Tuesday, April 2, 2019
The Security Requirements And Challenges Of Manets Information Technology Essay
The Security Requirements And Challenges Of Manets Information Technology EssayThe study gage requirements of MANETs argon secure linking, secure routing and secure data contagion or secure data big bucks forward.Both proactive and antiphonal approaches are needed.The disadvantages of the mobile design, like limited cpu, memory and battery, may let MANETs lay out more security chanllegnes, which include bothactive and static attacks, the problems of dynamic lapseology, routing protocol and mobile environment, specially the packets missing, data changedand node failures ordain make habitrs lose trust of it, well-nigh of the secure routing protocols are intentional with certain known attacks in mind. When anunknown attack is encountered, these protocols may collapse, nevertheless achieving higher security usually requires more computation on separately mobile node.2. Explain -TESLA and compare it with TESLA?TESLA means Time Efficient drift Loss-tolerant Authentication, -TESLA is a micro version of TESLA, or we nates consider it as an adoption ofTESLA for WSNs. Althugh TESLA and -TESLA are multicast stream currentaiton protocols, both have different ship dismissal in make out discloure and authentication. -TESLA is engrossd in authentication of message broadcasts from dish Station(BS), from nodes (through BS), and too to authenticate route update broadcasts.BS works as the give a vogue distri al unrivalledion center. ( Taken From Chapter 3, Course slides.) This means -TESLA allows the receivers broadcast certify datadue to node to node key agreement. Receiver do non share a key with other receivers. But TESLA mailer uses digital signature for the intial packet authenticaitonand broadcasts it over the whole WSN, the receiver knows the key disclosing schedule, when the key is disclosed, receiver give check its correctness andauthenticates the buffered packets.3. Gather schooling about the key Management protocols in MANETs. And explaini t briefly.In MANETs, happen upon management is actually considered as the base for every cryptographic remains, its a combination of cryptographic algorithms andon-demand dynamic routing protocols, because the webing security in many cases babelike on proper key management, the tranditional centralizedapproach in key management does non work out here, at that placefore, several methods are usually utilize in the key management system in MANETs, such asSecret Sharing Methods, Distributed CA Method, Error-code based methods and Byzantine alive(p) Method. Even so, KM system stable faces the many Challengeslike slashing topology and environment, Lack of trust, customer failures, Bounded computational and operational originator, Connectivity problems and Nodeautonomity, etc.because you dont know if any one entity is dishonest, that entity may be exposed.4. Explain SEAD, SAR and SPAAR routing protocols in more details.SEAD is a secure instrument panel- driven routing protoc ol based on the existing DSDV(Destination-Sequenced Distance-Vector) routing protocol. It usesa one-way- haschisch function and asymmetric cryptography operations. Although SEAD defends against several types of make ( Denial-of-Service attacks),it cannot celebrate the wormhole attack.To evacuate long time running routing loops and to defend against the replay attack, SEAD uses name and address numbers toto ensure that the information originates from the correct node. Authentication is also used in SEAD. Each node uses a specific authentic elementfrom its one-way hash chain in each routing update that it sends about itself. The source must be certify using around kind of broadcast authenticationmechanism, such as TESLA. Apart from the hash functions used, SEAD doesnt use average settling time for sending triggered updates.This disadvantagemakes SEAD face the chanellege of clock synchronization in order to function properly.SAR stands for Security-Aware Ad Hoc Routing, which ap plied for on-demand secure routing protocols. When a packet is sent, it need be assigned a trust take account and certain security attributes, like time stamp, date number, authentication, integrity, SAR introduces a negociable metrics to discover secureroutes that are embedded into RREQ packets. And this packet can be solveed or forwarded unless if the node can provide the required security. The problemof SAR is you dont know whether or not the value assigned is true and the invisible node attack can not detected and treated in SAR.SPAAR ( true(p) Position Aided Ad hoc Routing) is a position based system and uses the location information to increase the security and instruction execution.All nodes in SPAAR are required to know their own locations, for eaxmple, GPS system tells you where you are. SPAAR is also designed to provideauthentication, non-repudiation, confidentiality and integrity for the security environment.5. Explain Secure contentedness Transmission Protocol ( SMT ) in MANETs.The major job of SMT (Secure Message Transmission) protocol is to secure the data transmission or data forwarding on already discovered routes no matterwhether or not these routes have despiteful nodes. SMT protocol does not deal with route discovery. It only demands a secure relationship between the sourceand destination by allowing one node know the public key of the other node. No cryptographic operation is needed between the nodes because thecommunication is usually through over the node disjoint paths, every piece of message is authenticated and verified through a Message Authentication Code.The destination doesnt need all the pieces of a message to understand it. It can hypothesise the message when enough pieces have been received.This