Deeksha Thesis

TOPIC: - Secure end user communication using Virtual private network veritable tool for
Private network
STUDENT NAME: - Deeksha Pandey
ROLL NO.:- 0306cs13mt03
GUIED NAME: - Anand Muni Mishra
6 KEYWORDS: - vpn, business , advantages, globally, topology, tunneling
ADHAR CARD NO: - 513934112125
PHONE NO: - 7869385960
1 Secure end user communication using Virtual private network veritable

tool for personal network
CONTENTS
Title Page No:
Contents 2
List of Figures 4
List of Tables 4
List of Graph 5
Abstract 6
1. Chapter 1:- Introduction

1.1 VPN 7
1.2 VPNs were are broken into 4 categories 8
1.3 VPN Topology 8
1.4 Types of VPNs 10
1.5 Components of the VPN 13
1.6 Productivity and Cost Benefit 17
1.7 VPNs Benefit a company in the following ways 17
1.8 Quality of Service (QOS)
19
1.9 The Future of VPN 20
1.10 Table 1. Companies with VPN 21
2. Chapter 2:- Literature survey
2.1 Literature Survey 22
3. Chapter 3:-Proposed Work

3.1 Introduction Mechanism 23
3.2 Objectives 23
3.3 Idea Behind It 24
3.4 Role/Work of VPN in Proposed Algorithm 24
3.5 Encryption Approach used 25
3.6 SYMMETRIC key Cryptography 25
3.7 Reasons for Use of Symmetric Approach for Encryption and Decryption 26

3.8 Proposed Network 27
3.9 Steps before Data Transfer 28

3.10 Procedure followed for First time data Transfer 28
3.11 Procedure Followed For Further Data Transfer 29
3.12 Steps for Key Generation 30
3.13 Steps for encryption 32
3.14 Brute force attack in Proposed Algorithm 35
3.15 Cryptanalysis on Key 35
4. Chapter 4:- Implementation

4.1 Comparison of Encryption Algorithms 36
4.2 Related Work Results 36
4.3 Simulation Procedure 39
4.4 Reasons for Supremacy over other algorithms 39
4.5 Strength of Key 40
4.6 Weak Points in the Proposed Algorithm 40
5. Chapter 5:- Result 42
6. Chapter 6:- Conclusion 45

6.1 Future Enhancement 45
Reference 46
Plagiarism Report 49

List of Figures
Title Page No.
Fig 1.1 Defined VPN 10

Fig 1.2 Remote Access VPNs 11
Fig 1.3 Intranet VPNs 12
Fig 1.4 Extranet VPNs 13
Fig 3.1 Working of VPN 25
Fig 3.2 Symmetric Key Cryptography 26
Fig 3.3 Proposed Work 27
Fig 3.4 Time Synchronization 27
Fig 3.5 Synchronization 28
Fig 3.6 Synchronization Data Transfer 1 28
Fig 3.7 Synchronization Data Transfer 2 29
Fig 3.8 Format of matrix in the proposed Algorithm 35

List of Tables
Title Page No.
Table 4.1 Comparative execution times (in seconds) of encryption algorithms on 37
a P-4 2.4 GHz machine
Table 4.2 Execution times (in seconds) of Proposed Algorithms (PA) on a quad machine 38
List of Graphs
Title Page No.

Graph 4.1 Encryption Performance 37
Graph 4.2 User Load vs Time in Second 38
Graph 4.3 Encryption performance of Proposed Algorithm (PA) on quad machine 39

ABSTRACT
In this thesis we tend to are implementing node to secure knowledge forwarding between server
shopper eventualities in personal Domain primarily based cloud infrastructure network. The
most purpose of implementing to share secure knowledge in encrypted kind in network is to
extend the safety of personal networks and its databases and to additionally give remotely
infrastructure less secure services globally. we've created a to share secure knowledge in
encrypted kind in network that is providing Secure Encrypted knowledge to the clients .for
implementing these services we've used JAVA primarily based Platform with IIS services
enabled. And enforced a non-public cloud server .For this method additionally we tend to needed
a JAVA cryptography Membership in server for a cloud service assessment for users and might
add on out native network. This cloud server can give a secure operating atmosphere for cloud
users, users has no got to upgrade their hardware peripherals and softwares, users will directly
access and utilize updated services from cloud server with may be softwares, and platform
remotely.,
After implementation of secure knowledge forwarding between server shopper eventualities in

personal Domain primarily based cloud infrastructure network we have found a strictly Secure
Encrypted information based network atmosphere that is safer than a standard network. And
additionally will increase dependableness of network users and knowledge.
CHAPTER 1
INTRODUCTION
1.1 VPN
Virtual. Virtual means not real or in a different state of being. In a VPN, private communication
between two or more devices is achieved through a public network the Internet. Therefore, the
communication is virtually but not physically there.
Private. Private means to keep something a secret from the general public. Although those two
devices are communicating with each other in a public environment, there is no third party who
can interrupt this communication or receive any data that is exchanged between them.

Network. A network consists of two or more devices that can freely and electronically
communicate with each other via cables and wire. A VPN is a network. It can transmit
information over long distances effectively and efficiently.
The term VPN has been associated in the past with such remote connectivity services as the
(PSTN), Public Switched Telephone Network but VPN networks have finally started to be linked
with IP-based data networking. Before IP based networking corporations had expended
considerable amounts of time and resources, to set up complex private networks, now commonly
called Intranets. These networks were installed using costly leased line services, Frame Relay,
and ATM to incorporate remote users. For the smaller sites and mobile workers on the remote
end, companies supplemented their networks with remote access servers or ISDN.
Small to medium-sized companies, who could not afford dedicated leased lines, used low-speed
switched services. As the Internet became more and more accessible and bandwidth capacities
grew, companies began to put their Intranets onto the web and create what are now known as
Extranets to link internal and external users. However, as cost-effective and quick-to-deploy as
the Internet is, there is one fundamental problem security. Todays VPN solutions overcome the
security factor using special tunneling protocols and complex encryption procedures, data
integrity and privacy is achieved, and the new connection produces what seems to be a dedicated
point-to point connection. And, because these operations occur over a public network, VPNs can
cost significantly less to implement than privately owned or leased services. Although early
VPNs required extensive expertise to implement, technology has matured to a level where
deployment can be a simple and affordable solution for businesses of all sizes.
Virtual simply put, a VPN, Virtual Private Network, is defined as a network that uses public
network paths but maintains the security and protection of private networks. For example, Delta
Company has two locations, one in Los Angeles, CA (A) and Las Vegas, Nevada (B). In order for
both locations to communicate efficiently, Delta Company has the choice to set up private lines
between the two locations. Although private lines would restrict public access and extend the use
of their bandwidth, it will cost Delta Company a great deal of money since they would have to
purchase the communication lines per mile. The more viable option is to implement a VPN.
Delta Company can hook their communication lines with a local ISP in both cities. The ISP

