Analysis and Research of Computer Network Security
Based On Authentication Techniques & Technologies
Muhammad Ahmad (MS170401436) [email protected]
Nazia Ishtiaq (MS170400900) [email protected] #MSCS, Department of Computer Science,
Virtual University of Pakistan
In this document, perform analysis and research on the
security of computer networks based on authentication
techniques and technologies. With the rapid development of
computer technology, the computer network continues to
expand the scope of the application with more and more users.
The security of the network gradually attracts people’s
attention. This document briefly introduces the concept of
computer security, focuses on the security threats of the
computer network and analyzes the basic techniques. It
proposes effective measures to improve the security of the
Network security issues are now becoming important as
society moves towards the era of digital information. Data
security is the most important component to ensure the secure
transmission of information over the Internet. It includes the
authorization of access to information in a network, controlled
by the administrator of the network. The security task of the
network not only requires the security of the final systems, but
of the entire network. Authentication is one of the main and
most common ways to determine and guarantee network
security. In this document, we have tried to analyze the
various authentication techniques, such as knowledge-based,
based on tokens and based on biometrics, etc. In addition, we
consider the authentication of multiple factors by choosing a
combination of the previous techniques and try to compare
Keywords— Authentication; Denial of service; Virtual
Private Network; Passcode; Smart card; RSA; SecureID;
In this digital age more and more people are activated on the
Internet for their personal and professional, because the
Internet is growing rapidly. But, along with the evolution of
Networking and the Internet, several threats such as denial of
service (DOS) attacks and Trojan horses have also increased
The security of the computer network is the first line of
defense to achieve the assurance of information. The computer
network is at risk without a well-designed network security
policy and without failures. The main problem is that network
administrators can not verify the security policy of the
network. Although more research has been carried out, it is
mainly about small specific parts of the general problem. This
document presents different approaches from literature and
high-level lights, where they show that they are correlated and
can work together. This work summarizes the solutions
proposed in the literature, points out its advantages,
Disadvantages and limitations. To conclude, he proposes
solutions for future research in this area.
Then the task of securing the Internet or even the
Local area networks are now at the forefront of problems
related to the computer network. By being in a public network,
serious security threats can be presented to the personal
information of a person and also to the resources of the
companies and the government. Providing confidentiality,
maintaining integrity and ensuring the availability of correct
information are the main objectives. These threats are mainly
present due to the ignorance shown by the users, the weak
technology and the poor design of the network. Sometimes
there are many network services that are enabled by default on
a personal computer or a router. Hence, many services may
not be necessary and an attacker can use them to gather
information. Therefore, it is better to disable these unwanted
services to protect them from hackers and crackers. More
importantly, you should not only worry about security at each
end of the network, but focus on protecting the entire network.
When developing a secure network, you should consider the
Only authorized users can communicate to and
from a particular network.
This guarantees that the users of the network are
who they say they are. The flow of real
information can only begin after the user has
been authenticated and allowed to communicate
with other systems in the network.
The data in the network remain private. This is
done to ensure that information can only be seen
by authenticated systems and can be achieved
using various encryption techniques.
This guarantees that the message has not been
modified during transmission.
With the passage of time, computer technology has developed
enormously and today’s network communication system has
spread to all corners of the world, involving political,
economic, military and all aspects of social life . Play an
extremely important role. However, in addition to fun and
convenience, the computer also brings us many security risks
due to its openness and connectivity. Users now face a lot of
security threats. Is the computer network secure? Criminal
cases are frequently visitors of nationals.
II. DATA SECURITY AND AUTHENTICATION
Data security is a challenging problem in the field of data
communications. To secure information from hackers and
crackers, authentication is the main phase in network security.
It is a concept to protect the network and the transmission of
data through wired and wireless networks. Authentication is
one of the main techniques to ensure that the person who
transmits the information is who he claims to be. Therefore, it
is the process of determining the real identity of the users,
systems or any other entity in the network. To verify
someone’s identity, the password is used primarily. To
authenticate users or machines, different techniques can be
used to perform authentication between the user and the
machine or machine and also with another machine. Different
types of attacks are possible during authentication shown in
III. AUTHENTICATION TECHNIQUES
A. Password and pin based
In this authentication technique, privacy and confidentiality
can be maintained to a certain extent. Users memorize
passwords and, therefore, we can call them knowledge-based
techniques. Passwords can be single words, numbers, phrases,
any combination of these or personal identification number.
