Robot Network as a Specific Network or Server - Assignment Example

of the of the 1st July Answers Robot network or BOT NET is also known as a ‘Zombie army’ and is considered asa group of computers that are compromised and controlled by the hacker to attack a specific target (Botnet.2011). Likewise, these group of compromised computers will broadcast spam, relay unwanted emails, viruses or excessive request against any service associated with a specific network or server. The compromised zombie army is invaded by a Trojan, which is known as a remote application that installs itself within the system memory or kernel and provides data or connectivity to the hacker. Moreover, Trojan is operational by initiating an Internet Relay Chat (IRC) that waits for any action from the hacker who has full control over the botnet (Rapoza, 2008). Apart from IRC, hackers utilize root kits to compromise weak system with no updated security patches and have security loop holes that facilitate hacker’s objectives. As there are countless computers connected to the Internet, they use tools to capture and identify vulnerable systems and uses IP spoofing for (Spoofing.2011) manipulating the original IP addresses for gaining access in to the system. Furthermore, these compromised systems are from different geographical locations, it is difficult to identity suspicious traffic, as it represents different time zones. As botnets are considered as a major player in a Denial of Service attacks, it can be prevented by honey pots and bastion hosts that will identify suspicious broadcast at the initial level. As mentioned previously, that a zombie army initiates flooding and broadcasting attacks from various locations to the specific target. The characteristic of this attack encompasses threats from distributed source and is known as distributed denial of service attacks (DDoS). Computer network encyclopedia describes it, as the incorporation of hundreds or even thousands of computers that were previously compromised used for transmitting huge volume of unwanted traffic to the target. DDoS attacks are considered to be lethal in the world of Internet has imposes significant risks for businesses, governmental organizations, army networks etc. (Ghazali & Hassan, 2011) research on DDoS attacks has revealed vulnerabilities not only in the network architecture or infrastructure, but also in the protocol specifications along with Internet. Exhibit 1.1 demonstrates types of flooding DDoS attacks along with protocols: Attack Name UDP Flood TCP Flood LorDAS Shrew Induced-Shrew Quiet Attack Rate High High Low Low Low Low Attack Traffic UDP Flow TCP Flow No information TCP Flow Optimistic ACK packets Short-lived, TCP flows Attack Target UDP or TCP clients UDP or TCP clients Application servers Routers in TCP Flow Internet Access, Routers Routers in TCP Flows Attack Goal Exhaust resources at target machines Consume Bandwidth Reduce availability and capability of servers Deny bandwidth TCP Flows, close session Dos at Internet access routers Reduce throughput Exhibit 1.1 Source: (Ghazali & Hassan, 2011) High rate flood attacks: This type of attack is achieved by traffic generation from many machines that may be in total of hundreds or thousands dispersed globally. The flooding of unwanted traffic degrades the performance of the target system or network by utilizing all the resources (Ghazali & Hassan, 2011). Low rate flood attacks: This type of attack is not similar to a high rate flood attack, as the attacker broadcast intelligently constructed packets. These packets are designed to bypass traditional flood detectors by varying the traffic rate (Ghazali & Hassan, 2011). Low Rate DoS Attack against Application Servers (LoRDAS): This type of attack targets iterative servers and augments its capacity against synchronized or iterative servers. Likewise, the LoRDAS attack utilizes the capacity of these servers by sending a broadcast intelligently so that the servers begin to process the request of the hacker and overloading the server to fulfill any new legitimate request (Ghazali & Hassan, 2011). Shrew attack: This type of attack silently denies the bandwidth of a TCP data steam. Likewise, a short broadcast of large volume of traffic is generated for a limited time. This short burst artifice the TCP that the data stream is congestion and buffer of the targeted router overflows that result in packet drops (Ghazali & Hassan, 2011). Induced-shrew attack: this attack dominates a remote host that is called as a slave and the controller of this system or slave is called as a master. Likewise, the slave is responsible for attacking low rate broadcasts and must be incorporated with TCP i.e. any application or network service operating on the Internet or associated with file transfer service (Ghazali & Hassan, 2011). The reason for using an open source operating systems is to customize and select appropriate technology that was set to default. In this rapidly changing digital world of advanced hackers, new prevention techniques are invented for maximum prevention along with minimizing risks. One cannot predict that the blowfish encryption algorithm will also be replaced by the new and more secure algorithm known as two fish that will also be replaced at some period of this information age. Security requires constant and periodic changes to pace up and counter the threats that are ever increasing. Similarly, cryptography also goes with the same approach of upgrading new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked. Lastly, the future concerns for blow fish encryption algorithm are associated with minimizing the use of S boxes along with less iterative processes along with sub key calculation on the fly. Two fish that is considered to be the next state of the art encryption algorithm after blow fish will be considered as AES final with 128 bit block size and can handle more operations. Two fish incorporates a 16 round structure with additional options for inputs and outputs, as the plain text is converted in to 32 bit words. The inputs incorporates four key words followed by sixteen rounds and each round, two words on the left are utilized as inputs to the function donated by ‘g’. The tool utilized in this scenario is ‘keepass’ that is an open source tool for storing all the passwords in a database that is encrypted (Popov). The database can also be encrypted by blow fish, as it incorporates no weak keys and the design is simple and understandable that supports analysis, algorithm integrity and repeatable