Literature

Review
Misal Gurung
S12763866

Misal Gurung

Contents
Introduction ............................................................................................................................................ 3
Remote Control Services......................................................................................................................... 4
VNC ..................................................................................................................................................... 4
Remote Desktop Protocol ................................................................................................................... 4
User Satisfaction ................................................................................................................................. 4
VPN...................................................................................................................................................... 4
Cryptography .......................................................................................................................................... 6
Cryptographic algorithm ..................................................................................................................... 6
Threats .................................................................................................................................................... 7
Malware and Drive by download .................................................................................................... 7
Exploitation of software bugs attacks............................................................................................. 7
Human Influence and social engineering........................................................................................ 8
Other Considerations ...................................................................................................................... 8
Recent threat discoveries ............................................................................................................... 8
Counter Measures............................................................................................................................... 9
IDS/IPS and firewall ......................................................................................................................... 9
Defence against social engineering and human influence ............................................................. 9
Conclusion ............................................................................................................................................. 11
References ............................................................................................................................................ 12

Misal Gurung

Introduction
The project aim is to build a remote encryption application so this paper will review literature of
current remote desktop service technology, cryptography and recent threats to information security
and security measures.
Software that allows remote management of computers is becoming more common and existing
technology that enables remote management through secure channel using VPN will be discussed.
Over time, to improve the standards of information security, existing technology and security
approaches has been discussed and new technology has been developed in computer security.
Recent researches and reports also analyses threats to Information system infrastructure.
Majority of literature reviewed in main body of this literature review are conference papers, journals
and reports published by IEEE and SANS institute which are authoritative organisation hence
literature is trustworthy. The latest Cisco, Symantec and other similar enterprises whitepapers and
reports used as a source of information are correct but might have their commercial view.

Misal Gurung

Remote Control Services

Existing Remote Desktop Service solutions
Virtual Network Computing (VNC) developed by Olivetti Research Labs
Hewlett-Packards Remote Graphics Software
Remote Desktop Protocol (RDP) proprietary protocol developed by Microsoft.

VNC
VNC works at the framebuffer level and therefore making it platform independent as stated by
Richardson et al (1998). Richardson et al (1998) server mirrors the real display to a remote client
whereas Real VNC (2015) claims its software can control PC remotely. As RealVNCs software is quite
recent compared to Tristan et al, so VCN can be used to control desktop remotely. Another benefit
is that VNC has open-source library for .NET platform and JAVA which makes VNC protocol feasible
to create a VNC based application

Remote Desktop Protocol

RDP is good solution according to Shinichi et al (2012) for accessing applications which displays
relatively few graphical primitives but shows poor performance when applied with graphic intensive
application as rendering commands are quite large. However, the project doesnt require a lot of
graphic intensive application and so would be a suitable protocol to utilise to remotely encrypt files.
RDP has same benefits as VNC in terms of creating application as open source library for .NET
framework and JAVA are available.
One drawback of RDP is that firewalls usually block most ports except port 80 for HTTP and port 443
HTTPS. Under this circumstance, RDP will not work as RDP uses TCP port 3389 as backed by Cai et al
(2004) and they have stated problem can be solved by using SSL VPN.

User Satisfaction
Casas et al (2013) states key to user satisfaction when using Remote Desktop Services is an
interactive session with low response time of the system. Response time could be slower as a result
of input being processed in server and time for server to send back information. Perhaps the
limitation of Remote Control Services is the speed of users internet as user may not have highly
responsive feedback from server due to latency.

VPN
Study by Cai (2004) has found that threats to remote desktop protocols are man in the middle
attack and password guessing as hackers try to gain unauthorised access. VPN has mitigated the
threat and provides secure remote access from various devices and platforms over the internet. VPN
authenticates the endpoints and encrypts the data that travels down the tunnel
SSL based VPN can enhance remote control protocols to provide security and add SSL VPN
functionality. (Lakbabi, 2012) limitation of using SSL is that there will be some overhead making
process slower but SSL is needed for secure remote connection.
Encryption capability is also provided by VPN to protect the confidentiality of data as it is moving
through communicating channel such as internet thus mitigating threats of man in the middle,
Misal Gurung

packet sniffing and other malicious eavesdropping attacks. Lakbabi (2012) also states VPN can
provide authentication to limit access to protected services by forcing users to identify themselves.
Users are preferring to use SSL VPN compared to legacy IPsec VPN. (Lakbabi, 2012) SSL VPN appears
to have been successful largely because of its remote connectivity being more secure compared to
IPsec as Lakbabi (2012) states IPsec is more suitable for site to site VPN architecture and states that
SSL can be considered more secure than IPsec, since only port 443 port is opened on the target
system. Study by Zhou Jing-li et al (2004) agrees that RDP over SSL VPN provides higher security and
is suitable for use in the internet. As a result of his report, developing the projects application with
SSL VPN over RDP seems to be the suitable verdict but at this stage of project which one is most
suitable has not been decided.

