Network VPN and Web Security Cryptography Essay

Securing profits commercial transactions and in the buff banking entropy is progressively becoming critical as threats to reckoner mesh topologys continue to ca phthisis world-shattering financial losses resulting from information damage, loss or corruption by spy w ar, viruses and other entropy corrupting hostile codes (Mogollon, 2007). The consequences of having weak protective cover governing body administration become enormous and companies should step up their security measures to protect sensitive data by cryptographical methods. In online transactions, the unspoilt weathervane waiter communicates with the clients computer by authenticating each other.They do this by en cryptographing the data which is hereditary by sum detail protocols such as guide layer security (TLS), Internet protocol security (IPsec) and secure socket layer (SSL). All Web browsers such as Internet Explorer and Netscape take a shit in-built TLS and SSL protocols. To bewilder internet t ransactions safe, the problems associated with end-user certificate distri only whenion gestate to be solved and this was the ch anyenge that led to the fall of secure electronic transaction (SET) technology after its introduction in 1990s (Mogollon, 2007).This paper volition discuss important technologies behind VPN SSL and website encoding paying critical attention to algorithmic programs which mark encoding in financial systems such as the Internet commercial transactions possible and secure. In particular, the paper addresses advanced and critical issues in online transactions as bingle of the atomic number 18as applying cryptography and interlock security. The Need for Network Security in Financial Systems The modern online commerce and financial systems argon rapidly growing partly because some(prenominal) protocols for Web autographion are often implemented hence ensuring secure transactions.In a practical scenario, online clients buying commodities enter the cre dit card hail online and then hit the Submit button. While this information is offer upd online and advise be de supposeed by hackers, the Web browser commits to secure this online transaction by enciphering the transmitted data (Mogollon, 2007). Secure communication between the client and the server requires client-server credentials which is a cryptographic aboriginal exchange involving an pledge of both parties. The client and the server will agree on a common pre-master secret code or get wind. info is then enciphered using the keys which are generated from the concur pre-master key. This communication agreement between the client and server also involves the decisions on which versions and protocols to use such as SSL2, SSL3, TLS1. 0, and TLS 1. 1 (Mogollon, 2007). They will also agree on which cryptographic algorithm to use and whether to authenticate to each other or not. The use of certain techniques of public-key encryption which generate the pre-master secret key will also be agreed on.Both have to make an agreement that session keys are to be created to help in the enciphering of the messages. Virtual Private Network (VPN) A virtual personal network (VPN) serves as an extension of a common soldier network which encompasses consociates across public or shared networks such as the Internet (Mogollon, 2007). VPN enables users to confide data between two interconnected computers across a public or shared network in a way that it emulates point-to-point private link properties. Virtual private networking is the technique of creating and configuring VPN and it emulates point-to-point links (Mogollon, 2007).There should be data encapsulation or wrapping with headers to provide routing information thus allowing it to traverse the public or shared transit internetwork and attain its endpoint. At the analogous clock time, to emulate private links, the sent data must be encrypted for security and confidentiality (Microsoft Corporation, 2003). Th e packets intercepted on public or shared networks buttnot be deciphered without the use of encryption keys. Private data is encapsulated in a connectedness portion k straightn as the tunnel and it is encrypted in a connection portion known as the VPN connection (Microsoft Corporation, 2003). design 1. 