Corporate Intranet Security: Packet-Level Protocols for Preventing Leakage of Sensitive Information and Assuring Authorized Network Traffic

Securing large corporate communication networks has become an increasingly difficult task. Sensitive information routinely leaves the company network boundaries and falls into the hands of unauthorized users. New techniques are required in order to classify packets based on user identity in addition to the traditional source and destination host addresses. This paper introduces Gaussian cryptographic techniques and protocols to assist network administrators in the complex task of identifying the originators of data packets on a network and more easily policing their behavior. The paper provides numerical examples that illustrate certain basic ideas.


Introduction
Modern Internet Protocol (IP) networks deployed within large organizations face a multitude of threats, both from within the network borders and from the Internet.Network administrators are inundated with new network security compliance challenges that are mandated by myriad government agencies and industry groups.Security breaches such as data leakage and industrial espionage often originate within the corporate firewall and are therefore difficult to detect.A new system of authentication is needed to enable the network as a whole, along with its administrators, to identify the users, who are generating packets traversing the network.By tagging all IP packets on the corporate local-area network (LAN) with identity information, network devices and administrators can monitor, audit and shape the flow of data using familiar user identities instead of the traditional IP quintuple.
Remark 1: Large corporate networks are made up of multiple local-area networks (LANs) connected together via a wide-area network (WAN).Packets are tagged within each individual LAN and the tag is verified by devices within both the LAN and WAN.

Related Work
Packet marking has been used to solve a broad array of problems in the networking space.Quality of Service (QoS) is accomplished in many networks by tagging IP packets with a TOS or DSCP [1] value to indicate service discrimination on the network.By augmenting each IP packet with an additional header, the IPSEC authentication header [2] provides end-to-end packet integrity, authentication and replay protection.The Microsoft CHOICE network [3] was designed to secure wireless Internet access in public places.Their research leveraged packet marking to tag packets with a user identifying cryptographic token.As traffic passes through a central server, the token is examined and used to verify user identity and enforce access control.It is widely accepted that distributed denial-of-service attacks can be mitigated with an efficient mechanism to discover and throttle the source of the attacking packets.Packet marking has been employed as a possible solution to this problem [4-6], these schemes in particular utilize unused or underutilized bits in the IP header to facilitate the traceback algorithm.In order to secure modern military networks, [7] introduces a scheme, which marks IPv6 packets with an extension header containing an elliptic curve digital signature.Hardware contained within all network nodes validates the public-key based signature for authenticity before accepting a packet.In order to facilitate resource access control at the network edge, [8] explores the use of packet marking for authenticating traffic between end users and ISP edge routers.The use of this technique facilitates the secure transmission of real-time data along with securing access to subscription-based content.A proposed vendor-neutral firewall authentication and iden-tity-based packet filter scheme based on packet marking is discussed in [9].This scheme introduces identity carrying IPv4 option headers to inform mid-stream firewalls of user identity in order to enhance the standard quintuple-based firewall packet filters.Packet marking is employed to realize path pinning in packet-switched networks [10].Path pinning allows IP networks to behave in a manner similar to traditional circuit-switched networks.In this paper, we explore using packet marking for endpoint-to-network security.In other words, we wish to make the network as a whole aware of user identities in addition to host identities by marking each packet with authentication information.As a result, this information can be interpreted and acted upon by network devices during packet routing.

Protocol Description
The goal of the Corporate Intranet Security (CIS) protocol is to insert into each packet an additional header which securely identifies the user responsible for its origination.Special devices on the network can interpret this header and determine the originating user and the authenticity of the packet.These devices can additionally enforce policies (such as packet prioritization and/or auditing) based on the detected identities.A single trusted entity is responsible for all identities existing on the network and has the ability to share this information with the appropriate security devices.Figure 1 illustrates such a network.An analogous scheme introduced in [7] relies on public-key cryptography and specialized hardware installed on all network nodes.Our scheme proposes symmetric encryption in order to eliminate the need for dedicated cryptographic coprocessors.

Major Participants and Components
Network Users: Each network user is identified by the appropriate subscript index 1, 2, , j n   .Every user has an associated user name j u (such as 1 u = Alice and 2 u = Bob), password j  and randomly assigned temporary user identifier (uid) j w .

