Search

Your search keyword '"Zbigniew Kotulski"' showing total 99 results
Start Over Author "Zbigniew Kotulski" Language undetermined
99 results on '"Zbigniew Kotulski"'

3. Application-Aware Firewall Mechanism for Software Defined Networks

Author

Fahad Nife and Zbigniew Kotulski

Subjects
Emulation, Network architecture, Computer Networks and Communications, Computer science, business.industry, Strategy and Management, 020206 networking & telecommunications, 02 engineering and technology, Python (programming language), Network topology, Firewall (construction), Software, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Forwarding plane, 020201 artificial intelligence & image processing, business, Software-defined networking, computer, Information Systems, Computer network, computer.programming_language
Abstract

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network’s intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network’s architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network’s controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications that may at some point affect network’s performance, and it is capable to dynamically enforce constraint rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module, and the Security-Enforcement Module. The proposed mechanism checks the network traffic at the network, transport, and application levels, and installs appropriate security instructions down into the network. The proposed solution features were implemented and tested using a Python-based POX controller, and the network topology was built using Mininet emulation tool.

Published
2020

4. New Security Architecture of Access Control in 5G MEC

Author

Wojciech Niewolski, Tomasz Wojciech Nowak, Mariusz Sepczuk, and Zbigniew Kotulski

Subjects
Authentication, Service (systems architecture), Computer science, business.industry, 020206 networking & telecommunications, 020207 software engineering, Access control, 02 engineering and technology, Enterprise information security architecture, 0202 electrical engineering, electronic engineering, information engineering, Use case, Architecture, business, Protocol (object-oriented programming), 5G, Computer network
Abstract

The currently developed 5G networks using MEC technology (5G MEC) allow for the harmonious cooperation of many areas of the economy (called the vertical industries) within an integrated information network. Providing the necessary security in such a complex configuration of business partners requires the design of consistent and effective security architecture. In this paper, we present a new concept of an access control architecture for the 5G MEC network in line with the 5G network model and MEC architecture proposed by international standardization organizations. We give an overview of the high-level security architecture of 5G MEC networks, which provides security solutions for the network’s components and establishes secure access to all cooperating entities. Next, we introduce the MEC Enabler, a new network’s module, which manages security credentials required to access resources of MEC-hosted services. We consider a series of several use cases with increasing demands on network data resources and computing power. Finally, we present a sample protocol diagram for gaining access to resources (authentication in a service using MEC technology) in our access control architecture.

Published
2021

5. New SDN-Oriented Distributed Network Security System

Author

Omar Reyad, Fahad Nife, and Zbigniew Kotulski

Subjects
Numerical Analysis, Network security, business.industry, Computer science, Applied Mathematics, 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, Computational Theory and Mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Analysis, Computer network
Published
2018

6. Cybersecurity education: Evolution of the discipline and analysis of master programs

Author

Dulce Domingos, Zbigniew Kotulski, Ana Respício, and Krzysztof Cabaj

Subjects
ComputingMilieux_THECOMPUTINGPROFESSION, General Computer Science, media_common.quotation_subject, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Information assurance, Workforce, 0202 electrical engineering, electronic engineering, information engineering, Computer science curriculum, 020201 artificial intelligence & image processing, Business, Duration (project management), Cyberspace, Law, computer, Sophistication, media_common
Abstract

As the amount of information, critical services, and interconnected computers and “things” in the cyberspace is steadily increasing, the number, sophistication, and impact of cyberattacks are becoming more and more significant. In the last decades, governmental and non-governmental organisations have become aware of this problem. However, the existing cybersecurity workforce has not been sufficient for satisfying the increasing demand for qualified cybersecurity professionals, and the shortfall will increase in the next years. Meanwhile, to address the increasing demand for cybersecurity professionals, academic institutions have been establishing cybersecurity programs, particularly, cybersecurity master programs. This paper aims at analysing which cybersecurity topics are covered by existing cybersecurity master programs of top universities and how these topics are distributed through courses. It starts by reviewing the evolution and maturation of the cybersecurity discipline, focusing on the ACM efforts, which include the early addition of the Information Assurance and Security Knowledge Areas to the computer science curricula and, more recently, the development of curricular recommendations to support the definition of post-secondary cybersecurity programs. These latest guidelines are used to analyse and review 21 cybersecurity master programs, focusing on the contents of their courses, structure, admission requirements, duration, requirements for completion, and evolution.