Misal Gurung

Cryptography
In context of this research, encryption ensures that that if laptop or computer gets stolen or lost
then unauthorised personnel cannot use the information as encrypted information is unreadable.
(Symantec, 2015)

Cryptographic algorithm
Advanced Encryption Standard (AES) algorithm has replaced the DES algorithm as AES outperforms
DES in terms of being more secure because of larger key size of 128bits. Cisco (2012) recommends
using AES for symmetric encryption in CBC mode and to avoid using DES except for when there are
no alternative available. AES is appropriate algorithm to utilise for the encryption application as AES
is included in many software library and as Saleh (2015) states there are no proven successful attack
against the AES algorithm till published date.
Table 1

AES algorithm supports different key lengths of 128,192 or 256 bits and according to Federal
Information Processing Standards Publication 197(2001) some implementation may support
different key lengths which can cause implementation issue if different key sizes are used. To
mitigate this limitation, the project will use a fixed key length. Higher bits provides higher security
but does require more computational overhead.
Asymmetric cryptography uses two different but mathematically related keys for the encryption and
decryption (P. Fanfara, 2012) however the project does not require it as encryption for the projects
requirement is to encrypt files so symmetric AES algorithm will be sufficient.

Misal Gurung

Threats
Malware and Drive by download
Drive by download refers to accidentally downloading virus or malicious software.
Method of attacking includes using legitimate website to gain entry as described by Baniya et al
(2015), attackers insert malicious script on legitimate website but use the advertisement section,
forms and comment section of the legitimate website. If user has vulnerable browser or inadequate
security, when they click on those links the malware will automatically download and execute on
victims computer which could steal users private information and turn users computer into
botnets.
Implication of turning into Botnets is that infected PC can be controlled remotely by hackers and
used for malicious purposes such as:
Distributed denial-of-service attacks
Spam
Trojan
phishing emails to steal confidential information
Another attacking method explained by Baniya (2015) is heap spraying which attacks the browser
using JavaScript as JavaScript is used to fill browsers heap with multiple copies of shell code and
eventually one of the copies is placed at the memory location that controls the browser behaviour or
browsers plug in. Since attacker have control of browser behaviour it could be used to download and
execute malware. This is possible as scripts and plug-in share the same address space with the
browser and they are placed on the browsers heap.
Recently ransomware and crypto-ransomware attacks are on the rise according to Symantec (2015).
Hackers are encrypting users and businesses data so they have no access to it and hackers are selling
the key back to businesses. Business have important information that they need access to so they
are paying attackers which makes this type of attack profitable leading to its rise in popularity.

Exploitation of software bugs attacks

Attackers may exploit holes in commonly used tools and protocols in web application to steal
confidential information that users thought were safe. Symantec (2015) and Cisco (2015) reports
Flash which is extensively used in the internet is also regularly exploited by attackers. Symantec
(2015) provided Heartbleed as a recent example as hackers exploited OpenSSLs cryptographic
software library which meant attackers could access the data stored in a web servers memory
during an encrypted session.
Other software security bugs which could cause harm as mentioned by Sametinger (2013) include:
Buffer overflows,
SQL injections
Cross-site scripting
Liable software tools which are possible entrance door for attacker have to be fixed by software
vendors in updates. Study by German BSI (2012) also stresses the importance of keeping software up
to date. However even if software is fully up to date there might be unidentified bugs that allows
attacker to exploit it.
.

Misal Gurung

Human Influence and social engineering

Phishing is a form of social engineering attack described as the art of echoing a website of a
creditable firm intending to grab users private information such as usernames, passwords and other
details.
Human behaviour is a factor that breaches security systems as shown in this example when exemployees had retained old passwords which was used to breach and misuse sensitive information.
(Poulsen and media, 2010)
Insider data theft is simple with portable storage device such as USB (GFI, 2015) so if user has
enough privilege then information such as Credit card and other financial information is easy to steal
and CSI survey shows that 44% of security breaches were as a result of attacking the system from
inside. However Symantec research (2015) shows 8% of breaches are due to inside theft. Symantec
does state that business should have a removable storage device policy to not bring in unauthorised
devices

Other Considerations
Diver (2006) advises to consider these non-technical events that could breach information security:

Natural disasters
Ignorance leading to accidental security exposures.
Physical theft e.g. stolen laptop or hard drive.

