ebook img

The "Essence" of Network Security: An End-to-End Panorama PDF

308 Pages·2021·8.463 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The "Essence" of Network Security: An End-to-End Panorama

Lecture Notes in Networks and Systems 163 Mohuya Chakraborty Moutushi Singh Valentina E. Balas Indraneel Mukhopadhyay   Editors The “Essence” of Network Security: An End-to-End Panorama Lecture Notes in Networks and Systems Volume 163 SeriesEditor JanuszKacprzyk,SystemsResearchInstitute,PolishAcademyofSciences, Warsaw,Poland AdvisoryEditors FernandoGomide,DepartmentofComputerEngineeringandAutomation—DCA, SchoolofElectricalandComputerEngineering—FEEC,UniversityofCampinas— UNICAMP,SãoPaulo,Brazil OkyayKaynak,DepartmentofElectricalandElectronicEngineering, BogaziciUniversity,Istanbul,Turkey DerongLiu,DepartmentofElectricalandComputerEngineering,University ofIllinoisatChicago,Chicago,USA,InstituteofAutomation,ChineseAcademy ofSciences,Beijing,China WitoldPedrycz,DepartmentofElectricalandComputerEngineering, UniversityofAlberta,Alberta,Canada,SystemsResearchInstitute, PolishAcademyofSciences,Warsaw,Poland MariosM.Polycarpou,DepartmentofElectricalandComputerEngineering, KIOSResearchCenterforIntelligentSystemsandNetworks,UniversityofCyprus, Nicosia,Cyprus ImreJ.Rudas,ÓbudaUniversity,Budapest,Hungary JunWang,DepartmentofComputerScience,CityUniversityofHongKong, Kowloon,HongKong The series “Lecture Notes in Networks and Systems” publishes the latest developmentsinNetworksandSystems—quickly,informallyandwithhighquality. Originalresearchreportedinproceedingsandpost-proceedingsrepresentsthecore ofLNNS. VolumespublishedinLNNSembraceallaspectsandsubfieldsof,aswellasnew challengesin,NetworksandSystems. The series contains proceedings and edited volumes in systems and networks, spanning the areas of Cyber-Physical Systems, Autonomous Systems, Sensor Networks, Control Systems, Energy Systems, Automotive Systems, Biological Systems, Vehicular Networking and Connected Vehicles, Aerospace Systems, Automation, Manufacturing, Smart Grids, Nonlinear Systems, Power Systems, Robotics,SocialSystems,EconomicSystemsandother.Ofparticularvaluetoboth the contributors and the readership are the short publication timeframe and the world-wide distribution and exposure which enable both a wide and rapid disseminationofresearchoutput. Theseriescoversthetheory,applications,andperspectivesonthestateoftheart andfuturedevelopmentsrelevanttosystemsandnetworks,decisionmaking,control, complexprocessesandrelatedareas,asembeddedinthefieldsofinterdisciplinary andappliedsciences,engineering,computerscience,physics,economics,social,and lifesciences,aswellastheparadigmsandmethodologiesbehindthem. IndexedbySCOPUS,INSPEC,WTIFrankfurteG,zbMATH,SCImago. All books published in the series are submitted for consideration in Web of Science. Moreinformationaboutthisseriesathttp://www.springer.com/series/15179 · · Mohuya Chakraborty Moutushi Singh · Valentina E. Balas Indraneel Mukhopadhyay Editors The “Essence” of Network Security: An End-to-End Panorama Editors MohuyaChakraborty MoutushiSingh DepartmentofInformationTechnology DepartmentofInformationTechnology InstituteofEngineering&Management InstituteofEngineering&Management Kolkata,WestBengal,India Kolkata,WestBengal,India ValentinaE.Balas IndraneelMukhopadhyay DepartmentofAutomatics&Applied DepartmentofInformationTechnology Software InstituteofEngineering&Management AurelVlaicuUniversityofArad Kolkata,WestBengal,India Arad,Arad,Romania ISSN2367-3370 ISSN2367-3389 (electronic) LectureNotesinNetworksandSystems ISBN978-981-15-9316-1 ISBN978-981-15-9317-8 (eBook) https://doi.org/10.1007/978-981-15-9317-8 ©SpringerNatureSingaporePteLtd.2021 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSingaporePteLtd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore “TomydaughterRheya,theloveofmylife Jayantaforhisencouragementandmy parentsfortheirinspirationandsupport” MohuyaChakraborty “Tomysweet&lovingFather&Mother whoseaffection love,encouragement& prayersofday&night makemeabletoget success” MoutushiSingh “TomyhusbandMariusandtoourtwin daughtersSandaandDana” ValentinaE.Balas “Tomyfamilyforconstantsupportduring thepreparationofthebookandtomyfather” IndraneelMukhopadhyay Preface It all started in 2018–2019 after we organized two International Ethical Hacking Conferences—eHaCON2018andeHaCON2019.Theconferenceshelpedustomeet lotofexpertsinthefieldofnetworksecurityacrosstheglobeandgatherknowledge, boththeoreticalandpractical.Alongwiththis,ourexpertiseinteachingthissubject forpast15yearspromptedustowritethebook—The“Essence”ofNetworkSecurity: AnEnd-To-EndPanorama.Essentiallythisbookcombinescutting-edgetechnologies