Your search keyword '"Secure Shell"' showing total 165 results

1. GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

Author

Fumio Teraoka, Taku Wakui, and Takao Kondo

Subjects

Backbone network, computer.internet_protocol, business.industry, Computer science, Secure Shell, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Autonomous system (Internet), Internet backbone, Denial-of-service attack, Border Gateway Protocol, Anomaly detection, The Internet, Electrical and Electronic Engineering, business, computer, Computer network

Abstract

This paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

Published

2021

2. Analysis of Kubernetes for Distributed Healthcare System Development using COVID-19 Healthcare App

Author

S. Mohanty, J. Prassanna, P. S. Jinturkar, and P. Pandey

Subjects

Aging, Authentication, business.industry, Computer science, Data management, Distributed computing, Secure Shell, Shell (computing), Health Professions (miscellaneous), Biochemistry, Genetics and Molecular Biology (miscellaneous), Automation, General Biochemistry, Genetics and Molecular Biology, Field (computer science), General Health Professions, Dentistry (miscellaneous), Orchestration (computing), business, General Dentistry, Protocol (object-oriented programming)

Abstract

Introduction: Distributed computing is a field of computer science which deals with the study of distributed systems A system which has communication and coordination with each of its nodes and which interacts with each other to achieve a common target which is to effectively compute the computation These capabilities are conducive to implementing a systematic and efficient COVID-19 tracking application which can be accessed and worked on by numerous entities Objective: To provide information about a client-server architecture which is a platform for managing and maintaining container-ized workloads and services that forms a base for automation Methods: A Kubernetes cluster IS created with a calico pod network along with the main drivers of Kubelet, Kubeadm and Kubectl Secure Shell (SSH) protocol is used for secured shell and data management and authentication between the client and server Results: We have performed and distributed our tasks in such a way to show the developers that multiple tasks can be performed at the same time using Kubernetes orchestration platform and used to parallelize multiple tasks This increases the efficiency of the machine and the performance of the system becomes much faster Conclusion: A system which has communication and coordination with each of its nodes and which interacts with each other to achieve a common target which is to effectively compute the computation One such application which helps in the distribution of tasks and helps do the computation is Kubernetes It is based on a client-server architecture which is a platform for managing and maintaining containerized workloads and services that forms a base for automation © IJCRR

Published

2021

3. Implementasi Compatibility Layer Pada Jaringan Server Diskless Berbasis Lubuntu 18.04 LTS

Author

Ade Silvia Handayani, Ibnu ziad, and Farid Jatri Abiyyu

Subjects

Source code, Computer science, Secure Shell, media_common.quotation_subject, computer.software_genre, Terminal server, Thin client, Packet loss, Computer cluster, Cross-platform, Operating system, computer, Jitter, media_common

Abstract

Diskless server is a cluster computer network which uses SSH (Secure Shell) protocol to grant the client an access to the host's directory and modify it's content so that the client don't need a hardisk (Thin Client). One way to design a diskless server is by utilizing "Linux Terminal Server Project", an open source-based script for Linux. However, using Linux has it own drawback, such as it can't cross platform for running an aplication based on Windows system which are commonly used. This drawback can be overcomed by using a compatibility layer that converts a windows-based application's source code. The data which will be monitored is the compatibility layer implementation's result, and the throughput, packet loss, delay, and jitter. The result of measurement from those four parameters resulting in "Excellent" for throughput, "Perfect" for packet loss and delay, and "Good" for jitter.

Published

2020

4. Secure Shell (SSH)

Author

Jörg Schwenk

Subjects

Physics, Secure Shell, Operating system, computer.software_genre, computer

Abstract

Das Secure-SHell-Protokoll (SSH) wird heute zum Administrieren von Unix-basierten Servern verwendet, auch fur virtuelle Cloud-Server. Dieser Einfuhrung beschreibt zunachst die Geschichte und die Nutzung von SSH, bevor auf die beiden Hauptbestandteile, den Handshake und das Binary Packet Protocol (BPP), eingegangen wird.

Published

2022

5. Experimental Evaluation of Security Monitoring and Notification on Network Intrusion Detection System for Server Security

Author

Yavan Cahyan, Asep Saeppani, Muhammad Agreindra Helmiawan, and Eggi Julian

Subjects

Information privacy, File Transfer Protocol, Computer science, Server, Secure Shell, Ping of death, Intrusion detection system, Computer security, computer.software_genre, computer, Protocol (object-oriented programming), Port (computer networking)

Abstract

Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.

Published

2021

6. SSH and Telnet Protocols Attack Analysis Using Honeypot Technique: Analysis of SSH AND TELNET Honeypot

Author

Muhammed Ali Aydin, Ebu Yusuf Guven, and Melike Baser

Subjects

Telnet, Honeypot, Computer science, business.industry, computer.internet_protocol, Secure Shell, Information security, Computer security, computer.software_genre, Upload, Attack model, Software, business, computer, Risk management

Abstract

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

Published

2021

7. Design and implementation of parallel processing for embedded system online experiment teaching platform

Author

Yiting Wang, Yifan Zhang, Yuanbo Dou, Jianwei Niu, Shun Zuo, and Huiyong Li

Subjects

Information engineering, Parallel processing (DSP implementation), Computer science, business.industry, Secure Shell, Reliability (computer networking), Embedded system, ComputingMilieux_COMPUTERSANDEDUCATION, Key (cryptography), business, Protocol (object-oriented programming), Fault detection and isolation, Task (project management)

Abstract

As the core course of information engineering specialty, embedded system course has the characteristics of great theoretical difficulty and strong practical operation. It is an important part of this course to cultivate students’ practical ability through experimental teaching. In order to overcome the impact of the lack of time and room on traditional experimental teaching, an online simulation experimental teaching platform for embedded system course rose in response to the proper time and conditions. Concurrent sharing and remote fault detection are the key to realize the system. This paper designs and implements an embedded system online simulation experiment teaching platform oriented to the combination of virtual and real. The platform supports concurrent access by multiple users based on the Secure Shell (SSH) protocol, and realizes the sharing of experimental resources by constructing a task pool. The method of fault detection and recovery using the heartbeat mechanism improves the reliability of the system. Practical applications have shown that the system can run stably for a long time, support a large number of students in online experiments at the same time, and improve the utilization of experimental equipment and the efficiency of students’ experiments.

