With the wide spread use of the Internet, numerous techniques have been devised such that attackers can break into the network, and then steal, forge, and destroy data in the target computer system. Tapping is one of the most popular network attacking methods appeared since early 1980s and is to eavesdrop on a session of a connection while data are transferred between the computers. Due to this, an attacker can easily extract the data including user-ids and the corresponding passwords. In order to protect network systems from tapping, there are some countermeasures to avoid tapping and there are some programs to detect tapping on a remote computer in a local area network.
This thesis proposes a new protocol called tapping alert protocol (TAP), which detects if any computer is eavesdropping on the network. When tapping is detected, TAP alerts the network users on the danger of tapping. It can also detect tapping on a remote computer of the remote network across routers.
In designing the protocol, a model is developed for an attacker who sniffs the network and breaks down the proposed protocol, and the requirements on the protocol in terms of security are defined. We also describe how to detect if a network interface card on a remote computer is in the sniffing mode. The proposed protocol employs cryptographic primitives to guarantee authentication of the code monitoring tapping operation and integrity and confidentiality of the data being sent. This protocol should also provide a secure area to make the private key and session key secure. To achieve this, this protocol employs a smart card which a CPU and memory are built in.
We also describe typical implementation using how to work and to gather the host information on the network automatically in timely manner. Finally, we verified that the proposed protocol can protect authorized users from illegal eavesdropping on the network.