Recent threat discoveries

After evaluating the Cisco Security Report (2015), here are some of the recent innovating tactics
hackers are using to breach network security and stay undetected:
Criminals are using anonymous web network Tor and the Invisible Internet Project (I2P) to
evade detection while relaying command and control communications.
Malware authors are expanding their utilization of systems such as sandbox detection to
disguise their presence on networks.
Exploits of Adobe Flash vulnerabilities as they are regularly integrated into exploit kits such
as Angler and Nuclear.

Misal Gurung

Counter Measures
IDS/IPS and firewall
Maryam et al referenced by Baniya et al (2015) studied botnet detection technique and found that
signature based technique was able to detect known botnets whereas anomaly-based, DNS-based
and mining-based technique were able to detect unknown botnets.
Filkins (2015) up the claim stating that IDS/IPS products are successful against single-vector attacks
however explains that security breaches are happening where these traditional approaches to
security no longer works as strategy are implemented to evade IDS/IPS such as using vectors with no
known signature. Gugelmann (2015) also agrees that hackers have quickly adapted their techniques
to evade perimeter protection mechanism such as firewall and IDS/IPS. However Gugelmann fails to
back the statement up with methodology of attackers. Maryam only studied botnet detection but
hackers might be not be using botnets and adapting other techniques to evade perimeter defence.
Shenk (2015) explains network breaches are happening too frequently as a result of organizations
typically not having a way to coordinate data gathered from IDS, firewall and monitoring tools and
concludes that network monitoring is effective when automation is used across security layers to
correlate and prioritize incidents.

Defence against social engineering and human influence

Mohammad (2013) says most users feel safe against phishing attacks if they use an anti-phishing
tool, this places great responsibility on the anti-phishing tools to be accurate in predicting phishing.
Baniyas (2015) report reveals blacklisting URLs to keep user safe on the web and shows that URLs
are classified as safe or unsafe by anti-malware using various features such as:

Hostname length
Use of IP address in URL
Analysis of special character
Web Contents
Popularity metric

Examples of current anti-phishing products:

Web of Trust(WOT) browser add on

TrustBar
Netcraft Toolbar
Google Safe Browsing
McAfee Site Advisor

However Mohammad (2013) says most of anti-phishing solutions offered nowadays are not able to
make a decision with high accuracy. Experiments carried out by Rami M. Mohammad (2013) showed
that the C4.5 algorithm outperformed RIPPER, PRISM and CBA in terms of accuracy. Organisations
may want to use anti-malware that applies C4.5 algorithm with their web browser to detect phishing
websites in real time and warn users. Safe browsing service is also provided in URLs by checking it
against local and centralised malicious URLs such as google safe browsing service. (Baniya, 2015)

Misal Gurung

Anti-malware could be accurate but user may still choose to go to website as many of these tools
show warnings but allows user to access it and within organisations it might be important to not give
users privilege to remove the warning without consent from approved personnel. Research by D.
Akhawe and A. Porter Felt (2013) found that users ignored less than a quarter of browser's malware
and phishing warnings.
Bezuidenhou (2010) suggests to create a classification system of information and it should be
available to user depending on the authorisation level of the user. This is a sensible idea to
discourage attackers as user cannot give away sensitive information if they do not have access but
depending on motivation user may still not be effective.
Bezuidenhout(2010) proposes a Social Engineering Attack Detection Model(SEADM) using a decision
making tree, which evaluates users emotional judgement as author says extreme emotional states
leads to lower cognitive ability. If user is judged by SEADM to be too emotional then request for
information is transferred to more stable user. Bezuidenhout (2010) suggest for Future research will
aim to improve the SEADM, by designing an automated electronic emotional self-evaluation
questionnaire. This could present difficulties in practice. For example workers may be abusing this
questionnaire to shift their work and users may lie to get the desired result. People might find it
intrusive
Symantec (2015) states that educating users on scam and phishing attacks helps prevent leakage.
Baniya (2015) also decided that user should be made more aware of security threats. Training users
is the leading security procedure against social engineering attack according to Bezuidenhout (2010)
but it has been shown that training is easy to forget especially in real work environment. Training is
essential as social engineering attack may not come from web but from other sources such as
telephone, or physically to give password away in physical world.

Misal Gurung
10

Conclusion
Based on the evidence of the literature and technology reviewed, development of the project will
use AES encryption scheme which is included with JAVA and .NET library making it easier to
implement. Both VNC and Microsoft RDP are feasible but at this stage it is not clear as both
technology has open source libraries for android development so the projects pragmatic approach
will decide the remote connection technology used. Analysis of VPN recommends that SSL will be
used in this project.
Study into various security based literature suggests that enterprises are expecting breaches as
hackers adapt to breach networks and researchers such as Symantec are recommending to deploy a
Defence in depth concept to eliminate threat and minimise damage to organisation. However study
also found exploitation of human behaviour using social engineering to be a tricky threat as it is
harder to have counter measures except for thoroughly enforced policy and training.

