Fig. 2. Encryption and Decryption using ABE
The figure indicates a cluster of users who can act as decryptors. The three user groups with the attributes are U1 with credential as MA, MTECH, and U2 with CS, MSc, and U3 with MA, MSc. Since the data was encrypted using the credentials Mathematics and either PhD or MSc, only user U3 can decrypt the data. Hence even though the data was broadcasted, only the specific user group can decrypt the data based on the secret key which is generated as random
combination of the attributes of the authenticated user group. The major applications of ABE is in the fields of Cloud storage, distributed tolerant networks, wireless sensor networks, mobile Ad-Hoc networks, internet services, helps protecting IoT, ensures privacy in online data transfer.
Advantages of ABE over the other public key cryptosystem
  1. One to one scheme, i.e. the encrypted communication can only be accomplished between a single sender and receiver.
  2. Public Key Directory or the repository is not needed to be maintained.
  3. Hacker cannot hack the channel of key distribution.
  4. The usual public key cryptosystem restricts the encryption and the decryption to a single sender receiver system. In ABE, the server can encrypt the data using a group ID and the receivers can decrypt using the corresponding secret key of the group.
  5. A random collection of characters can be used as the attribute for generating the Secret Key.
  6. The attributes can be numbers, collection of numbers or a collection of raw data.
  7. Collusion Resistance Property is guaranteed by Attribute Based Encryption Scheme.
  8. Collusion Attack is prevented by using the login restriction to the users by Attribute Based Encryption Scheme.
HE for future Implementation
HE [5] enables the manipulations to be applied on Cipher Text. The third party or the server will be performing operations on cipher text without revealing the plain text. The operations that can be performed on the encrypted are addition and multiplication. There are two types of HE: Fully HE and Partially HE. Partially HE: allows only one of the operations, either addition or multiplication. Fully HE: provides the permission to apply both the operations. Both addition and multiplication. Consider two users A and B. User A has to perform addition mathematical operations on two data but does not know how to perform the operation. But User A does not trust User B. Hence User A encrypts the two numbers say 1 and 2 into 33 and 54 respectively. Hence 1 is transformed into 33 and 2 is transformed into 54. This encrypted data will be sent to the User B along with the operation to be performed, which is addition (+). User B performs the addition on encrypted data and the result 87 will be send back to User
A. User A decrypts the data and gains the actual result, which is 3.
EXPERIMENTAL ANALYSIS
Implementation of Snort
Snort rule policies can be manually set by the admin or is also provided at a cost on various websites where other people make their own set of rules and sells it to whoever needs them most. So, as you can see, rules play a very important factor when it comes to the use of Snort. These rules are usually found on the root folder of the application inside a file called local rules. Whenever a rule needs to be added or
appended, the admin needs to access this file from the terminal or command prompt and edit it and save. Usually each rule has their own unique ID called SID (Snort ID). These SID can range from any numbers, but each rule has to have their own unique number otherwise the system will not allow you to store duplicate numbers. The format of the rules is very simple, it has the type of control protocol declarations, source IP address and the port, followed by the destination IP address and Port and inside the brackets, the functions of the rules that are supposed to be implemented. A l e r t t c p (s o u r c e i p a d d r e s s) (p o r t) -> (d e s t i n a t i o n i p a d d r e s s) (d e s t i n a t i o n p o r t) (msg: Msg D e t e c t e d ; c o n t e n t : login ; s i d: 1 0 0; ) A l e r t t c p any any >1 9 2 . 1 6 8 . 1 . 0 / 2 4 any (f l a g s: A; ack: 0; msg: TCP p i ng d e t e c t e d; s i d: 1 0 1) A l e r t udp any any >any any (msg: Data t r a n s f e r r i n g on U D P; s i d: 1 0 2;) These rules help prevent and inform the admin about intrusions to the system. There are many types of intrusions that occurs every day among which some of the common and well-known examples are SQL injection and XSS attacks. SQL injection is the insertion of an unauthorized code that can make the computer to fetch data from the servers and view it without proper permission. Such attacks are very hard to catch as the computer operates it just like any other SQL command and due to the command having a true statement, it fetches and views the data for that SQL command. One such example is the 1=1 injection. SELECT * FROM Users WHERE UserID = 105 OR 1 = 1;
SELECT UserID, Name, Password FROM Users WHERE UserID = 105 OR 1 = 1;
In the code above, which is a sql code with two conditions in an OR case is an example of such attack as 1=1 will be true and due to having OR condition, it will display all the records just because of that one true condition. So, when hackers inject a true condition to any sql, they can extract the data based on that true condition and display. So technically it they have access to the SQL codes then there is very less way to detect the problem in the leak of the data. One other form of attack is XSS attack which is the cross-site scripting attack. What they do in this process is they inject a JavaScript in the web forms, and they change the return location of the page and sometimes even change the looks of the webpage by changing the html code of the website. When such incidents occur, people who use those websites and key in data gets their data lost and also leaked at the same time. One famous technique for XSS attack is the stealing of cookies from websites as the cookies contains logged or stored data that are useful for the hackers when they are looking for information from web pages.
Implementation of AWStats
With the use of AWStats, one can see the number of bots and crawlers who have accessed the website as well just from the log files. Bots and crawlers have certain features that it does on a website which can be identified from the log and sometimes if it is a common bot then it can be identified on the list of the application as well.