Transport Layer Network Layer Protocols Attack

channelise socio-economic class Network Layer Protocols AttackChapter 1 Introduction1.1 BackgroundData Communication technologies and the underlying protocols in the twenty-first ampere-second is bingle of the critical elements that acts as the chokeb atomic number 53 for electronic commerce and rehearse of the world-wide- tissue (Todd and Johnson, 20011). The increase in the growth of electronic commerce as swell up as other forms of meshing-based near communion have increased not all the risks joind with meshing tie in attacks that involve in the loss of personal entropy and possible pecuniary loss to the victims. One of the major components in the net income intercourse is the underlying protocol that g everyplacens the compilation and communication of the nurture from the source computer to the target and back (Nash et al, 20012). The role of the protocols in the earningsing excessively has a mainstay influence on its ability to seizely deliver the educa tion as part of the all overall communication architecture. This makes it dupe that the robustness of the protocol and the extent to which a given protocol architecture can resist intruder attacks through encoding efficiency etc dictates the pledge associated with the info tape conduct as argued by Todd and Johnson, (2001). In this report a critical overview on the sway social class and the network social class protocols of the transmission control protocol/IP protocol architecture is presented to the reader. The research aims to throw light on the possible trade protection attacks on these protocols and the possible countermeasures in rule to hamper such attacks. The attacks in these occurrences mainly concern with the infringement of the nurture through unauthorised access bypassing the security or breaking the encoding surrounding the information existence deported.1.2 bring and ObjectivesThe aim of this research is to investigate the possible attacks on the Transport layer Network layer protocols and present possible countermeasures on overcoming the threat of these attacks on the casual mesh-based selective information communication.The above aim of the research is accomplished through embracing the research on the following objectivesTo conduct a literature review on the Transport and Network layers of the transmission control protocol/IP protocol architecture.To conduct a critical overview on the possible types of attacks on the Transport Layer and Network Layer protocols.To present a critical analysis on the possible countermeasures to prevent the attacks on the Transport layer protocols.1.3 Research MethodologyA qualitative uprise is employ to conduct the research. Since there are quintuplet layers to the transmission control protocol/IP feigning of which the research aims to investigate the protocols associated with the Transport and Network layer, a qualitative plan of attack is deemed rough-and-ready as the infrastructu re required to simulate tests for conducting a quantitative research is limited for conducting the research. As it is alike apparent that the analysis on the five layers of the transmission control protocol/IP model is beyond the scope of the research conducted in this report, the research conducted mainly focuses on the divulge threats and possible types of attacks on the protocols of the transmission control protocol/IP layers discussed.1.4 Chapter OverviewChapter 1 IntroductionThis is the current chapter that presents the aim, objectives and brief overview on the research conducted to the reader.Chapter 2 Literature ReviewThis chapter presents an overview on the layers of the transmission control protocol/IP model followed by a detailed overview on the key Transport layer and Network layer protocols. The chapter also presents a brief overview on the network attacks and the possible threats associated with the Internet entropy transfer.Chapter 3 Protocol AttacksThis chapter pr esents a critical overview on the types of attacks on the Transport Layer and Network Layer protocols. The chapter presents a critical analysis on the methods used and the potential losses that may result collectable to the attacks.Chapter 4 CountermeasuresThis chapter presents a critical overview on the possible countermeasures that are utilize in order to prevent the attacks discussed in chapter 3. A comparative study on the countermeasures discussed is also presented in this chapter.Chapter 2 Literature Review2.1 Internet Security in the twenty-first degree centigradeThe increase in the need for internet security from unauthorised access and malicious attacks is not only due to the need protecting personal/ highly sensitive information of the users but also the proceeds providers (Ganesh and Thorsteinson, 20033). This is naturally because of the situation that the service providers can perform trenchantly only when the requests sent to the waiter are legal hence making j ustifiable use of the resources (Rayns et al, 20034). The use of the resources in terms of the number of connections and the allocation of memory to cater for each connection established with the web server of the service provider is deemed to attribute to the extent to which a given website establishment performs usefully. This makes it clear that the need for internet security is not only a matter of protecting personal information but also effective utilisation of the computer resources dedicated for the intend as argued by Rayns et al (2003).Walden (2007)5 that argues that the security over the internet is mainly accomplished through implementing security measures on the connection-oriented and connection-less protocol used for transferring information from one end to another. It is interesting to line of work that the above focuses especially on the resource utilisation and protection of computer from malicious attacks through ensuring that the communication to and from the computer are not only secure but also valid. It is necessary to ensure both the rigour and security of a given connection over the internet because of the former corresponds to the availability of the service whilst the later attribute to the reliability of the available service (Walden, 2007). It is also interesting to note that the prevention of unauthorised access to information systems connected to