Overview And Technical Details Of Ransomware: Mitigation Recommendations And Research Papers

Packet numbers and encryption algorithms used in grading web application

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Part (d) Information from Packets

Information

Answer

Packet number from normal-student.pcap that contains the normal students’ password

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

26

Packet number from normal-student.pcap in which the server originally sends the cookie to the browser

28

Last 4 HEX digits of the id_hash in the cookie (give the value of the last 4 digits, not the packet number)

C8b2

Packet number from malicious-student.pcap that contains the normal students grade for coit20262.

111

Packet number from malicious-student.pcap in which the client originally sends the stolen cookie

109

Part (e)

Id_hash is calculated using different encryption algorithm using different random number such as encoding an integer into hash value. Keys can also be generated for the encryption and decryption of the hash_id. The algorithm that are generally used for the encryption are SHA 256, RSA, AES-256-CBC, etc. It finds its application in the generation of cookies and signature for maintaining the identity of the users.

Part (f)

The application of id_hash in the grading web application helps in encrypting the communication between the server and the user. If any third party user is intercepting the data packets the message cannot be deciphered by him without finding the appropriate algorithm and key used for encryption of the file.

Part (g)

Despite of the advantages id_hash also has several disadvantages that is it is prone to brute force and dictionary attacks. The cookies can be intercepted by the third party and used for controlling the data transmission. The anonymity of the user cannot be maintained and the algorithm used for encryption can be used by the hacker for decrypting the files.

Part (h)

The username and password can be intercepted by a third party hacker if it is sent in plain text. But if the password is encrypted to produce a hash value and sent to the server instead of the plain text it can improve the security but cannot eliminate the risk of cookie stealing attacks. When the password of a login system is sent by using hash the hash value becomes available to the third party and it can be used for maintaining the identity of the user and getting the access of files and information from the server. As a solution this problem is to create a two way verification that can be done with the application of public key/ SSL certificate.

Part (i)

The edit option of cookie is not direly available in chrome for editing a cookie different extensions are available and it should be downloaded from the chrome web store. The below screenshot is used for displaying the editing option used for the link chrome.google.com/webstore. The cookies have different fields such as value, domain, path, expiration, etc. It can be edited according to the needs for intercepting message and setting it according to the needs of the user. The cookie is sent to the web browser via the cookie header and after the expiration date the cookie is updated or gets deleted from the system automatically.

  • Cryptography

Concerns regarding id_hash encryption and decryption

Part (c)

In the case that the sender have utilized an irregular secret word of 12 upper or lowercase letters and encoded with the SHA256 calculation it would have expanded the risk in the security framework on the grounds that the programmer can apply the dictionary or brute force attacks for distinguishing the key and getting the decrypted cipher text from the encrypted message sent to the user. The word dictionary attack and reverse engineering can likewise be utilized for getting recognizable proof of secret key and getting the decrypted record.

Part (d)

The secret key is encrypted by the sender by the iv file was sent as a plain text without encrypting and this can cause security issues because hacker ca intercept the message and perform illegal activity. As a result of third party involvement the send can find error during decryption of the message or the message can be modified by the hacker. The programmer can anticipate the encryption procedure utilized for sending the message and it may be effectively unscrambled by getting the keys decrypted using the decryption program and accessing the public key of the sender.

  • Ransomware Research

Overview of Ransomware

With the growth of the internet different types of network threats have raised and he ransomware is one of the threats. It acts as a malware in the system that threatens the user to deny access or deleting the sensitive data in demand of ransom for restoring or giving access. The ransomware attack can arrive from different sources such as phishing emails that acts as a disguise for the user and appears to them as important update or file that needs to be downloaded into the system. The weak spot in the security are also exploited for getting the access of the system and a mathematical key is used hat is known to the attacker for unlocking the file. It can also occur from the remote device through the open ports and thus it is essential to block the open ports for prevention of the risk.  

Technical Details of Ransomware

The payloads arrives at the targeted computer for the execution of the sophisticated codes and lock the file for causing denial of access. The access of the file is not provided to the user until the specific condition is met and there are different technologies available that confirms that the payload downloaded in the system is not able to run the routines.

Overview of Ransomware and its technical details

There is no specific cryptography used for the ransomware, mathematical key is used along with malware for targeting the user. There are different ransomware such as wannacry, notpetya, locky, teslacypt and cryptolocker developed for attacking different types of files after exploitation of the vulnerabilities of a system. The ransomware is programmed to have a self-propagation for spreading to more number of computers.

Eternal blue is used for the exploitation of the vulnerability of the windows operating system and spreading to more number of computers. Arbitrary codes can be executed remotely through the remote desktop protocol and special data packets can be sent for performing different activity on the targeted machine. Reverse engineering and asymmetric key encryption is a part for obtaining ransoms.

Since Ransomware utilized distinctive blend of encryption calculation and the cost of decoding is high it is troublesome for an association to break the code and get entrance of the document. It involves a blend of different factors that are hard to be foreseen with a particular true objective to recoup the passageway of the mixed records.

Recommendations

For the mitigation of the risk of ransomware outbreak a multilayered security approach should be adopted by the organisations and it should be ensured that defensive practice is followed for eliminating the single point failure risk. The application of regular patch to the operating system, backing up of the essential data is not sufficient for mitigation of the risk of ransomware. The deployment of the overlapping, supportive defence system for guarding the single point of failure with the application of different technology can help in providing a secure framework against the ransomwares. The technologies include the installation of intrusion detection and intrusion prevention system, analysis of the vulnerability of website and implementation of malware protection, installation of web security gateway solution and regular update of the firewall. 

Alnaser, S.W. and Ochoa, L.F., 2015. Advanced network management systems: A risk-based AC OPF approach. IEEE Transactions on Power Systems, 30(1), pp.409-418.

Atkins, D. and Gunnells, P., 2015, July. Algebraic Eraser: A lightweight, efficient asymmetric key agreement protocol for use in no-power, low-power, and IoT devices. In NIST Lightweight Cryptography Workshop (Vol. 20).

Cabaj, K., Gregorczyk, M. and Mazurczyk, W., 2018. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering, 66, pp.353-368.

Cao, Y. and Bai, J., 2015, October. A passive attack against an asymmetric key Exchange Protocol. In Computer Science and Mechanical Automation (CSMA), 2015 International Conference on (pp. 45-48). IEEE.

Moore, C., 2016, August. Detecting ransomware with honeypot techniques. In Cybersecurity and Cyberforensics Conference (CCC), 2016 (pp. 77-81). IEEE.

Nieuwenhuizen, D., 2017. A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper.

Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.

Sgandurra, D., Muñoz-González, L., Mohsen, R. and Lupu, E.C., 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020.

Yassein, M.B., Aljawarneh, S., Qawasmeh, E., Mardini, W. and Khamayseh, Y., 2017, August. Comprehensive study of symmetric key and asymmetric key encryption algorithms. In Engineering and Technology (ICET), 2017 International Conference on (pp. 1-7). IEEE.

Zahra, A. and Shah, M.A., 2017, September. IoT based ransomware growth rate evaluation and detection using command and control blacklisting. In Automation and Computing (ICAC), 2017 23rd International Conference on(pp. 1-6). IEEE.