Today Product Developers Avoid Issc361 Encrypting
I need to respond to the two below student discussion forums with 150 words minimum for each. Below in the bold are the questions each student is answering.
For this assignment, create a new message and address the following items in your response.
- Briefly summarize the history of RC4 and what it tells us about the development of secure encryption algorithms.
- For each of the six types of attacks, give an example of how the attack occurs on a network.
- Summarize and compare the three techniques for transmitting information on communications networks.
Student 1 answers:
Hi all,
RC4 or Rivest Cipher 4 was created by Ron Rivest in 1987. It spent its early years of use and development as an RSA trade secret before it was leaked to a public mailing list in 1994. Its intended use was for other companies to purchase rights to it so they could encrypt their information. After it was leaked it was spread and used widely by many. Andrew Roos identified use of concatenated IVs as a likely source of weakness in WEP implementations and published his results and soon after the FMS attack occurred indicating the weakness of RC4 and WEP encryptions.
Physical theft – Someone steals network hardware.
Subversion – Someone modifies or otherwise takes over part of the network so that it enables an attack. An attacker might reroute traffic to allow its interception.
Disclosure – An attacker’s computer intercepts copies of network data intended for others. Eavesdropping may yield passwords or other data that might setup a later attack.
Forgery – Someone constructs a bogus message or modifies a legitimate message. Fake messages could be created to harm a person or company in some way.
Masquerade – A person tricks the network into sending messages claiming to be originated by someone else. Reminds me of a man in the middle attack, almost. Another form of forgery in rems of execution.
Denial of service. An attack that makes some or all of the network unusable. Seems to be a favorite of script kiddies and wannabe hackers, seems like I see more of these forms of attacks in the news almost weekly.
Message Switching – Telegraph, independent receipt, completeness.
Circuit switching – Telephone, circuit switching, rapid connections, low delays.
Packet switching – Computers, resource efficiency, flexible routing, service flexibility.
Green, M. (2016, August 29). What’s the deal with RC4? Retrieved March 27, 2019, from https://blog.cryptographyengineering.com/2011/12/15/whats-deal-with-rc4/
Smith, R. E. Elementary Information Security. [VitalSource]. Retrieved from https://online.vitalsource.com/#/books/9781284093070/
Student two answers:
Hi Everyone!
We are now almost to the half way point!
RC4 was developed by Ron Rivest as a trade secret product in the 1980’s and was sold to companies and forbade these companies to disclose the source code for RC4 under the threat of being able to be sued for breach of contract. In 1994 an unknown entity leaked the source code and shortly afterwards researchers started publishing strategies to attack the RC4 encryption system. Today product developers avoid using RC4 due to the leaked source code, weak keys used, and the wide spread and published research on how to crack the encryption algorithm.
The six types of attacks on a network are:
Physical theft- someone physically steals the network hardware that keeps the network running such as the hub, wires and other equipment
Subversion- Someone is able to modify or by some other means take over part of the network system such as rerouting traffic such as with interception
Disclosure- the process by which an attacker is able to eavesdrop or intercept network data and could be able to find passwords or other private credentials.
Forgery- an attacker constructs a document that appears like a legitimate message as a part of an attack
Masquerade- an attacker is able to fool the network into thinking that the attacker is someone else. This is a specific type of forgery
Denial of Service- in this attack the attacker is able to either take down parts of or the entire network making it so that legitimate traffic is unable to access the network.
Three techniques for transmitting information on networks are:
Message switching- this is where data is sent as a singular indivisible unit. The advantage to this is that communication between sender and recipient doesn’t need to be scheduled and the message sent is delivered to the recipient in its entirety. However there are size limits and the message takes longer to deliver to the recipient.
Circuit switching- Data is sent from the sender, the network establishes a specific circuit to carry that specific data from the sender to the receiver. The advantages to this system are the networks can quickly establish a connection between sender and receiver, there are fewer delays and senders can send multiple messages. The disadvantages are that a sender cannot send data if the receiver doesn’t have space to receive it, and there is high overhead in that a network has to set aside the resources to carry the senders message.
Packet Switching- blocks of data travel independently on the network from sender to receiver. The advantages are that this method is more efficient, it is flexible with how the network is able to send the packets, and a series of packets can be sent on the network simultaneously. Disadvantages are reliability in that either the sender or the receiver or the network itself needs to have additional technical features to guarantee reliability and orderly transmission of the packets, variable delay in that data traverses the network at different rates, and concurrent receipt a sender can send packets but if the receiver is not accepting packets then the packets that were sent are simply discarded.
Hayley
Smith, R. (2016). Elementary Information Security. Retrieved March 27, 2019, from https://online.vitalsource.com/#/books/9781284093070/cfi/6/30!/4/228/2@0:0