Published

2021

8. Runtime verification for trustworthy secure shell deployment

Author

Axel Curmi, Mark Vella, and Christian Colombo

Subjects

Computer science, business.industry, Secure Shell, Runtime verification, Process (computing), Cryptographic protocol, computer.software_genre, Software deployment, Embedded system, Malware, SSH File Transfer Protocol, business, Protocol (object-oriented programming), computer

Abstract

Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a cryptographic protocol deployment --- particularly that of the Secure Shell Protocol (SSH). We aim to show that our approach, which does not require any specific security hardware or operating system modifications, is feasible through the design of a framework and work-in-progress empirical evaluation. We provide: (i) The design of the setup involving SSH, (ii) The provision of the RV-TEE setup with SSH implementation, including (iii) An overview of the property extraction process through a methodical analysis of the SSH protocol specifications.

Published

2021

9. Towards Quantum Resistant Key Agreement Schemes Using Unpredictability

Author

Mohamed Helmy Megahed, Emad A Elsamahy, and Alaa Elhao

Subjects

Public-key cryptography, Secure communication, Computer science, business.industry, Elliptic curve Diffie–Hellman, Secure Shell, Distributed computing, Key (cryptography), Cryptography, Elliptic curve cryptography, business, Quantum computer

Abstract

Elliptic curve Diffie Hellman (ECDH) is one of today’s most commonly used key agreement schemes, gaining universal usage amongst secure communication protocols such as transport layer security (TLS) and secure shell (SSH). This popularity is attributed to elliptic curve cryptography’s (ECC) known benefits including offering high-security levels for lesser key sizes in comparison to other known public key counterparts. With public key schemes being under the threat of becoming obsolete due to quantum computing and associated algorithms, we propose an enhancement to ECDH aiming at exponentially increasing the hardness of exhaustive search methods utilizing quantum computing powers. In order to reach a key agreement scheme that would withstand future and post-quantum processing powers, we introduce an enhancement that will be based on a distinct cryptographic property labeled ’Unpredictability’, which offers algorithms the ability to use multiple key pairs (up to 256), in different combinations, all whilst maintaining substantially similar arithmetic operations. The resultant scheme is labelled as unpredictable elliptic curve Diffie Hellman (UP-ECDH)

Published

2021

10. Causal analysis of attacks against honeypots based on properties of countries

Author

Matej Zuzcak and Petr Bujok

Subjects

Honeypot, Computer Networks and Communications, Population size, Secure Shell, Developing country, 020206 networking & telecommunications, Statistical model, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Geography, 010201 computation theory & mathematics, Information and Communications Technology, 0202 electrical engineering, electronic engineering, information engineering, Econometrics, Cluster analysis, Set (psychology), Software, Information Systems

Abstract

This study studies the influence of country attributes on the number of secure shell attacks originating from it detected by the author's honeynet. Four statistical models are described, based on three sources of data from various countries. The studied attributes of the countries can be broadly divided into demographic, technological, and economic, with each source providing a slightly different set of attributes. Statistical methods such as partial least-squares path modelling are used, clustering countries by their assessed similarity. The population size has the greatest effect on the number of attacks, as expected, though it has to be noted that developing countries did not provide relevant data to the sources used and thus were not included. The following influential attributes were technical such as the access to information and communication technologies (ICT), and the use of ICT, with the economic influence being notable only in rather small countries. The Netherlands was an interesting anomaly, being clustered alongside large countries, even though its country attributes were very much like those of its neighbours.

Published

2019

11. Development of a web interface for submitting jobs to SLURM

Author

Fabian Leon and Gilberto Díaz

Subjects

Remote communication, Computer science, Shell (computing), 0211 other engineering and technologies, Pharmaceutical Science, 02 engineering and technology, 010501 environmental sciences, computer.software_genre, SLURM, lcsh:Technology, 01 natural sciences, Job queue, Upload, 021105 building & construction, CGI, Pharmacology (medical), 0105 earth and related environmental sciences, COLA (software architecture), lcsh:T, Secure Shell, computer.file_format, Complementary and alternative medicine, lcsh:TA1-2040, Operating system, User interface, Cluster Linux, lcsh:Engineering (General). Civil engineering (General), computer, Batch file

Abstract

espanolProtocolos como Shell seguro han sido utilizados comunmente por los clusters de Linux para permitir a los usuarios enviar trabajos a SLURM. Sin embargo, implica el uso de un emulador de consola para establecer la comunicacion remota que, en algunos casos, no esta disponible. Por lo tanto, este documento presenta el desarrollo de la API Web Submit SLURM, que ofrece una interfaz web rapida y segura para enviar trabajos a SLURM, consultar la cola de trabajos, crear y cargar archivos batch. EnglishProtocols such Secure Shell have been commonly used by Linux clusters to allow users sending jobs to SLURM. However, it implies the use of a console emulator to establish the remote communication which, in some cases, is not available. Therefore, this paper presents the development of the Web Submit SLURM API which offers a quick and safe web interface for submitting jobs to SLURM, querying the job queue, and creating and uploading batch files.

Published

2019

12. A Heuristic Statistical Testing Based Approach for Encrypted Network Traffic Identification

Author

Xiaosong Zhang, Zhongliu Zhuo, Niu Weina, Guowu Yang, Xiaojiang Du, and Mohsen Guizani

Subjects

Handshake, Computer Networks and Communications, Computer science, Heuristic (computer science), protocol-independent, Aerospace Engineering, 02 engineering and technology, computer.software_genre, Encryption, 0203 mechanical engineering, statistical testing, Randomness tests, Electrical and Electronic Engineering, Transport Layer Security, business.industry, Secure Shell, 020302 automobile design & engineering, Cryptographic protocol, Statistical classification, Identification (information), machine learning, handshake skipping, Automotive Engineering, Encrypted traffic identification, Malware, Data mining, business, computer

Abstract

In recent years, malware with strong concealment uses encrypted protocol to evade detection. Thus, encrypted traffic identification can help security analysts to be more effective in narrowing down those encrypted network traffic. Existing methods are protocol independent, such as statistical-based and machine-learning-based approaches. Statistical-based approaches, however, are confined to payload length and machine-learning-based approaches have a low recognition rate for encrypted traffic using undisclosed protocols. In this paper, we proposed a heuristic statistical testing (HST) approach that combines both statistics and machine learning and has been proved to alleviate their respective deficiencies. We manually selected four randomness tests to extract small payload features for machine learning to improve real-time performances. We also proposed a simple handshake skipping method called HST-R to increase the classification accuracy. We compared our approach with other identification approaches on a testing dataset consisting of traffic that uses two known, two undisclosed, and one custom cryptographic protocols. Experimental results showed that HST-R performs better than other traditional coding-based, entropy-based, and ML-based approaches. We also showed that our handshake skipping method could generalize better for unknown cryptographic protocols. Finally, we also conducted experimental comparisons among different classification algorithms. The results showed that C4.5, with our method, has the highest identification accuracy for secure sockets layer and secure shell traffic. Basic Research Programs of Sichuan Province, Science and Technology Foundation of State Grid Corporation of China, National Natural Science Foundation of China Scopus

