: Explain each the following security threats in 50-100 words. Eavesdropping Data Interception Data corruption Data...

i .

Answer :

Eavesdropping

Eavesdropping is the act of intercepting communications between two points.

In the digital world, eavesdropping takes the form of sniffing for data in what is called network eavesdropping. A specialized program is used to sniff and record packets of data communications from a network and then subsequently listened to or read using cryptographic tools for analysis and decryption.

For example, Voice over IP (VoIP) calls made using IP-based communication can be picked up and recorded using protocol analyzers and then converted to audio files using other specialized software.

Data sniffing is easily done on a local network that uses a HUB since all communications are sent to all the ports (non-recipients just drop the data) and a sniffer will simply accept all of the incoming data.

This goes the same for wireless networking where data is broadcast so even non-recipients can receive the data if they have the proper tools.

Actual eavesdropping, that is the simple act of listening to other people talk without them knowing it, can be done using current technology such as hidden microphones and recorders.

Hacking into devices such as IP phones is also done in order to eavesdrop on the owner of the phone by remotely activating the speaker phone function.

Devices with microphones including laptops and cellphones also can be hacked to remotely activate their microphones and discretely senddata to the attacker.

Data Interception :

• An interception means that some unauthorized party has gained access to an asset. The outside party can be a person, a program, or a computing system. Examples of this type of failure are illicit copying of program or data files, or wiretapping to obtain data in a network. Although a loss may be discovered fairly quickly, a silent interceptor may leave no traces by which the interception can be readily detected.
• In an interruption, an asset of the system becomes lost, unavailable, or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a particular disk file.
• If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. For example, someone might change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically. It is even possible to modify hardware. Some cases of modification can be detected with simple measures, but other, more subtle, changes may be almost impossible to detect.
• Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. The intruder may insert spurious transactions to a network communication system or add records to an existing database. Sometimes these additions can be detected as forgeries, but if skillfully done, they are virtually indistinguishable from the real thing.

Data corruption

Data corruption refers to errors in computer data that occur during writing, reading, storage, transmission, or processing, which introduce unintended changes to the original data. Computer, transmission, and storage systems use a number of measures to provide end-to-end data integrity, or lack of errors.

Although there are many factors that trigger data corruption, it is often enabled through an external virus stored or installed within the target computer or device. The virus overwrites the original data, modifies the code or permanently deletes it. Besides viruses, data corruption may also occur as a result of hardware or software malfunctions, errors and environmental calamities such as power outages, storms or other disasters. Data can be restored through a backup copy or it can be rebuilt using various data integrity checking algorithms.

Data falsification:

Manipulating research data with the intention of giving a false impression. This includes manipulating images (e.g. micrographs, gels, radiological images), removing outliers or “inconvenient” results, changing, adding or omitting data points, etc.

With regard to image manipulation it is allowed to technically improve images for readability. Proper technical manipulation refers to adjusting the contrast and/or brightness or color balance if it is applied to the complete digital image (and not parts of the image). Any technical manipulation by the author should be notified in the cover letter to the Journal Editor upon submission. Improper technical manipulation refers to obscuring, enhancing, deleting and/or introducing new elements into an image. Generally, if an author’s figures are questionable, it is suggested to request the original data from the authors.

Authentication issues

When users fail to authenticate to a Palo Alto Networks firewall or Panorama, or the Authentication process takes longer than expected, analyzing authentication-related information can help you determine whether the failure or delay resulted from:

• User behavior

  —For example, users are locked out after entering the wrong credentials or a high volume of users are simultaneously attempting access.

• System or network issues

  —For example, an authentication server is inaccessible.

• Configuration issues

  —For example, the Allow List of an authentication profile doesn’t have all the users it should have.

This process is useful for troubleshooting authentication issues such as:

• General authentication errors

• Username/password failures

• Authentication policy configuration errors

• Group extraction discrepancies

ii.

Stands for "Transmission Control Protocol." TCP is a fundamental protocol within the Internet protocol suite — a collection of standards that allow systems to communicate over the Internet. It is categorized as a "transport layer" protocol since it creates and maintains connections between hosts.

TCP compliments the Internet protocol (IP), which defines IP addresses used to identify systems on the Internet. The Internet protocol provides instructions for transferring data while the transmission control protocol creates the connection and manages the delivery of packets from one system to another. The two protocols are commonly grouped together and referred to as TCP/IP.

When data is sent over a TCP connection, the protocol divides it into individually numbered packets or "segments." Each packet includes a header that defines the source and destination and a data section. Since packets can travel over the Internet using multiple routes, they may arrive at the destination in a different order than they were sent. The transmission control protocol reorders the packets in the correct sequence on the receiving end.

TCP also includes error checking, which ensures each packet is delivered as requested. This is different than UDP, which does not check if each packet was successfully transmitted. While the built-in error checking means TCP has more overhead and is therefore slower than UDP, it ensures accurate delivery of data between systems. Therefore TCP is used for transferring most types of data such as webpages and files over the Internet. UDP is ideal for media streaming which does not require all packets to be delivered.