would act as a middleman, connecting the two locations. This would create an affordable small
area network for Delta Company.
1.2 VPNs were are broken into 4 categories-
1) Trusted VPN: A customer trusted the leased circuits of a service provider and used it to
communicate without interruption. Although it is trusted it is not secured.
2) Secure VPN: With security becoming more of an issue for users, encryption and
decryption was used on both ends to safeguard the information passed to and fro. This
ensured the security needed to satisfy corporations, customers, and providers.
3) Hybrid VPN: A mix of a secure and trusted VPN. A customer controls the secure parts of
the VPN while the provider, such as an ISP, guarantees the trusted aspect.
4) Provider-provisioned VPN: A VPN that is administered by a service provider.
1.3 VPN Topology

Next we will look at how a VPN works internally:
To begin using a VPN, an Internet connection is needed; the Internet connection can be leased
from an ISP and range from a dial up connection for home users to faster connections for
businesses. A specially designed router or switch is then connected to each Internet access
circuit to provide access from the origin networks to the VPN. The VPN devices create PVCs
(Permanent Virtual Circuit- a virtual circuit that resembles a leased line because it can be
dedicated to a single user) through tunnels allowing senders to encapsulate their data in IP
packets that hide the underlying routing and switching infrastructure of the Internet from both the
senders and receivers.
The VPN device at the sending facility takes the outgoing packet or frame and encapsulates it to
move through the VPN tunnel across the Internet to the receiving end. The process of moving
the packet using VPN is transparent to both the users, Internet Service Providers and the Internet
as a whole. When the packet arrives on the receiving end, another device will strip off the VPN
frame and deliver the original packet to the destination network.

VPNs operate at either layer 2 or layer 3 of the OSI model (Open Systems Interconnection).
Layer-2 VPN uses the layer 2 frame such as the Ethernet while layer-3 uses layer 3 packets such
as IP. Layer-3 VPN starts at layer 3, where it discards the incoming layer-2 frame and generates
a new layer-2 frame at the destination. Two of the most widely used protocols for creating layer-
2 VPNs over the Internet are: layer-2 tunneling protocol (L2TP) and point-to-point tunneling
protocol (PPTP). The newly emerged protocol, called Multiprotocol Label Switching (MPLS) is
used exclusively in layer-3 VPNs. See Figure 1
Fig 1.1 Defined VPN
1.4 Types of VPNs

There are currently three types of VPN in use: remote access VPN, intranet VPN, extranet VPN.
Remote access VPNs (see figure 2), enables mobile users to establish a connection to an
organization server by using the infrastructure provided by an ISP (Internet Services Provider).
Remote access VPN allows users to connect to their corporate intranets or extranets wherever or

whenever is needed. Users have access to all the resources on the organizations network as if
they are physically located in organization. The user connects to a local ISP that supports VPN
using plain old telephone services (POTS), integrated services digital network (ISDN), digital
subscriber line (DSL), etc. The VPN device at the ISP accepts the users login, then establishes
the tunnel to the VPN device at the organizations office and finally begins forwarding packets
over the Internet. Remote access VPN offers advantages such as:
Reduced capital costs associated with modem and terminal server equipment
Greater scalability and easy to add new users
Reduced long-distance telecommunications costs, nationwide toll-free 800 number is no
longer needed to connect to the organizations modems
Fig 1.2 Remote Access VPNs
Intranet VPNs, provides virtual circuits between organization offices over the Internet (see
figure 3). They are built using the Internet, service provider IP, Frame Relay, or ATM networks.
An IP WAN infrastructure uses IPSec or GRE to create secure traffic tunnels across the network.
Benefits of an intranet VPN include the following:

Reduced WAN bandwidth costs, efficient use of WAN bandwidth
Flexible topologies
Congestion avoidance with the use of bandwidth management traffic shaping
Fig 1.3 Intranet VPNs
The concept of setting up extranet VPNs is the same as intranet VPN. The only difference is the
users. Extranet VPN are built for users such as customers, suppliers, or different organizations
over the Internet. See Figure 4

Fig 1.4 Extranet VPNs
1.5 Components of the VPN

In order for a VPN to be beneficial a VPN platform needs to be reliable, manageable across the
enterprise and secure from intrusion. The VPN solution also needs to have Platform Scalability
the ability to adapt the VPN to meet increasing requirements ranging from small office
configuration to large enterprise implementations. A key decision the enterprise should make
before starting their implementation is to consider how the VPN will grow to meet the
requirement of the enterprise network and if VPN will be compatible with the legacy networks
already in place.
1. Security Companies need to keep their VPNs secure from tampering and unauthorized
users. Some examples of technologies that VPNs use are; IP Security (IPSec), Point-to-Point
Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol and Multiprotocol Label Switching
(MPLS) along with Data Encryption Standard (DES), and others to manage security. A
further description of these technologies is detailed next.
PPTP uses Point-to-Point Protocol (PPP) to provide remote access that can be tunneled
through the Internet to a desired site. Tunneling allows senders to encapsulate their data in IP
packets that hide the routing and switching infrastructure of the Internet from both senders
and receivers to ensure data security against unwanted viewers, or hackers. PPTP can also
handle Internet packet exchange (IPX) and network basic input/output system extended user
interface (NetBEUI).
PPTP is designed to run on the Network layer of the Open systems interconnection (OSI). It
uses a voluntary tunneling method, where connection is only established when the individual
user request to logon to the server. PPTP tunnels are transparent to the service provider and
there is no advance configuration required by the Network Access Server, this allows PPTP
to use multiple service providers without any explicit configuration. For example, the client
dials up to the ISP and makes a PPP session. Then, the client dials again to the same PPP
session, to contact with the destination remote access server (RAS). After contact is made
with the RAS, packets are then tunneled through the new connection and the client is now
connected to the corporate server virtually.
Layer Two Tunneling Protocol (L2TP) exists at the data link layer of the OSI model. L2TP is
a combination of the PPTP and Layer two Forwarding (L2F). (Layer two forwarding was
also designed for traffic tunneling from mobile users to their corporate server. L2F is able to
work with media such as frame relay or asynchronous transfer mode (ATM) because it does
not dependent on IP. L2F also uses PPP authentication methods for dial up users, and it also
allows a tunnel to support more than one connection.) L2TP uses a compulsory tunneling
method, where a tunnel is created without any action from the user, and without allowing the
user to choose a tunnel. A L2TP tunnel is dynamically established to a predetermined end-
point based on the Network Access Server (NAS) negotiation with a policy server and the
configured profile. L2TP also uses IPSec for computer-level encryption and data
authentication.