the Internet is deemed effective as opposed to implementing access control on each individual system as argued by Todd and Johnson (2001). This makes it clear that the effectuation of the security over the Internet is mainly through implementing the preventive measures against malicious attacks through strengthening the protocols used in the various layers of the TCP/IP model. As the TCP/IP model forms the basis for communication over the internet, it is apparent that the robustness of the protocols implemented in each layer of the TCP/IP stack dictates the effectiveness of the Int ernet security implemented (Walden, 2007). In the next section a critical overview of the TCP/IP model is presented to the reader.2.2 TCP/IP ModelTCP/ IP is a set of rules that defines how two computers address each other and send selective information to each other as argued by empty (2004) (p1)6. Naturally the above makes it clear that TCP/IP is merely a framework that governs the methods to be deployed in order to change communication over the internet among two figuring devices. As TCP/IP is platform independent in nature, it provides a communication framework that can be deployed across every given operational system on a cypher device connected to the Internet or even a dedicated network as opposed to the realness Wide Web. This further opens get on for development of new protocols and communication standards/rules that can be implemented using the TCP/IP model on any one of its five layers as argued by Rayns et al (2003). Hence securing the information being transferr ed from one end to another over a given network or the Internet can be accomplished through implementing a combination of protocols to operate within the layers of the TCP/IP framework. The five layers of the TCP/IP model areApplication LayerTransport LayerNetwork LayerData Link Layer and physiological Layer.From the above it is evident that TCP/IP can be implemented in a given network using any number of protocols in each layer of the TCP/IP model depending upon the level of security required and the speed in selective information transfer. This is because of the fact that the increase in the number of protocols naturally increases the size of the information packet being transferred as part of the communication thus having a direct impact on the speed of communication as argued by Rayns et al (2003). It must also be noted that the protocols presented in each layer of the TCP/IP model shown in Fig 1 is merely a selection and not the exhaustive list of the protocol suite.From the m odel represented in Fig 1 one should also appreciate that the layers of the TCP/IP model are arranged in a logical fashion so that the protocols closer to the top at the layer 1 associate themselves with the computing applications that handle info encryption and security. The protocols to the bottom of the TCP/IP stack on layer 5 on the other hand associate themselves with the developed data transfer from one end to another through establishing connection and enabling communication between sender and receiver as argued by Blank (2004).As the research presented in this report focuses on the Transport and Network layers of the TCP/IP model a detailed overview on the five layers is beyond the scope of this report. A brief overview on each TCP/IP layer is presented below.Application Layer This layer of the TCP/IP model comprises of the protocols that associate with the handling of data and the encryption of the information order to effectively transfer the information from one end to another. The application layer is also deemed as the layer of the TCP/IP model that communicates with the actual application that is handling the information prior to its transfer over the Internet. The protocols of the application layer alter the interaction between the computer and the actual web application that performs the business logic associated with the application prior to preparing the information for transfer over the Internet. This makes it clear that the application layer encryption is mainly associated with the segmentation of the data into packets and allocates the associated headers in order to change their transfer over the Internet. This also makes it clear that the security associated with the information transfer is not implemented at the Application Layer of the TCP/IP model. This makes it clear that the application layer protocols are extensively used in drive of client server applications where the data transfer between the client and the server is in th e full-duplex mode (Feit, 19987).Transport Layer This is the actual layer that manages the connection between the two computers and the achiever or failure of the information being transferred as argued by Blank (2004). The purpose of the Transport layer protocol as the name suggests is to ensure the secure and favored transfer of information over the Internet between the communicating parties as argued by Ganesh and Thorsteinson (2003). The process of enabling end-to-end communication for successful data transfer is the major task that is accomplished using the Transport layer of the TCP/IP model.It is also interesting to not that the transport layer of the TCP/IP model provides the error tracking, flow control and data fragmentation capabilities independent of the underlying network as argued by Feit (1998). The transport layer of the TCP/IP model also performs the task of assigning the header to the data fragment off the overall information being transferred from one end to an other.The transport layer of the TCP/IP model implements two forms of communication strategies. These are connection-oriented and connectionless implementation as discussed below.Connection-Oriented Implementation The TCP (Transmission Control Protocol) protocol of the transport layer accomplishes the connection-oriented dodging of data communication. The connection-oriented approach o data communication corresponds to the process where a connection must be available between the communicating parties in conformance with the corroboration and association rules prior to actually performing data transfer. This makes it clear that the data transfer in subject field of a connection-oriented approach depends on the extent to which the connection being established is live between the communicating computers. This