-
Improving Network Security Using Elliptic Curve Cryptosystem
-
-
-
Simple packet filters selectively controls the flow of packets in/out of a network or between networks. Control is based and enforced through a series of rules. These rules are based on information stored in the IP and TCP/UDP/ICMP headers.
Rule criteria can be based on the following characteristics of the IP packet:
➢ Source and/or destination addresses
➢ Protocol including TCP, UDP, ICMP, or all IP
➢ TCP or UDP source and/or destination ports
➢ ICMP message type
➢ TCP flags, especially ACK (to distinguish a new connection from a reply to an established connection)
ii. Stateful inspection filter):
When a packet arrives on the outside interface, it could be one of the two things:
➢ A packet intended to start a new connection originating from the outside. This is risky because the packet may be inappropriate or malicious.
➢ A packet that is replying to the request initiated from inside. This is less likely to present a risk and more likely to be legitimate.
Both a brand new packet and a reply packet both appear similar because both have source IPs from the outside, destination IPs for inside, and appear to external interface. The only difference is in the TCP flag bit, that is:
➢ New traffic has SYN while return traffic for exiting connections has ACK.
➢ TCP flags can be crafted or manipulated so these are not good ways to track state.
➢ UDP, ICMP and other protocols do not have the flags.
Thus stateful inspection should be used whenever there is a need to differentiate between an incoming return/reply packet for an outgoing connection and an incoming packet for an incoming connection. This type of firewalls extracts state related information from the application layer, such as the FTP PORT, command that defines the data channel port and open that port for the life of the connection. The stately inspection filters maintain tables to track the state of each packet. The state tables stores source address, destination address, source port, destination port, and connection expiration time limit. Any packets that match a connection in the table is considered part of the same connection. Packets that did not match an existing connection in the table are considered new and are added to the table (assuming that the connection passes the filtering rules which have been defined).
iii. Application Proxy
-
-
-
ABSRACT - [ Total Page(s): 1 ]ABSTRACTSecuring a network wired or wireless for network administrator has been a big challenges for network administrators in the present day of Internet usage. This project presents ECDSA Cryptosystem as a solution to the problem been faced by network administrators and Engineers. The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA) with the attractiveness that there is no sub exponential algorithm known to solve the ell ... Continue reading---
TABLE OF CONTENTS - [ Total Page(s): 1 ]TABLE OF CONTENTTittle Page Declaration Certification Dedication Acknowledgements Abstract Tables of contents Table of Content1.0 CHAPTER ONE (INTRODUCTION)1.1 BACKGROUND TO THE WORK 1.2 PROBLEM DEFINITION 1.3 PROJECT JUSTIFICATION 1.4 OBJECTIVES 2.0 CHAPTER TWO (LITERATURE REVIEW)2.1 NETWORK SECURITY 2.2 CHARACTERISTICS OF NETWORK SECURITY 2.3 MAIN THREATS TO NETWORK S ... Continue reading---
CHAPTER ONE - [ Total Page(s): 2 ]CHAPTER ONE1.0 INTRODUCTION1.1 BACKGROUND TO THE WORKThe fast development of the modern Internet technology and information technology cause the individual, enterprise, school and government department joining the Internet, Which cause more illegal users to attack and destroy the network by using the fake websites, fake mail, Trojan horse and backdoor virus at the same time. The target of the attacks and intrusion on the network are computers, so once the intruders succeed, it will c ... Continue reading---
CHAPTER THREE - [ Total Page(s): 8 ]CHAPTER THREE3.0 METHODOLOGY3.1 BACKGROUND OF ELLIPTIC CURVE CRYPROGRAPHYElliptic curve cryptography provides a methodology for obtaining high-speed, efficient, and scalable implementations of network security protocols. The security of these protocols depends on the difficulty of computing elliptic curve discrete logarithm in the elliptic curve group.The group operations utilize the arithmetic of points which are elements of the set of solutions of an elliptic curve equation d ... Continue reading---
CHAPTER FOUR - [ Total Page(s): 10 ]Step 3: verifying the signatureAt this stage the program try to verify the signature weather it’s correct or not. It will display VALID or INVALID to ascertain the validity.Result:The result above what gotten using Secp256kr1 algorithm as shown above, the private and public key was gotten based on previous work inculcated into the database for the key generation and FRANCIS was used as the message string in other to get a signature value. ... Continue reading---
CHAPTER FIVE - [ Total Page(s): 1 ]CHAPTER FIVESUMMARY, CONCLUSION, AND RECOMMENDATIONElliptic Curve Digital Signature Algorithm (ECDSA) which is one of the variants of Elliptic Curve Cryptography (ECC) proposed as an alternative to established public key systems such as Digital Signature Algorithm (DSA) and Rivest Shamir Adleman (RSA), have recently gained a lot of attention in industry and academia.The main reason for the attractiveness of ECDSA is the fact that there is no sub exponential algorith known to solve the elliptic c ... Continue reading---
-
ABSRACT - [ Total Page(s): 1 ]ABSTRACTSecuring a network wired or wireless for network administrator has been a big challenges for network administrators in the present day of Internet usage. This project presents ECDSA Cryptosystem as a solution to the problem been faced by network administrators and Engineers. The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA) with the attractiveness that there is no sub exponential algorithm known to solve the ell ... Continue reading---