IPSec uses data encryption standard (DES) and other algorithms for encrypting data, public-
key cryptography to guarantee the identities of the two parties to avoid man-in-the-middle
attack, and digital certificates for validating public keys. IPSec is focused on Web
Applications, but it can be used with a variety of application-layer protocols. It sits between
IP at the network layer and TCP/UDP at the transport layer. Both parties negotiated the
encryption technique and the key before data is transferred. IPSec can operate in either
transport mode or tunnel mode.
In tunnel model, intruders can only see where the end points of the tunnel are, but not the
destinations of the packet and the sources. IPSec encrypts the whole packet and adds a new
IP packet that contains the encrypted packet. The new IP packet only identifies the
destinations encryption agent. When the IPSec packet arrives at the encryption agent, the
new encrypted packet is stripped and the original packet continues to its destination.
In Transport mode IPSec leaves the IP packet header unchanged and only encrypts the IP
payload to ease the transmission through the Internet. IPSec here adds an encapsulating
security payload at the start of the IP packet for security through the Internet. The payload
header provides the source and destination addresses and control information.
Multiprotocol Label Switching (MPLS) uses a label swapping forwarding structure. It is a

hybrid architecture which attempts to combine the use of network layer routing structures
and per-packet switching, and link-layer circuits and per-flow switching. MPLS operates by
making the inter-switch transport infrastructure visible to routing and it can also be operated
as a peer VPN model for switching a variety of link-layer and layer 2 switching
environments. When the packets enter the MPLS, it is assigned a local label and an
outbound interface based on the local forwarding decision. The forwarding decision is based
on the incoming label, where it determines the next interface and next hop label. The MPLS
uses a look up table to create end-to-end transmission pathway through the network for each
packet.

Packet authentication prevents data from being viewed, intercepted, or modified by
unauthorized users. Packet authentication applies header to the IP packet to ensure its
integrity. When the receiving end gets the packet, it needs to check for the header for
matching packet and to see if the packet has any error.
User authentication is used to determine authorized users and unauthorized users. It is

necessary to verify the identity of users that are trying to access resources from the enterprise
network before they are given the access. User authentication also determines the access
levels; data retrieved or viewed by the users, and grant permission to certain areas of the
resources from the enterprise.
2. Appliances intrusion detection firewalls
Firewalls monitors traffic crossing network parameter, and protect enterprises from
unauthorized access. The organization should design a network that has a firewall in place
on every network connection between the organization and the Internet. Two commonly
used types of firewalls are packet-level firewalls and application-level firewalls.
Packet-level firewall checks the source and destination address of every packet that is trying
to passes through the network. Packet-level firewall only lets the user in and out of the
organizations network only if the users have an acceptable packet with the correspondent
source and destination address. The packet is checked individually through their TCP port ID
and IP address, so that it knows where the packet is heading. Disadvantage of packet-level
firewall is that it does not check the packet contents, or why they are being transmitted, and
resources that are not disabled are available to all users.
Application-level firewall acts as a host computer between the organizations network and
the Internet. Users who want to access the organizations network must first log in to the
application-level firewall and only allow the information they are authorized for. Advantages
for using application-level firewall are: users access level control, and resources
authorization level. Only resources that are authorized are accessible. In contrast, the user
will have to remember extra set of passwords when they try to login through the Internet.

3. Management managing security policies, access allowances, and traffic management
VPNs need to be flexible to a companys management, some companies chooses to manage
all deployment and daily operation of their VPN, while others might choose to outsource it to
service providers. In our next section we will discuss how businesses might benefit from a
productive VPN and the cost benefits of implementing a VPN.
1.6 Productivity and Cost Benefit

In terms of productivity VPNs have come a long way. In the past, concerns over security and
manageability overshadowed the benefits of mobility. Smaller organizations had to consider the
additional time and cost associated with providing IT support to employees on the move. Larger
companies worried, with good cause, about the possibility that providing mobile workers with
remote network access would inadvertently provide hackers with a back door entry to
corporate information resources. But as end-user technologies like personal digital assistants
(PDAs) and cell phones have made mobility more compelling for employees, technology
advances on the networking side have helped address IT concerns as we saw in the previous
section. With these advancements in technology comes better productivity. VPNs have become
increasingly important because they enable companies to create economical, temporary, secure
communications channels across the public Internet so that mobile workers can connect to the
corporate LAN.
1.7 VPNs Benefit a company in the following ways
Extends Geographic Connectivity- a VPN connects remote workers to central resources,

making it easier to set up global operations.
Boosts Employee Productivity- A VPN solution enables telecommuters to boost their

productivity by 22% - 45% (Gallup Organization and Opinion Research) by eliminating
time-consuming commutes and by creating uninterrupted time for focused work.