makes it clear that the data transfer in a connection-oriented implementation can be accomplished only with the ability to maintain the connection between the computers thus m aking the data transfer reliable as argued by Feit (1998). This is naturally because of the fact that termination of the connection of loss of connection established during the course of the communication/data transfer would trigger a request to resend the information thus providing room for transferring all the information from one end to another. The session based communication strategies in terms of enabling the communication security is one of the key features of the connection-oriented implementation as prolonged inactivity or termination of the session will naturally terminate the connection established thus protecting the information transferred over the internet. Public Key substructure (PKI) which will be discussed in the next section depends on the establishment of a connection-oriented communication strategy in order to ensure that the communication between the two computers using the connection oriented approach will help protect the information being transferred by the transport layer protocol. As discussed earlier, the transfer of information from one end to another in a communication channel is accomplished through segmenting the information into personify sized segments of data called packets that are assigned a header containing the details of the packet as well as its sequence in the information being transfer. The connection-oriented implementation of the transport layer has following key featuresSequential data transfer This is method which follows the First-in First-out (FIFO) strategy. Thus the sequence in which the data packets are true is the same in which it is being sent from the source computer. This approach is deemed secure to ensure that the information being transferred is not tampered with and loss of one of the packets will enable the sender to resend the entire information again. However, the major disadvantage is that the increase in the size of the information will result in poor performance in terms of speed of data tra nsfer.Higher level of error control As the connection oriented approach ensures that the connection established is live between the sender and the receiver throughout the entire communication process, it is clear that the error control is accomplished successfully through enabling the sender to resend the packets that were not have in the initial transfer. The control in the loss of packets using the above resend strategy naturally minimizes the error associated with the data transfer.Duplication Control The connection-oriented strategy also has the inherent ability to eliminate duplicate data packets transferred thus allowing the connection-oriented architecture to ensure consistency in the information being transferred.Congestion Control The TCP protocol monitors the network traffic as part of the transport layer activities. This ensures that that the session established between the sender and the receiver can transfer the required information successfully prior to collide wit hing the session meter-out situation as argued by Feit (1998).The client-server communication over the internet is a classical prototype for the implementation of a connection oriented strategy in the Transport layer of the TCP/IP model. The use of the PKI in the communication is one of the key aspects of the connection-oriented implementation that makes the TCP protocol a key element in the secure data transfer strategies of the day.Connectionless Implementation As the name suggests the connectionless implementation is the case where a dedicated connection is not required to complete the data transfer between the communicating computer as argued by Blank (2004). The drug user Datagram Protocol (UDP) is used in the case of connectionless implementation where the transfer of the data packets merely comprises the packet order and the source/target details alone. This makes it clear that the transfer of data can be achieved at a higher rate as the authentication and validation of t he data transferred is not restricted to a time frame or the session that controls the communication. However, the major issue associated is the lose of security and inaccuracy of the data transferred. Alongside, the key issue with the UDP protocol and the connectionless implementation is the lack of traceability of the information thus resulting in a non-reliable communication channel as argued by Blank (2004). The UDP is thus deemed to be an insecure mode of communication over the internet due to the lack of security measures apart from authentication and identification of the communicative parties. It is further important to appreciate that implementing PKI using the connectionless approach would result the exposure of the information and the lack of effective acknowledgment of the authentication between the communicating computers thus affecting the information security providing room for network attacks that can directly affect the information being transferred through the co nnection.Network Layer Blank (2004) argues that the network layer of the TCP/IP model performs the task of delivery of the data within the network one the data packet has reached the appropriate network subnet. This makes it clear that the network layer of the TCP/IP model plays a critical role in identifying the correct network target/destination in order to enable effective communication between the communicating parties as argued by Feit (1998). In case of the World Wide Web, the Network Layer plays the vital role of identifying the destination network and enabling the routing of the packets through the network in order to effectively reach the destination without the data being tampered by unauthorised users. The protocols that are widely used in the Network layer include the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). The Routing Information Protocol (RIP) of the information TCP/IP model which is predominantly used in the Application layer plays a vital role in the network layer for enabling routing of the information across the networks in order to effectively reach the target computer in the communication channel established over the Internet. It is further critical to appreciate