There are various real-time applications of TCP/IP that even most designers do not know about. The following are some of the common areas where real-time TCP/IP is applied;

• File Transfer Protocol (FTP, data and control), which is used in sending large files
• Simple Mail Transfer Protocol (SMTP): Relies on exchange of commands and can also send huge files across various machines.
• Post Office Protocol; a protocol for e-mail message retrieval that uses TCP to exchange commands and data.
• Telnet Protocol; An interactive session-based protocol that requires a similar platform to TCP.
• Internet Message Access Protocol (IMAP); also a protocol for retrieving e-mail messages.
• Border Gateway Protocol (BGP): This protocol runs on TCP, which enables it to assume reliable communication even if the data is often sent over very long distances.

iii.

Wired Equivalent Privacy (WEP)

Stands for "Wired Equivalent Privacy." WEP is a security protocol for Wi-Fi networks. Since wireless networks transmit data over radio waves, it is easy to intercept data or "eavesdrop" on wireless data transmissions. The goal of WEP is to make wireless networks as secure as wired networks, such as those connected by Ethernet cables.

The wired equivalent privacy protocol adds security to a wireless network by encrypting the data. If the data is intercepted, it will be unrecognizable to system that intercepted the data, since it is encrypted. However, authorized systems on the network will be able to recognize the data because they all use the same encryption algorithm. Systems on a WEP-secured network can typically be authorized by entering a network password.

Wi-Fi Protected access (WPA)

Stands for "Wi-Fi Protected Access." WPA is a security protocol designed to create secure wireless (Wi-Fi) networks. It is similar to the WEP protocol, but offers improvements in the way it handles security keys and the way users are authorized.

For an encrypted data transfer to work, both systems on the beginning and end of a data transfer must use the same encryption/decryption key. While WEP provides each authorized system with the same key, WPA uses the temporal key integrity protocol (TKIP), which dynamically changes the key that the systems use. This prevents intruders from creating their own encryption key to match the one used by the secure network.

WPA also implements something called the Extensible Authentication Protocol (EAP) for authorizing users. Instead of authorizing computers based soley on their MAC address, WPA can use several other methods to verify each computer's identity. This makes it more difficult for unauthorized systems to gain access to the wireless network.

Wi-Fi Protected access 2 (WPA2)

Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication.

There are two versions of WPA2: WPA2-Personal, and WPA2-Enterprise. WPA2-Personal protects unauthorized network access by utilizing a set-up password. WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.

iv.

Symmetrical Encryption

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process. This encryption method differs from asymmetric encryption where a pair of keys, one public and one private, is used to encrypt and decrypt messages.

By using symmetric encryption algorithms, data is converted to a form that cannot be understood by anyone who does not possess the secret key to decrypt it. Once the intended recipient who possesses the key has the message, the algorithm reverses its action so that the message is returned to its original and understandable form. The secret key that the sender and recipient both use could be a specific password/code or it can be random string of letters or numbers that have been generated by a secure random number generator (RNG). For banking-grade encryption, the symmetric keys must be created using an RNG that is certified according to industry standards, such as FIPS 140-2.

There are two types of symmetric encryption algorithms:

1. Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks.

2. Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s memory.

Some examples of symmetric encryption algorithms include:

• AES (Advanced Encryption Standard)

• DES (Data Encryption Standard)

• IDEA (International Data Encryption Algorithm)

• Blowfish (Drop-in replacement for DES or IDEA)

• RC4 (Rivest Cipher 4)

Asymmetrical Encryption

Asymmetric key encryption, on the other hand, makes use of two keys. A private key and a public key. The public key is used for encrypting, while the private key is used for decrypting. Two of the most widely used asymmetric key algorithms are: RSA and DSA.

If you're going to use asymmetric key encryption in a file transfer environment, the sender would need to hold the public key, while the receiver would need to hold the corresponding private key.

So, going back to the scenario given in the previous section, if you manage a file transfer server and one of your users wants to encrypt a file first before uploading it, it would typically be your duty to generate the key pair. You should then send the public key to your user and leave the private key on the server.

You use one to encrypt your data, which is called public key, and the other to decrypt the encrypted message, which is called the private key.

When you encrypt your message using, let’s say, your granny’s public key, that same message can only be decrypted using her private key.

Private keys

Your private key, as the name states, is yours and it must be kept private, as it’s the only key that can decrypt any messaged that was encrypted with your public key.

Public keys

Public keys as, yet again, the name states, are public and thus no security is required because of it should publicly available and can be passed over the internet. The public key is used to encrypt a message that can only be decrypted using, as I written above, its private counterpart.

v.

Three keys algorithm are

1.  RSA

2. Diffie-Hellman.

3. ElGamal

1.  RSA :

Algorithm

The RSA algorithm holds the following features −

• RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers.

• The integers used by this method are sufficiently large making it difficult to solve.

• There are two sets of keys in this algorithm: private key and public key.

You will have to go through the following steps to work on RSA algorithm −

Step 1: Generate the RSA modulus

The initial procedure begins with selection of two prime numbers namely p and q, and then calculating their product N, as shown −

N=p*q

Here, let N be the specified large number.

