Cover Article

Network & Internet Security

Perhaps more than the Internet, security of information sent and received on the net is now a subject of hot debate. At C-DAC, we have already started exploring possibilities of breaking into this largely unchartered territory, Vasant Avaghade explains how.

Security of information on Networks and the Internet is a strategic issue. It is critical for a large number of transactions pertaining to entertainment, information access, banking, e-commerce and e-governance carried out using public networks. It is now a well established fact that in the future, more and more business will be transacted electronically. A large amount of business and transactions are going to become web centric. In India, already a number of financial institutions and business houses have introduced Internet based services.

Security of information is of paramount importance to the business house as well as to the consumer and Government of India has already given considerable importance to cyber laws. Most of the Network and Internet security products from the U.S.A. come under export control regulations and are not available for India. There are no equivalent standards for India in this area. Internet security infrastructure and cyber laws required to conduct businesses over the Internet are also not in place yet. Under these circumstances, it is of paramount importance that the nation has its own indigenous technology in this key area. Out of 108 recommendations made by the Prime Minister’s task force on Information Technology and Software Development, a number of them refer to the Internet and Network security. These very facts present many opportunities to us to make pioneering contributions in this field.

When one talks about Network and Internet security, confidentiality, integrity, authentication and non-repudiation of the data flowing over the Internet and Intranet are the key. One can offer security at every layer of the TCP/IP protocol stack. There are various security standards at these layers. To give a few examples, IPSec and S/WAN are the security standards at the Network (IP) layer; SSL, TLS and SET are security standards at the transport layers of the TCP/IP protocol stack. The six most important security technologies that are being talked about in the industry are Firewalls, Virtual Private Networks (VPN), Public Key Infrastructures (PKI), Antivirus software, Vulnerability monitoring and Intrusion detection.

After sensing opportunities in Network and the Internet security area, the Networking and Internet Software Group (NISG) at Pune conceived an R&D project “ Development of core network security technologies”

Salient features of the Project
This project focuses on the design and development of the core technologies that are essential for ensuring security, authenticity, integrity and non-repudiation of the information flow on public networks. It may be noted that the technologies to be developed under this project are of a non-specific nature and are applicable for any information transfer over networks. The technology thus developed may be looked upon as a meta-resource.
Some of the major products planned for development under this programme include:

  • C-DAC’s Virtual Private Network (C-VPN)
  • C-DAC’s Crypto package (C-Crypto)
  • Prototype E-Commerce application as technology demonstrator for the use of the above products and technologies.

Ideally private networks would be required for conducting business, since only a private network can provide an ideal security. Since it is not possible to have dedicated private networks between all participating centers / organizations and individuals, or else it is very expensive, it is necessary to set-up ‘Virtual Private Networks’ (VPN). VPNs facilitate setting up of private networks and secure tunnels over the otherwise insecure public Internet among the corporate networks and individuals. VPNs offer up to 60% cost saving over point-to-point private networks using leased/dedicated lines. Most importantly, VPNs offer security through data privacy (i.e. confidentiality / encryption), authentication integrity, and non-repudiation. C-VPN requires a variety of encryption, authentication, information integrity check, digital signature and key exchange algorithms. For the C-VPN system to be competitive, the underlying implementation of these algorithms has to be at the highest professional levels of performance.

The best cryptography product, which is currently globally offered and used by major computer, networking and security product vendors, is BSAFE Crypto C package of RSA Inc. USA. This product meets all the requirement of a C-VPN product. The US export control regulation on any cryptographic packages to India precludes the availability of the above package or it’s equivalent in India. Further, what is considered as strong encryption (greater than 40 bit keys for symmetric key crypto-systems and greater than 512 bit keys for public key crypto-systems) is unlikely to be available for import into India in the future too. Hence an equivalent Indian product has to be looked for. Such an equivalent is not available yet. Hence we decided to develop the same in house, spelt-out the requirements and specifications of an equivalent package called C-Crypto and started efforts for the development of the same.

Apart from the C-VPN product, there is already a demand for a crypto package for applications such as Telemedicine. It is envisaged that the C-Crypto package has considerable potential in a number of application areas. These include:

  • Secure remote Access and TCP/IP
  • Secure E-cash and electronic commerce
  • Secure Firewalls
  • SSL-Compliant Internet applications and server
  • Secure software distribution · Broadcast encryption
  • Voice and Video encryption
  • Encrypted databases and other client/server applications
  • Intellectual property protection
  • Kerberos enhancements & extensions
  • Software Crypto plug-ins for :
    • Other security protocols S/Wan, TLS, SSL, SET
    • Internet applications
    • Certificate servers and PKIs
    • Smart cards
    • Security adapters
    • Security ASICs & processors
    • Components for PKI infrastructures such as certificate servers

As part of CVPN, we are into X.509 certificate processing. We have to implement some of the RFCs mentioned by PKCS and PKIX standards. This will enable us develop many components, which can equip us to implement our own certificate servers and eventually, C-DAC can act as a certificate authority with the PARAM supercomputer at the heart of it. We have also started developing the prototype e-commerce application wherein, we can plug in our security technologies for demonstration purposes.

Vasant Avaghade is the Group Co-ordinator of the Networking & Internet Software Group (NISG) at C-DAC, Pune. His current interests include futuristic networking and internet enabling technologies. Click here to send an eMail.