the fact that the routing of the packets alone is not the task of the network layer protocols but also to enable the transport layer protocol to effectively enable the communication and data transfer between the communicating computers. This makes it clear that network attacks over the internet by peons to affect the performance of the communicating computers in order to gain unauthorised access is accomplished through manipulating the communication strategies implemented by the protocols in the Transport and Network Layers of the TCP/IP model. The access to information and the actual infringement of the information which is deemed as the consequence of the hacking or network attack is related to the infringement of the information at the applicat ion layer protocols that hold the actual information being transferred (Blank, 2004). However, the attacks themselves that facilitate the aforementioned are accomplished through manipulating the procedures associated with the Transport Layer and Network Layer protocols. The attacks typically include spoofing, overloading, flooding etc., which are discussed in detail at chapter 3 of this report.The Data Link Layer and the Physical Layer of the TCP/IP model involve the actual hardware based communication strategies that are beyond the scope of this research. Hence these two layers of the TCP/IP model are not discussed any further. It is important to appreciate the fact that the top three layers of the TCP/IP stack interact often in order to enable the secure communication and allocation of computing resources on the computing devices involved in the communication (Blank, 2004).2.3 Public Key Infrastructure an overviewPKI implements a form of cryptography known as the asymmetric cryp tography in order to enable secure communication between two computers over the Internet as argued by Todd and Johnson (2001). This process mainly involves the use of a state-supported key and cliquish key that are used for encrypting and decrypting the information at the client and server ends respectively (Blank, 2004). The process of encryption is beyond the scope of this research although its role in the secure communication and the extent to which a hacker can manipulate the authentication strategies for launching an attack is relevant to the research. Hence the discussion in this section mainly concerns with the handshake and the communication strategies deployed along with an overview of the players in the PKI. This will help in identifying the various attacks plausible and the level manipulation that can be implemented by the hacker over the protocols used in order to infringe the communication between the client and server computers.It is deemed that the PKI is a reliable communication strategy to implement secure communication through the use of Trusted Third Party (TTP) authentication and approval of the overall communication process between the server and the client computers. The key components of the PKI infrastructure that enable successful and reliable communication over the internet are discussed belowCertificate Authority (CA) The CA is the issuer and control of the creation key and the digital certificate associated with the authentication and transfer of secure information over the connection established using the TCP protocol. The primary role of the CA is to generate the domain and the common soldier keys at the same time for a given server computer or service provider (Blank, 2004). The in the public eye(predicate) key as the name suggests is made available over the public domain for encryption/decryption of the information at the client-end of the connection. The private key is not shared and stored at the server which is used f or encryption/decryption of the information as applicable at the server end of the connection established for communication. From the above description it is evident that the role of the CA in the PKI is pivotal for the effective implementation of the PKI for secure communication free of network attacks. This is because, if the server hosting the CA application is attacked either using cross site scripting or flood attacks, the public keys stored as well as the associated certificates for verification are compromised thus resulting in the hacker gaining control over the communication channel without the knowledge of the server or the client as argued by Blank (2004). This makes it clear that the security at the CA computer is critical to establish a reliable TTP computer for implementing connection-oriented communication using TCP protocol of the TCP/IP model.Registering Authority (RA) The RA as the name implies is the verifier of the digital certificate before it is issued to a re questor as argued by Todd and Johnson (2001). The role of the RA computer in the PKI implementation is to enable an independent authorisation of the digital certificates issued thus providing a secondary verification of the information prior to communicating to the server. This presence of an independent verifying program or computer as part of the communication makes the PKI a reliable communication strategy to implemented connection-oriented communication over the internet in a secure fashion. It is also deemed to the key weakness of the PKI strategy owing to the fact that the reliability of the RA as a TTP in the communication process dictates the effectiveness of the communication and the protection of the server from intruder attacks as argued by Todd and Johnson (2001). However, the reliability of the CA or RA is not the issue of debate in this research but the potential attacks that threaten the stability of the computers hosting the CA and RA programs in order to enable secu re connection oriented implementation across the Internet. The key field of force where the attacks can be accomplished by hackers to disable the RA or the CA computer eventually compromising the information held within is the use process of handshake where the RA or the CA computer is expected to receive an acknowledgement (ACK) from the requesting computer for each message successfully communicated. It is through manipulating these handshake communications a CA or RA can be compromised as the communication channel is expected to open for a specific time period to receive the ACK as well as allocate sufficient resources