1 Figure 1.1 Virtual private network connection (Microsoft Corporation, 2003) The VPN connection provide the capabilities for remote users dapple at homes, branch offices or flat while traveling to securely connect to remote organizations servers by the use of routing al-Qaida which is provided by a shares or public network like the Internet(Microsoft Corporation, 2003). Since the creation of VPN connection is facilitated by the Internet from allwhere, these networks require strong security mechanisms to avoid any unwelcome private network access and to protect private data while traversing the public network (Microsoft Corporation, 2003).These security mechanisms include data encryption and earmark as healthful as other advanced VPN security measures such as certificate-based authentication. Virtual private network security (VPNs) is provided by the Internet protocol security (IPsec), TLS and SSL (Mogollon, 2007). IPsecVPN are commonly utilize in several enterprises but they are not as liberal to use as SSLVPN. Another variance between IPsec VPN and SSL VPN is that IPsec VPN works at Layer 3 and creates a tunnel into networks. This way, IPsec allows for devices to log on as if they have physical connections to the local area network (LAN) (Mogollon, 2007).On the other hand, the SSL VPN work at the application Layer 4 and users abide have access to individual applications through the Web browser. In SSLVPN, the administrators can dictate the access by applications instead of providing entire network access. VPN emulates the facility of private wide area network (WAN) by the use of private Internet Protocol (IP) and public internet backbones (Mogoll on, 2007). Secure Socket Layer Virtual Private Network (SSLVPN) Security networks in particular those employ in online transactions demand increasingly entangled cryptographic systems and algorithms (Lian, 2009).Therefore, there is need for individuals concerned with the implementation of security policies in companies to use technical knowledge and skill in information technology in order to implement critical security mechanisms. Unlike the traditional IPsec VPN which requires the use of special client software on computers of end users, the SSL VPN such as Web SSL VPN requires no installation of such software (Lian, 2009). SSLVPN is mainly designed to provide remote users access to various client-server applications, Web application as well as internal network connections.SSL VPN authenticates and encrypts client-server communication (Lian, 2009). Two types of SSL VPNs are recognized the SSL approach VPN and SSL Tunnel VPN (Lian, 2009). The SSL Portal VPN usually allows a a tomic number 53 SSL to connect to the website while allowing secure access to a number of network operate by end users. This common website is known as the portal because it serves as a single door leading to a number of resources. The site is usually a single page having links to other pages.The second example of SSLVPN is the SSL Tunnel VPN which allows Web browsers, and thus users to safely access a number of multiple network services as well as protocols and applications which are not Web-based (Lian, 2009). Access is mainly provided via a tunnel which runs under SSL. The SSL Tunnel VPN requires all browsers to have the capacity to support active content that makes them to have more functionality not possible with SSL Portal VPN. The active content supported by SSL Tunnel VPN includes Active X, Java, JavaScript and plug-ins or Flash applications (Lian, 2009).Secure Socket Layer (SSL) provides a standardized communication encryption deployed for the drive of protecting a number of protocols (Lian, 2009). For instance, most online transacting sites such as PayPal, AlertPay and MoneyBookers have their Universal Resource Locator (URL) address beginning with https// instead of http//. This means that the Hypertext enthral Protocol (Http) is wrapped inside the SSL (Lian, 2009). Cryptography and Encryption Cryptography is concerned with the development of algorithms where data is written secretly thus the names, crypto-meaning secret and graphy, meaning pen (Li, n.d). Cryptography basically provides a number of ways to confirm data security during VPN communication. These various means or algorithms include hash, cipher, digital signature, authentication and key generation (Lian, 2009). Cryptography endeavors to conceal the actual context of data from eachone except the recipient and the vector hence maintaining secrecy or privacy. Cryptography also verifies or authenticates the correctness or validity of data to recipients in virtual private network.As a result of this, cryptography has been the basis of a number of expert solutions to problems such as communication and network security in share networks such as that in VPN. In general, cryptography can be delineate as the technique exploiting the methods and principles of converting intelligible data into unintelligible one and then changing it back to the original form (Li, n. d). SSL VPN encryption involves the adoption of traditions and clean algorithms of encryption in the protection of sensitive data such as the one exchanged during online transactions.The original data is transformed into secure data with specific algorithm of encryption by the use of the encryption key. At the same time, the encrypted data can be decrypted back into its original state with the help of algorithms of decryption. Sometimes, combats