To prevent approach of “Known-algorithm, unknown key” for use of symmetric
encryption, there need a sufficient strong algorithm of encryption so that ciphertexts
or key unable to discover by decipher the ciphertext even an adversary has a complete
knowledge. Usually, the requirement should be state in strong from: the
ciphertext should not be decrypt or the key discover by opponent if a number of
ciphertexts to process together with plaintext in each ciphertexts.
This feature of symmetric encryption is what makes it good in business so that manufacturer
can much easier to produce and develop low-cost chip implementations of data
encryption algorithms. However, maintaining the secrecy of the key is the main
security problem that need to be concern due to these chips are widely
available into a quantity of product.
The sender and receiver should keep the secret key as confidential to ensure
protection with effective as well as assumed the algorithm is to be known. The
security need to keep only the key secret not algorithm secret. That means is,
a message decrypt on the basic of ciphertext plus knowledge of encrypt or
This mechanism to assure properties of a data exchange
for the receiver involve a use of trusted third party to store the request of
sender and prevent the denying such a request later from sender.
allows between sender and the receiver to selection and continuously changing
different available routes when breach of security is suspected.
Traffic padding mechanisms provide various levels of
protection to frustrate traffic analysis attempts by insertion of bits into
gaps in a data stream.
This mechanism intended that means of information
exchange to ensure the identity of an entity. Use of authentication information
is one of the technique which applied to authentication exchange such as the
receiving entity checked the password provide by a sending entity.
5. Authentication exchange
mechanism is using to assure the integrity of message. the aspects of data
integrity divide to two, there are the integrity of a single data unit or field
and the integrity of a stream of data units or field. For the integrity of a
single data unit involves two processes, one at sending entity and one at the
receiving entity. The manipulation detection may lead to recover action at
higher layer due to mechanism alone unable protect against the replay of single
4. Data integrity
mechanisms may determine and enforce the access right of the entity via using
the authenticated identity of or capabilities of an entity. The access control
function will reject the entity attempts when use a resource of unauthorised or
resource of authorised with improper access. In additional, the incident report
will be generating an alarm for the purpose of recording as a part of a
security audit trail.
3. Access control
mechanism allows a recipient to verify the message as well as the integrity of
data by apply hash function and encryption algorithms for purpose to against
forgery. The public key cryptography is a term of digital signature implement together
2. Digital signature
or subsequent recovery of the data into a not readable form are implement by
mathematical algorithms depend on an algorithm and zero or more key of
encryption. The encipherment algorithms can be implement in either reversible
or irreversible. The reversible encipherment define in two general
classification which is symmetric (secret key) and asymmetric (public key).
security mechanism is a process that provide specific techniques defined in
X.800 to counter security attack by detect, prevent or recover. The functions
required not only support by single mechanism. However, the mechanisms may be
implement into the appropriate protocol layer to provide some of OSI security
service. These specific security mechanisms include: encipherment, digital
signatures, access controls, data integrity, authentication exchange, traffic
padding, routing control and notarization.
the wide variety of potential physical, software and network vulnerabilities,
the active attack become quite difficult to prevent. The goal is to detect
active attack and to recover faster from any disruption instead of prevention.
antivirus and update firewall for computer regularly to protect against the
attack from attacker. The server configuration can help the network
administrator to block out unauthenticated users by harden the firewall
attacker attempt to disrupt or overload the network to prevent legitimate users
from accessing the service. It may generate heavy traffic of false interaction
when the attacker sends excessive message asking the network to authenticate
requests that have invalid return address.
4. Denial of service
important data able to protect by create a message authentication code combines
with hash function and secret key. The attacker cannot modify data without
attacker will attempt some portion of message from sender and altered it. The
message will be re-ordered the message to suit his needs and re-send to
3. Modification of message
replay attack can prevent by time-checking. The server only accepts request if
they are close enough to current via compare timestamps of requests with
attacker captures the authenticated information (such as: sharing key) by spies
the conversation between sender and receiver. After that, the attacker gives
the sharing key to proof of his identity and authenticity by contact the
masquerade can be prevented through create a message authentication to assured
original message is from the alleged sender to receiver.
masquerade may be attempted when one entity pretends to be a particular user of
a system to gain access to personal computer information. if an authorization
process is not fully protected, the masquerade attack can carry out
transactions/ interaction through perpetrated using stolen user ID and password,
spot the gaps in program or bypassing the authentication mechanism.
attacks are any attempt to modify of the data stream, create a false stream and
destroy system. There can be subdivided into four types of active attacks.
On the other hand, Alice will need to use an authentication mechanism to
request information from potential buyer and verifies that information with the
authentication server and relays a response to the potential buyer to give then
access to check that authentic message.
In fact, Alice will do not mind others to know the information of laptop. In opposite,
she more delighted if getting more people to know that to sold it faster.
Alice wants to broadcast a message concerning to sell she’s laptop in website
and she must broadcast in plaintext with an authenticity tag. Since there have
only one destination to check for authenticity which more cheap and reliable.
message confidentiality is not provided and can be read at the destination if
the message authentication that do not rely on encryption. Appended an
authentication tag to each message for transmission is one of approaches to message
authentication without encryption. However,
some scenario is preferred with message authentication without confidentiality.
We discuss one of scenario at below.
Degree of importance: Moderate.
In Singapore, bank
provides automated teller machine (ATM) to customer to withdraw money in
wherever of island wide and whenever they want. Therefore, the system must be
able to be available 99.9% of the time to provide easy access so that customer
able to withdraw money from ATM with he/she ATM card and individual PIN. Otherwise
the unavailability of this service will cause embarrassment to the customer.
Degree of importance: High.
customer’s integrity of account record and of individual transaction must
protect to ensure the record and transaction without altered by unauthorized
persons in a way that is not detectable by authorized persons. The unauthorized
person can alter data or amount of bank transaction over the internet,
Therefore, customer account must be associated with the card if transaction
performed via the automated teller machine (ATM).
Degree of importance: High.
The customer to
access their account using the automated teller machine (ATM) by insert ATM
card and enter personal identification number (PIN). Therefore, the personal
identification number (PIN) must be encrypted and treat it strictly as confidential
to prevent risk of compromise of account during transaction. Furthermore, Bank should
encrypt the communication channel between ATM host system and bank server to
protect information of confidential.