implies that even if there are malicious nodes in a few paths that drop the message or if there are unavailable routes, the message can still be received.If the destination didnt receive enough pieces to construct the message, the source will send out the remaining pieces over a different set of paths. differently the source continues with the next message transmission.6. Give numberical examples for EL Gamal-TC (4,6) and RSA-TC(4,6). An investigate whether oval-shaped Curve Crypto(ECC) could be used for TC?Elliptic Curve Crypto(ECC) could be used for TC, I got this idea from the article ECC Based brink Cryptographyfor Secure Data Forwarding and Secure Key turn in MANET written by Levent Ertaul and Weimin Lu, 2005,The two authors say in this way We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely sustain messages in n shares. As long as the destination receives at least k shares, it can recover the original message.We explore 7 ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext earlierencryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodesusing Elliptic Curve Cryptography Diffie-Hellman. We did performance comparison of ECC and RSA to fork out ECCis more efficient than RSA.7. Hacking technique and counter MeasuresPlease find the usage and the required counter measures to avoid effects of the below rules. Thiscommands fall into a catergory called Discovering Wireless Networks.a. INSSIDERActually inSSIDer is a replacement for NetStumbler, it is a free Wi-Fi profits scanner for Windows Vista and windows XP, it can inspect your WLANand surrounding networks to troubleshoot competing access backsheeshs, it works with internal Wi-Fi radio, Wi-Fi network information, such as SSID, MAC,Access point vendor, data rate, signal strength, security, etc. Graph signal strength over time, is also can show how wireless local area network networks overlap and provides anopen source code service since the Apache License, translation 2.0, it also can support GPS and ex port to Netstumbler(*.ns1) files, because of the open sourceservice, the intruders may take advantages of it to attack your personal information. The best way to avoid inssider command is to give it no permission toaccess WLAN. I consider IEEE802.1x and IEEE802.11i protocols should be applied, and the specific mechanisms, like WEP, TKIP, CCMP, MIC,Counter-MOde-CBC-MAC Mode, WPA and WPA2 should be got involved.b. Visit following web localize http//renderlab.net/projects/WPA-tablesAnd give me the brief desription of this site.After visiting this website, a Church of Wifi WPA-PSK Rainbow Tables displays, this page is to give a little more insight into the methodological analysisand logic behind concieving and building the CoWF WPA-PSK Rainbow Tables, actually they are lookup tables. From my point of view, this websitetries to show you the result of the project that is done at renderlab, this project is examen how much possibilities the password will be cracked. OnWPA-tables, WPA-PSK was vulnerable to savage force attack, cryptographists use the tools like Aircrack and coWPAtty to take advantage of this weaknessand provided a way to tryout keys against dictionaries. They found that in fact the cracking process is very slow . Each passphrase is hashed4096 times with SHA-1 and 256 bits of the output is the resulting hash. This is then compared to the hash generated in the initial key exchange. A lotof computing power is required for this. If the SSID and the SSID length is seeded into the passphrase hash, the passphrase of password will be hasheddifferently on a network with the SSID of linksys than it will on a network with the SSID of default. For the War driving, attacking a series of accesspoints to connect to a server behind it, each ones security was stronger than the previous. They also found the industry of the Time-Memory trade-offis particularly useful in password cracking and cryptography. How to prevent it from attack? They think its im affirmable t o create a lookup table for allpossible keys. Because the seeding of the algorithm with the SSID and SSID length, they have to estimate all possible keys against all possible SSIDs,the limlited storage space doesnt allow them to do calculation. sooner they quickly check WPA-PSK networks against known english wordsand known passwords quickly, piece of music still leaving the option open for brute forcing the rest of the keyspace. Selecting the most effecient dictionary and SSIDscomputed became the focus.Size was also a concern. Even if they want to break the password, they still do not want the key size beyond the storage capacityof most users. They list some common passwords from Websters dictionary and compute them by sorting all passphrases in the range 8 bits and 64 bits, bothmax and min passphrases are taken off. The result shows 52% of SSID are at Wigle database of 5 million access points and on the top 1000 lists. This meansat least 2.7 million access points are known. Thi s renderlab project found a way to speed up WPA-PSK cracking, but it does not mean that it has been broken.Those experts also use coWPAtty and other similar tools to test the other dumb passphrases. The test result shows the minimum number of characters for aWPA-PSK passphrase is 8 and the maximum is 63. In reality, very few users actually use more than about 20 characters, in most cases, people take knownwords and phrases, likely to be in a dictionary. So, to posit decent protection from WPA-PSK, you should use a very long, very random, alphanumerical stringlonger than 20 characters, or to protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list becausethis will force the attacker to compute thier own list, rather than use one of the CoWF tables.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.