Improves Internet Security An always-on broadband connection to the Internet makes a
network vulnerable to hacker attacks. Many VPN solutions include additional security
measures, such as firewalls and anti-virus checks to counteract the different types of network
security threats.
Scales Easily A VPN allows companies to utilize the remote access infrastructure within
ISPs. Therefore, companies are able to add a virtually unlimited amount of capacity without
adding significant infrastructure.
Even though VPNs are a cheaper way of having remote users connect to a companys
network over the Internet there are still costs associated with implementing the VPN. Some of
the typical costs include hardware, ISP subscription fees, network upgrading costs and end
user support costs. These costs arent standard they vary depending on many factors, some of
which include, size or corporation, number of remote users, type of network systems already
in place and Internet Service Provider source. When it comes to decision making time IT
managers or Executive officers should take these costs into consideration. Also these decision
makers must decide whether to develop their VPN solution in house or to outsource to a total
service provider. There are a few ways to approach this topic;
1. In House Implementation- companies decide that for their needs an in-house solution is all
they need. These companies would rather set up individual tunnels and devices one at a time
and once this is established the company can have their own IT staff take care of the
monitoring and upkeep.
2. Outsourced Implementation- companies can choose to outsource if they are large scaled or
lack the IT staff to fully implement an in house VPN. When a company outsources the
service provider usually designs the VPN and manages it on the companys behalf.
3. Middle Ground Implementation- Some companies would rather have a service provider
install the VPN but have their IT staff monitor the specifics such as tunnel traffic. This type
of implementation is a compromise between a company and the service provider.After
Implementation the company must make sure that it has adequate support for its end users.
Thats where quality of service comes in.
1.8 Quality of Service (QOS)
Users of a widely scattered VPN do not usually care about the network topology or the high level
of security/encryption or firewalls that handle their traffic. They dont care if the network
implementers have incorporated IPSec tunnels or GRE tunnels. What they care about is
something more fundamental, such as:
Acceptance levels for delays vary. While a user would be willing to put up with a few additional
seconds for a file transfer to complete, the same user would have less tolerance for similar delays
when accessing a database or when running voice over an IP data network.
QoS (Quality of Service) aims to ensure that your mission critical traffic has acceptable
performance. In the real world where bandwidth is limited and diverse applications from
videoconferencing to ERP database lookups must all strive for scarce resources, QoS becomes a
vital tool to ensure that all applications can coexist and function at acceptable levels of
performance.
Quality of Service (QOS) is a key component of any VPN service. In MPLS/BGP VPNs,
existing L3 QoS capabilities can be applied to labeled packets through the use of the
experimental bits in the header, or, where ATM is used as the backbone, through the use of
ATM QoS capabilities. The traffic engineering work discussed in is also directly applicable to
MPLS/BGP VPNs. Traffic engineering could even be used to establish LSPs with particular
QoS characteristics between particular pairs of sites, if that is desirable. Where an MPLS/BGP
VPN spans multiple SPs, the architecture described may be useful. An SP may apply either
intserv or diffserv capabilities to a particular VPN, as appropriate.

1.9 The Future of VPN
As more and more businesses demand a higher level of network access, the business is migrating
from a private network environment to a new model in which information is distributed
throughout the enterprise network. Thus, expanding their network in the near future and actually
seeing the benefits of using the Internet as the backbone to create Virtual Private Networks
(VPN). VPN is designed to meet the demands for information access in a secure, cost-effective
environment.
Multi-vendor interoperability for VPN is crucial in todays networking environment due to the
nature of business successes, the need to extend corporate networks to contractors and partners,
and the diverse equipment within company networks. The Microsoft Windows operating system
has integrated VPN technology that helps provide secure, low-cost remote access and branch
office connectivity over the internet.
The future is in integrated VPNs which depend on how VPNs industry will improve their unique
qualities that will enable consumers to communicate effectively with other consumers.
Therefore, a VPN creates a large, multi-site, company-wide data network which allows for every
device to be uniquely addressed from anywhere on the network. This means that central
resources can be accessed from any site in the organization or from any Internet-connected
location around the world. The technical problems involved in connecting hundreds of remote
sites to a central network are extensive. It often involves the purchase of very expensive high-
density backbone routers or the use of costly frame-relay services. These systems are seldom
easy to support and often require specialist skills. Also, it depends on the ability of intranets and
extranets to deliver on their promises. First of all VPN companies must consider to cost saving
for servicing of VPNs. Generally speaking the more the companies supply cheaper cost of
services, the more products or demands increase for them on the markets. Therefore, they will
earn high profit then spend a lot of money for developing much higher quality VPN. Here is a
diagram for U.S. companies with IP VPN.

1.10 Table 1. Companies with VPN
According to IDCs 2001 U.S. WAN manager survey as table 1, approximately fifty percents of
companies in U.S. have been adopted IP VPN in their companies. Demand for VPN has been
increasing even though economy is going down and especially IT business companies have not
succeeded at present. More then 20 percents of companies will plan to have IP VPN services in
the future so those in near future more than 70 percents of companies are going to use IP VPN
services. More companies will adopt IP VPN services and increasing more demand in the U.S.
Also many companies have been using IP VPN for remote access as LAN.
The companies for servicing VPN will consider meeting consumers demands that is voice over
IP and other VPN as VOIP VPN. Currently very a few companies have been using this VPN and
a few companies will plan to use it in the future. However, contrary to their demands, most
produces are standing on difficult situation for improving VOIP VPN because the voice is a kind
of special requirement of low latency and jitter. Most of people will continue to use voice
communication by telephone that is successfully improving with low costs.

CHAPTER 2
LITRATURE SURVEY
2.1 Literature survey
DES: Data Encryption Standard was the first encryption standard to be recommended by NIST
(National Institute of Standards and Technology). It is based on the IBM proposed algorithm
called Lucifer. DES became a standard in 1974. Since that time, many attacks and methods
recorded that exploit the weaknesses of DES, which made it an insecure block cipher [55].
3DES: As an enhancement of DES, the 3DES (Triple DES) encryption standard was proposed.
In this standard the encryption method is similar to the one in original DES but applied 3 times to
increase the encryption level. But it is a known fact that 3DES is slower than other block cipher
methods[55].
AES: Advanced Encryption Standard is the new encryption standard recommended by NIST to
replace DES. AES (Rijndael pronounced Rain Doll) algorithm was selected in 1997 after a
competition to select the best encryption standard. Brute force attack is the only effective attack
known against it, in which the attacker tries to test all the characters combinations to unlock the
encryption. Both AES and DES are block ciphers [55].
Blowfish: It is one of the most common public domain encryption algorithms provided by Bruce
Schneider one of the worlds leading cryptologists, and the president of Counterpane Systems, a
consulting firm specializing in cryptography and computer security. Blowfish is a variable length
key, 64-bit block cipher. The Blowfish algorithm was first introduced in 1993.This algorithm can
be optimized in hardware applications though its mostly used in software applications. Though
it suffers from weak keys problem.

