Onion Routing The Onion Routing project was one of the earliest system to be used. It was mainly used for web traffic anonymization, also enabling users to anonymously connect with any TCP/IP server on the net. A SOCKS proxy server could be used to connect with onion proxy by the user by configuring Internet applications. The Onion proxy resembles a remailer system, wherein it creates a pathway via various Onion Routers located around the Internet. However, upon creation of the pathway, it makes possible sending of any data via this pathway in an anonymous fashion to the intended TCP/IP server.
Replies from TCP/IP server are received along this pathway at the Onion Proxy from where they reach the user’s application. The pathway is destroyed upon termination of application’s communication with server, resulting in the release of resources at the Routers. The original Onion Routing network later evolved into the modern-day Tor network from a proof of concept (Shen & Pearson, 2011). SSL and TLS The protection of web transactions became critical due to emergence of e-commerce in the late 1990s. SSL protocol also known as secure socket layered protocol was developed by Netscape.
In the later versions, it was also known as Transport Layer Security (TLS). SSL and TLS are the most popular PETs currently as they are supported by all major browsers and their working is hidden from users. End users do not have to provide special configuration for deriving benefits out of them. Web requests are automatically encrypted by Web browsers during communication with an SSL/TLS web server without any user intervention (Shen & Pearson, 2011). Tools for Anti-phishing Tools for anti-phishing help a user in determining whether the website is genuine or a phishing. These tools exist as a toolbar in the web browser that turns into different colours representing genuine, phishing, and unknown sites.
Account Guard of e-commerce site E-bay provides comparison between the URL being visited to good and bad web-sites in a central repository. Users can add sites to either lists that list maintainers verify before adding. Anti-Fraud Toolbar by Cloudmark, utilises ratings of user collectively to label sites as genuine or phishing. Similarly, Safe Browsing toolbar of Google uses google page ranking to distinguish good sites from phishing sites (Shen & Pearson, 2011).
Question (c) Node Capture Node capture is one of distinct attacks in WSN where the attacker assumes complete physical access of a sensor node to easily extract cryptographic data and acquires uncontrolled information access stored on captured node’s memory chip by using a reverse engineering process which can potentially damage the whole network. Main factors helping attackers in a such an attack are sharing of key by sensor nodes with adjacent nodes within WSN that helps in encrypting or decrypting data. Secondly, such an attack can greatly affect WPN structure or topology. Thirdly, such an attack is highly influenced by WSN density which has a similar impact on structure of network (young Kim et al, n. d.
). CountermeasuresTechniques of hiding the signals can be used to prevent node capture. SSID broadcasting could be cut off through wireless AP. SSIDs can be assigned cryptic names.
Lowering signal strength to minimum levels but providing just requisite coverage are some of the techniques. Using directional antennas or TEMPEST which is a signal emanation-shielding techniques for blocking wireless signal emanation are some of the costly techniques. Information confidentiality over wireless networks could be ensured through encryption and authentication of both device and user. Denial of Services (DoS) A Denial-of-Service attack (DoS) happens when a targeted AP is continually invaded by an attacker with false requests or false connection and failure messages or similar commands. DoS diminishes a network’s optimal performing capability through hardware and software malfunction leading to depletion of resource. Such attacks could jam communication systems. Other DoS attacks include MAC protocol violation leading to communication violation. Another such attack could be Extensible Authentication Protocol preventing genuine users from accessing the network leading to network crashes (young Kim et al, n.
d.)Countermeasures against Denial of Service Attacks: Due diligence and proper survey of sites could identify locations containing spurious signals from other devices. Further, surveys could help to decide wireless access point locations. Periodic audit of WSN activity and performance could identify areas of concern. Some popular countermeasures are priority message and using a spread spectrum. Another example is region mapping to prevent jamming.
Small frames and rate limitation could counter attacks such as collision and exhaustion. Attacks such as neglect and greed honing could be minimised by providing redundancy and probing encryption. Black hole attacks could be prevented by using authorization and monitoring. Sybil Attacks Such an attack is carried out by a malicious device which assumes multiple identities in an illegitimate manner. For example, false identities could be assumed by a malicious code which may impersonate legitimate nodes on the network.
Such an attack could affect various types of protocols. Prominent types of protocols that could be affected during such an attack are distributed storage and misbehaviour detection protocols. Such an attack could also adversely affect fair resource allocation including routing protocols. Data aggregation and voting could also be adversely affected. Such an attack by using a malicious code can assume multiple identities of the node and attack a routing protocol by directing various routing paths through a malicious node (young Kim et al, n. d.). Countermeasures against Sybil Attacks: Radio resource testing can counter such attacks.
Random key pre-distribution can be an effective counter measure as it validates each node’s identity to the keys that are assigned to it. Finally, node identity registration including position verification at a central base station that assigns a static topology to WSN can also serve as a countermeasure.