ATTENTION
BEFORE
YOU READ THE ABSTRACT OR CHAPTER ONE OF THE PROJECT TOPIC BELOW, PLEASE READ
THE INFORMATION BELOW.THANK YOU!
INFORMATION:
YOU
CAN GET THE COMPLETE PROJECT OF THE TOPIC BELOW. THE FULL PROJECT COSTS N5,000
ONLY. THE FULL INFORMATION ON HOW TO PAY AND GET THE COMPLETE PROJECT IS AT THE
BOTTOM OF THIS PAGE. OR YOU CAN CALL: 08068231953, 08168759420
WHATSAPP
US ON 08137701720
DESIGN AND IMPLEMENTATION OF AN INTRUISION TOLERANT SYSTEM
INTRODUCTION
1.1 INTRODUCTION
Most current information systems are connected to the
Internet for efficiency and convenience. However, the growth of accessibility
makes the systems vulnerable to attackers. A web server is a program that runs
over the Hyper Text Transfer Protocol which has client-server mode to serve
clients with files and other details which are stored on the server. The web
server is currently the most widely deployed type of distributed data server.
Every computer on the internet that contains a website must have a web server
program. Web servers are providing dynamic contents rather than static ones
which have opened up many security flaws.With the development and scope of
cloud computing, there is a tremendous shift in the web hosting industries.
Most users prefer a server in the cloud due to ease of maintenance and low cost
of infrastructure thus there is a great need to ensure the integrity and
confidentiality of the systems we use. For this reason, many studies have been
conducted in order to improve security of information systems. To protect the
private keys of web servers and certificate authority, (Boneh et al, 1999)
shared the keys among a number of share servers.
1.2 BACKGROUND OF
THE STUDY
A dependable system is defined as one that is able to deliver
a service that can justifiably be trusted; attributes of dependability include
avaliablity ( readiness for correct service), reliablility (continuity of
correct service), confidentiality (prevention of unauthorised disclosure of
information), and integrity (absence of improper system state
alterations)(Avizenis et al, 2001).
Large network infrastructures, such as the Internet, are
vital for citizens to benefit from the services provided by theZ Information
Society. However, users must be able to trust the services offered to them.
MAFTIA (Randell et al, 2003), an European Union funded project investigated a
comprehensive approach for tolerating both accidental faults and malicious
attacks in large-scale distributed systems, thereby enabling them to remain
operational during attack, without requiring time-consuming and potentially
error-prone human intervention. SITAR (Sargor et al, 2001) uses
commercial-off-the-shell servers to provide intrusion tolerance to distributed
systems.
Emerging
applications like electronic commerce and secure communications over open
networks have made clear the fundamental role of public key cryptography as
unique security solutions. On the other hand, these solutions clearly expose
the fact that the protection of private keys is a security bottleneck in these
sensitive applications. This problem is further worsened in the cases where a
single and unchanged private key must be kept secret for very long time (such
is the case of certification authority keys, and e-cash keys).
When classified information is sent electronically from one
individual to another, some form of encryption must be used to protect the
information from prying eyes. Because internet technology relies on the
transmission of data through the public domain, this encryption is absolutely
essential to preserving the security of electronically-transmitted information.
Public key encryption, which was first developed in the 1970s, has gradually come
to dominate the “cryptology market” because of its innate advantages over
private-key methods of encrypting data; unlike its counterpart, public key
encryption does not require that individuals share a secret key.
Although
public key encryption algorithms such as RSA (Rivest et al, 1977) have achieved
universal acceptance in the modern cryptology arena, they remain vulnerable to
many potential security threats. For example, because public key encryption
involves the “receiver” providing a public key to any “senders” who wish to
send him confidential information (the receiver uses a different, private key
to decrypt the data), it is entirely possible for a devious individual to send
an encrypted message to the receiver that appears to have been sent from
someone else; after all, the public key used to encrypt this message is fully
available to everyone. In other words, when constructed improperly, public
encryption systems such as RSA do not intrinsically protect against false
sender identification.
1.3 STATEMENT OF
THE PROBLEM
The computer
security problem includes lots of buggy and insecure applications. Attackers can infect your system with malware
and steal credentials like credit card details, passwords etc. Example of this
is a malware called SilentBanker. It appends itself to your computer and stays
silent. Now anytime your computer makes a web request to port 80 or 443 it
monitors the request. Though port 443 is encrypted using SSL it doesn’t bother
the malware. The malware injects malicious javascript to the target page to
change it so whenever you type your password for authentication the password
would get sent to the attacker. This malware was used to steal a lot of
passwords from UK banks.
An attacker can steal
your IP address and use it to send spam messages. An attacker does this to
protect himself and shift the blame to the person whose computer he uses to
send the spam messages. There are organizations that provide Denial of Service
as a service. That is they can attack a web page or web server for a fee you
pay. They do this by bombarding either a web server or web page with a lot of
requests than it can process.
Nowadays, we see the spread of war from physical space to the
cyber space. An example of this is the Stuxnet virus (2008) which the NSA and
Israeli Intelligence agencies used in shutting down Iran’s nuclear power plant.
What the attackers did was that they use four zero day windows exploit to
infect the computer of the administrator that maintains the nuclear facility.
This exploits just sits on your windows computer and only functions if you have
the Siemens PCS 7 SCADA control software on your windows computer. It will wait
for your to connect the Siemens controller to the network then it will affect
the network. This malware in the target computers serves as logic bombs. They
used this to attack the nuclear plant thereby shutting down a billion dollar
project with just a malware.
Snowden
(2013), an NSA whistleblower released a top secret espionage carried out by US
and British Intelligence agencies in which they intercept over 80% of web
traffics from sites like Facebook, Google, Twitter etc. and store this
information to be used for various activities. This revelations together with
the ones from whistleblowing site WikiLeaks made aware of the insecurity of the
web which we depend so greatly for our daily activities.