Published
2018

7. A new risk-based authentication management model oriented on user's experience

Author

Mariusz Sepczuk and Zbigniew Kotulski

Subjects
Challenge-Handshake Authentication Protocol, Authentication, General Computer Science, business.industry, Computer science, SPNEGO, Generic Security Service Algorithm for Secret Key Transaction, Data security, 020206 networking & telecommunications, Access control, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Authentication protocol, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Law, computer
Abstract

With the increasing role of numerous Internet services, more and more private data must be protected. One of the mechanisms which is used to ensure data security is user authentication. A reliable authentication mechanism is a foundation of security of a remote service but, on the other hand, it is also a source of user frustration because of fear of losing access in case of three failures. A remedy to this problem could be contextual secure authentication. Such a protocol should provide multi-level authentication mechanism which increases user satisfaction without decreasing a protection level. In this paper we propose a risk analysis procedure of a new authentication management model using contextual data and oriented on user experience. We describe an approach to risk assessment of the mechanism, which supports a process of choosing the proper multi-step authentication procedure. On this basis, it is possible to provide a security solution which keeps balance between user satisfaction (related to QoE) and the obtained Level of Security (related to QoP).

Published
2018

8. On a New Intangible Reward for Card-Linked Loyalty Programs

Author

Albert Sitek and Zbigniew Kotulski

Subjects
Transaction processing, Computer science, business.industry, media_common.quotation_subject, 05 social sciences, Context (language use), Computer security, computer.software_genre, Payment, Payment card, Unique identifier, 0502 economics and business, Loyalty, 050211 marketing, business, Database transaction, computer, 050203 business & management, Risk management, media_common
Abstract

Card-Linked Loyalty is an emerging trend observed in the market to use payment card as a unique identifier for Loyalty Programs. This approach allows to redeem goods and collect bonus points directly during a payment transaction. In this paper, we proposed additional, intangible reward, that can be used in such solutions: shorter transaction processing time. We presented a complete solution for it: Contextual Risk Management System, that can make a dynamic decision whether Cardholder Verification is necessary for the current transaction, or not. It is also able to maintain an acceptable level of risk approved by the Merchant. Additionally, we simulated the proposed solution with real-life transaction traces from payment terminals and showed what kind of information can be determined from it.

Published
2018

9. Image Encryption using Chaos-Driven Elliptic Curve Pseudo-Random Number Generators

Author

Zbigniew Kotulski, Walaa M. Abd-Elhafiez, and Omar Reyad

Subjects
Pseudorandom number generator, Discrete mathematics, Numerical Analysis, 020205 medical informatics, Computer science, Applied Mathematics, 010102 general mathematics, Elliptic Curve Digital Signature Algorithm, 02 engineering and technology, 01 natural sciences, Computer Science Applications, Elliptic curve point multiplication, Computational Theory and Mathematics, Jacobian curve, 0202 electrical engineering, electronic engineering, information engineering, Curve25519, Applied mathematics, 0101 mathematics, Schoof's algorithm, Elliptic curve cryptography, Analysis, Tripling-oriented Doche–Icart–Kohel curve
Published
2016

10. 5G networks: Types of isolation and their parameters in RAN and CN slices

Author

Marcin Alan Tunia, Mariusz Sepczuk, Tomasz Wojciech Nowak, and Zbigniew Kotulski

Subjects
Radio access network, SIMPLE (military communications protocol), Computer Networks and Communications, Computer science, Distributed computing, Ran, 0202 electrical engineering, electronic engineering, information engineering, Core network, 020206 networking & telecommunications, 020201 artificial intelligence & image processing, 02 engineering and technology, Isolation (database systems), 5G
Abstract

In this paper, we present a systematic overview of existing isolation techniques in nodes and networks, especially in the Radio Access Network and the Core Network (RAN and CN) to give a background to standardized methods of calculating an isolation level leading to secure End-to-End (E2E) slices’ isolation. We present specific isolation technologies used in layers of 5G RAN and CN. For RAN and CN slices we propose several isolation properties and parameters to enable qualitative and quantitative characterization of the isolation. Finally, we present our approach that makes it possible to establish the common level of isolation for an E2E slice in the 5G network. To illustrate how such an isolation model works in practice, we give numerical examples of calculating an isolation level for simple network slices.