to complete the data transfer. Abuse of this feature is one of the major areas where the connection-oriented communication faces threat of attacks. These are discussed in chapter 3 elaborately.Directories The directories are the locations on the public domain that host the public keys for enabling the encryption of the information. The keys are normally held in mo re than one location in order to enable easy/quick access to the information as well as a verification strategy to ensure that the key retrieved is indeed the valid one for data transfer between the client a given server computer.Certificate Management System (CMS) This is the application that controls or monitors the certificates issued and facilitates the verification process. The CMS forms the core of the PKI infrastructure as the CA and RA computers in the given PKI implementation are expected to host a validated CMS program to enable the connection-oriented communication between the client and the server. The key issue associated with the case described above is the fact that the CMS program itself is an independent application and hence its reliability/robustness to prevent malicious attacks alone dictates the extent to which a given CA or RA is reliable over the Internet.The key security strategy in case of the PKI implementation is the sharing of the public key whilst retai ning the private key at the server computer as argued by Burnett and Paine (2001) 8. This strategy allows the server computer to effectively encrypt or decrypt the information without depending upon the public key and hence leading a two pronged attack as the information encrypted using private key can be decode using the public key and vice versa. Although the use of the two independent keys helps overcome the security threats to the information being transferred, the transfer process itself is not governed by the PKI. This is the major weakness of the PKI infrastructure that allows room for malicious attacks that can hamper the performance by the CA, Ra or the host server computers as argued by Burnett and Paine (2001).From the above discussion it is evident that the security established using the PKI is mainly dependant on the following key elements of the PKI infrastructureCA and RA The validity and reliability of these computers play a vital role in the effective implementatio n of the PKI. Apart from the fact that the client computer sending the information depends upon these computers security of the information in its entirety, it is also clear that the availability of these computers and their responses in terms of session time control and preventing session time-out cases are critical to enable successful communication in a connection-oriented implementation using the TCP protocol. An attack on the hosting server for the CA or the RA mainly in terms of flooding or denial of Service will result in the failure of the PKI infrastructure in terms of lack of availability. This situation is one of the major elements that must be addressed as part of the security strategies to be implemented on the transport layer protocols.Encryption Algorithm The encryption algorithm used for issuing the public and private keys is another element that influences the security and reliability of the PKI as argued by Burnett and Paine (2001). The effectiveness of the hashin g algorithm used for the purpose is not only essential for ensuring the security of the information through encryption but also dictates the size of the information for transmission after encryption as well as the speed associated with the data transfer for a given encryption strategy. As the complexity of the encryption algorithm naturally increases the size of the data being transferred thus affecting the speed associated with the communication, it is critical to establish a balance between security and speed in order to enable effective communication over an established connection. It is also important to note that the use of encryption algorithm dictates the extent to which a hacker can hack into the information that is being transfer whilst launching a transport/network layer attack as argued by Burnett and Paine (2001). It is deemed that the hackers through launching malicious attacks at the transport layer or the network layer tend to utilise the time gap to decipher the info rmation being transferred in order to use the data for personal benefits. This makes it clear that the code hacking at the protocol level mainly attribute to the speed with which a given payload data transferred over a connection can be decrypted prior to termination of the connection itself as argued by Burnett and Paine (2001). From the above arguments we can deduce that the encryption poses the threat of single channelise of failure to the PKI in terms either being weak to prevent infringement or highly strong affecting the communication speed as argued by Nash et al (2001).Advantages or benefits of PKIThe major benefits of the PKI include the followingThe TTP presence enables higher level of security through verification by independent entities in the communication process. The CA and RA in the PKI play a vital role in achieving the aforementioned.The dedication of resources for developing stronger algorithms to generate reliable public and private keys is yet another advantage associated with the PKI implementation. This makes it clear that the transport layer protocol (TCP) of the network layer protocol (IP, ICMP) weaknesses in terms of the request for resend and other key elements of connection verification can be overcome through robust algorithms. The growth f the electronic commerce at an exponential rate is one of the key factors that attribute to the availability of resources dedicated to the development of the PKI security strategies (Nash et al, 2001).The security infrastructure behind the storage and retrieval of the public keys is yet another area where the reliability and effectiveness of the PKI is evident. The fact that in case of reliable CA and RA, the security is indeed robust and the information being transferred is secure as well as the communication process as argued by Nash et al (2001).Constraints, Weaknesses and threatsTTP reliability and costs As discussed before the major issue is the TTP reliability. The involvement of the TTP not only questions the