Literature survey

Literature survey is the most important step in software development process. Before developing the tool it is necessary to determine the time factor, economy n company strength. Once these things r satisfied, ten next steps is to determine which operating system and language can be used for developing the tool. Once the programmers start building the tool the programmers need lot of external support. This support can be obtained from senior programmers, from book or from websites. Before building the system the above consideration are taken into account for developing the proposed system.We have to analysis the Secure computing

Data centre Security?

rofessional !ecurity staff utili"ing video surveillance, state of the art intrusion detection systems, and other electronic means. When an employee no longer has a business need to access datacenter his privileges to access datacenter should be immediately revoked. #ll physical and electronic access to data centers by employees should be logged and audited routinely. #udit tools so that users can easily determine how their data is stored, protected, used, and verify policy enforcement.

Data Location:
When user uses the cloud, user probably won$t know exactly where your data is hosted, what country it will be stored in% &ata should be stored and processed only in specific 'urisdictions as define by user. rovider should also make a contractual commitment to obey local privacy re(uirements on behalf of their customers,

 &ata)centered policies that are generated when a user provides personal or sensitive information, that travels with that information throughout its lifetime to ensure that the information is used only in accordance with the policy

Policies Data

Backups of Data: &ata store in database of provider should be redundantly store in multiple physical locations. &ata that is generated during running of program on instances is all customer data and therefore provider should not perform backups. *ontrol of #dministrator on &atabases. Data Sanitization: !aniti"ation is the process of removing sensitive information from a storage device. What happens to data stored in a cloud computing environment once it has passed its user+s ,use by date What data saniti"ation practices does the cloud computing service provider propose to implement for redundant and retiring data storage devices as and when these devices are retired or taken out of service.

Network Security:
Denial of Service. where servers and networks are brought down by a huge amount of network traffic and users are denied the access to a certain /nternet based service.

Like DNS Hacking, 0outing Table , oisoning-,1&o! attacks QoS Violation. through congestion, delaying or dropping packets, or through resource hacking.

an in t!e

i""le #ttack. To overcome it always use !!L

$% Spoofing. !poofing is the creation of T* 2/ packets using somebody else$s / address.

Solution. /nfrastructure will not permit an instance to send traffic with a source / or 3#* address other than its own.

How secure is encryption Sc!eme:

/s it possible for all of my data to be fully encrypted% What algorithms are used% Who holds, maintains and issues the keys% roblem 4ncryption accidents can make data totally unusable. 4ncryption can complicate availability !olution The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.

$nformation Security:
!ecurity related to the information exchanged between different hosts or between hosts and users. This issues pertaining to secure communication, aut!entication, and issues concerning single sign on and "elegation. !ecure communication issues include those security concerns that arise during the communication between two entities.

 These include confidentiality and integrity issues. *onfidentiality indicates that all data sent by users should be accessible to only ,legitimate- receivers, and integrity indicates that all data received should only be sent2modified by ,legitimate- senders. Solution: public key encryption, 1.567 certificates, and the !ecure !ockets Layer 8!!L9 enables secure authentication and communication over computer networks.

TITLE:Detection of $nteractive Stepping Stones #&stract

/ntruders on the /nternet often prefer to launch network intrusions indirectly, i.e., using a chain of hosts on the /nternet as relaymachines using protocols such as Telnet or !!:. This type of attack iscalled a stepping)stone attack. /n this paper, we propose and analy"e algorithms for stepping)stone detection using ideas from *omputational Learning Theory and the analysis of random walks. Our results are therest to achieve provable 8polynomial9 upper bounds on the number ofpackets needed to con;dently detect and identify encrypted stepping)stone streams with proven guarantees on the probability of falsely accusing non)attacking pairs. 3oreover, our methods and analysis rely on mild assumptions, especially in comparison to previous work. We also examinethe conse(uences when the attacker inserts cha; into the stepping)stone trace and give bounds on the amount of cha; that an attacker wouldhave to send evade detection. Our results are based on a new approach which can detect correlation of streams at a ;ne)grained level. Our approach may also apply to more generali"ed trace analysis domains, suchas anonymous communication.

$ntro"uction
/ntruders on the /nternet often launch network intrusions indirectly, in order todecrease their chances of being discovered. One of the most common methodsused to evade surveillance is the construction of stepping stones. /n a stepping)stone attack, an attacker uses a se(uence of hosts on the /nternet as relay machines and constructs a chain of interactive connections using protocols such asTelnet or !!:. The attacker types commands on his local machine and then thecommands are relayed via the chain of <stepping stones= until they really reachthe victim. Because the victim only sees trace from the last hop of thechain of the stepping stones, it is difficult for the victim to learn any information about the true origin of the attack. The chaotic nature and sheer volume of the trace on the /nternet makes such attacks extremely difficult to record ortrace back.

'$'L(: Digital )atermarking

$ntro"uction

&igital watermarking is the act of hiding a message related to a digital signal 8i.e. an image, song, video9 within the signal itself. /t is a concept closely related to steganography, in that they both hide a message inside a digital signal. :owever, what separates them is their goal. Watermarking tries to hide a message related to the actual content of the digital signal, while in steganography the digital signal has no relation to the message, and it is merely used as a cover to hide its existence. Watermarking has been around for several centuries, in the form of watermarks found initially in plain paper and subse(uently in paper bills. :owever, the field of digital watermarking was only developed during the last >5 years and it is now being used for many different applications.