But the problem with this technique is that memorized
passwords can be easily guessed or randomly searched by
hackers. Virtual private networks, such as the point-to-point
tunnel protocol (PPTP), use clear text protocols such as
password authentication protocol (PAP) and MD5-based
protocols such as Challenge Recognition Protocol (CHAP). As
is clear, MD5 should be preferred due to sniffing attacks.
Simple passwords should be avoided as much as possible.
They should be used only with SSL certificates. System
catalogs such as “pg-authid” are used to store the password of
each user in the database where we issue commands such as
CREATE, CREATE USER and ALTER ROLE to manage
passwords. For example, CREATE USER jacks WITH
PASSWORD info. If a password has not been configured for a
user, the stored password will be NULL and password
authentication will always fail for that user.
B. Token based
This is a physical device that performs authentication and,
therefore, can be referred to as object-based. Tokens can be
compared to the physical keys of houses that are used as a
token, but in digital tokens there are many other factors to
provide information security. In the digital world, security
tokens are used. The tokens themselves have a password, so
even if they are lost, the hackers can not modify the vital
information. Bank cards and smart cards are security token
storage devices with passwords and access codes. The pass
codes are the same as those of the password, except that the
first ones are generated and stored in the machine. There are
security tokens and one-time smart cards, as shown in Fig. 2.
C. Biometric Based:
Biometric authentication is the process of verifying if a user is
who he claims to be, using the user’s digitized biological
signatures. Biometric authentication can be classified into two
groups: physiological and behavioral. In physiological
authentication, the faces, the fingerprints, the hands, the iris
and the retina follow. And in the case of behavior, voice
impressions, signatures and keys are used. This technique can
be called based on ID. This technique is more secure
compared to password and token-based techniques. The
biometric authentication techniques are currently in operation
in several companies. They are used for passports, visas,
personal identification cards, access to banking machines,
access control at the entrance and general access to computers
at the desk.
IV. BASIC TECHNOLOGIES OF COMPUTER
A. Firewall technology
Firewall technology is a series of security applications to
exercise mandatory access to the external network through the
use of predetermined security installations between network
systems. The transfer of data between two or more networks
must follow certain security measures to monitor performance,
determine if communication between networks is allowed and
monitor the operation of the network.
B. Data encryption technology
The data encryption technology categories can be divided into
techniques of data storage, data transfer, data integrity,
authentication and key management. Data encryption is stored
in memory to prevent data loss and destruction. The
transmission process in the encrypted information is
commonly done in the form of circuit encryption and port
encryption. The technology of identification of data integrity
is to protect the transfer of information, storage, access,
identification and confidential treatment of people and data. In
this process, the system is characterized by the judgment of
the value of the parameter on whether the entry is in line with
the established value. Data is subject to validation and
encryption improves protection. The administration of keys is
a common encryption in many cases. Key management
techniques include key generation, distribution, storage and
C. Intrusion detection technology
Intrusion detection technology is to ensure design safety and
rational allocation. Intrusion detection technology can quickly
find anomalies in the system and the condition authorized in
the report. It can address and resolve system vulnerabilities in
a timely manner. Technologies that are not in line with
security policies are frequently used.
D. Anti-virus technology
Antivirus technology does not simply refer to antivirus
software technology. From the effects of its use, it can be
classified as network antivirus software and independent
antivirus software. Online antivirus software focuses on the
network connection against viruses. Once the virus has
invaded the network or has spread to other network data, it
will be quickly detected by the online virus software, it will be
deleted and it will be deleted.
V. THREATS OF COMPUTER NETWORK
A. Online virus and its features
The computer network allows to transfer and exchange
information, but it also causes computer viruses to spread and
endangers the security and privacy of people. Every day,
dozens of viruses are found and spread rapidly, peering into
the privacy of others.
B. Threats of hackers
In addition to viruses, there is also a security risk, namely the
program of hackers and hackers. Hacker refers mainly to the
illegal invaders to the computer system, who have powerful
skills and talents and are obsessed with computers. Hackers
can secretly access some restricted areas without consent and
sneak into other people’s computer systems. Currently,
hackers are grouped into groups, whose development trend is
amazing. The hacker causes extensive damage, including theft
and misappropriation of funds in the financial and economic
fields. They also spread false advertisements to defraud
money, steal military, commercial and political secrets, attack
other people’s copyrights and make new virus software to
spread yellow information. According to the FBI
investigation, the network’s loss of security registered $ 7.6
billion in the United States. The intrusion of the computer
network occurs every 20 minutes. Big losses are inevitable
A. Network Security Policy
A network security policy is a special type of policy that
focuses on the security aspects of a computer network.