CHAPTER 3
PROPOSED WORK
3.1 Introduction Mechanism
Almost all modern networking nodes have two timing phenomena viz. Counters and System
Clock. While communicating over the network, the counter is used where as the clock is kept
independent and confined to user applications. Both shows a relationship which can be derived
using a simple mathematical function. But, knowing the counter value one cannot derive the
clock value. Further, when two systems synchronize there system clocks they get to know the
difference between the time differences they have. Now this time difference value shared by
them would serve as the input to the key generation function.
This algorithm is especially developed for the Private and small networks ensuring the security
of the valuable information of the Organizations. It is Platform independent and occupies a very
less space. Implementation of this algorithm is done in java. I am developing a system which
ensures the secure data transfer in Private Network with the help of an efficient Encryption
mechanism which is not ever implemented and does not use the concept of the key sharing for
communication because in key sharing mechanism the intruder will trace the key and decrypt the
cipher text.
3.2 Objectives:-
Maintain open access as a whole-of-institution
Threat from within = threat from without
Minimal centralized common security
Via Point to Protocol
VPN covers IT security issues & network connectivity issues

Local security management and protection of areas intellectual property.
Maintenance of network service levels to all users
Best value and most flexible service for whole of organization
3.3 Idea Behind It:-

The two main characteristics that identify and differentiate one encryption algorithm from
another are its ability to secure the protected data against attacks and its speed and efficiency
in doing so. This thesis work provides a performance comparison between four of the most
common encryption algorithms: DES, 3DES, Blowfish and AES [55]. The comparison has
been conducted by running several encryption settings to process different sizes of data
blocks to evaluate the algorithms encryption/decryption speed.
3.4 Role/Work of VPN in Proposed Algorithm:-
The Primary objective of incorporating the VPN with the Proposed Algorithm is to secure the
key Transmission. Since we know that the VPN will transfer the data in the encrypted and secure
form so we uses this facility of VPN in the transfer of key contents like the system clock time of
the sender and the receiver. So this helps us to increase the security aspect.
It helps us to broaden the scope of our algorithm. With a VPN, we use public network
infrastructure including the Internet to make these connections and tap into that virtual network
through much cheaper local leased lines or even just broadband connections to a nearby Internet
Service Provider (ISP).
If this algorithm have to be implemented on the large scale then the cost involved in cabling
and maintaining servers is too less. With VPNs, the cost of maintaining servers tends to be less
than other approaches because organizations can outsource the needed support from professional
third-party service providers.

For an organization looking to provide a secured network infrastructure for its client base, a
VPN offers two main advantages over alternative technologies: cost savings, and network
scalability. To the clients accessing these networks, VPNs also bring some benefits of ease of
use.
Through VPN, we lessen the need for long-distance telephone charges for remote access.
Recall that to provide remote access service, VPN clients need only call into the nearest service
providers access point. In some cases this may require a long distance call, but in many cases a
local call will suffice.
It provides the option of connecting your VPN to the Internet. This access can be placed in
front of a firewall reducing the points of interconnect between your network and the Internet.
Fig 3.1 Working of VPN
3.5 Encryption Approach used:-
3.6 SYMMETRIC key Cryptography

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related,
often identical, cryptographic keys for both decryption and encryption. An encryption system in
which the sender and receiver of a message share a single, common key that is used to encrypt
and decrypt the message. Contrast this with public-key cryptology, which utilizes two keys a
public key to encrypt messages and a private key to decrypt them. The encryption key is trivially
related to the decryption key, in that they may be identical or there is a simple transform to go
between the two keys. The keys, in practice, represent a shared secret between two or more
parties that can be used to maintain a private information link.
Fig. 3.2 Symmetric Key Cryptography
Other terms for symmetric-key encryption are secret-key, single-key, shared-key, and one-key.
Symmetric-key systems are simpler and faster. Symmetric-key cryptography is sometimes called
secret-key cryptography.
3.7 Reasons for Use of Symmetric Approach for Encryption and Decryption:-
The encryption process is simple.

Each trading partner can use the same encryption algorithm no need to develop and exchange
secret algorithms.
Security is dependent on the length of the key.
High rates of data throughput.
Keys for symmetric-key ciphers are relatively short.
Symmetric-key ciphers can be used as primitives to construct various cryptographic

mechanisms.
Symmetric-key ciphers can be composed to produce stronger ciphers
Symmetric-key encryption is perceived to have an extensive history.
3.8 Proposed Network
Fig. 3.3 Proposed Network

C1(Clock Time)
Client
Server
C2(Clock Time)
Fig. 3.4 Time Synchronization
3.9 Steps before Data Transfer
Fig. 3.5 Synchronization
1. Firstly, the client sends a Synchronization request to the server for Communication.
2. After verifying the acknowledgement time client sends the link stable signal to the server
indicating that it is ready for the data transfer.
3. In turn the server also send link stable acknowledgement to indicate that it is also ready for
data transfer.
3.10 Procedure followed for First time data Transfer:-

Fig.3.6 Synchronization Data Transfer 1
1. Firstly the client sends their system clock time (C1) to the Server.
2. The Server calculates the time required to transfer the message from client to server (T1) i.e.
propagation delay and reserves this time for the future use.
3. Then the Server sends its clock (C2) and (T1) to the client.
4. Client calculates the message transfer time from Server to Client (T2) and send it to server
and saves it for use in Encryption Process.
5. After knowing the C1, C2, T1, T2 client Encrypts the message by thehelp of key f(X)
=C1+C2+T1+T2 and send to the server.
6. In the Server Side since all the required values are already known, as a result the message is
decrypted and converted to plaintext.
3.11 Procedure Followed For Further Data Transfer

Fig.3.7 Synchronization Data Transfer 2
1. Firstly the client encrypts the Message with f(x) =C1+C2+T1+T2 and sends this message
to the client.
2. The Server calculates the time required to transfer the message from client to server (T1)
i.e. propagation delay and reserves this time for the future use.
3. Server now have a knowledge of all the required things for decrypting the message i.e.
C2, C1=C2-T1, T1, T2 now the client will Decrypts the message by the key f(x)
=C1+C2+T1+T2 and get the Plaintext message.
4. If the Client wants to send more messages then are replies to the server otherwise it will
disconnect the link.
3.12 Steps for Key Generation:-
1. Construct a Encoded matrix (3*3) and fill that matrix with