to data are common in networked systems where hackers conflagrate into systems to obtain the original data which has not been encrypted. The present research fo cuses on the efficient algorithms of encryption and decryption which are secure against these attacks (Lian, 2009). Typical VPN Encryption AlgorithmsVPN encryption utilizes a number of encryption algorithms to secure flowing trading across a shared or public network (Malik, 2003). The encryption of VPN connections is done so as to allow VPN and Web traffic to traverse share or public network like the Internet. Example of encrypted VPN is the SSL VPN and IPsec which uses encryption algorithms to safely allow traffic across shared or public network such as the Internet (Malik, 2003). Apart from classifying VPN in terms of encryption, potpourri of VPN can also be based on the model of OSI layer which they are constructed in.this is an important classification as the encrypted VPN only allows specific amount of traffic which gets encrypted and the degree of transparency to VPN clients (Malik, 2003). Classification of VPN based on the OSI model layers recognizes three types of VPNs dat a link layer, network layer and application layer VPNs (Malik, 2003). Algorithms employ for encryption can be categorise into partial encryption, direct encryption and compression-combined encryption (Lian, 2009). According to the number of keys used, algorithms can also be classified into a bilaterally symmetrical and symmetrical algorithms.In general, different encryption algorithms encrypt data volumes hence acquiring different efficiency and security. It therefore remains a decision of system security administrators to select which algorithm to use which will provide the best VPN security (Microsoft Corporation, 2005). There is no single encryption algorithm which is efficient to address all situations (Microsoft Corporation, 2005). However, there are basic factors to consider when selecting the type of algorithm to use in VPN security. Strong encryption algorithms always consume more resources in computer systems compared to weaker encryption algorithms.Long encryption keys a re considered to offer stronger securities than the unretentiveer keys. Therefore, Chief Security Officer (CSOs) should decide on longer keys to enhance system securities (Microsoft Corporation, 2005). Asymmetric algorithms are also considered stronger than the symmetric ones since they use different keys (Microsoft Corporation, 2005). However, asymmetric algorithms of encryption are slower compared to symmetric ones. Experts also prefer block ciphers as they use lone wolf keys hence offer stronger security compared to stream ciphers.Passwords that are long and complex seem to offer better security than shorter and simpler passwords which can be broken considerably by hackers. It should be factor to consider the amount of data which is being encrypted. If large amounts of data are to be encrypted, then symmetric keys are to be used to encrypt the data and asymmetric keys should be used to encrypt the symmetric keys. It is also critical to compress data before encrypting because i t is not easy to compress data once it has been encrypted (Microsoft Corporation, 2005). Direct encryption involves the encryption of data content with either traditional or novel cipher directly.Partial encryption involves the encryption of only meaningful portions of data and other parts are left unencrypted (Microsoft Corporation, 2003). Compression-combined encryption involves the combinations of encryption operation with compression operation which are simultaneously implemented. Comparably, direct encryption offers the highest data security as it encrypts largest volumes of data. However, this method has the lowest efficiency as it takes much time encrypting all data volumes. The reduction of data volumes in partial and compression-combined encryptions result to lower security but with highest efficiency (Lian, 2009).There are specific examples of ciphering algorithms used by most online companies to protect sensitive and private data such as business data, personal messages or passwords for online banking. The commonly used ciphering algorithms include the DES/3 DES, RC4, SEAL and Blowfish (MyCrypto. net, n. d). Data encryption in VPN client-server communications is critical for data confidentiality. This is because data is passed between VPN clients and VPN servers over a public or shared network which often poses risks of punishable data interception by the hackers. However, VPN servers can be configured to force communication encryption.The encryption will force VPN clients connecting to VPN servers to encrypt their data or else be denied connections. Microsoft Windows emcee 2003 employs two different types of encryptions the Internet Protocol security (IPSec) encryption that uses the Layer