Corporate Traffic Controller (CTC):
CTCs can be any network device that has the requisite processing power to validate user identities on a per-packet basis.Additionally, CTCs can influence the flow of traffic within the network (i.e.firewalls, routers, packet shapers, etc).Similar to network users, CTCs are identified by a subscript index t h 1, 2, , ( h ) along with an associated username and password .

t t
Trusted Authority (TA): TAs are responsible for the authentication of users on the network and the generation of the associated cryptographic keys.They are also responsible for sharing identity information with the appropriate CTCs.For redundancy purposes, there may be multiple TAs.However for the sake of simplicity, we consider only one.
Authentication Key (AK): When a user or CTC transmits its private information to the TA, it is desirable for this information to be encrypted.To that end, the AK is used to encrypt the channel between j t and the TA.The joint AK between the user u v j u and the TA is a Gaussian integer denoted: The joint AK between the CTC and the TA is denoted: User Digital Signature: Each user is required to digitally sign the contents of their packets and embed such signature within the packet.While there are a multitude of methods for introducing a user's signature [11][12][13], our primary concern in choosing a digital-signature scheme is to minimize the processing time-delay required for its verification at the CTC.Before creating the digital signature, a predetermined randomly generated set of bytes are appended to the packet (i.e.salted) in order to provide greater crypto-immunity.This salt is denoted: j .


User Digital Signature Key: The TA selects a key for each user j u in order to create the user digital signature.The digital signature key for user j u is another Gaussian integer denoted: Each digital signature key j L is valid for a set period of time and has an associated expiration time j  .

Protocol Overview
User Actions: In order to embed the necessary identity information into every packet, each user j u must execute the following steps: 1) User Authentication Exchange-a process in which user j u proves its identity to the TA and obtains the necessary data required to communicate on the network.
2) Digital Signature Process-the algorithm used to create a digital signature for each outbound packet.3) Packet Marking-the process of embedding a digital signature into each outbound packet.CTC Actions: The CTC must also execute a series of steps in order to perform its duties: 1) CTC Authentication Exchange-a process in which the user that represents a CTC t v proves its identity to the TA and obtains the necessary data to validate digitally signed packets traversing the network.
2) Identity Verification & Policy Enforcement-the process which the CTC uses to inspect, validate and optionally execute policies against arriving packets.

User Authentication Exchange (UAX)
A user j u must identify itself to the TA before it can participate on the network.The authentication process is as follows: 1 It is easy to verify that the equation holds for every . Let K where j is the AK between user j u and the TA.10.1.User j u applies its AK j K to encrypt its username and password and transmits them to the TA: K 11.1.Upon verification of ( 13), the TA generates the following: 1) j w -a randomly generated unique 16-bit value representing user j u .This number cannot be reused until the time j  is reached.
2) j  -a randomly generated 32-bit value that is appended to each packet in order to strengthen the digital signature.
3)   : , -the digital signature key used to construct the digital signature.

L q
4) j  -the coordinated universal time (UTC) for which the above values cease to be valid on the network.12.1.The TA, using the negotiated authentication key j K encrypts the above quadruple and transmits it to the user j u :

 
, , , Once the UAX process is complete, the user has all of the information necessary to begin the Digital Signature Construction and Packet Marking processes.Furthermore, once time j  is reached, user j u v π v must only execute steps 10.1-12.1 in order to renew its ability to use the network.

CTC Authentication Exchange (CAX)
A CTC t must authenticate with the TA in a similar manner as network users do.In fact, steps 1.1-10.1 of the UAX process are analogously replicated in the CAX process, however the CTC submits its username t and password .The new additional steps are as follows: t 11.2.Upon verification of ( 13) and identifying the user t as a CTC, the TA, using the negotiated authentication key K  encrypts the quadruple  for all j and transmits them to the CTC t .
12.2.As new users register with the TA via the UAX process, the TA must transmit these values to the CTC t .Furthermore, when time j  arrives for all j in the CTC's memory, all values with the associated subscript j are to be purged.
After completing the final steps, the CTCs have the information necessary to validate the user identities of arriving packets.

Digital Signature
A digital signature scheme for the application described Copyright © 2012 SciRes.

IJCNS  
: , header fields denoted as β, packet payload denoted as γ and the salt is in this paper must meet a number of criteria in order to be effective: 1) Speed-signature construction and verification must be performed as quickly as possible in order to minimize packet transmission delay.

  MD5 , , m
2) Security-the signature must provide adequate security to prevent falsification of the packet header.However, due to frequent key rotations, strength is secondary to speed.
Remark 3: There is a tradeoff between the level of security and speed of signature generation.We have intentionally relaxed the level of crypto-immunity for the sake of decreasing signature generation time.
3) Size-the signature must not take excessive space in order to minimize the overhead within the packet.
4) Consideration of mutable fields-the internet protocol (IP) header consists of a number of fields:  Fields that can be modified while the packet is in transit are referred to as mutable fields;  Fields that remain constant throughout the transmission process are known as non-mutable fields.An effective packet digital signature algorithm must ignore the mutable fields within the IP header and process the non-mutable fields; otherwise the signature will be invalidated.

Digital Signature Process
The signature generation process (see Figure 2) consists of the following: 1) The user digital signature key j j j 2) An MD5 [14,15] hash denoted as m.The MD5 algorithm takes as input a series of bytes of arbitrary length and produces as output a 128-bit hash.The hash m is constructed over the concatenation of non-mutable IP L q r  . 3) 4) A signature s is computed as follows: 5) The signature s is truncated by taking the most significant 96-bits and discarding the rest.This is done to satisfy space constraint requirements and is similar to the process specified in [16].