Published
2020

11. Graph-based quantitative description of networks' slices isolation

Author

Tomasz Wojciech Nowak, Mariusz Sepczuk, Zbigniew Kotulski, and Marcin Alan Tunia

Subjects
Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Virtualization, computer.software_genre, Network element, Unified Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), Wireless, 020201 artificial intelligence & image processing, Isolation (database systems), business, Algorithm, Virtual network, computer, 5G, computer.programming_language
Abstract

5G networks are expected to be a set of slices which are virtual subnets designed for specific applications. A crucial requirement for providing proper functioning of the network and its security is proper isolation of slices. The aim of this paper is to propose a new method of determination of the isolation level of a slice. We propose a Graph-based model of the sliced network, which has a layered structure. In each layer, the appropriate network elements have their own isolation level. The lowest layer of the Graph-based model represents virtual network elements with isolation traits used for calculating their isolation level. Climbing to the top of the stack of layers one can calculate, successively, isolation level for a network's physical element, a link, subnetworks and, the End-to-End slice's isolation level. We present numerical examples, where suitable traits are specified and the isolation level in each layer is calculated.

Published
2018

12. Towards constructive approach to end-to-end slice isolation in 5G networks

Author

Rafal Artych, Jean-Philippe Wary, Tomasz Wojciech Nowak, Zbigniew Kotulski, Marcin Alan Tunia, Krzysztof Bocianiak, Tomasz Osko, and Mariusz Sepczuk

Subjects
lcsh:Computer engineering. Computer hardware, Computer science, lcsh:TK7885-7895, Context (language use), 02 engineering and technology, Slice chaining, Constructive, lcsh:QA75.5-76.95, Field (computer science), Isolation in sliced network, 5G networks, End-to-end principle, 0202 electrical engineering, electronic engineering, information engineering, Added value, Orchestration (computing), Isolation (database systems), Architecture, Slice orchestration, business.industry, 020206 networking & telecommunications, Computer Science Applications, Signal Processing, 020201 artificial intelligence & image processing, lcsh:Electronic computers. Computer science, Software engineering, business, Slicing
Abstract

Although 5G (fifth generation) networks are still in the realm of ideas, their architecture can be considered as reaching a forming phase. There are several reports and white papers which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socio-economic impacts and technological constraints. Most of them deal with network slicing aspects as a central point, often strengthening slices with slice isolation. The idea of isolation in the network is not new. However, currently considered technologies give new capabilities that can bring added value in this field. The goal of this paper is to present and examine the isolation capabilities and selected approaches to its realization in network slicing context. As the 5G architecture is still evolving, the specification of isolated slices operation and management brings new requirements that need to be addressed, especially in a context of end-to-end (E2E) security. Thus, an outline of recent trends in slice isolation and a set of challenges are presented. The challenges, if properly addressed, could be a step from the concept of 5G networks to proof-of-concept solutions which provide E2E user’s security based on slices isolation. Among other things, the key features are proper slice design and establishment, security at interfaces, suitable access protocols, correct virtual resources sharing, and an adaptable management and orchestration architecture (MANO). In conclusion of the paper, short outlines of two of the main secure isolation challenges are given: a proper definition of isolation parameters and designing suitable MANO system.

Published
2018

13. New SDN-Oriented Authentication and Access Control Mechanism

Author

Fahad Nife and Zbigniew Kotulski

Subjects
Authentication, Network security, business.industry, Computer science, computer.internet_protocol, 020206 networking & telecommunications, Access control, 02 engineering and technology, Control theory, 0202 electrical engineering, electronic engineering, information engineering, RADIUS, 020201 artificial intelligence & image processing, IEEE 802.1X, business, Software-defined networking, computer, Host (network), Computer network
Abstract

Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

Published
2018

15. On Pseudo-Random Number Generators Using Elliptic Curves and Chaotic Systems

Author

Omar Reyad and Zbigniew Kotulski

Subjects
Discrete mathematics, Numerical Analysis, Applied Mathematics, Elliptic Curve Digital Signature Algorithm, Hessian form of an elliptic curve, Supersingular elliptic curve, Computer Science Applications, Elliptic curve point multiplication, Computational Theory and Mathematics, Counting points on elliptic curves, Hardware_ARITHMETICANDLOGICSTRUCTURES, Schoof's algorithm, Elliptic curve cryptography, Analysis, Tripling-oriented Doche–Icart–Kohel curve, Computer Science::Cryptography and Security, Mathematics
Abstract