Two Tunneling Protocol (L2TP) and Microsoft Point-to-Point Encryption (MPPE) which used Point to Point Tunneling Protocol (Microsoft Corporation, 2005). In telephone communication or dial-up clients, data encryption is not necessary between the clients and thei r Internet Service Providers (ISP) since the encryption is always carried out with VPN client-VPN server connections.This implies that quick users using dial-up connections to dial local ISPs need not to encrypt anything since once the Internet connection has been established, the users can create VPN connection with corporate VPN servers. In persona VPN connections are encrypted, there is no need for encryption between users and ISPs in dial-up connections (Microsoft Corporation, 2005). VPN encryption generally allows for the attainment of the highest possible security standards made possible by key generation in a certified centre using the RSA, 1024 fleck (MyCrypto.net, n. d). Smart card technology especially the TCOS-2. 0 Net linchpin SmartCard OS (operating system) grant a safe mode for key storage which complies with the evaluation criteria of information security systems (Li, n. d). Different types of encryption algorithms employ proprietary specific methods to generate t he secret keys and thus the encryption algorithms become useful in different types of applications (MyCrypto. net, n. d). The distance of keys generated by these algorithms determines the strength of encryption.The most common algorithms, DES/3DES, BLOWFISH, IDEA, SEAL, RC4 and RSA have different qualities and capabilities which network security administrators may choose to use in providing VPN security (MyCrypto. net, n. d). The RSA algorithm, developed in 1979 was named after its developers Ron Rivest, Shamir and Adleman hence the name RSA (Riikonen, 2002). RSA supports digital signatures and encryption and it is therefore the most widely used type of public key algorithm. RSA takes advantage of the problem of integer factorization to enhance security and it utilizes both private and public keys.It is one of the algorithms which is easy to understand and it has been patent-free since the year 2000 (Riikonen, 2002). RSA is commonly used for securing IP data, transport (SSL/TSL) da ta, emails, terminal connections and conferencing services. Its security entirely depends on the randomness of the metrical composition generated by the Pseudo Random Number Generator (PRNG). Data Encryption Standard/ Triple Data Encryption Standard (DES/3DES) has widely been used as a standard in banking institutions in Automatic Teller Machines (ATMs) as well as in UNIX OS password encryption (MyCrypto. net, n. d).DES/3DES allows the authentication of Personal Identification Number (PIN) to be made possible. While DES is basically a 64-bit block cipher, it uses 56-bit keys in encryption and most users dont regard it as advances in computer technology continue to transform the banking and online industry (MyCrypto. net, n. d). DES has been found to be vulnerable to some cyberattacks and experts have now recommended 3DES as the stronger option. 3DES has the ability to encrypt data 3 times hence the name 3DES. It uses different keys for all the three passes and this gives it a total cumulative of 112-168 bit key size (MyCrypto.net, n. d). IDEA (International Data Encryption Algorithm) is another type of algorithm first developed by Prof. Massey and Dr. Lai in the wake of 1990s in Switzerland (MyCrypto. net, n. d) . It was meant to replace DES algorithm but one of the weaknesses of DES is that it uses a common key for both encryption and decryption and it only operates on 8 bytes at every incident. The success of IDEA in enhancing security lies on the length of its 128-bit key which makes hackers difficult to break especially those who try out every key.To present, there are no known means of breaking the IDEA 128-bit key other than trying each key at a time which is also difficult (MyCrypto. net, n. d). This then makes the algorithm better for security. Since it is a fast algorithm, IDEA has been implemented in most hardware chipsets to male them run fast (MyCrypto. net, n. d). Just like IDEA and DES, Blowfish represent another type of a symmetric block ciphe r which tales a varying key length ranging from 32 to 448 bits (MyCrypto. net, n. d). This makes it ideal for both exportable and domestic use.Developed in 1993 by Bruce Schneier, Blowfish became not only a fast alternative but also a free option to the other existing algorithms of encryption. Blowfish is now becoming more accepted by many experts because of its strong encryption properties (MyCrypto. net, n. d). Software-optimized Encryption Algorithm (SEAL), developed by Coppersmith and Rogaway is an example of a stream cipher where data is encrypted continuously (MyCrypto. net, n. d). Stream ciphers represent a group of algorithms