Published

2019

13. SSH brute force attack mitigation in Internet of Things (IoT) network : An edge device security measure

Author

S M Meena and Meenaxi M. Raikar

Subjects

Edge device, business.industry, Computer science, Secure Shell, Volume (computing), Intrusion detection system, Computer security, computer.software_genre, Brute-force attack, Attack patterns, The Internet, business, computer, Protocol (object-oriented programming)

Abstract

With the explosive growth of IoT applications, billions of things are now connected via edge devices and a colossal volume of data is sent over the internet. Providing security to the user data becomes crucial. The rise in zero-day attacks are a challenge in IoT scenarios. With the large scale of IoT application detection and mitigation of such attacks by the network administrators is cumbersome. The edge device Raspberry pi is remotely logged using Secure Shell (SSH) protocol in 90% of the IoT applications. The case study of SSH brute force attack on the edge device Raspberry pi is demonstrated with experimentation in the IoT networking scenario using Intrusion Detection System (IDS). The IP crawlers available on the internet are used by the attacker to obtain the IP address of the edge device. The proposed system continuously monitors traffic, analysis the log of attack patterns, detects and mitigates SSH brute attack. An attack hijacks and wastes the system resources depriving the authorized users of the resources. With the proposed IDS, we observe 25% CPU conservation, 40% power conservation and 10% memory conservation in resource utilization, as the IDS, mitigates the attack and releases the resources blocked by the attacker.

Published

2021

14. Design and Implementation of Raspberry House: An IoT Security Framework

Author

Hiroyuki Ohno, Wen Fei, and Srinivas Sampalli

Subjects

Firmware, Computer science, computer.internet_protocol, Secure Shell, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Computer security, Internet protocol suite, Default gateway, Server, SAFER, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer, Private network

Abstract

The rising popularity of the Internet of Things (IoT) on a global scale has led to an increase in cyber threats, and researchers are paying more attention to its security issues. So far, research on IoT security has focused on large-scale devices, but there is relatively less research on the security of small IoT devices. Therefore, our objective is to mainly study how to make the operation of small IoT devices safer. Raspberry House is a TCP/IP Layer 3 gateway built with Raspberry Pi, which can connect IoT devices to the private network generated by it, thereby preventing IoT devices from being exposed to outside networks. In addition, through a private network, IoT devices can also update their firmware wirelessly. This paper also studies the communication between IoT devices through different secure connections such as Secure Shell (SSH), and evaluates their results in different environments. Experimental evaluation of TCP/IP Layer 3 Gateway indicates that the proposed framework can provide security for small IoT devices.

Published

2021

15. Python Network Automation Labs: SSH paramiko and netmiko

Author

Brendan Choi

Subjects

business.industry, Computer science, Secure Shell, Network engineering, Python (programming language), computer.software_genre, Networking hardware, Upgrade, Scripting language, Network automation, Software engineering, business, computer, computer.programming_language

Abstract

In this chapter, you will use Python’s SSH libraries, paramiko and netmiko, to control your networking devices. paramiko is what Ansible relies on for SSH connection management to network devices, and netmiko is an engineer-friendly version of paramiko as netmiko also relies on paramiko. By studying how these network modules work, you can learn the inner workings of other applications relying on these network modules. In the first half of this chapter, you will learn to replace basic network engineer manual tasks using Python scripts and the paramiko library. In the second half of this chapter, you will learn to write Python scripts using the netmiko library. Once you master how to use these SSH modules, you can apply them to your work immediately. These SSH labs will serve as the cornerstones in developing the IOS XE upgrade application at the end of this book.

Published

2021

16. Secure Shell (SSH)

Author

Robert La Lau

Subjects

Firewall (construction), Terminal (electronics), business.industry, Computer science, Secure Shell, File transfer, Encryption, business, Communications protocol, Protocol (object-oriented programming), Port (computer networking), Computer network

Abstract

Secure shell is a network protocol for the creation of encrypted connections. In its original and purest form, it is used to open a remote terminal and execute commands. However, the protocol can also be used for file transfer (SCP, SFTP); as an encrypted transport protocol for other, possible less strongly secured protocols; and for port forwarding—the redirection of requests for certain ports to ports on other servers—a technique often used to allow machines on different sides of a firewall to communicate.

Published

2021

17. Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH

Author

Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis

Subjects

Authentication, Post-quantum cryptography, Computer science, business.industry, Secure Shell, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Internet security, Public-key cryptography, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Key encapsulation, business, Key exchange, Computer network

Abstract

The advances in quantum computing present a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time. To address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH), the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantum-resistant key encapsulation and authentication schemes. In this paper, we evaluate protocol handshake performance when both post-quantum key exchange and authentication are integrated into TLS and SSH. Our experiments consider realistic network conditions and reveal that the introduced handshake latency ranges between 1-300% for TLS and 0.5-50% for SSH depending on the post-quantum algorithms used. In addition, we examine how the initial TCP window size affects post-quantum TLS and SSH performance, and show that even a small size increase can reduce the observed post-quantum slowdown by 50%. Finally, we discuss alternatives that can encourage the early adoption of post-quantum cryptography with minimum protocol performance degradation.

Published

2020

18. Webpage controlled surveillance bot using Raspberry Pi

Author

V.G. Rajendran, S. Arunbhaarat, S. Jayalalitha, and S. Radhakrishnan

Subjects

Computer science, business.industry, Secure Shell, ComputerApplications_COMPUTERSINOTHERSYSTEMS, USB, computer.software_genre, law.invention, Raspberry pi, law, Feature (computer vision), Web page, Operating system, Robot, Wireless, business, computer, Ip address

Abstract

This paper deals with designing and building a webpage based on control of a mini size robot by using raspberry pi. In case of a situation where humans cannot able to move in the particular places so that the robot can roam around in a given environment while transmitting back realtime video data to the manually hosted webpage, also the program can be invoked through SSH (Secure Shell) connection (wireless real-time programming). Using a USB based camera the real-time video data can be captured and the robot movement can be controlled in a given environment. The designed robot is compact and it has the main feature of wireless transmission and reception of data using the inbuilt Wi-Fi module that can be controlled and viewed through a webpage. The webpage can be hosted by using Raspberry pi's IP address. Microweb framework type flask has been utilized to give instructions from the web page to the raspberry pi model to control the movement of the robot.