'$'L(: #n (mpirical )orkloa"

o"el for Driving )i"e*#rea '+%,$%

Network Simulations #&stract

We present an artificial workload model of wide)area internetwork traffic. The model can be used to drive simulation experiments of communication protocols and flow and congestion control experiments. The model is based on analysis of wide)area T* 2/ traffic collected from one industrial and two academic networks. The artificial workload model uses both detailed knowledge and measured characteristics of the user application programs responsible for the traffic. Observations drawn from our measurements contradict some commonly held beliefs regarding wide)area T* 2/ network traffic. The simulation techni(ues presented here will be useful in studying congestion control, routing algorithms, and other resource management schemes, for existing and future networks.

-eywor"s:Wide)#rea ?etworks, #rtificial Workload 3odels, Trace #nalysis, !imulation,

T* 2/

/nternetworks

$ntro"uction
When simulating new congestion control, flow control, and adaptive routing algorithms one needs to model the overall pattern of traffic flowing through the network, from distribution of packet si"es and interarrival times, to characteristics such as distribution

of host reference patterns and direction of traffic flow. This paper presents an artificial workload model of widearea network traffic based upon application)level analysis of wide) area T* 2/ traces collected on two campus networks, the @niversity of !outhern *alifornia 8@!*9 and the @niversity of *alifornia at Berkeley 8@*B9, and one industrial research site, Bellcore.

'$'L(: .o&ust +orrelation of (ncrypte" #ttack 'raffic t!roug! Stepping Stones &y /low )atermarking #&stract
?etwork)based intruders seldom attack their victims directly from their own computer. Often, they stage their attacksthrough intermediate ,stepping stones- in order to conceal their identity and origin. To identify the source of the attack behind thestepping stone8s9, it is necessary to correlate the incoming and outgoing flows or connections of a stepping stone. To resist attempts atcorrelation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing)based correlation approaches have been shown to be (uite effective in correlating encrypted connections. :owever, timing)based correlation approaches are sub'ect to timingperturbations that may be deliberately introduced by the attacker at stepping stones. /n this paper, we propose a novel watermark based correlation scheme that is designed specifically to be robust against timing perturbations. @nlike most previous timing)basedcorrelation approaches, our watermark)based approach is ,active- in that it embeds a uni(ue watermark into the encrypted flows byslightly ad'usting the timing of selected packets. The uni(ue watermark that is embedded in the encrypted flow gives us a number ofadvantages over passive timing)based correlation in resisting timing perturbations by the attacker. /n contrast to the existing passivecorrelation approaches, our active watermark)based correlation does not make any limiting assumptions about the distribution orrandom process of the original interpacket timing of the packet flow. /n theory, our

watermark)based correlation can achieve arbitrarilyclose to >66 percent correlation true positive rate 8T 09, and arbitrarily close to 6 percent false positive rate 8A 09 at the same time forsufficiently long flows, despite arbitrarily large 8but bounded9 timing perturbations of any distribution by the attacker. Our paper is thefirst that identifies >9 accurate (uantitative tradeoffs between the achievable correlation effectiveness and the defining characteristicsof the timing perturbationB and C9 a provable upper bound on the number of packets needed to achieve a desired correlationeffectiveness, given the amount of timing perturbation. 4xperimental results show that our active watermark)based correlationperforms better and re(uires fewer packets than existing, passive timing)based correlation methods in the presence of random timingperturbations./ndex TermsD?etwork)level security and protection, intrusion tracing, correlation, stepping stone.

$N'.0D1+'$0N
?4TWO0E)B#!4& attacks have become a serious threat tothe critical information infrastructure on which wedepend. To stop or repel network)based attacks, it is critical to be able to identify the source of the attack. #ttackers,however, go to some lengths to conceal their identities andorigin, using a variety of countermeasures. #s an example,they may spoof the / source address of the attack traffic.3ethods of tracing spoofed traffic, generally known as/ traceback have been developed toaddress this countermeasure. #nother common and effective countermeasure used bynetwork)based intruders to hide their identity is to connectthrough a se(uence of intermediate hosts, or stepping stones,before attacking the final target. Aor example, an attacker athost # may telnet or !!: into host B, and from there,launch an attack on host *. /n effect, the incoming packetsof an attack connection from # to B are forwarded by B, andbecome outgoing packets of a connection from B to *. Thetwo connections or flows are related in such a case. Thevictim host * can use / traceback to determine the secondflow originated from host B, but traceback will not be ableto correlate this with the attack flow originating fromhost #. To trace attacks through a stepping stone, it isnecessary to correlate the incoming traffic with the outgoingtraffic at the stepping stone. This would allow the attack tobe traced back to host # in the example.The earliest work on connection correlation was based ontracking user+s login activities at different hosts.Later work relied on comparing the packet contents, orpayloads of the connections to be correlated. 3ostrecent work has focused on the timing characteristics, of

connections, in order to correlateencrypted connections 8i.e., traffic encrypted using / !4* or !!:. Timing)based correlation approaches, however, aresensitive to the use of countermeasures by the attacker, oradversary. /n particular, the attacker can perturb the timingcharacteristics of a connection by selectively or randomlyintroducing extra delays when forwarding packets at thestepping stones. This kind of timing perturbation willadversely affect the effectiveness of any timing)basedcorrelation. Timing perturbation can either make unrelatedflows have similar timing characteristics, or make relatedflows exhibit different timing characteristics.