which are faster compared to block ciphers such as IDEA, Blowfish and DES.However, stream ciphers have an extended initialization phase whereby a secure harsh algorithm is used to complete the set of tables (MyCrypto. net, n. d). It is considered a very fast algorithm as it uses 160 bit key for the purpose of encryption. In addition, SEAL is considered one of the safest algorithms used to protect data from hackers and thus, it can be used in managing passwords in financial systems (MyCrypto. net, n. d). Ciphers and Encryption Ciphers transform plaintext into secured ciphertext and then recover it back from ciphertext with the help of keys (Li, n.d). This way, data is kept private during client-server communication this providing maximum VPN and Web security. The transformation into plaintext and the recovery from ciphertext is commonly known as encryption and decryption respectively. During the decryption process, a key is required and without the key, correct plaintext recovery is not possible. There are several types of ciphers widely known and have been classified according to their properties. Ciphers can be classified as to either symmetric or asymmetric ciphers (Li, n.d). In symmetric ciphers, the decryption key used in cryptography is the same as that used in encryption. The operation for decrypting is often symmetric to th e encrypting operation in symmetric ciphers (Li, n. d). In asymmetric ciphers, the decryption operations are never symmetric to encryption operations hence the keys used might differ (Lian, 2009). A simple model for showing asymmetric and symmetric ciphers is as shown below in Fig 2. 1 (a) and (b). Fig 2. 1(a) and (b) (a) Symmetric cipher (b) Asymmetric cipher Fig 2.1 (a) and (b) Symmetric and asymmetric ciphers (Lian, 2009) In the models shown above, symmetric cipher use same key (K0) in encryption and decryption while asymmetric cipher use different keys (K1) and (K1) for encryption and decryption respectively (Lian, 2009). Since in asymmetric cipher the key is similar in both encryption and decryption operations, the key is known both to the sender and the receiver but not to the third caller and it should always be kept private. Otherwise, the third party can decrypt the ciphertext and expose the ciphertext as plaintext.This is why the asymmetric cipher is also known as the pri vate cipher. However, symmetric ciphers such as Advanced Encryption Standard (AES), Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA) have widely been used despite some vulnerabilities of ciphertext decryption by third parties (Lian, 2009). Asymmetric ciphers offer advanced security as the encryption key (K1) can securely be made public but the decryption key (K2) is safely kept private only made known to the receiver.This means that if the sender and the third party only knows one key (the encryption key), he is not able to decrypt the ciphertext hence maintaining maximum network security. The asymmetric cipher is therefore known as the public cipher and the symmetric cipher, private cipher. Asymmetric cipher or public ciphers are regarded more suitable particularly for key exchanges in online communications and internet commercial transactions. The reasons which make public ciphers suitable for VPN securities are for instance the difficulties in lar ge number factorization in RSA cipher.The problem of the discrete logarithm is the concept behind the suitability of Elliptic Curve Cryptography (ECC). The ElGamal encryption is also regarded to offer suitable securities because of the problem with complex computing of discrete logarithms as the encryption is always defines over a wide range of cyclic groups. cryptography and Security Attacks Cryptanalysis techniques allow hackers to break easily into cipher systems in VPN. According to Kerckhoffs principle, the hacker clearly knows the cipher per se and the security of the cipher is largely depended on the private key (Lian, 2009).Cryptanalysis techniques employed by attackers aim to get access to the ciphers private key with the aim of knowing the information as plaintext, ciphertext or even encryption algorithm. Cryptanalysis methods can be grouped into four categories according to the information best known to the attackers (Lian, 2009). The attack based on only ciphertext mean s that the attack only progresses after the attacker has known ciphertext collection. This method is known as ciphertext-only attack (Lian, 2009).Known-plaintext attack is another cryptanalysis method which means that the attack method will only be successful when the hacker has obtained pairs of plain-text-ciphertext sets. Another attack method is the chosen-plaintext attack which progresses only when the hacker has ciphertexts which correspond to arbitrary plaintexts sets. The finish possible method of attack is the related-key attack which works after the