Published

2020

19. POSTER: Distributed SSH Bruteforce Attack Detection with Flow Content Similarity and Login Failure Reputation

Author

Pratibha Khandait, Neminath Hubballi, and Namrata Tiwari

Subjects

Computer science, Secure Shell, Window (computing), Login, Poisson distribution, computer.software_genre, symbols.namesake, Brute-force attack, Similarity (network science), Flow (mathematics), Content (measure theory), symbols, Data mining, computer

Abstract

In this paper we propose a method to detect distributed bruteforcing by modeling failed login attempts as a Poisson probability distribution. We use content similarity between known SSH connection and flow characteristics of failed login attempts to attribute a flow to SSH application and subsequently either as failure or success. Using the failed login count in a window time, we label window as either normal or containing bruteforce attempts.

Published

2020

20. Implementation of NETCONF Standard by Major Customers in Croatia

Author

D. Valencic

Subjects

NETCONF, Router, Command-line interface, business.industry, computer.internet_protocol, Computer science, Secure Shell, Simple Network Management Protocol, Networking hardware, NETCONF, standard, computer networks, router, switch, implementation, customer, The Internet, business, Protocol (object-oriented programming), computer, Computer network

Abstract

The traditional way of managing and configuring network devices is by using Command Line Interface (CLI) method with Secure Shell (SSH) protocol and Simple Network Management Protocol (SNMP). CLI has proven to be a very complex and ineffective solution, especially with fast development and more complexity in the computer networking area. To solve these issues, IETF (Internet Engineering Task Force) standard organization created in 2006 the NETCONF (Network Configuration Protocol) standard. Using the NETCONF standard should enable standardized, simpler, programmatic and more efficient configuration of R/S (router/switch) devices. Today, more than ten years after the creation of the NETCONF standard there is the question about the actual acceptance of the NETCONF protocol in current customers’ networks and about the actual maturity of the NETCONF standard. The scope of this paper is to show the results of the scientific research (qualitative or quantitative) made with major customers (partners and end customers) in Croatia with R/S network devices: in which networks and on which type of devices NETCONF is implemented, what are the reasons for NETCONF (non)implementation, their knowledge about the NETCONF standard, their view of availability of NETCONF training and documentation, etc.

Published

2020

21. A Method for Microservices Handover in A Local Area Network

Author

Rimba Frida Pusparini, Muhammad Helmi Utomo, Ridha Muldina Negara, Reza Afshari, and Favian Dewanta

Subjects

File Transfer Protocol, Handover, business.industry, Computer science, Secure Shell, Server, Cloud computing, Microservices, business, SSH File Transfer Protocol, Edge computing, Computer network

Abstract

The trend of internet of things (IoT) makes the cloud less effective because networked control systems need low latency while cloud have high latency for processing data from sensors and devices. In that kind of situation, fog computing is introduced as the complement of cloud computing. However, unlike cloud services, fog services are limited to certain geographical area. As a consequence, fog services handover is needed in order to accommodate user’s mobility. This paper is focusing on microservices handover that follows user’s movement. The microservices installed in the current fog node are sent to another service coverage of a new fog node for continuing the same service to the users. Fog node contains a docker that runs MySQL, python script, and busybox services. When it comes to handover, docker will freeze current session and convert it to a checkpoint file. The file is created by taking a snapshot of the container, which consists of processes in memory, volume or image. The file will be sent by using secure shell (SSH) or file transfer protocol (FTP). At the destination fog node, the file will be processed in order to resume the service. The results show that delay of SSH is always higher than FTP in all experiments, in which the largest delays are 484.026 seconds for SSH protocol and 146.41 seconds for FTP protocols. As for checkpoint and restore process, those delays tend to be similar with respect to both SSH and FTP protocols but they are still affected by the size of snapshot and checkpoint file.

Published

2020

22. OAuth SSH with Globus Auth

Author

Kyle Chard, Lee Liming, Rachana Ananthakrishnan, Steven Tuecke, Ian Foster, Jason Alt, and Ryan Chard

Subjects

Authentication, Software, business.industry, Computer science, Secure Shell, Identity (object-oriented programming), Operating system, computer.software_genre, business, computer, Protocol (object-oriented programming), Identity management

Abstract

The Secure Shell (SSH) protocol and its OpenSSH implementation are a cornerstone of modern scientific computing, enabling users to access remote computers, transfer data, and execute programs. We describe here extensions to the OpenSSH software that enable an additional authentication method, namely OAuth tokens from Globus Auth. Integration with Globus Auth allows users to authenticate using one of hundreds of supported identity providers, and makes it possible for external applications and services to use short-term tokens to access remote computers securely on behalf of users.

Published

2020

23. SciTokens SSH: Token-based Authentication for Remote Login to Scientific Computing Environments

Author

You Alex Gao, Jim Basney, and Alex Withers

Subjects

Service (systems architecture), Authentication, Computer science, Secure Shell, Security token, Login, Security policy, JSON, computer, Variety (cybernetics), Computational science, computer.programming_language

Abstract

SciTokens SSH is a pluggable authentication module (PAM) that uses JSON Web Tokens (JWTs) for authentication to the Secure Shell (SSH) remote login service. SciTokens SSH supports multiple token issuers with local token verification, so scientific computing providers are not forced to rely on a single OAuth server for token issuance and verification. The decentralized design for SciTokens SSH was motivated by the distributed nature of scientific computing environments, where scientists use computational resources from multiple providers, with a variety of security policies, distributed across the globe.

Published

2020

24. Human Behavior Traits Detection and Avoidance Using Secure Shell Based Environment

Author

S. Sabrinathan, K. Sureshkumar, D.Sathish Kumar, S. Kalpana, and R.Rumesh Balaji

Subjects

Password, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication, Mobile phone, Computer science, Secure Shell, Security token, Login, Computer security, computer.software_genre, computer, Personally identifiable information, Vulnerability (computing)

Abstract

Now a day it is not possible to have mobile phone with network connection all time. That time anyone use user's username and password to login user account without user permission sever sent the security notification to the user mail ID but due to poor network coverage or zero data connect the security notification cannot reach the user. In case user use two step authentication to secure the account but two step authentication having token vulnerability so we purpose to secure the login page vulnerability by adding new authentication. In this authentication is extra layer for security it automatically find unauthorized user and block the device and keep users personal information's safe

Published

2020

25. Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks

Author

Chao-Wei Syu, Lin-Huang Chang, and Tsung-Han Lee

Subjects

business.industry, Network packet, Computer science, Deep learning, Secure Shell, 05 social sciences, 050801 communication & media studies, Intrusion detection and prevention, Denial-of-service attack, Convolutional neural network, 0508 media and communications, Multilayer perceptron, 0502 economics and business, 050211 marketing, Artificial intelligence, business, Software-defined networking, Computer network

Abstract

The Software Defined Network (SDN) provides higher programmable functionality for network configuration and management dynamically. Moreover, SDN introduces a centralized management approach by dividing the network into control and data planes. In this paper, we introduce a deep learning enabled intrusion detection and prevention system (DL-IDPS) to prevent secure shell (SSH) brute-force attacks and distributed denial-of-service (DDoS) attacks in SDN. The packet length in SDN switch has been collected as a sequence for deep learning models to identify anomalous and malicious packets. Four deep learning models, including Multilayer Perceptron (MLP), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) and Stacked Auto-encoder (SAE), are implemented and compared for the proposed DL-IDPS. The experimental results show that the proposed MLP based DL-IDPS has the highest accuracy which can achieve nearly 99% and 100% accuracy to prevent SSH Brute-force and DDoS attacks, respectively.