More
recently, we were made aware that some Nigerian governors use the exploits of
the malware firm Hacking Team. Hacking Team is a legal malware company that
creates exploit used to attack varieties of devices ranging from web servers,
computers and anything you can think of. This exposes the fact that in Nigeria
today there are people who poses this weaponized- cyber tools that can be used
to access virtually almost all devices and steal information, plant information
for the purpose of implicating the target.
Noting this
problems we face in this modern era, we turn to cryptography. Cryptography is
used to encrypt data so it can only be read by the person who has the secret
key. So, even though an attacker breaks into our system he cannot decode our
information.
1.4 AIM AND
OBJECTIVES OF STUDY
Despite the
use of public key cryptography in simplifying encryption processes, we are
still stuck with security bottlenecks. Now we see advanced viruses, worms,
Trojans etc. Most applications are not implemented correctly. The goal of this
project includes
To analyze some versions of RSA implemented in HTTPS.
To show the strengths
and weaknesses of RSA. Some common attacks on it.
To show how RSA cryptosystem can be used correctly to build
intrusion tolerant application that can function correctly even when attacked.
To design a version of RSA cryptosystem which is
tamper-resistant and can be used for encryption, session setup etc.
To develop a software based on this design.
1.5 SIGNIFICANCE OF
THE STUDY
RSA is the
most widely used public key cryptosystem. It is used for encryption, session
startups, implementing digital signatures and many others. It is implemented in
our smart cards, the operating system we use and the browsers we use for
surfing the internet etc. However over the years versions of RSA implemented in
WEP, HTTP etc has been broken. This project analysis the security of RSA in
WEB, HTTP etc and also covers attacks on RSA, and at the end designing and
implement a version of RSA that is intrusion tolerant.
1.6 SCOPE OF THE
STUDY
This project
covers ITTC (Boneh et al, 1999), an intrusion tolerant application that uses
RSA for encryption. ITTC is a projects that protects the private keys of web
servers and certificate authorities by splitting server into smaller share
servers so that even if the attacker penetrates a few of the servers he cannot
compromise the whole system. Also, I discussed about SITAR (Sargor et al, 2001)
a DARPA-funded research project that investigates the intrusion tolerance in
distributed system to provide reliable services. I showed some attacks on RSA
like the binding attack, common modulus attack etc. and I also analyzed
security problems of some versions of RSA like the PKCS1 etc. I also showed how
to design and implemented RSA correctly.
1.7 LIMITATIONS OF
THE STUDY
The main limitation is that I could not access specialized
hardware suitable for RSA. Most specialized RSA implementation are implemented
in both hardware and software. Also I did not cover properly its use in
environments like smart cards because of limited tools to analysis security in
these environments.
1.8 DEFINITION OF
TERMS
This are the
meaning of keywords used in the project:
ITTC: Intrusion Tolerant via Threshold Cryptography
MAFTIA: Malicious and Accidental Fault Tolerance for Internet
Applications
COTS: Commercial Off the Shelf
SITAR: Scalable Intrusion Tolerant Architecture
DPASA: Designing Protections and Adaptation into a
Survivability Architecture
PKI: Public Key Infrastructure
SCIT: Self Cleansing Intrusion Tolerance
ACT: Adaptive Cluster Transformation
MAC: Message Authentication Code
10. RSA:Rivest Shamir Adleman
11. CA: Certificate Authority
12. MD5: Message Digest 5
13. RFITS: Randomized Failover Intrusion Tolerant System.
This are the definition of some of the terms used in this
project.
PUBLIC KEY CRYPTOGRAPHY: This is a cryptography in which a
pair of keys is used to encrypt and decrypt a message. The public key is used
to encrypt the message, while the private key is used to decrypt the
cipher-text.
CRYPTOSYSTEM: This refers to a suite of cryptographic
algorithms needed to implement a particular security service. Typically it
consists of three algorithms, one for key generation, one for encryption, and
one for decryption.
THRESHOLD CYPTOSYSTEM: A cryptosystem is threshold if in
order to decrypt an encrypted message, several parties must cooperate in the
decryption protocol.
CRYPTOGRAPHY: This is the practice and study of techniques
for secure communication in the presence of third parties.
CRYPTANALYSIS: This is the study of techniques used to breach
cryptographic security systems and gain access to the contents of encrypted
messages, even if the cryptographic key is unknown.
SYMMETRIC-KEY ALGORITHMS: These are algorithms for
cryptography that use the same cryptographic keys for both encryption of
plaintext and decryption of cipher-text.
HOW TO RECEIVE PROJECT
MATERIAL(S)
After paying the appropriate amount (#5,000) into our bank Account
below, send the following information to
08068231953 or 08168759420
(1)
Your project topics
(2)
Email Address
(3)
Payment Name
(4)
Teller Number
We will
send your material(s) after we receive bank alert
BANK ACCOUNTS
Account
Name: AMUTAH DANIEL CHUKWUDI
Account
Number: 0046579864
Bank:
GTBank.
OR
Account
Name: AMUTAH DANIEL CHUKWUDI
Account
Number: 3139283609
Bank:
FIRST BANK
FOR MORE INFORMATION, CALL:
08068231953 or 08168759420
https://projectmaterialsng.blogspot.com.ng/
https://foreasyprojectmaterials.blogspot.com.ng/
https://mypostumes.blogspot.com.ng/
https://myeasymaterials.blogspot.com.ng/
https://eazyprojectsmaterial.blogspot.com.ng/
https://easzprojectmaterial.blogspot.com.ng/
Comments
Post a Comment