attacker has obtained ciphertext which are encrypted using two dissimilar keys (Lian, 2009).Encryption algorithms security is determined by the resistance to cryptanalysis techniques including attacks like differential analysis, statistical attack and relate-key attacks. Ciphers used for network VPN and Web security should be analyzed thoroughly before they can be used, otherwise, attackers will break into systems when ciphers dont provide the required maximum network security. Simple metrics can be employed in measuring resistance to cryptographic analysis and common attacks of ciphers. These metrics include plaintext sensitivity, key sensitivity and ciphertext randomness (Lian, 2009).It can therefore be said that the cryptographic algorithm is of high security only when the encryption algorithm is heavily secured against cryptographic analysis and attacks. In case the algorithm doe not provide this essential requirement, the encryption algorithm is then considered to be of low security. Key sensitivity refers to changes in ciphertext as a result of changes in keys. Good ciphers will recognize the slightest difference in keys and cause significant changes in ciphertext. Plain text sensitivity is almost similar to plaintext sensitivity and is defines as the alteration in ciphertext as a result of plaintext changes.Good ciphers should also be able to recognize any slight difference in plaintext changes and therefore cause significant ciphertext changes. Ciphertext randomness basically differs from the plaintext. In good ciphers, the ciphertext always has good randomness which makes it hard for attackers to establish holes in statistical properties of ciphertexts (Lian, 2009). Ciphers transform original intelligible data into a form which is unintelligible by the help of keys. This method is used to secure data confidentiality.Hash always uses the original data to generate short strings used to protect data integrity. Digital signatures employ the key-based hash in the generation of hash values for the data which is to be protected. Digital signatures are often used in the detection whether operations are done by the authenticated owner or not. This is critical in online transactions such as those involving online payment methods such as AlertPay, PayPal and MoneyBookers. Key generation and authentication provide critical methods which help in the generation and distribution of multip le keys during communication.Hackers use cryptoanalytical methods to analyze and break into networked systems through cryptographic means. Cryptoanalysis provides some special or common means to analyze hash, cipher, digital signatures or key generation and authentication algorithms securities. The best cryptographic methods in VPN and Web security should be immune to cryptoanalytical methods before they can be applied in system network security. end Encryption algorithms offer secure communication against cryptanalysis used by attackers such as known-plaintext attack, ciphertext-only attack and select-plaintext attacks.Complete encryption offers security to traditional and novel ciphers against cryptanalysis by hackers. Partial encryption allows some parameters to be encrypted using ciphers which are immune to cryptographic attacks. Compression-combined encryption involves the combination of encryption and comprension operations which make it secure from the perspective of cryptan alysis. VPN encryption utilizes basic encryption mechanisms which secure the traffic flowing across shared or public network. The encryption is critical in allowing VPN traffic to traverse public or shared network like the Internet.Banking systems have always employed complex security measures such as SSL VPN and IPsec VPN to encrypt traffics by the use of encryption algorithm in shared VPN connections. References Malik, S (2003). Network security principles and practices. Indianapolis, IN Cisco Press. Mogollon, M (2007). Cryptography and security services mechanisms and applications. Hershey, New York Cybertech Publishing. Lian, S (2009). Multimedia content encryption Techniques and applications. New York Taylor & Francis Group. Li, X (n. d). Cryptography and network security.Retrieved July 31, 2010 from, http//www. cs. iit. edu/cs549/lectures/CNS-1. pdf. Microsoft Corporation (2005). Data encryption between VPN server and client. Retrieved sumptuous 4, 2010 from, http//technet. m icrosoft. com/en- us/library/cc778013%28WS. 10%29. aspx Microsoft Corporation (2003). Virtual private networking with Windows Server 2003 Overview. Retrieved August 1, 2010 from, http//www. microsoft. com/windowsserver2003 MyCrypto. net (n. d). Encryption algorithm. Retrieved August 4, 2010 from, http//www. mycrypto. net/encryption/crypto_algorithms. html Riikonen, K (2002). RSA algorithm. Retrieved August 4, 2010 from, http//www. cs. uku. fi/kurssit/ads/rsa. pdf