Published

2020

26. Measuring the Prevalence of the Password Authentication Vulnerability in SSH

Author

Dalton A. Hahn, Alexandru G. Bardas, and Ron Andrews

Subjects

Password, Authentication, business.industry, Computer science, computer.internet_protocol, Secure Shell, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Server, The Internet, Password authentication protocol, business, Communications protocol, computer

Abstract

Securing and hardening network protocols and services is a resource-consuming and continuous effort. Thus, it is important to question how prolific known, mitigable features of those protocols are. The Secure Shell (SSH) protocol is a good example due to its known vulnerability in using password based authentication. We take a closer look at these configurations to identify how prevalent the use of password authentication is at an internet scale. We show that current scanning tools and services provide a starting point in evaluating prevalence, but need to be validated for specific implementations. We also demonstrate that it is possible to augment some of these tools and services to determine the prevalence of password authentication in SSH specifically. As part of our evaluation, we propose a novel method for probing an SSH service to establish if password authentication is allowed, without being intrusive or causing harm to the host. Finally, we show that our analysis has resulted in determining that more than 65% of the over 20 million SSH servers on the public internet allow password authentication.

Published

2020

27. Deprecating RC4 in Secure Shell (SSH)

Author

Loganaden Velvindron

Subjects

Computer science, business.industry, Secure Shell, The Internet, RC4, Computer security, computer.software_genre, business, computer

Abstract

This document deprecates RC4 in Secure Shell (SSH). Therefore, this document formally obsoletes and moves to Historic RFC4345.

Published

2020

28. Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448

Author

Mark D. Baushke, Simon Josefsson, and Aris Adamantiadis

Subjects

Computer science, business.industry, Secure Shell, Curve25519, The Internet, business, Protocol (object-oriented programming), Key exchange, Computer network

Abstract

This document describes the specification for using Curve25519 and Curve448 key exchange methods in the Secure Shell (SSH) protocol.

Published

2020

29. Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol

Author

Ben Harris and Loganaden Velvindron

Subjects

Public-key cryptography, Digital Signature Algorithm, business.industry, Computer science, Secure Shell, The Internet, SSH File Transfer Protocol, business, Protocol (object-oriented programming), Computer network

Abstract

This document describes the use of the Ed25519 and Ed448 digital signature algorithm in the Secure Shell (SSH) protocol.

Published

2020

30. Review and Analysis of Cowrie Artefacts and Their Potential to be Used Deceptively

Author

Samuel G. Wakeling, Warren Z. Cabral, Craig Valli, and Leslie F. Sikos

Subjects

Honeypot, Computer science, Network security, business.industry, Secure Shell, 02 engineering and technology, Computer security, computer.software_genre, Brute-force attack, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

Honeypots are progressively becoming a fundamental cybersecurity tool to detect, prevent and record new threats and attack methodologies used by attackers to penetrate systems. The current technology is advancing rapidly; with the use of virtualisation, and most recently, virtual containers, the deployment of honeypots has become increasingly easier. A varied collection of open source honeypots such as Cowrie are available today, which can be easily downloaded and deployed within minutes—with default settings. Cowrie is a medium-interaction secure shell (SSH) and Telnet honeypot intended to log brute force and shell interaction attacks. However, the current issue with the default Cowrie configuration is that it is easily detected by adversaries using automated scripts and tools. To increase Cowrie's deceptive capabilities, it is essential to understand, modify, and leverage all capabilities of the honeypot. However, this process is complex, because there are no standard frameworks to interpret the artefacts used by the Cowrie honeypot and how these artefacts link to the type of deceptiveness presented to the cyber-attacker. Therefore, there is a need for some type of infrastructure that can interpret these basic deception techniques and tools, and later developing them into feasible cybersecurity defence mechanisms. This study pursues to develop an understanding about its capabilities, and how these capabilities can be used to bait attackers. The resulting annotations can help cybersecurity defenders better understand the effectiveness of the Cowrie artefacts and how they can be used deceptively.

Published

2019

31. Outsourced Ciphertext-Policy based Privacy Preservation for Mobile Cloud Computing

Author

Shengling Wang, Sheharyar, Zahid Mahmood, and Waqas Ahmad

Subjects

020203 distributed computing, Authentication, Computer science, business.industry, Secure Shell, Hash function, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Crowdsourcing, Mobile cloud computing, Mobile phone, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Verifiable secret sharing, business, computer, Mobile device, General Environmental Science, Anonymity

Abstract

With the rapid advancement of mobile phone technology, crowdsourced mobile applications are gaining importance for cheaper and abundant information gathering source. A couple of benefits of crowdsourcing are better (versatile) and less expensive responses to the requester, source of earning for crowd contributors at the same time. With the emergence of wireless access technologies and the popularity of smart and intelligent mobile terminals like smartphones, the privacy of requesters and contributors in a crowdsourced environment is becoming more crucial. Computation complexity of available privacy preserving tools and verification of outsourced schemes are not feasible for WSNs low power and resource constrained contributing devices. The low-end resource constrained mobile devices to have less capability to compute multiple access policies and the computation cost increases with the complexity of access strategy. To resolve this issue, we proposed a resourceful verifiable outsourced encryption policy based on ciphertext attributed policy (OS-ABE), which is a platform for computing exhaustive computing tasks during private data encryption and decryption. The proposed scheme works without revealing the personal data at outsource and leaves only the minimal calculation to the crowdsource contributor and the requester. To authenticate and overcome known attacks like DoS, false computing results at crowdsourced platforms, anonymity server is embedded to handle contributors privacy issues by providing a secure shell in the framework. This scheme is based on bilinear group of prime order in which two hash functions can verify outsourced computation and ensure integrity of data. The formal security and performance analysis is presented and found to be efficient and secure.