C1, C2, T1 and T2 in the following manner:-

Where,
a. C2 = System clock time of server computer

b. C1 = System clock time of client computer
c. T2 = Time take to transfer a message from server to client.
d. T1 = Time taken to transfer a message from client to server.
2. Calculate F(X) = C1 + C2 + T1 + T2
3. Multiply the F(X) with the Encoded matrix.
4. Now concatenate the values of F(X) and matrix contents in the

following way to generate the key for encryption.
5. Key (F1(x))= F(X) * C1 + F(X) * C2 + F(X) * T1 + F(X) * T2 + F(X) * C1+ F(X)
* C2+F(X) * T1+ F(X) * T2+ F(X) *1. (42 bit key in binary of one entry of
matrix).
6. Take back the Encoded matrix and find the inverse it

Matrix (M1)={(Encoded Matrix) -1
7. Take the M1 matrix and find the transpose it
Matrix (M2)={(Encoded Matrix) T
8. The above matrix M2 now be multiplied with the F1(x) resulting in the
generation of Final key Matrix
9. KM=F1(x)*M2
3.13 STEPS FOR ENCRYPTION:-
1. First of all the user inputs the message. Let the message be
Era of Network Security
2. Now the message is placed in a matrix

3. After the assignment of message into matrix. We change the message to its ASCII and
EBCDIC code format and the spaces between the messages is also replaced by these integer
values between 0-256.The blank values or unfilled vales of matrix is replaced by the 32 because
it is ASCII of space. Converted matrix is shown below:-
4. Find inverse of the message matrix
[Message Matrix](inverse)
5. Now take the transpose of the inverse message matrix. This step is done to enhance the
security of data from the unauthorized person.
{[message matrix](inverse)transpose}
6. Multiply KEY MATRIX (KM) (Key matrix is calculate in above ) with the message matrix
i.e.
< KM > * [message matrix]= [Encrypt1]3*3
7. XOR each of the content of message matrix with or KM
< K | KM > + [Encrypt1] = [Encrypt2]3*3
Example:-
My Name For Encryption
1. Our algorithm will pad ((Blank space Characters:= ) to complete 3*3
matrix

2) After the assignment of message into matrix. We change the message to its ASCII and
EBCDIC code format and the spaces between the messages is also replaced by these integer
values between 0-256.The blank values or unfilled vales of matrix is replaced by the 32 because
it is ASCII of space. Converted matrix is shown below:-
3) We will take inverse of this matrix
4] We will take transpose of the inverse matrix.
5] All value will calculate automatically to generate Key Matrix.
6) The values in Key Matrix

7) Multiplication of Key Matrix and Msg matrix
3.14 Brute force attack in Proposed Algorithm

In this proposed algorithm the attacker have to break the key in around 2 13 combinations at least,
so it is not feasible for the attacker to break this algorithm in less amount of time because the
power of 2 is the 13 digits number. Even if a cipher is unbreakable by exploiting structural
weaknesses in the algorithm, it is possible to run through the entire space of keys in which is a
brute force attack. Since longer keys require more work to brute force search, a long enough key
will require more work than is feasible. Thus, length of the key of this algorithm is important in
resisting this type of attack.
With a key of length n bits, there are 2 n possible keys. This number grows extremely rapidly as n
increases. Moores law suggests that computing power doubles roughly every 18 months, but
even this doubling effect leaves the key lengths currently considered acceptable well out of
reach. The large number of operations (213) required to try all possible 13digits keys will be out
of reach for all of humankinds conventional computing power for the foreseeable future.
3.15 Cryptanalysis on Key
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information,
without access to the secret information which is normally required to do so. Typically, this
involves finding a secret key. In non-technical language, this is the practice of code breaking or
cracking the code, although these phrases also have a specialized technical meaning.
Fig 3.8 Format of matrix in the proposed Algorithm
In the Proposed algorithm every block of the matrix contains a set of 13 digits cipher text at
least, so to determine a single character in the cipher the intruder has to apply a lot of effort.
CHAPTER 4
IMPLEMENTATION

4.1 Comparison of Encryption Algorithms:-
This section intends to give the readers the necessary background to understand the key
differences between the compared algorithms.
DES: Many attacks and methods recorded that exploit the weaknesses of DES, which made it an
insecure block cipher.
3DES: As an enhancement of DES, the 3DES (Triple DES) encryption standard was proposed.
But it is a known fact that 3DES is slower than other block cipher methods.
AES: Advanced Encryption Standard is the new encryption standard recommended by NIST to
replace DES. AES algorithm Brute force attack is the only effective attack known against it, in
which the attacker tries to test all the characters combinations to unlock the encryption.
Blowfish: It is one of the most common public domain encryption algorithms Blowfish is a
variable length key, 64-bit block cipher. This algorithm can be optimized in hardware
applications though its mostly used in software applications. Though it suffers from weak keys
problem.
4.2 Related Work Results:-
The popular secret key algorithms including DES, 3DES, AES, Blowfish have been simulated on
machines: P-4 2.4 GHz using crypto++ simulator and the results obtained from this simulator has
been incorporated. These results have been compared with our Proposed Algorithm and
simulation program both developed in java , and run on the same machine i.e. P-4 2.4 GHz. The
comparison has been summarized in the table 4.1.
Input SizeDES 3DES AES BF PROPOSED

(bytes)
ALGORITHM

20,527 2 7 4 2 7
36,002 4 13 6 3 12
45,911 5 17 8 4 16
59,852 7 23 11 6 22
69,545 9 26 13 7 26
137,325 17 51 26 14 48
Table 4.1 Comparative execution times (in seconds) of encryption algorithms on a P-4 2.4
GHz machine
Graph 4.1: Encryption Performance

Graph 4.2: User Load vs Time in Second
From the graph 4.1, 4.2 and table 4.1 it is easy to observe that Proposed Algorithm has an
advantage over 3DES in terms of throughput. The results showed that Proposed Algorithm has
a very good performance compared to 3DES algorithms.
Input Size (bytes) PA
20,527 0
36,002 2
45,911 3
59,852 6
69,545 8
137,325 20
Average Time 6.5