Step 2: Derived Number (e)

Consider number e as a derived number which should be greater than 1 and less than (p-1) and (q-1). The primary condition will be that there should be no common factor of (p-1) and (q-1) except 1

Step 3: Public key

The specified pair of numbers n and e forms the RSA public key and it is made public.

Step 4: Private Key

Private Key d is calculated from the numbers p, q and e. The mathematical relationship between the numbers is as follows −

ed = 1 mod (p-1) (q-1)

The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and q as the input parameters.

Encryption Formula

Consider a sender who sends the plain text message to someone whose public key is (n,e). To encrypt the plain text message in the given scenario, use the following syntax −

C = Pe mod n

Decryption Formula

The decryption process is very straightforward and includes analytics for calculation in a systematic approach. Considering receiver C has the private key d, the result modulus will be calculated as −

Plaintext = Cd mod n

2. Diffie-Hellman:

Process:

We know Diffie Hellman algorithm is an asymmetric algorithm. So Alice and Bob will agree to a public key pair (g, p) where g is the generator and p is the prime modulus.

Let’s assume they chose g=3 and p=17. Now the public key pair (3,17) will be available public over the network.

Alice:

Alice will choose a random private number lets assume Apriv=15
and she will do the exponentiation and modulus operation with public key pair and her private key.

g^Apriv mod p

3¹⁵ mod 17=6 ……..eq1
Now the number 6 will be publicly transferred to Bob over the network.
Apub=6

Bob:

Bob will choose a random private number say Bpriv=13
Now Bob will have to do the same operation as of Alice

g^Bpriv mod p

3¹³ mod 17=12 ……..eq2

Now the number 12 will be publicly transferred to Alice over the network.

Bpub=12

Alice:

Now Alice has the number publicly transmitted by Bob Bpub=12.
She will decrypt the information using private key using the formula

Bpub^Apriv mod p = shared secret key

12¹⁵ mod 17 = 10 ……..eq3

Bob:

Bob has to do the same process as Alice. Bob has the number publicly transmitted by Alice Apub=6
He will try to decrypt the information using his private key

Apub^Bpriv mod p = shared secret key

6¹³ mod 17 = 10 ……..eq4

What happened?
They used different numbers in their respective process but how come they obtain the same key?

Lets rewrite the equations

Alice Operations:

3¹⁵ mod 17= 6 ……..eq1
12¹⁵ mod 17 = 10 ……..eq3

Bob’s operations:

3¹³ mod 17=12 ……..eq2
6¹³ mod 17 = 10 ……..eq4

3. ElGamal

• Choosing a large prime p. Generally a prime number of 1024 to 2048 bits length is chosen.

• Choosing a generator element g.

  • This number must be between 1 and p − 1, but cannot be any number.

  • It is a generator of the multiplicative group of integers modulo p. This means for every integer m co-prime to p, there is an integer k such that g^k=a mod n.

    
    Choosing the private key. The private key x is any number bigger than 1 and smaller than p−1.

• Computing part of the public key. The value y is computed from the parameters p, g and the private key x as follows −

y = gx mod p

• Obtaining Public key. The ElGamal public key consists of the three parameters (p, g, y).

  For example, suppose that p = 17 and that g = 6 (It can be confirmed that 6 is a generator of group Z₁₇). The private key x can be any number bigger than 1 and smaller than 71, so we choose x = 5. The value y is then computed as follows −

y = 65 mod 17 = 7

• Thus the private key is 62 and the public key is (17, 6, 7).

Encryption and Decryption

The generation of an ElGamal key pair is comparatively simpler than the equivalent process for RSA. But the encryption and decryption are slightly more complex than RSA.

ElGamal Encryption

Suppose sender wishes to send a plaintext to someone whose ElGamal public key is (p, g, y), then −

• Sender represents the plaintext as a series of numbers modulo p.

• To encrypt the first plaintext P, which is represented as a number modulo p. The encryption process to obtain the ciphertext C is as follows −

  • Randomly generate a number k;
  • Compute two values C1 and C2, where −

C1 = gk mod p
C2 = (P*yk) mod p

• Send the ciphertext C, consisting of the two separate values (C1, C2), sent together.

• Referring to our ElGamal key generation example given above, the plaintext P = 13 is encrypted as follows −

  • Randomly generate a number, say k = 10
  • Compute the two values C1 and C2, where −

C1 = 610 mod 17
C2 = (13*710) mod 17 = 9

• Send the ciphertext C = (C1, C2) = (15, 9).

ElGamal Decryption

• To decrypt the ciphertext (C1, C2) using private key x, the following two steps are taken −

  • Compute the modular inverse of (C1)^x modulo p, which is (C1)^-x , generally referred to as decryption factor.

  • Obtain the plaintext by using the following formula −

C2 × (C1)-x  mod p = Plaintext

• In our example, to decrypt the ciphertext C = (C1, C2) = (15, 9) using private key x = 5, the decryption factor is

15-5  mod 17 = 9

• Extract plaintext P = (9 × 9) mod 17 = 13.