Published

2018

32. Detecting Malicious Activity With DNS Backscatter Over Time

Author

Kensuke Fukuda, John Heidemann, and Abdul Qadeer

Subjects

Computer Networks and Communications, Computer science, business.industry, BitTorrent tracker, Domain Name System, Secure Shell, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Electronic mail, Computer Science Applications, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, DNS hijacking, Backscatter (email), Heartbleed, business, computer, Software, Computer network

Abstract

Network-wide activity is when one computer (the originator ) touches many others (the targets ). Motives for activity may be benign (mailing lists, content-delivery networks, and research scanning), malicious (spammers and scanners for security vulnerabilities), or perhaps indeterminate (ad trackers). Knowledge of malicious activity may help anticipate attacks, and understanding benign activity may set a baseline or characterize growth. This paper identifies domain name system (DNS) backscatter as a new source of information about network-wide activity. Backscatter is the reverse DNS queries caused when targets or middleboxes automatically look up the domain name of the originator. Queries are visible to the authoritative DNS servers that handle reverse DNS. While the fraction of backscatter they see depends on the server’s location in the DNS hierarchy, we show that activity that touches many targets appear even in sampled observations. We use information about the queriers to classify originator activity using machine-learning. Our algorithm has reasonable accuracy and precision (70–80%) as shown by data from three different organizations operating DNS servers at the root or country level. Using this technique, we examine nine months of activity from one authority to identify trends in scanning, identifying bursts corresponding to Heartbleed, and broad and continuous scanning of secure shell.

Published

2017

33. An Empirical Analysis of Plugin-Based Tor Traffic over SSH Tunnel

Author

Zhong Guan, Gaopeng Gou, Yangyang Guan, and Bingxu Wang

Subjects

Traffic analysis, Computer science, business.industry, Server, Secure Shell, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, ComputingMilieux_COMPUTERSANDSOCIETY, Client-side, Encryption, business, Tunneling protocol, Server-side, Computer network

Abstract

Tor is the most widely used system for anonymous low-latency communication. However, the anonymity of TOr is not invulnerable according to a large amount of researches, even with the traffic obfuscation provided by pluggable transports. Concerned about security issues such as identity leakage, users deploy fronting servers as proxies that forward traffic to the entry node of Tor, and encrypted tunneling services such as secure shell (SSH) protocol are commonly used to connect users with proxies. To quantitatively analyze the plugin-based Tor traffic over encrypted tunnels, experiments involving the traffic identification and correlation are performed. Identification aims at recognizing tunneled Tor flows among background traffic at the client side, while correlation associates outward flows of Tor at the server side with corresponding inward flows at the client side. We access to the self-built server through the SSH proxy and Tor successively, capturing data flows generated by different pluggable transports and upper applications. Then identification and correlation techniques based on various machine learning algorithms are used to break anonymity. The accuracy and F1 scores reach above 95% while false positive rates approach 0% under certain conditions. The result demonstrates that Tor traffic encrypted by tunneling protocols is also at risk of anonymity revealing when confronted with traffic analysis.

Published

2019

34. Robot Operating System Integrated robot control through Secure Shell(SSH)

Author

Santosh Tantravahi, Naveen Samudrala, Rajesh Kannan Megalingam, Hemanth Sai Surya Kumar Tammana, Nagasai Thokala, and Hari Sudarshan Rahul Puram

Subjects

Rescue robot, Router, business.industry, Computer science, Secure Shell, Bandwidth (computing), Robot, Wired communication, business, Computer hardware, Data transmission, Robot control

Abstract

The paper presents the operation of a robot through SSH. The robot is a disaster rescue robot and is ROS integrated. Through SSH the robot's CPU is accessed from a robot operating console. Commands are passed from the console to the robot's computing unit through SSH. These commands are used to execute the already existing programs in the robot's processing unit and transmit the results to the operating console through wired or wireless communication. Different programs were executed and their results were presented in this paper. The communication between operating console and robot's CPU is established using a high bandwidth router to avoid the delay in data transmission.

Published

2019

35. Using Honeypot Programs for Providing Defense of Banking Network Infrastructure

Author

Yuriy Lakh and Rostyslav Shymkiv

Subjects

Password, Task (computing), Honeypot, Work (electrical), Brute-force attack, Computer science, Secure Shell, Server, Information security, Computer security, computer.software_genre, computer

Abstract

the main task of the work was to analyze the possible options for using honeypot lures to protect effectively the network perimeter of a banking system. The analyses have been performed using a low-interactive program honeypot, which purpose is to protect open Secure Shell ports on servers of the banking network infrastructure. As an experimental result of the honeypot’s successful using there were received data on the attacker’s actions. Their detailed carried out analysis as well as application results have been presented in the graphs and visualizations with additional programs. In particular, the most frequently used types of logins as well as passwords values during active phase of attacks had been analyzed and due to the obtained results were proposed methods and tools allowing avoid such types of attacks. Recommendations for developing network secure perimeter of a banking system according to the modern information security requirements had been proposed.

Published

2019

36. AI Powered System Providing Knowledge Based Solution for Errors in Server Logs

Author

Atharva Narlawar, Roshan Kasliwal, Mayuri Sonwale, Priya Surana, and Pratik Padman

Subjects

Task (computing), Web server, Database, Computer science, Secure Shell, Process (computing), Resource (Windows), computer.software_genre, Server log, Web crawler, computer

Abstract

A server log is a file that is implicitly created and maintained by a server, consisting of list of activities that it performs. An example is a web server log which maintains the history. Every time any client request for any resource such as a page, java-script file, etc. from the server, it adds this entry in the log file. Information about each and every primitive task executed by the server hits the log entry. The various types of logs are error logs, access logs, etc. In general, the system list down the errors in the log file. One way of eliminating these errors is to monitor each log manually and work upon the probable solution. In this paper, we propose to automate the process of finding knowledge-based solution for critical error logs. The process of web crawling suggests the relevant link as their possible solutions.

Published

2019

37. Network Simulation and Vulnerability Assessment Tool for an Enterprise Network

Author

J P Dhivvya, Divya Muralidharan, Barnala Kiran Kumar, and Neha Raj

Subjects

Telnet, Intranet, Computer science, Network security, business.industry, computer.internet_protocol, Distributed computing, Secure Shell, 010401 analytical chemistry, 02 engineering and technology, 01 natural sciences, 0104 chemical sciences, Network simulation, Computer network programming, Vulnerability assessment, 0202 electrical engineering, electronic engineering, information engineering, Enterprise private network, 020201 artificial intelligence & image processing, business, computer

Abstract

The system proposed in this paper is the development of a methodology for a Network Vulnerability Assessment (NVA) tool capable of scanning and reporting vulnerabilities over the intranet and network simulator for enterprise networks which is capable of analyzing network behavior using enhanced GNS3. The proposed NVA tool implements network function in a controller which has the potential to extend vulnerability scanning for any devices. We had tested the system using a test bed with the features like scanning various vulnerabilities based on the type of networking device from the controller/vulnerability scanner in the same network. We have automated telnet/SSH connection using python script, which can help in automation and integrate network programming features from a controller. This version of the tool can be used to identify the possible vulnerabilities in any enterprise network and the methodology can be extended to incorporate better-secured networks.