ofnetworksecurityasoutcomeofresearchanddevelopmentaswellasfromindustry perspective. Thereaderwillbeabletograspadvancedtechnologiesusedinnetworksecurity like Blockchain, Cryptography, Digital Forensics, Artificial Intelligence, Machine Learning, and Deep Learning. The book gives thrust upon security aspects of profound areas like Internet of Things (IoT), Cloud Computing, Cyberspace, Software Defined Networking, Anonymous Traffic Network, and Named Data Networking. Let us briefly explain how these advanced technologies help in protectingourdevicesconnectedtothenetwork. PartIIntroduction Chapter“IntroductiontoNetworkSecurityTechnologies”providesanoverviewof network securityattacks and highlights thenewer technologies intherelatedarea. The objective of this chapter is to guide the reader to the overall content of the chapterstofollow. vii viii Preface PartIIReviewofRecentTrendsinForensics Chapter “A Systematic Review of Digital, Cloud and IoT Forensics” deals with the review of digital forensics. Digital forensics is a branch of forensic science that involves the recuperation and examination of valuable information found in digital devices related to the computer as well as cybercrimes, as a part of the investigation. From a technical standpoint, the main goal of digital forensics is to identify,collect,preserve,andanalyzedatainawaythatpreservestheintegrityof theevidencecollectedsoitcanbeusedeffectivelyinalegalcase.Justascentraland stateauthoritieslookforuseddigitalevidencetoconvictlawbreakers,ITmanagers, security,andlegalteamscanusedigitalforensicstocollectandpreserveevidence toanalyzeanddefendagainstacyberattack,stopaninsiderthreat,orcompletean internalinvestigation. PartIIIBlockchainandCryptography Chapter “Blockchain-Based Framework for Managing Customer Consent in Open Banking” discusses about blockchain framework and chapter “A Comprehensive StudyofProsandConsonImplementationofBlockchainforIoTDeviceSecurity” touchesuponblockchainimplementationforIoTdevicesecurity.Blockchaintech- nologycanbeusedtoguardoursystems,likecomputers,laptops,anddeviceslike routers,switches,etc.,connectedtothenetworkfromattacks.Everythingthatoccurs ontheblockchainispassedthroughrigorousencryptionprocessmakingitpossible toensurethatdatahasnotbeenalteredduringcourseoftransactionortransmission. Itusesdistributedledgertechnologyandduetoitsdistributednature,onemaycheck filesignaturesacrossalltheledgersonallthenodesinthenetworkandverifythat theyhavenotbeenaltered.Furthermore,blockchainsecuritymeansthatthereisno longeracentralizedauthoritycontrollingthenetworkandverifyingthedatagoing throughit.Everytransactionthathappensonblockchainhappensinadecentralized mannerandgoesthroughconsensusmechanismensuringintegrityandtransparency. Thismeanswedonottrustasingleentitybutrathertrusttheentiresystemasawhole. Suchisthepowerofblockchaintechnology. Chapter “Role of Cryptography in Network Security” talks about use of cryp- tographyinnetworksecurity.CryptographycomesfromtheGreekword“çryptos” meaning hidden and “graphy” means study. So in short it is the study of hidden messages.Cryptographyprotectsinformationbytransformingitintoaformatthat isnotrecognizablebyanyonewhoisnotintendedto.Abasiccryptographymaybe anencryptedmessagecalledplaintextinwhichlettersarereplacedwithotherchar- acters.Thisiscalledencryption.Todecodetheencryptedcontents,onewouldneed agridortablethatdefineshowthelettersareconverted.Thisisthereverseprocess of encryption and is called decryption. Contemporary cryptography uses compli- cated mathematical equations (algorithms) and secret keys (public and private) to Preface ix encryptanddecryptdata.Intoday’sworld,cryptographyisusedtoprovidesecrecy, authenticity,andintegritytoourdataduringthecourseofourcommunications. PartIVMachineLearningandArtificialIntelligence inNetworkSecurity Chapter “Cyber Security with AI—Part I” and “Cyber Security with AI—Part II” are devoted to the use of artificial intelligence in cybersecurity. Chapter “Detec- tion of Malicious URLs Using Deep Learning Approach” highlights the use of deep learning methodology in detecting malicious URLs. Artificial Intelligence (AI) is used in building machines that can mimic human cognitive functions and perform “smart” or “intelligent” things on their own without human guidance. In effect, AI security involves leveraging AI to identify and stop cyberthreats with lesshumaninterventionthanistypicallyexpectedorneededwithtraditionalsecu- rityapproaches.MachinelearningisasubsetofAI,anditcomprisesthemethodsthat enablecomputerstofigurethingsoutfromthedataanddeliverAI-basedapplications. Inmachinelearning,wefeedlotofdatatoanalgorithmtoanalyzethingsoutonits