Fig. 2. Encryption and Decryption using ABE
The figure indicates a cluster of users who can act as decryptors. The
three user groups with the attributes are U1 with credential as MA,
MTECH, and U2 with CS, MSc, and U3 with MA, MSc. Since the data was
encrypted using the credentials Mathematics and either PhD or MSc, only
user U3 can decrypt the data. Hence even though the data was
broadcasted, only the specific user group can decrypt the data based on
the secret key which is generated as random
combination of the attributes of the authenticated user group. The major
applications of ABE is in the fields of Cloud storage, distributed
tolerant networks, wireless sensor networks, mobile Ad-Hoc networks,
internet services, helps protecting IoT, ensures privacy in online data
transfer.
Advantages of ABE over the other public key cryptosystem
- One to one scheme, i.e. the encrypted communication can only be
accomplished between a single sender and receiver.
- Public Key Directory or the repository is not needed to be maintained.
- Hacker cannot hack the channel of key distribution.
- The usual public key cryptosystem restricts the encryption and the
decryption to a single sender receiver system. In ABE, the server can
encrypt the data using a group ID and the receivers can decrypt using
the corresponding secret key of the group.
- A random collection of characters can be used as the attribute for
generating the Secret Key.
- The attributes can be numbers, collection of numbers or a collection
of raw data.
- Collusion Resistance Property is guaranteed by Attribute Based
Encryption Scheme.
- Collusion Attack is prevented by using the login restriction to the
users by Attribute Based Encryption Scheme.
HE for future Implementation
HE [5] enables the manipulations to be applied on Cipher Text. The
third party or the server will be performing operations on cipher text
without revealing the plain text. The operations that can be performed
on the encrypted are addition and multiplication. There are two types of
HE: Fully HE and Partially HE. Partially HE: allows only one of the
operations, either addition or multiplication. Fully HE: provides the
permission to apply both the operations. Both addition and
multiplication. Consider two users A and B. User A has to perform
addition mathematical operations on two data but does not know how to
perform the operation. But User A does not trust User B. Hence User A
encrypts the two numbers say 1 and 2 into 33 and 54 respectively. Hence
1 is transformed into 33 and 2 is transformed into 54. This encrypted
data will be sent to the User B along with the operation to be
performed, which is addition (+). User B performs the addition on
encrypted data and the result 87 will be send back to User
A. User A decrypts the data and gains the actual result, which is 3.
EXPERIMENTAL ANALYSIS
Implementation of Snort
Snort rule policies can be manually set by the admin or is also provided
at a cost on various websites where other people make their own set of
rules and sells it to whoever needs them most. So, as you can see, rules
play a very important factor when it comes to the use of Snort. These
rules are usually found on the root folder of the application inside a
file called local rules. Whenever a rule needs to be added or
appended, the admin needs to access this file from the terminal or
command prompt and edit it and save. Usually each rule has their own
unique ID called SID (Snort ID). These SID can range from any numbers,
but each rule has to have their own unique number otherwise the system
will not allow you to store duplicate numbers. The format of the rules
is very simple, it has the type of control protocol declarations, source
IP address and the port, followed by the destination IP address and Port
and inside the brackets, the functions of the rules that are supposed to
be implemented.
A l e r t t c p (s o u r c e i p a d d r e s s)
(p o r t) -> (d e s t i n a t i o n i p a d d r e s s) (d e
s t i n a t i o n p o r t)
(msg: Msg D e t e c t e d ; c o n t e n t : login ;
s i d: 1 0 0; )
A l e r t t c p any any >1 9 2 . 1 6 8 . 1 . 0 / 2 4 any (f l a g s: A; ack: 0; msg: TCP p i ng d
e t e c t e d; s i d: 1 0 1)
A l e r t udp any any >any any
(msg: Data t r a n s f e r r i n g on U D P; s i d: 1 0 2;)
These rules help prevent and inform the admin about intrusions to the
system. There are many types of intrusions that occurs every day among
which some of the common and well-known examples are SQL injection and
XSS attacks. SQL injection is the insertion of an unauthorized code that
can make the computer to fetch data from the servers and view it without
proper permission. Such attacks are very hard to catch as the computer
operates it just like any other SQL command and due to the command
having a true statement, it fetches and views the data for that SQL
command. One such example is the 1=1 injection.
SELECT * FROM Users WHERE UserID = 105 OR 1 = 1;
SELECT UserID, Name, Password FROM Users WHERE UserID = 105 OR 1 = 1;
In the code above, which is a sql code with two conditions in an OR case
is an example of such attack as 1=1 will be true and due to having OR
condition, it will display all the records just because of that one true
condition. So, when hackers inject a true condition to any sql, they can
extract the data based on that true condition and display. So
technically it they have access to the SQL codes then there is very less
way to detect the problem in the leak of the data. One other form of
attack is XSS attack which is the cross-site scripting attack. What they
do in this process is they inject a JavaScript in the web forms, and
they change the return location of the page and sometimes even change
the looks of the webpage by changing the html code of the website. When
such incidents occur, people who use those websites and key in data gets
their data lost and also leaked at the same time.
One famous technique for XSS attack is the stealing of cookies from
websites as the cookies contains logged or stored data that are useful
for the hackers when they are looking for information from web pages.
Implementation of AWStats
With the use of AWStats, one can see the number of bots and crawlers who
have accessed the website as well just from the log files. Bots and
crawlers have certain features that it does on a website which can be
identified from the log and sometimes if it is a common bot then it can
be identified on the list of the application as well.