Published

2019

38. Controlling the execution steps of data processing algorithm with visual workflow

Author

Alexander Tsidaev

Subjects

Data processing, Workflow, Software, business.industry, Computer science, Secure Shell, Software execution, Time management, Software engineering, business, Supercomputer, Automation

Abstract

This paper describes principles of the workflow-based automation for scientific calculations and the 3rd party software execution. Manual way of execution of different programs on different stages of calculations or modelling is routine and not time-efficient. Using the predefined workflow with configurable parameters helps researcher to avoid errors induced by inattention on the manually performed steps. These principles were used to build software for the geophysical calculations. Another described option for workflow integration is the parallel supercomputing on remote hardware. One of modules of the program is intended to wrap SLURM (popular software for time management on supercomputers) interaction over Secure Shell (SSH).

Published

2019

39. Trustless Two-Factor Authentication Using Smart Contracts in Blockchains

Author

Ashutosh Bhatia, Pranjal Priyadarshi, Siddhant Jhamb, and Varun Amrutiya

Subjects

Password, Authentication, Computer science, Server, Secure Shell, Multi-factor authentication, Trusted third party, Web service, Computer security, computer.software_genre, computer, Private network

Abstract

Two-factor authentication (2FA) is widely prevalent in banking, emails and virtual private networks (VPN) connections or in accessing any secure web service. In 2FA, to get authenticated the users are expected to provide additional secret information along with the password. Typically, this secret information (tokens) is generated by a centralized trusted third party upon receiving an authentication request from users. Thus, this additional layer of security comes at the cost of inherently trusting the third party for their services. The security of such authentication systems is always under the threat of the trusted party is being compromised. In this paper, we propose a novel approach to make server authentication even more secure by building 2FA over the blockchain platform which is distributed in nature. The proposed solution does not require any trusted third party between claimant (user) and the verifier (server) for the authentication purpose. To demonstrate the idea of using blockchain technology for 2FA, we have added an extra layer of security component to the OpenSSH server a widely used application for Secure Shell (SSH) protocol.

Published

2019

40. Decrypting live SSH traffic in virtual environments

Author

Peter McLaren, Gordon Russell, William J. Buchanan, and Zhiyuan Tan

Subjects

FOS: Computer and information sciences, IoT, Computer Science - Cryptography and Security, Computer science, decryption, QA75 Electronic computers. Computer science, Culture and Communities, Internet of Things, network traffic, Audit, memory analysis, Cyber-security, Encryption, Computer security, computer.software_genre, Android, Centre for Distributed Computing, Networking and Security, SSH, Secure Shell, Protocol (object-oriented programming), Focus (computing), AES, business.industry, data exfiltration, VMI, AI and Technologies, Computer Science Applications, Secure File Transfer, Medical Laboratory Technology, 005.8 Data security, Bundle, insider attacks, Networks, business, Law, computer, Host (network), Cryptography and Security (cs.CR)

Abstract

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including the detection and interception of data exfiltration of confidential data.

Published

2019

41. Deriving ChaCha20 Key Streams From Targeted Memory Analysis

Author

William J Buchanan, Zhiyuan Tan, Gordon Russell, and Peter McLaren

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, decryption, 004 Data processing & computer science, QA75 Electronic computers. Computer science, Cryptography, network traffic, ChaCha20, Virtual machine introspection, memory analysis, Cyber-security, Computer security, computer.software_genre, Encryption, Centre for Distributed Computing, Networking and Security, Safety, Risk, Reliability and Quality, Secure Shell, Stream cipher, Block cipher, Vulnerability (computing), business.industry, Transport Layer Security, stream ciphers, Cipher, Symmetric-key algorithm, Key (cryptography), business, computer, Cryptography and Security (cs.CR), Software

Abstract

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting memory access.

Published

2019

42. Honeypot System for Attacks on SSH Protocol

Author

P.S. Avadhani and Solomon Z. Melese

Subjects

Service (systems architecture), Honeypot, Dictionary attack, Computer Networks and Communications, Network security, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Intrusion, 0202 electrical engineering, electronic engineering, information engineering, SSH File Transfer Protocol, Password, 021110 strategic, defence & security studies, business.industry, Applied Mathematics, Secure Shell, 020206 networking & telecommunications, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, business, Safety Research, computer, Software, Information Systems, Computer network

Abstract

Honeypots are effective network security systems built to study the tactics of attackers and their intents. In this paper, we deployed Kippo honeypot to analyze Secure Shell attacks. Both the dictionary attack and intrusion activities of attackers have been discussed. We collected usernames and passwords that are attempted by dictionary attack targeting Secure Shell service. We have traced the frequently attacking machines based on their IP addresses. We have also recorded the commands they executed after successful logins to the Secure Shell honeypot server. We logged vast amount of connection requests destined to number of ports originated from different locations of the world. From our honeypot system, we have collected attack data that enables us to learn common Secure Shell based attacks.

Published

2016

43. Code Analysis and Improvement of Onion Routing Anonymous Systems

Author

Youwen Wang, Tianbo Lu, Yang Lin, and Lingling Zhao

Subjects

Computer Networks and Communications, Computer science, business.industry, Secure Shell, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Static program analysis, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Anonymous web browsing, Code (cryptography), 020201 artificial intelligence & image processing, The Internet, Onion routing, business, computer, Secure channel

Abstract

With the development of Internet technology, network based activities such as e-commerce, internet voting and e-government, etc. have become increasingly frequent, People are increasingly concerned about the identity of network activity, content and other private information. In order to protect user privacy in network communications, governments, companies, universities and research institutes are pushing the research and development of the onion routing systems (TOR). Tor is the most popular anonymous communication system currently, which is based on technology of the second-generation onion routing. Tor has a low latency, encrypted data transmission, secure channel, etc., which are widely used in anonymous Web browsing, instant messaging, Secure Shell Client (SSH), etc. However, the development of the onion routing systems is constrained by complicated code factors. According to this situation, this paper put forward an overall architecture of TOR code, which contains Application Needs, Code Analysis and Improvement. This paper summarizes the overall framework of tor code structure, in order to make the code structure clearer, the whole code module is divided into several sub modules, using the function call diagram and UML diagram illustrates the main function of each module and call relation between each module. This paper gives code analysis for anonymous architecture of TOR. Finally, this paper put forward the improvement of routing algorithms of TOR. Based on this paper, a method has been created which is used to understand the tor code easily. Furthermore, systematic analysis of the tor code provided in this paper aims to research the working principle and promote the further development of the onion routing.