ownjustaswestartedlearninggrammarbeforepickingupourfirstbookinchild- hood. Deep learning, a subset of machine learning, uses artificial neural networks (mathematical expressions) with additional neurons, layers, and interconnectivity justlikeourbrain,whichenablescomputerstosolvemorecomplexproblems. Theseenumeratedtechnologiescanhelptosolvealotofsecurity-relatedproblems ofthefollowingareasthatarecoveredinthisbook.OneoftheareasisIoT.Itmay bedefinedasasystemofinterconnectedcomputingdevices,mechanicalanddigital machines,embeddedwithsoftware,sensors,andnetworkconnectivitytocollectand exchangedata.Theseareprovidedwithexclusiveidentifiersandtheabilitytotransfer dataoveranetworkwithoutrequiringmanualintervention.Hardware,software,and network connectivity need to be protected against attacks for IoT objects to work efficiently.Iftheyarevulnerablethenhackersmayacquirecontrolofthesedevices and may disrupt the object’s functionality and steal the user’s digital data. So IoT securityisanimportantaspect. Cloud computing may be defined as the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Importance of cloud security arises from the fact that both personal and business users want to ensure that their information is protected and secured. Moreover, keeping client data secure is first andforemostlegalobligationsofbusinesses. Cyberspace refers to the virtual computer world, and more specifically, it is an electronic medium used to form a global computer network to facilitate online communication.Hence,cyberspacesecurityorsimplycybersecurityisimportantasit encompasseseverythingthatpertainstoprotectingoursensitivedata,suchasPerson- ally Identifiable Information (PII), Protected Health Information (PHI), Personal x Preface Information, Intellectual Property Data, and Governmental and Industry Informa- tionSystemsfromtheftanddamageattempted.Themainobjectiveofcybersecurity istoachievethreeelements(confidentiality,integrity,andavailability)alsoknown asCIATriad.Foranyorganization,itisnecessarytodefenditsdataandinformation usingsecuritytools. PartVSecurityNetworking Chapter“Software-DefinedNetworkVulnerabilities”providestheconceptofSoft- wareDefinedNetworking(SDN)anditsvulnerabilities.SDNisanetworkarchitec- ture approach that enables the network to be intelligently and centrally controlled or “programmed” using software applications. This helps operators to manage the entire network constantly regardless of the underlying network technology. TheSDNlayeressentiallyactsasavirtualsoftwareswitchorrouterinplaceof(or inconjunctionwith)thephysicalnetworkdevices.Soinsteadofsoftwareembedded intheroutersandswitchesmanagingthetraffic,softwarefromoutsidethedevices takes over the job. SDN security needs to be built into the architecture, as well as deliveredasaservicetoprotecttheavailability,integrity,andprivacyofallconnected resourcesandinformation. Chapter“DemystifyingSecurityonNDN:ASurveyofExistingAttacksandOpen ResearchChallenges”showshowNamedDataNetworking(NDN)maybeusedas a fully secured Internet architecture. NDN is a proposed future Internet architec- ture enthused by many years of pragmatic investigation into network usage and a risingawarenessofunsolvedproblemsincurrentInternetarchitectureslikeIP.NDN namesthedatainsteadofdatalocationsfornetworkpacketforwarding,socommu- nicationsinNDNareconsumer-driven.Eachpieceofsensitivedata(packet)iscryp- tographicallysignedbyitscreatorandhenceNDNcommunicationsaresecuredin adata-centricmanner.NDNadoptsintelligentstatefulforwardingstrategieswhere forwarders maintain a state for each data request and wipe away the state when a correspondingdatapacketcomesbackeliminatingloop. Chapter“AnonymousTrafficNetworks”introducesAnonymousTrafficNetwork (ATN).ATNalsocalledonionrouterorTOR,whichforwardsInternettrafficthrough acost-freeoverlaynetworkhavingseveralthousandrelaysthatconcealauser’sloca- tionandtrafficpatternusagefromhackerswhomonitornetworksurveillanceordo trafficanalysisforillegalactivities.InTOR,the data,includingthenextnodedesti- nation address, is encrypted multiple times at the application layer of a communi- cationprotocolstack,nestinglikethelayersofanonionandsentthroughavirtual circuitcomprisingofsuccessive,randomlyselectedTORrelays.Eachrelaydecrypts a layer of encryption to reveal the next relay in the circuit to pass the remaining encrypted data onto it. Decryption of the innermost layer of encryption and trans- missionoftheoriginaldatatoitsdestinationisdonebythefinalrelaybykeepingthe sourceIPaddresshidden.Astheroutingofthecommunicationwaspartiallyhidden ateveryhopintheTORnetwork,thismethodhelpstoeradicatethecommunicating

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.