Misal Gurung
11

References
Announcing the ADVANCED ENCRYPTION STANDARD (2001) Federal Information Processing
Standards Publication 197, .
Baniya, T et al. (2015). 2015 12th International Conference on Information Technology - New
Generations. Safeguarding Web Surfing with URL Blacklisting. 1 (1), 1-6.
Bezuidenhout, M., Mouton, F. and Venter, H. S. (2010) Social engineering attack detection model:
SEADM, 2010 Information Security for South Africa, . doi: 10.1109/issa.2010.5588500.
BSI. (2012). berprfung der Wirksamkeit der BSI-Konfigurationsempfehlungen fr Windows
7, berprfung der Wirksamkeit der BSI-Konfigurationsempfehlungen fr Windows 7, 1.00 (1), 15.
Cai, L., Yu, S. and Zhou, J.-l. (2004) Research and implementation of remote desktop protocol service
over SSL VPN, IEEE International Conference on Services Computing, 2004. (SCC 2004). Proceedings.
2004, . doi: 10.1109/scc.2004.1358052.
Casas, P., Seufert, M. and Egger, S. (2013) Quality of Experience in Remote Virtual Desktop
Services, IFIP/IEEE IM2013 Workshop: 1st International Workshop on Quality of Experience Centric
Management.
Cisco. (2015). Midyear Security Report. Midyear Security Report. 1 (1), 2-41.
Cisco. (2015). Next Generation Encryption. Available:
http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html. Last accessed
04/12/2015.
D. Akhawe, and A. Porter Felt, "Alice in Warningland: A Large-Scale Field Study of Browser Security
Warning Effectiveness," Usenix Security, 2013, pp. 257-272.
Diver, S. (2006). A SANS Whitepaper. Information Security Policy - A Development Guide for Large
and Small Companies. 2 (1), 6-36
Filkins, B. (2015). A SANS Whitepaper. The Expanding Role of Data Analytics in Threat Detection. 1
(1), 3-16.
GFI. (2011). GFI Whitepaper. The threats posed by portable storage devices. 1 (1), 3-6.
Gugelmann, D et al. (2015). Data Leaks. Can Content-Based Data Loss Prevention Solutions Prevent
Data Leakage in Web Traffic? 1 (1), 1-8.
Lakbabi, A., Orhanou, G. and El Hajji, S. (2012) VPN IPSEC & SSL technology security and
management point of view, 2012 Next Generation Networks and Services (NGNS), . doi:
10.1109/ngns.2012.6656108.
Mohammad, R. M., McCluskey, L. and Thabtah, F. (2014) Intelligent rule-based phishing websites
classification, IET Information Security, 8(3), pp. 153160. doi: 10.1049/iet-ifs.2013.020
Poulsen, K. and media (2010) Hacker Disables more than 100 cars remotely. Available at:
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/ (Accessed: 9 December 2015).

Misal Gurung
12

RealVNC (2015) RealVNC remote access & control software for desktop and mobile. Available at:
https://www.realvnc.com/ (Accessed: 11 December 2015).
Rewagad, P. and Pawar, Y. (2013) Use of digital signature with Diffie Hellman key exchange and AES
Encryption algorithm to enhance data security in cloud computing, 2013 International Conference
on Communication Systems and Network Technologies, . doi: 10.1109/csnt.2013.97.
Richardson, T., Stafford-Fraser, Q., Wood, K. and Hopper, A. (1998) Virtual Network Computing,IEEE
Internet Computing, 2.
Saleh, M. A., Tahir, N. M., Hisham, E. and Hashim, H. (2015) An analysis and comparison for popular
video encryption algorithms, 2015 IEEE Symposium on Computer Applications & Industrial
Electronics (ISCAIE), . doi: 10.1109/iscaie.2015.7298334.
Sametinger, J. (2013). 20th Annual IEEE International Conference and Workshops on the Engineering
of Computer Based Systems (ECBS). Software Security. 1 (1), 1.
Shenk, J. (2015). A SANS Whitepaper. Security Automation: Security Nirvana or Just a Fad? 1 (1), 313.
Shinichi, S., Masayoshi, H., Yuichi, S., Kenichi, H. and Kazuki, M. (2029) RVEC: Efficient remote
desktop for the ENGINEERING CLOUD, 2012 26th International Conference on Advanced
Information Networking and Applications Workshops 978-0-7695-4652-0/12 $26.00 2012 IEEE
DOI 10.1109/WAINA.2012.115 1081, , pp. 10811088. doi: 10.1109/WAINA.2012.115.
Symantec. (2012). How Drive Encryption Works. How Drive Encryption Works. 1 (1), 4-6.
Symantec. (2015). Internet Security Threat Report. Internet Security Threat Report. 20 (1), 1-119.

Misal Gurung
13