Published

2016

44. Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment

Author

Huiseung Chae, Chan Yeol Park, Sung-Jun Kim, Taeyoung Hong, and Jae-Kook Lee

Subjects

Brute-force attack, Heavy-tailed distribution, Secure Shell, 0103 physical sciences, General Physics and Astronomy, 010306 general physics, Supercomputer, Computer security, computer.software_genre, 01 natural sciences, Multi user environment, computer, 010305 fluids & plasmas

Abstract

Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server’s unsuccessful access logs and the firewall’s drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.

Published

2016

45. Installation of OpenStack (Liberty release) using PackStack

Author

John Rose Santiago, Jaya Jeswani, and James Jacob Kurian

Subjects

Random access memory, business.industry, Computer science, Secure Shell, Data_MISCELLANEOUS, Cloud computing, 0102 computer and information sciences, 02 engineering and technology, Virtualization, computer.software_genre, 01 natural sciences, Installation, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, business, computer

Abstract

is an open source cloud platform created by Rackspace Hosting and NASA. It is primarily used for Infrastructure as a Service (IaaS) deployments. IaaS deployments deal with physical/infrastructural aspects of the virtualization provided by cloud which signifies - storage, computing power, Random Access Memory (RAM) for efficient utilization of resources. This paper presents the installation steps for the "Liberty" Release of OpenStack using the PackStack installer script. It also describes how to launch an instance using an image of the "CirrOS" cloud OS, pinging and accessing it via Secure Shell (SSH). Keywordscomputing, OpenStack, IaaS, Liberty, CirrOS, PackStack, Open Source

Published

2016

46. GWMEP: Task-Manageras-a-Service in Apache CloudStack

Author

Antonio J. Garcia-Loureiro, Guillermo Indalecio, and F. Gomez-Folgar

Subjects

Task management, Computer Networks and Communications, business.industry, Computer science, Secure Shell, Distributed computing, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Cost reduction, Elasticity (cloud computing), Virtual machine, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, Task manager, business, computer

Abstract

To provide researchers with the computing capacity that they need, several solutions have emerged. Cloud computing is known for providing on-demand self-service, elasticity, flexibility, and cost reduction. However, open source clouds such as Eucalyptus, OpenNebula, OpenStack, and Apache CloudStack don't provide features to handle computing tasks or workloads on virtual machines. Here, a solution is presented that lets the user execute tasks from within Apache CloudStack's interface, supporting task deployment, management, and retrieval, even in external Secure Shell (SSH)-reachable computing resources.

Published

2016

47. Detecting Intruders and Preventing Hackers from Evasion by Tor Circuit Selection

Author

Zechun Cao and Shou-Hsuan Stephen Huang

Subjects

Handshake, Computer science, business.industry, Network packet, Network security, Secure Shell, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Evasion (network security), Intrusion detection system, ComputingMilieux_COMPUTERSANDSOCIETY, business, SSH File Transfer Protocol, Computer network, Hacker

Abstract

The widely-used Tor network has become the most popular anonymous network that supports circuit-based lowlatency internet connections. However, recent security breach incidents reveal SSH have been used to launch attacks by malicious users. Although a server-side blocking mechanism which can identify SSH connections individually has been proposed, we have found that it is restricted to certain Tor circuit protocol versions and not for all SSH protocol implementations. The prior method is based on the difference of latency in the Tor network which may be subject to hacker manipulation by circuit selection in the Tor network. In this paper, we first present a set of attributes that can be used to detect SSH connection through Tor for all SSH handshake between client and server, by observing the network packets exchanges of the SSH protocol. In the second half of this paper, we show that the geographical location of the nodes in Tor circuit has an impact on the effectiveness of our metrics. If hackers know our detection algorithm, they may be able to evade the detection. We demonstrate the effectiveness of our attacks detection by analyzing multiple Tor circuit selections. Finally, we identify and evaluate our detection algorithm and demonstrate that our algorithm achieves 98% accuracy under the most stringent condition.

Published

2018

48. An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System

Author

Ridho Maulana Arifianto, Parman Sukarno, and Erwid Musthofa Jadied

Subjects

Authentication, Honeypot, Port knocking, Computer science, Secure Shell, Data theft, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Port (computer networking), Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer

Abstract

This paper proposes an architecture of Secure Shell (SSH) honeypot using port knocking and Intrusion Detection System (IDS) to learn the information about attacks on SSH service and determine proper security mechanisms to deal with the attacks. Rapid development of information technology is directly proportional to the number of attacks, destruction, and data theft of a system. SSH service has become one of the popular targets from the whole vulnerabilities which is existed. Attacks on SSH service have various characteristics. Therefore, it is required to learn these characteristics by typically utilizing honeypots so that proper mechanisms can be applied in the real servers. Various attempts to learn the attacks and mitigate them have been proposed, however, attacks on SSH service are kept occurring. This research proposes a different and effective strategy to deal with the SSH service attack. This is done by combining port knocking and IDS to make the server keeps the service on a closed port and open it under user demand by sending predefined port sequence as an authentication process to control the access to the server. In doing so, it is evident that port knocking is effective in protecting SSH service. The number of login attempts obtained by using our proposed method is zero.

Published

2018

49. Mobile Ad-hoc Networks Security Aspects in Black Hole Attack

Author

Ventrapragada Sree Pooja, Nagulapally Manisha Reddy, Todupunoori Rohit, and S Sudeshna

Subjects

Packet loss, Packet drop attack, business.industry, Computer science, Data integrity, Secure Shell, Node (networking), Cryptography, Mobile ad hoc network, business, Encryption, Computer network

Abstract

Security is one of the most challenging issues in our day to day activities life. Mobile Ad-hoc Network (MANET) is an infra structure less, wireless and open medium. One of the main challenges here is self-organizing and self-healing network which causes the dynamic topology, it doesn't have any central infrastructure; also it is very much affected while transmitting the data. While forwarding the data from sender node to receiver node, there may be a packet loss during transmission this is called as “Black Hole Attack”. To overcome this, we are proposed a solution method called “Dual Cryptography Technique with secure Shell Protocol” which will help to secure the data with dual encryption and decryption algorithm with better result from the existing approaches. By using our technique, the security is safe and secure in order to gain confidentiality, availability and data integrity.

Published

2018

50. Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol

Author

denis bider

Subjects

Public-key cryptography, Authentication, business.industry, Computer science, Secure Shell, The Internet, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, SSH File Transfer Protocol, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, Computer network

Abstract

This memo updates RFCs 4252 and 4253 to define new public key algorithms for use of RSA keys with SHA-256 and SHA-512 for server and client authentication in SSH connections.

Published

2018