CFP last date
20 January 2025
Reseach Article

Analysis and Study of Network Security at Transport Layer

by Hiren Parmar, Atul Gosai
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 121 - Number 13
Year of Publication: 2015
Authors: Hiren Parmar, Atul Gosai
10.5120/21604-4716

Hiren Parmar, Atul Gosai . Analysis and Study of Network Security at Transport Layer. International Journal of Computer Applications. 121, 13 ( July 2015), 35-40. DOI=10.5120/21604-4716

@article{ 10.5120/21604-4716,
author = { Hiren Parmar, Atul Gosai },
title = { Analysis and Study of Network Security at Transport Layer },
journal = { International Journal of Computer Applications },
issue_date = { July 2015 },
volume = { 121 },
number = { 13 },
month = { July },
year = { 2015 },
issn = { 0975-8887 },
pages = { 35-40 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume121/number13/21604-4716/ },
doi = { 10.5120/21604-4716 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:08:21.940006+05:30
%A Hiren Parmar
%A Atul Gosai
%T Analysis and Study of Network Security at Transport Layer
%J International Journal of Computer Applications
%@ 0975-8887
%V 121
%N 13
%P 35-40
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this technology era every applications depends on networks, it may be local or Internet, Intranet or Extranet, wired or wireless. All networks require strong security consideration to ensure confidentiality and integrity of communication. This paper discusses network security and related issued specifically at Transport layer, which enables true end to end communication between peers. As security is never 100%, security threats and vulnerability continues growing and becomes major concern for business and industries. Transport layer security concern with authentication, confidentiality, integrity and availability [1] [2]. In this paper we tried to discuss different security issues at transport layer, evaluating existing security mechanisms and standards. In fact, found the de-facto standards of web security used all over the world to secure e-commerce, online-banking are also found insecure. In other word, "security needs continuous improvement for better security". Major security issues at presents are various kinds of man-in-the-middle (MITM) attacks, authentication related attacks, Distributed Denial of Service (DDoS) attacks and security association related attacks need serious considerations. Further gives direction on how to improve and strengthen security.