Elliptic Curve Cryptography (ECC) is a relatively recent branch of cryptography which is based on the arithmetic on elliptic curves and security of the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP). Elliptic curve cryptographic schemes are public-key mechanisms that provide encryption, digital signature and key exchange capabilities. Elliptic curve a lgorithms are also applied to generation of sequences of pseudo-random numbers. Another recent branch of cryptography is chaotic dynamical systems where security is based on high sensitivity of iterations of maps to initial conditions and parameters. In the present work, we give a short survey describing state-of-the-art of several sugge sted constructions for generating sequences of pseudorandom number generators based on elliptic curves (ECPRNG) over finite fields of prime o rder. In the second part of the paper we propose a method of generating sequences of pseudorandom points on elliptic curves over fin ite fields which is driven by a chaotic map. Such a constructio n improves randomness of the sequence generated since it combines good statistical properties of an ECPRNG and a CPRNG (Chaotic Pseudo- Random Number Generator). The algorithm proposed in this work is of interest for both classical and elliptic curve crypt ography.

Published
2015

16. On end-to-end approach for slice isolation in 5G networks. Fundamental challenges

Author

Marcin Alan Tunia, Jean-Philippe Wary, Tomasz Osko, Tomasz Wojciech Nowak, Mariusz Sepczuk, Zbigniew Kotulski, Rafal Artych, and Krzysztof Bocianiak

Subjects
business.industry, Computer science, Quality of service, 020206 networking & telecommunications, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Slicing, Electronic mail, Set (abstract data type), End-to-end principle, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Isolation (database systems), Architecture, Software engineering, business, computer
Abstract

There are several reports and white papers which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socio-economic impacts and technological constraints. Most of them deal with network slicing aspects as a central point, often strengthening slices with slice isolation. The goal of this paper is to present and examine the isolation capabilities and selected approaches for its realization in network slicing context. As the 5G architecture is still evolving, the specification of isolated slices operation and management brings new requirements that need to be addressed, especially in a context of End-to-End (E2E) security. Thus, an outline of recent trends in slice isolation and a set of challenges are proposed, which (if properly addressed) could be a step to E2E user's security based on slices isolation.

Published
2017

17. Cardholder’s Reputation System for Contextual Risk Management in Payment Transactions

Author

Zbigniew Kotulski and Albert Sitek

Subjects
Cover (telecommunications), Notice, Computer science, Transaction processing, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Payment, Popularity, Reputation system, 020204 information systems, Management system, 0202 electrical engineering, electronic engineering, information engineering, Database transaction, computer, media_common
Abstract

Electronic card payments gained huge popularity mainly because of their simplicity, convenience and processing time. Unfortunately transaction processing rules are constant for every transaction, for example each transaction above some hard limit (50 PLN in Poland) must be authorized with PIN verification. One can notice that such an approach is simple, but is not optimal: that is why Contextual Risk Management systems for payment transactions started to be created. This paper presents a new Cardholder’s Reputation System that can be used in Contextual Risk Management Systems. It is flexible thanks to a few parameters and allows to cover all possible transaction processes.

Published
2017

18. Multi-level Stateful Firewall Mechanism for Software Defined Networks

Author

Fahad Nife and Zbigniew Kotulski

Subjects
021110 strategic, defence & security studies, Service (systems architecture), Network architecture, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Networking hardware, Context-based access control, Stateful firewall, 0202 electrical engineering, electronic engineering, information engineering, Forwarding plane, Application firewall, business, Software-defined networking, Computer network
Abstract

Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to check every specific flow in the network and to push the security instructions in real-time down to the network. We also compare our proposal with other existing SDN-based security solutions.