Network security policies can be written in different formats
and at different levels of abstraction. On the one hand, there
are very abstract high level policies that are written in natural
language, which express security objectives throughout the
network. On the other hand, the specific configuration of the
individual security controls is written in a configuration
language specific to the device. High-level policies are easy to
write and understand by humans but difficult to explain in
machines; Concrete configurations that are difficult to read
and write for humans are easily interpretable by machines.
B. Security controls
Security controls are device devices or software modules
within a computer network. They implement the necessary
functionalities to enforce a network security policy. Security
controls can control network traffic by blocking certain
packets or modifying it by changing the header information of
certain packets. As an example, packet fi lters, stateful
firewalls, and application-level firewalls are used to control
10Copyright (c) IARIA, 2014. ISBN: 978-1-61208-378-0
DEPEND 2014: The Seventh International Conference on
traffic, while IPsec gateways, virtual private network (VPN)
terminators, and NAT / NAPT devices can modify traffic.
C. Policy Analysis
Each of the three main types of policy analysis focuses
on a part of the analysis process, but they have
overlapping functions and common steps to achieve
their objective. Conflict analysis looks for possible
errors within a single set of security policies. Look for
possible semantic errors within the correlated policy
rules. Conflict analysis can also be used to identify
possible policy optimizations.
Conflict analysis can be applied to a single policy
(IntraPolicy analysis) or to the set of policies of
interconnected security controls (inter-policy analysis).
The accessibility analysis evaluates the communications
allowed within a computer network. In addition, you
can determine if a particular host can reach a service or
set of services. In general, the accessibility analysis is
carried out online using tools such as “ping” or
“traceroute”. By using an accurate representation of the
network and its security policies, the accessibility
analysis of the line can also be performed during the
The policy comparison compares two or more network
security policies and represents the differences between
them in an intuitive way. The network security policies
involved can include unique concrete security control
configurations, configuration sets, and high-level
policies of a complete network. One of the best use
cases of policy comparison is to verify that a desired
network security policy is implemented correctly by
comparing the high-level policy designed with the
specific network configuration.
VI. MEASURES TO IMPROVE NETWORK
A. Online anti-virus measures:
According to the characteristics of the computer network
virus, the effective prevention of the virus is difficult and
complex. It is a daunting task for network administrators to
monitor prevention work. The previous work is only limited to
each client computer, in which each user needs to install an
antivirus software and on their machine, such as the KV300
system, or Rising antivirus software, etc. However, due to the
limited ability of users with the computer, this approach is
difficult to guarantee the security of the entire network system.
As an effective solution to prevent the, the basic requirement
is to meet the following demands:
1. Install anti-virus software on computers
2. Update the virus database in users’ machines
3. Released the latest virus database upgrade file from
the WAN connection
4. Coordination and management of remote users’ virus
5. Address user-reported problems timely
6. Download and preview scan report provided by
7. Remote control user options
8. Improve the execution speed and zooming ability in
B. Measure to prevent hackers.
Invasion and attack can be divided into subjective and
objective security problems. The issue of the security of
subjectivity refers mainly to errors made by network
management personnel. The problem of the security of
objectivity refers mainly to gaps in computers and in the
network where hackers exploit these vulnerabilities to carry
out various forms of attack.
C. Use safety tool
The basic techniques mentioned above for computer network
security can collect security problems from host computers.
The network administration staff identifies these problems in a
timely manner and installs the patch. Network administrators
take advantage of scanning tools (such as the NAL Cyber Cop
scanner) to scan host computers, know links of weakness take
appropriate preventive and repair measures.
D. Firewall technology
This document has described firewall technology. In
summary, firewall technology is to prevent others from
accessing your network device as a shield. There are three
types of firewall technology, namely packet filtering
technology, agent technology and state monitoring
technology. The packet filtering technology is to verify the IP
address by configuring it. IP addresses that do not match those
settings will be filtered by the firewall. But this is the first
layer of protection. The technology of the agent is to verify the
legitimacy of the requests sent by the proxy server acceptance
client. This technology also involves user authentication,
login, simplified filtering criteria and protection of internal IP
addresses. State monitoring technology is the third generation
of network security technologies, which is effective for all
levels of network monitoring. It makes it possible to make
timely security decisions. Firewall technology can
successfully prevent hackers from intruding into the local
network and protecting the network.
