This thesis presents an under Windows 2000, & Windows XP proposed system that was designed to achieve on-line end-to-end encryption between Local Area Network (LAN) nodes. Preventing (or making things difficult) by this encryption any intruder from being connected to the network, and making eavesdropping useless, also if Trojans existed in any node of the network they would steal encrypted data. The proposed system provides some degree of authentication, since only the nodes that have the decrypting driver would be able to get the received data.The encrypting and decrypting entities were built as network intermediate and hook drivers that lie in between the Open System Interconnection (OSI) layers to intercept the data flow of Transmission Control Packets (TCP) packets. The encryption is done through a Network Driver Interface Specification (NDIS) intermediate driver, while the decryption takes place in an IP Filter Hook driver. Both drivers are applicable under Windows 2000, & Windows XP versions. The proposed system was tested under 4-node 100BaseTX Fast Ethernet during different cases:
First, complementing each byte of the data field caused a degradation of (5%-ll%).
Secondly circular rotation for each byte in the data field caused a degradation of (8%- 19%).
Thirdly, implementation of MARS encryption algorithm caused a degradation of (66%-73%). The system was also tested using parallel port interface operating in the Standard Parallel Port (SPP) mode and the degradation was (92%-94%). Also a hardware implementation of circular rotation by a 16-bit ISA card that was connected to one node while the other nodes perform the encryption/decryption process by software.
This implementation produced a degradation percentage of (88%-94%).
The above performance measures of the above cases were compared with the performance measures obtained during the implementation of IPSEC service supported by Microsoft in Windows 2000 and later versions, which caused a degradation of about only 25%. The IPSEC service implemented supports authentication, Triple Data Encryption Standard (3DES), and Secure Hash Algorithm (SHA).
Design and implementation of an on-line cryptography system for lans
number:
786
English
College:
department:
Degree:
Supervisor:
Dr. Imad H. Al-Hussaini
year:
2002
Abstract: