. [5] Feldhofer, Martin, Sandra Dominikus, and Johannes Wolkerstorfer. "Strong authentication for RFID systems using the AES algorithm." Cryptographic Hardware and Embedded Systems-CHES 2004 (2004): 85-140.

9 Uma Maheswary, IJRIT

Influence of IPS and AES in Security Region: DOD - IJRIT

denial-of-service attacks, MAC spoofing, and frames having 802.11 protocol ... and individualized service port design makes it very hard for the botnet to be ...
Download PDF
99KB Sizes 0 Downloads 183 Views
Report

Recommend Documents

Security and Interoperability in Cloud Computing and Their ... - IJRIT
online software applications, data storage and processing power. ... Interoperability is defined as Broadly speaking, interoperability can be defined ... Therefore, one of the solutions is to request required resources from a cloud IaaS provider.
Security and Interoperability in Cloud Computing and Their ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, ..... which its role is a service management, data transmission, service brokerage ...
Evolving Methods of Data Security in Cloud Computing - IJRIT
TPA makes task of client easy by verifying integrity of data stored on behalf of client. In cloud, there is support for data dynamics means clients can insert, delete or can update data so there should be security mechanism which ensure integrity for
Principles on the Security of AES against First and ...
order DPA attack extracts secret key information by analysing the correlation ... generation data encryption standard for use in the USA, and was adopted as an.
Principles on the Security of AES against First and ...
that they are not secure against first and/or second-order DPA attacks. An in- ..... to deal with this case. v is dependent on all the 16 plaintext bytes, due to the.
Use of Processes and Resources of Emerging Technologies in ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, Issue 1, ..... [11] Wiun, C., “Effective college teaching in the millennium: A review of ...
Use of Processes and Resources of Emerging Technologies in ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, Issue 1, ... emerging technologies in teaching at the tertiary level in education. 2.
Network Security using IP Traceback Techniques - IJRIT
And the toughest problem of Network Security is to trace the ... annual Computer Security Institute (CSI) computer crime and security survey reported that ...
Network Security using IP Traceback Techniques - IJRIT
The original aim of the Internet was to provide an open and scalable network among ... Blocking the availability of an Internet service may imply large financial.
Study On Network Security: Threats and Safety - IJRIT
proxy server is a gateway from one network to another for a specific network .... Securing the network from various threats is stopping the biggest cybercrime ...
Study On Network Security: Threats and Safety - IJRIT
Security of network is important as it contains those data which if gets into unauthorized person's .... process involved in the data transmission. ... They can provide real time protection against the installation of malware software on a computer.
Enhanced Capacity and High Security Data Steganography: A ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 1, Issue 8, .... provides the best carrier for steganography is that which stored with ...
Enhanced Capacity and High Security Data Steganography: A ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 1, Issue 8, ... of Computer Science Engineering, IES College of Technology(Bhopal), INDIA .... provides the best carrier for steganography is that which stored with ...
hydrodynamics of the developing region in hydrophobic ...
... and nano-channel networks through which small. volumes of fluids are transported [2]. The applications of such microfluidic devices are in. a range of fields such as electronic-chip cooling, chemical synthesis, targeted cell isolation,. bio-parti
Digital connectivity in the Bay of Bengal region and beyond.pdf ...
Amsterdam. Milan. Oslo. Frankfurt. Chicago. Dallas. Washington. London. Toronto. Moscow. New York. Miami. Los Angeles. Istanbul. Singapore. Hong Kong.
On the Security Claim of Tag Guessing of the AES ... -
Agency for Science, Technology and Research,. 1 Fusionopolis Way ... not clear about their security definition on tag guessing; from a general understanding ... proposed at ASIACRYPT '13 for parallel architectures such as general-purpose.
AES-VCM, AN AES-GCM CONSTRUCTION ... - Research at Google
We give a framework for construction and composition of univer- sal hash functions. Using this framework, we ... Informally, we give a result regarding the use of a universal hash function to construct a secure MAC. 1 ... The VMAC paper [3] gives a r
Detection and Prevention of Intrusions in Multi-tier Web ... - IJRIT
Keywords: Intrusion Detection System, Intrusion Prevention System, Pattern Mapping, Virtualization. 1. ... In order to detect these types of attacks an association .... website not listed in filter rules Noxes instantly shows a connection alert to.
Detection Elimination and Overcoming of Vampire Attacks in ... - IJRIT
... Computer Science And Engineering, Lakkireddy Balireddy College Of Engineering ... Vampire attacks are not protocol-specific, in that they do not rely on design ... are link-state, distance vector, source routing, geo graphic and beacon.
Detection Elimination and Overcoming of Vampire Attacks in ... - IJRIT
Ad hoc wireless sensor networks (WSNs) promise exciting new applications in the near future, such as ubiquitous on-demand computing ... In the one cause of energy loss in wireless sensor network node in the idle consumption, when the nodes are not pa
Secure the Cloud Storage and Recovery of Security Risks and ... - IJRIT
Now a day‟s rapidly increased use of cloud computing in the many organization and IT industries and provides new software with low cost . Ensuring the ...
AES-MainOffice.pdf
... Superintendent of Schools and the. bus company by submitting a Bus Transportation Change Request f​orm. Durham School Services 5087639260. Information Changes:​Please remember to call the school with any phone, cell. phone, email or address c