Packet Marking
Once the user j u has obtained the quadruple of necessary parameters   , , , j j j j w L   , it can begin marking outgoing packets with the security option header.A packet signature is calculated using the algorithm described above and embedded into the security option header; this header is in turn embedded within the packet.The security option header (see Figure 3) consists of four fields: 1) Code -required by the IP protocol specification, it identifies the option type and contains flags that instruct routers how to process the option.
2) Length -specifies the size of the entire option header.
3) j w -the temporary user id value of the user j u that generated this packet.The value j w is determined during the user authentication exchange.
4) User Digital Signature-the output of the Digital Signature process as described above.
Once constructed, the security option header is placed within the IP packet, as shown in Figure 4, and transmitted.

s  
As packets traverse the network, they will be processed by one or more CTCs.The role of these devices is to verify the authenticity of each packet and enforce policies based on the outcome.This behavior is further demonstrated in Figure 5.For instance, a corporation may implement a quality of service (QoS) rule that prioritizes all traffic originating from corporate executives.As packets arrive at a CTC, those that are successfully verified as originating from an executive will be prioritized and have their distributed services code point (DSCP) fields updated to reflect their higher priority.Once a CTC performs a CAX, it is provided with the quadruple   , , ,

5) If
, then the CTC confirms the packet originated from user j u and executes the associated policy rules.

6) If s
  , then the CTC detects a possible forgery and either drops the packet, strips the option header or ex other ers Then ecutes associated policy rules.

Arithmetic of Gaussian Integ
Definition.Let (a,b) and (c,d) be Gaussian integers.
where the multiplication can be performed faster.

Karatsuba-Ofman algorithm: Let
  Therefore, multiplication of two Gau formed using three, rather than four mul th ssians can be pertiplications.Hence, e so-called traditional multiplication of complex numbers requires 33.3% more time than the method provided in Karatsuba-Ofman algorithm [17].In addition, squaring of a Gaussian integer requires two rather than three multiplications.Indeed,

b a b ab p
In many cases, an increase in the crypto-immunity of an algorithm requires a corresponding increase in the size of th selected p = 283 and a transmitted these values tions (solutions are found in Table 1): e integers used.For extremely large integers that exceed the capabilities of the host computer, the algorithm proposed by Andrei Toom [18] is instrumental.For illustration, an algorithm for multiplication of triple-long integers (e.g.integers three times the size that the host computer can handle) is presented in the appendix.

Numeric Illustration-1
Suppose that TA (called Tom)

Prototype Results
A prototype of the system discussed in this pape developed in C as a suite with Microsoft Windows systems.On desktop systems, packet marking is handled by a lightweight filter (LWF) driver.On Windows-based CTCs, identity verification & policy enforcement is handled by a Windows filtering platform (WFP) driver.These drivers work in conjunction with user-mode tools and a Linux-based trusted authority which together handle the authentication exchange procedures.On Windows PCs equipped with gigabit Ethernet connectivity and dualcore Intel-based processors, the performance impact is negligible.In order to test the CIS system's impact on

Conclusion
In this paper, we present a technique for transparently identifying users transmitting on a network via packet marking and packet inspection.We also demonstrate a key exchange and digital signature algorithm based on Gaussian integers.By utilizing Gaussian integers for cryptography, we can maintain complexity similar to integerbased schemes while using much smaller prime numbers.Prototypes of the packet marking and inspection components running on dual-processor computers show a modest impact in throughput and CPU utilization.As quadcore and hex-core processors become more popular in the desktop PC space, performance will continue to improve.The preliminary version [19] of this paper was published in proceedings of the 18 th International Conference on Software Engineering and Data Engineering.

Future Work
Most corporate networks utilize the current generation internet protocol (IPv4) as the network-layer protocol of choice.However, deployment of the next-generation internet protocol (IPv6) within corporations is gaining momentum.The security scheme described in this paper, while based on the IPv4 option header, can be redesigned as an IPv6 extension header.In a future revision, this scheme will be extended to accommodate networks that utilize IPv4, IPv6 or both.

Remark 2 : 1 .
.1.User j u   : , requests a UAX from the TA.2.1.The TA selects a large prime p and a pair of distinct positive integers If p mod 4 = 3, then (4) automatically holds for every Gaussian integer.3.1.The TA transmits p and g to the user j u .4.1.The user j u randomly selects a large secret integer j Correspondingly, the TA also selects a large secret integer on the same interval:
generator g := (c,d) = (1,2), and to users A and B (called Alice and Bob) and to CTC (called Clair).Suppose now Alice selects a secret integer a = 51; Bob selects a secret integer b = 119; Clair/CTC selects a secret integer c = 257; and Tom selects a secret integer t = 171.Each entity performs the following func-