block ciphers. Likewise, block ciphers are 64 bits in length with variable length keys. S-boxes are dependent on large keys that are more resilient to cryptanalysis. Moreover, permutations are key dependent with a support of diverse operations associated with mathematics that is integrated with XOR and addition. For attacking the encrypted files, workstation B can use many attack methods for retrieving the password files stored in the database maintained by ‘keepass’. The plaintext and cipher text methods of attacks incorporates a cryptanalyst that has an access to plaintext and the conforming cipher text and pursues to find association in between the two. Whereas, a cipher text is associated with an attack in which cryptanalyst is accessible to cipher text and do not have access to conforming plaintext. Workstation B can use generic ciphers such as Caesar, frequency analysis for cracking the cipher on workstation A. Moreover, workstation B can also use a plaintext and chosen cipher text attack for retrieving the passwords. This type of attack incorporates a cryptanalyst that is capable of encrypting a plaintext of choice and examines the results of cipher text. This type of attack is most generic for asymmetric cryptography, as workstation B can gain public key via cryptanalyst. Workstation B can also choose cipher text attack that incorporates a cryptanalyst selecting a cipher text that seeks for a similar plaintext. Workstation B can decrypt oracle that is a machine for decrypting data without exposure of key. Moreover, workstation B can also execute the attack on public key encryption, as it initiate with a cipher text and seeks for similar matched plaintext data available publically. Workstation B can also utilize adaptive attacks, as these attacks incorporate a cryptanalyst that selects plaintext or cipher text on the basis of previous results. Side channel attacks can also be utilized for data available in workstation A. These types of attacks extracts information associated with the physical deployment of cryptographic algorithm along with the hardware utilized for encrypting or decrypting data. These cryptographic methods mentioned earlier presume that access to plain text and cipher text is available to cryptanalyst and often to both types of data along with a possibility of cryptographic algorithms. Moreover, a side channel attack initiated by workstation B expands its scope such as CPU cycles utilize or time taken for calculation, voltage utilization etc. Apart from this attack, workstation B can also use network based attacks against Open SSL, as it utilizes two types of multiplications.one of them is called as Karatsuba that is used for words having the characteristics of equal size along with multiplication of those words that are not equal in size. Karatsuba is robust as the variation is speed can be validated by utilizing SSL TCP/IP data connection, however, information can be hacked by an hacker by using this type of multiplication methodology. For instance, a research team located at Stanford initiated a side channel timing attack for recovering the 1Mega Bit RSA key located on OpenSSL server. Likewise, the researchers utilized two hours and one million queries for the attack. Workstation B can utilize brute force attack that will try to retrieve every reachable key in a systematic manner. Likewise, this type of attack is associated with plain text or cipher text type of attacks. Workstation B can attack workstation A by a 4 bit key. Workstation B will allocate a limited length of key along with adequate time for a successful brute force attack. Likewise, encryption algorithms may become vulnerable to brute force attacks as the time passes by because CPU utilization increases. A single DES encryption incorporates an effective length key comprising of 56 bits, as the key can be cracked within two or three days by utilizing dedicated hardware components such as Electronic Frontier Foundation’s Deep Crack. workstation B will not be able to crack a 168 bit key in the similar fashion because it incorporates Advanced Encryption Standards. Workstation B must ensure when the success of brute force attack on only cipher text is accomplished. One of the examples of a brute force attack is demonstrated in Fig 1.1. Figure 1.1 Source: (Anonymous) Workstation B can use yet another type of attack for retrieving encrypted passwords available on workstation A. Man in the middle attack can be executed by workstation B for attacking algorithms that are utilized for multiples keys associated with encryption. One of examples incorporates a successful man in the middle attack against double DES. For augmenting the solidity of 56 bit DES, double DES was suggested. As man in the middle attack is associated with plain text attacks, the cryptanalyst has accessibility to plaintext and the output cipher text. One of the examples incorporates plaintext is ‘passwords’ and the double DES cipher text is named as ‘ABC’. The primary objective of cryptanalyst is to retrieve two keys i.e. Key 1 and Key 2 that were utilized for encryption. workstation B will first initiate a brute force attack on Key 1 by utilizing all 256 single DES keys for encrypting the plaintext of ‘passwords’ and stores all intermediate outputs of cipher texts and every key in a table. Secondly, Workstation Bie will impose Key 2 and decrypts ‘ABC’ for 256 times. During the process of decrypting the intermediate cipher text available in the table for the second brute force attack, objective is accomplished and both keys are now visible to the cryptanalyst. Workstation B was able to attack 256 attempts to retrieve the passwords. Conclusion For attacking workstation A that is maintaining encrypted passwords via an open source tool, workstation B can deploy and execute various attack methods as discussed in the body of the paper. Some of the attack methods discussed incorporates Meet-in-the-Middle Attack, Brute Force Attacks, Side Channel Attacks, Adaptive Chosen Plaintext and Adaptive Chosen Cipher text Attacks, Chosen Plaintext and Chosen Cipher text Attacks and Known Plaintext and Cipher text-Only Attacks. Work Cited Botnet.(2011). Computer Desktop Encyclopedia, , 1. Denial of service attack.(2011). Computer Desktop Encyclopedia, , 1. Ghazali, K. W. M., & Hassan, R. (2011). Flooding distributed denial of service attacks-A review. Journal of Computer Science, 7(8), 1218-1223. Rapoza, J. (2008). Botnets vs. botnets Ziff Davis Enterprise. Spoofing.(2011). Computer Desktop Encyclopedia, , 1. Read More