Table 4.2 Execution times (in seconds) of Proposed Algorithms (PA) on a quad machine
Graph 4.3 Encryption performance of Proposed Algorithm (PA) on quad machine

From the graph 4.3 and table 4.2 it is easy to observe that Proposed Algorithm has very
efficient on high configuration machine. The results showed that Proposed Algorithm has a
very good performance on quad machine.
4.3 Simulation Procedure:-
By considering different sizes of data blocks (20KB to 140KB) the algorithms were evaluated in
terms of the time required to encrypt and decrypt the data block. The entire algorithms were
exact to make sure that the results will be relatively fair and accurate.
4.4 Reasons for Supremacy over other algorithms:-
1. This Algorithm is much smaller than the other algorithms and easy to understand and
implement.
2. This is designed in the Platform Independent language Java which makes it flexible to run in
almost every operating system.
3. It does not contain complex structure, control flow is well defined and looping structure is
minimized. Due to the following facts it takes very less time for execution.
4. The message is encrypted in the form of different matrices of small sizes, so if one matrix is
corrupted then that corrupted matrix will be retransmitted we do not have to transfer the whole
message.
5. Proposed Algorithm generating a key matrix in place of single key, so we can that it is more
powerful and secures then the other algorithm.
4.5 Strength of Key:-
In order to break the key around 213 combinations are required. So it is not feasible for the
attacker to break this algorithm in less amount of time. Even if a cipher is unbreakable by
exploiting structural weaknesses in the algorithm. Since longer keys require more work to brute
force search, a long enough key will require more work than is feasible.

The contents of the key are shared not the whole key so this will make the key secure.
The system clock is transferred through VPN as a result the transmission is very secure and
difficult for intruder to get access it.
4.6 Weak Points in the Proposed Algorithm:-
1. This is implemented for the small network and it is to be expanded for large business
organization to enhance the security of the data transfer process.
2. More number of users cannot simultaneously access the data transfer permission from the
server.
3. Key must remain secret at both ends and should not leak.
4. Digital signature mechanisms are not effectively used in this kind of approach.
5. The mechanism is not there to check the identity of the sender or to employ authentication.
6. The key length is not sufficient because the attacker uses different tools for cryptanalysis now-
a-days
.7. Due to the unavailability of the data structure in language we cant store the whole 1764 bit
key. But we can use it as 13 digits at least on one position of matrix.

CHAPTER 5
RESULT

Client Side Forms

Result Comparison
Existing system Graph

6
5
4
3
2
1
0
Updated system Graph
105
100
95
90
85
80
75
Total number of nodes packet succes rate Result
Above mentioned both graph are the comparison result graphs which shows our proposed system
is better than the existing system

CHAPTER 6
CONCLUSION
I have developed an algorithm which ensures the secure data transfer in VPN with the help of an
efficient Encryption mechanism which is not ever implemented and does not use the concept of
the key sharing for communication because in key sharing mechanism the intruder will trace the
key and decrypt the cipher text. I have studied various Encryption Algorithms and on the basis of
which I can say that our algorithm is surely an efficient among that algorithms. It includes the
effective use of matrix operation in the generation of cipher text. I have made software too for
the implementation of the encryption algorithm and this innovative algorithm is really superior to
the existing algorithms.
6.1 Future Enhancement:-
1) I will have to implement this approach in the large business organization to enhance the
security of the data transfer process.
2) More number of users can simultaneously access the data transfer permission from the server.

3) More user friendly software is to be made for encryption and decryption process.
4) Designing the algorithm in such a way that it will take lesser time for data transfer.
5) Implementing the algorithm in VPN so its scope is not limited to limited number of computers
References
[1] A planning framework far implementing VPNs Yurcik, W.; Doss, D. IT Professional , IEEE -
Volume: 3 Issue: 3 , May-June 2001 Page(s): 41 44
[2] B. Hancock. IEEE conference VPNs: What, Why, When, Where and How. Network
Security, August 1997.
[3] W. Simpson. RFC1853: IEEE - IP in IP Tunneling. Technical report, Network Working
Group, 1998. ds.internic.net/rfc/rfc1853.txt.
[4] VPNs Venkateswaran, R. IEEE Potentials , Volume: 20 Issue: 1 , Feb-March 2001 Page(s):
11 -15 [5] Support for resource-assured and dynamic VPNs Issacs, R.; Lesile, I. Selected Areas
in Communications, IEEE Journal on , Volume: 19 Issue: 3 , March 2001 Page(s): 460 -472
[6] Management of quality of service enabled VPNs Braun, T.; Guenter, M.; Khalil, I. IEEE
Communications Magazine , Volume: 39 Issue: 5 , May 2001 Page(s): 90 98

[7] On the cost of VPNs Cohen, R.; Kaempfer, G. Networking, IEEE/ACM Transactions on ,
Volume: 8 Issue: 6 , Dec. 2000 Page(s): 775 784
[8] Research on tunneling techniques in VPNs Zhao Aqun; Yuan Yuan; Ji Yi; Gu Guanqun
Communication Technology Proceedings, 2000. WCC - ICCT 2000. International Conference on
, Volume: 1 , 2000 Page(s): 691 -697 vol.1
[9] Performance evaluation of software VPNs (VPN) Pena, C.J.C.; Evans, J. Local Computer
Networks, 2000. LCN 2000. Proceedings. 25th Annual IEEE Conference on , 2000 Page(s): 522
523
[10] Virtual enterprise networks: the next generation of secure enterprise networking Caronni,
G.; Kumar, S.; Schuba, C.; Scott, G. Computer Security Applications, 2000.ACSAC '00. 16th
Annual Conference , 2000 Page(s): 42 51
[11] Lightweight, dynamic and programmable VPNs Isaacs, R. Open Architectures and Network
Programming, 2000. Proceedings. OPENARCH 2000. 2000 IEEE Third Conference
on , 2000 Page(s): 3 12
[12] An architecture for managing QoS-enabled VPNs over the Internet Gunter, M.; Braun,
T.; Khalil, I. Local Computer Networks, 1999. LCN '99. Conference on , 1999 Page(s): 122
131
[13] Bandwidth efficiency in Internet AVPNs Pazos, C.M.D.; Gerla, M. Global
Telecommunications Conference, 1997. GLOBECOM '97., IEEE , Volume: 3 , 1997 Page(s):
1461 -1465 vol.3