1. Measures about switch
When designing a large-scale regional computer network, we
must ensure that the switch is connected to a separate network
or network, so that the switch can form a separate
management network. This will effectively reduce the number
of network switches and reduce the scope of the failure. When
using search and location, it is also convenient for network
administrators to quickly handle remote network crashes.
As can be seen from the analysis of the research carried
out so far, there is a lack of interoperability between the
various models. This has three main disadvantages.
First, a security control modeled for a research approach
cannot be used in another. Second, the execution time
dedicated to instantiating a model is repeated for each
analysis performed in the network’s security policies.
Third, it is almost impossible to make a comparison of
the performance of the different approaches, since they
use different test scenarios or do not present a
performance evaluation at all. By combining all the
proposed analysis techniques in a single extensible
model, all these disadvantages are eliminated and an
adequate analysis framework is created for future
research. First, after modeling, evaluating and
implementing a security control, it can be used by all
types of analysis techniques. Secondly, when a network
administrator wants to perform different types of
analysis, he must insert the required information and
create an instance of the model. Third, by having only
one model, the new algorithms can be evaluated by
comparing them directly with each other.
The security of the network can be maintained by using
various authentication techniques. The user has to use the
authentication technique according to the requirements. The
password-based technique is better if you have to remember a
single password. But problems occur when we have to
remember many passwords, then we use those passwords that
are easy to remember. Token-based techniques provide greater
security against denial-of-service (DoS) attacks. Compared to
the previous two, biometric techniques can not be stolen
easily, so they provide more robust protection. As signals,
attackers can easily copy biometric data, so they should not be
deployed in single-factor mode. In addition, we can choose a
combination of the prior art as discussed above. All techniques
have their pros and cons. We have to be smart to choose
according to our network and information security
requirement when also considering the cost factor.
The security of the computer network is a complicated issue
that involves many aspects of computer technology, network
administration, network use and maintenance. To increase the
security of the computer network, we must mix several types
of applications for protection measures. It is necessary to
develop more effective security resolution measures, in order
to improve the prevention of the security of the computer
network. It is a long way to go to ensure the normal operation
of the network system and large-scale communication and
maintain a sustainable and efficient transport network. To
build a safe and harmonious computer network security
system, we must take advantage of a variety of integrated
network security products and green networks to form an
intelligent network protection system, and thus make the
security of the computer network satisfy several needs.
1 Lawrence O?Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication”, Vol. 91, No. 12, Dec. 2003, pp. 2019-2040 ã 2003 IEEE.
2 Hafiz Zahid Ullah Khan, “Comparative Study of Authentication Techniques”, IJVIPNS-IJENS Vol: 10 No: 04.
3 OnlineAvailable: http://www.authenticationworld.com/Token-Authentication.
5 Jae-Jung Kim and Seng-Phil Hong, “A Method of Risk Assessment for Multi-Factor Authentication”, Journal of Information Processing Systems, Vol.7, No.1, March 2011.
6 Qinghua Li, Student Member, IEEE, and Guohong Cao, Fellow, IEEE “Multicast Authentication in the Smart Grid with One Time Signature”, IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011.
7 OnlineAvailable: http://www.duosecurity.com.
9 Stamati Gkarafli, Anastasios A. Economides, “Comparing the Proof by Knowledge Authentication Techniques”, international Journal of Computer Science and Security (IJCSS), Volume (4): Issue (2).
10 Roger Meyer, “Secure authentication on the internet”As the part of security reading room, SANS institute 2007.
11 Translated by Cheng Peiqing, et al. Computer network security. Publishing House of Electronics Industry, 1994.9
12 Li Wenlong. Face to face with a hacker. internet world.1999(2):2~8
13 Xiao Ze. Research on computer network security analysis model J. Journal On Communications, 2012(3):269.
14Zhang Cheng. Research on computer network security analysis model J. Practical Electronics, 20l3(v)=148-149.
15Hong Yaling. Research on computer network security analysis model J. Computer CD Software and Applications, 2013(z):1-152.
16 Wang Yuan. Quantitative Evaluation Method of Network Security Situation D. Ph.D. Dissertation, university of science and technology, 2003.
17Cui Jing, Liu Guangzhong, the basics of computer network J. Tsinghua University Press, 2010.07.01.
18 Wang Wenbing, security of computer network J, Tsinghua University Press, 2010.06.01