References
  1. Glenn berg 1998 MCSE Training Guide Network Essential (Second edition), page no. 48-55.
  2. C. Machael Chernick, Charles Edington III, Matthew J. Fanto, Rob Rosental, 2005 Computer Security, NIST guidelines for the selection and use of TLS implements, page no. 4-6, June 2005.
  3. William Stallings 2011 Network Security Essential Applications and standards, 4th Edition, page no. 9-11.
  4. By Daniel E. Nordell 2012 Terms of Protection, IEEE power and energy magazine, page 21, January/February 2012.
  5. Ranayiotis Kotzanikolaou and Christos Douligeris 2008 Chapter 1, Computer Network Security ; Basic background and current issues, Page no. 9, 2008.
  6. Chris Sanders 2010 Understanding Man-In-The-Middle Attacks - Part 3: Session Hijacking http://www . windowsecurity. com/articles-tutorials/authentication_and_ encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4. html, Published on 5 May 2010.
  7. David Holmes 2013 Mitigating DDoS Attacks with F5 Technology, Tech Brief. F5 Technology, https://f5. com/resources/white-papers/mitigating-ddos-attacks-with-f5-technology.
  8. The Open Web Application Security Project (OWASP) 2015 over Man in the middle attack, https://www. owasp. org /index. php/Man-in-the-middle_attack, last revision 8/4/2015.
  9. Internet Security Glossary 2000 http://www. ietf. org /html/rfc2828, RFC 2828, May 2000.
  10. Marlinspike, M. , 2009 owner of throughtcrime. org, demonstration of HTTPS stripping attacks, "sslstrip", http://thoughtcrime. org/software/sslstrip, February 2009,
  11. Nadhem J. AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering , Jacob C. N. Schuldt, 2013 "On the security of RC4 in TLS", 22nd USENIX Security Symposium, 2013.
  12. Christina Garman, Kenneth G. Paterson, Thyla van der Merwe 2015 Attacks only Get better: Password recovery Attacks against RC4 in TLS, March 16, 2015.
  13. Tal Be'ery, Amichai Shulman 2013 "A perfect CRIME? Only TIME will Tell", Black hat Europe 2013.
  14. Yoel Gluck, Neal Harris, and Angelo (Angel) Prado 2013 "BREACH: Reviving the CRIME Attack", http:// breachattach. com,2013.
  15. Thai Duong, Juliano Rizzo 2011 "Here Come The Ninjas", "Browser Exploit Against SSL/TLS", http://packetstormsecurity. com/files/105499/Browser-Exploit-Against-SSL-TLS. html.
  16. Nadhem J. AlFardan and Kenneth G. Paterson 2013 "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols", 2013 IEEE Symposium on Security and Privacy.
  17. Bodo Moller, Thai Duong, Krzysztof Kotowicz 2014 "This POODLE Bites: Exploiting the SSL 3. 0 Fallback", https://www. openssl. org/~bodo/ssl-poodle. pdf, September 2014.
  18. Bhargavan K. , Delignat-Lavaud A. , Fournet C. , Pironti A. And P. Strub 2014 "Triple handshakes and cookie cutters: Breaking and Fixing Authentication over TLS, https://secure-resumption. com/tlsauth. pdf
  19. Mark Ciampa 2005 , Security+ Guide to Network Security fundamentals, 2nd edition, Western Kentucky University Chapter 2: Attackers and Their Attacks.
  20. Athar Mahbood and Dr. Nassar Ikram 2004 "Transport Layer Security (TLS) – A network Security Protocol for E-commerce" Technocrat PNEC Research Journal, 01/2004 http://www. researchgate. net/publication/216485703_Transport_Layer_Security_(TLS)--A_Network_Security_Protocol_for _ E-commerce.
  21. Lasote 2014 Our first DDoS attack!!, http://blog. biicode. com/first-ddos-attack/, BIICODE Blog, Posted on August 12, 2014.
  22. Marsh Ray 2009 "Authentication Gap in TLS Renegotiation, Oracle http://www. oracle. com/technetwork/ java/javase/documentation/tlsreadme2-176330. html.
  23. National cyber-alert system 2011 Vulnerability summery for CVE-2009-3555, National Vulnerability Database, http://web. nvd. nist. gov/view/vuln/detail? vulnId=CVE-2009-3555, Auguest 2011.
  24. Enrique de la Hoz, Rafael Paez-Reys, Gary Cochrane, Ivan Marsa-Maestre, Jose Manuel, Bernardo Alarcos 2014 "Detecting and Defeating advanced Man-In-The-Middle Attacks against TLS", 2014 6th International Conference on Cyber conflict, 2014.
  25. Rolf Oppliger, Ralf Hauser, David Basin 2006 "SSL/TLS session-aware user authentication – Or how to effectively thwart the man-in-the-middle", Elsevier, Science Direct, Computer Communication 29.
  26. Y. Sheffel, R. Holz, P. Saint-Andre May 2015 Recommendation for secure use of TLS and DTLS, http://www. ietf. org/html/rfc7525, RFC 7525.
  27. Dierks T. , and E. Rescorla 2008 " The Transport Layer Security (TLS) Protocol Version 1. 2", http://www. rfc-editor. org/info/rfc5246, RFC 5246, August 2008.
  28. E. Rescorla, N. Modadugu 2012 "Datagram Transport Layer Security Version 1. 2", http://www. rfc-editor. org/info/rfc6347, RFC 6347.
  29. E. Rescorla, M. Ray S. Dispensa, N. Oskov 2010 "TLS Renegotiation indication extension", http://www. rfc-editor. org/info /rfc5746, RFC, 5746.
  30. Y. Sheffel, R. Holz, P. Saint-Andre 2015 "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", http://www. ietf. org/html/rfc7457, Feb. 2015.
  31. J. Hodges, C. Jackson, A. Barth. 2012 "HTTP Strict Transport Security (HSTS)", http://www. ietf. org/html/ rfc6797, RFC 6797, November 2012.
  32. A. Popov 2015 "Prohibiting RC4 cipher suites", http://www. ietf. org/html/rfc7465, RFC 7465, February 2015.
  33. P. Gutmann 2014 "Encrypt-then-MAC for TLS and DTLS", http://www. ietf. org/html/rfc7465, RFC 7366, September 2014.
  34. Web Application Security Consortium 2004 "Insufficient Transport Layer Protection" Threat Classification, http://projects. webappsec. org/w/page/13246945/ InsufficientTransportLayerProtection, WASC-04.
  35. Microsoft Israel's blogging Community 2010 padding oracle "ASP. net vulnerability explanation", http://blogs. microsoft. co. il/linqed/2010/09/19/padding-oracle-aspnet-vulnerability-explanation/.
  36. Trend Micro SecurityLabs 2015 Superfish Adware in Lenovo Consumer Laptops Violates SSL, Affects Companies via BYOD, http://www. trendmicro. com/vinfo/us/security/ news/cybercrime-and-digital-threats/ superfish-adware-in-lenovo-consumer-laptops-violates-ssl.
Index Terms

Computer Science
Information Sciences

Keywords

Security Transport layer DoS DDoS MITM SSL/TLS Authentication Confidentiality.