[14] An inter-domain VPN management service Lewis, D.; Bjerring, L.H.; Thorarensen, I.H.
Network Operations and Management Symposium, 1996., IEEE , 1996 Page(s): 115 -123 vol.1
[15] L.-D. Chou and M. Yuan Hong, Design and Implementation of Two level VPN Service
Provisioning Systems over MPLS Networks, Proceedings of the 7th IEEE International
Symposium on Computer Networks (ISCN06), (2006), pp. 42-48.
[16] Y.-H. Kang and J.-H. Lee, The Implementation of the Premium Services for MPLS IP
VPNs, Proceedings of the 7th International Conference on Advanced Communication
Technology ICACT, (2005), pp. 1107-1110.
[17] M. Ahmad Khan, Quantitative Analysis of Mutiprotocol Label Switching (MPLS) in
VPNs, Proceedings of the IEEE Students Conference, ISCON'02, (2002), pp. 56-65.
[18] C. Metz, Multiprotocol Label Switching and IP: Multicast VPNs, IEEE Internet
Computing, (2006), pp.76-81.
[19] Y. Guofu, A Monitoring Netwok on Highways Based MPLS VPN and Study of its QoS
Mechanism, Proceedings of the International Conference on Networking and Digital Society,
China, (2010), pp. 278-281.
[20] R. Ren, D.-G. Feng and K. Ma, A Detailed Implement and Analysis of MPLS VPN Based
on IPSec, Proceedings of the 3rd International Conference on Machine Learning and
Cybernetics, Shanghai, (2004), pp. 2779-2783.

[21] N. Abu Ali, H. Mouftah and S. Gazor, A Distributed Bandwidth-Guaranteed Routing
Algorithm for Point to Multipoint VPLS Virtual Connections, Proceedings of the IEEE
international Conference, (2005), pp. 1561-1565.
[22] M. EL Hachimi, M.-A. Breton and M. Bennani, Efficient QoS implementation for MPLS
VPN, 22nd International Conference on Advanced Information and Networking and
Applications, (2008), pp. 259-263.
[23] H. Lee, J. Hwang, B. Kang and K. Jun, End to End QoS Architecture for VPNs: MPLS
VPN Deployment in a Backbone Network, Proceedings of the International workshop on
Parallel Processing, (2000), pp. 479- 483.
[24] F. Palmieri, VPN Scalability over High Performance Backbones Evaluating MPLS VPN
against Traditional Approaches, Proceedings of the 8th International Symposium on Computers
and Communication (ISCC03), (2003), pp. 975-981.
[25] L. He and P. Botham, Pure MPLS Technology, Third International Conference on
Availability, Reliability and Security, (2008), pp. 253-259.
[26] S. Alouneh, A. En-Nouaary and A. Agarwal, Securing MPLS Network with Multi-path
Routing, Fourth International Conference on Information Technology, (2007), pp. 809-814.

Plagiarism Report


Deeksha Thesis

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Deeksha Thesis

Hochgeladen von

Copyright:

Verfügbare Formate

TOPIC: - Secure end user communication using Virtual private network veritable tool for

STUDENT NAME: - Deeksha Pandey

ROLL NO.:- 0306cs13mt03

GUIED NAME: - Anand Muni Mishra

6 KEYWORDS: - vpn, business , advantages, globally, topology, tunneling

ADHAR CARD NO: - 513934112125

PHONE NO: - 7869385960

1 Secure end user communication using Virtual private network veritable

1. Chapter 1:- Introduction

2.1 Literature Survey 22

3. Chapter 3:-Proposed Work

2 Secure end user communication using Virtual private network veritable

3.9 Steps before Data Transfer 28

4. Chapter 4:- Implementation

4.2 Related Work Results 36

4.3 Simulation Procedure 39

4.4 Reasons for Supremacy over other algorithms 39

4.5 Strength of Key 40

4.6 Weak Points in the Proposed Algorithm 40

5. Chapter 5:- Result 42

6. Chapter 6:- Conclusion 45

3 Secure end user communication using Virtual private network veritable

Title Page No.

Fig 1.1 Defined VPN 10

4 Secure end user communication using Virtual private network veritable

Title Page No.

Table 4.1 Comparative execution times (in seconds) of encryption algorithms on 37

a P-4 2.4 GHz machine

Title Page No.

Graph 4.2 User Load vs Time in Second 38

Graph 4.3 Encryption performance of Proposed Algorithm (PA) on quad machine 39

5 Secure end user communication using Virtual private network veritable

After implementation of secure knowledge forwarding between server shopper eventualities in

7 Secure end user communication using Virtual private network veritable

8 Secure end user communication using Virtual private network veritable

1.2 VPNs were are broken into 4 categories-

1.3 VPN Topology

9 Secure end user communication using Virtual private network veritable

Fig 1.1 Defined VPN

1.4 Types of VPNs

10 Secure end user communication using Virtual private network veritable

Fig 1.2 Remote Access VPNs

Benefits of an intranet VPN include the following:

Fig 1.3 Intranet VPNs

12 Secure end user communication using Virtual private network veritable

1.5 Components of the VPN

14 Secure end user communication using Virtual private network veritable

Multiprotocol Label Switching (MPLS) uses a label swapping forwarding structure. It is a

15 Secure end user communication using Virtual private network veritable

User authentication is used to determine authorized users and unauthorized users. It is

2. Appliances intrusion detection firewalls

16 Secure end user communication using Virtual private network veritable

1.6 Productivity and Cost Benefit

1.7 VPNs Benefit a company in the following ways

Extends Geographic Connectivity- a VPN connects remote workers to central resources,

Boosts Employee Productivity- A VPN solution enables telecommuters to boost their

17 Secure end user communication using Virtual private network veritable

19 Secure end user communication using Virtual private network veritable

20 Secure end user communication using Virtual private network veritable

21 Secure end user communication using Virtual private network veritable

2.1 Literature survey

22 Secure end user communication using Virtual private network veritable

3.1 Introduction Mechanism

Maintain open access as a whole-of-institution