Published
2017

21. Reputation as optimality measure in Wireless Sensor Network-based monitoring systems

Author

Tomasz Ciszkowski, Igor Dunajewski, and Zbigniew Kotulski

Subjects
Engineering, business.industry, Wireless network, Mechanical Engineering, media_common.quotation_subject, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Measure (physics), Aerospace Engineering, Ocean Engineering, Statistical and Nonlinear Physics, Condensed Matter Physics, Key distribution in wireless sensor networks, Nuclear Energy and Engineering, Sensor array, Reputation system, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, business, Telecommunications, Wireless sensor network, Structural monitoring, Civil and Structural Engineering, Reputation, media_common, Computer network
Abstract

In this paper we propose a new optimality measure for Wireless Sensor Network-based structural monitoring systems. First, we present the results of experiments showing the reasons for random effects in Wireless Sensor Network (WSN) functioning. Then, the formulas for calculating a network’s reputation measure are given. Finally, we conclude with arguments for the application of the reputation-based optimality measure in WSNs. We propose significantly new recommendations for the design and usage of WSNs.

Published
2011

22. Preface

Author

Radosław Iwankiewicz and Zbigniew Kotulski

Subjects
Nuclear Energy and Engineering, Mechanical Engineering, Aerospace Engineering, Ocean Engineering, Statistical and Nonlinear Physics, Condensed Matter Physics, Civil and Structural Engineering
Published
2011

23. CMAC, CCM and GCM/GMAC: Advanced modes of operation of symmetric block ciphers in wireless sensor networks

Author

Bogdan Ksiezopolski, Zbigniew Kotulski, and Pawel Szalachowski

Subjects
Block cipher mode of operation, Galois/Counter Mode, Computer science, business.industry, Cryptography, Cryptographic protocol, Computer Science Applications, Theoretical Computer Science, Embedded system, Signal Processing, NIST, business, CCM mode, Wireless sensor network, Information Systems, Block cipher
Abstract

Symmetric block ciphers are usually used in WSN for security services. This paper puts forward the idea of using advanced modes of operation of symmetric block ciphers to achieve confidentiality and authentication in one cryptographic operation. The modes of operation approved by NIST that is CMAC, CCM, GCM/GMAC are applied here. The benchmarks of these approaches in the terms of efficiency of nodes in WSN are presented.

Published
2010

24. Adaptable security mechanism for dynamic environments

Author

Bogdan Ksiopolski and Zbigniew Kotulski

Subjects
General Computer Science, Network security, Computer science, Covert channel, Computer security, computer.software_genre, Asset (computer security), Security testing, Security information and event management, Information security audit, Information security management, Security association, Risk management, Cloud computing security, business.industry, Information technology, Public key infrastructure, Information security, Computer security model, Cryptographic protocol, Security service, Security through obscurity, Security convergence, International security, Network security policy, Element (criminal law), business, Law, computer, Countermeasure (computer)
Abstract

Electronic services in dynamic environment (e.g. e-government, e-banking, e-commerce, etc.), meet many different barriers reducing their efficient applicability. One of them is the requirement of information security when it is transmitted, transformed, and stored in an electronic service. It is possible to provide the appropriate level of security by applying the present-day information technology. However, the level of protection of information is often much higher than it is necessary to meet potential threats. Since the level of security strongly affects the performance of the whole system, the excessive protection decreases its reliability and availability and, as a result, its global security. In this paper we present a mechanism of adaptable security for, digital information transmission systems (being usually the crucial part of e-service). It makes it possible to guarantee the adequate level of protection for actual level of threats dynamically changing in the environment. In our model the basic element of the security is the Public Key Infrastructure (PKI) is enriched with specific cryptographic modules.

Published
2007

25. On ASGS framework: general requirements and an example of implementation

Author

Zbigniew Kotulski and Kamil Kulesza

Subjects
TheoryofComputation_MISCELLANEOUS, Scheme (programming language), Conjecture, Property (philosophy), Theoretical computer science, Computer science, General Engineering, Cryptographic protocol, Base (topology), Computer security, computer.software_genre, Secret sharing, computer, computer.programming_language, Abstraction (linguistics), Quantum computer
Abstract

In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from knowing the secret. The Basic Property Conjecture (BPC) forms the base of the framework. Due to the level of abstraction, results are portable into the realm of quantum computing. Two situations are discussed. First concerns simultaneous generation and sharing of the random, prior nonexistent secret. Such a secret remains unknown until it is reconstructed. Next, we propose the framework for automatic sharing of a known secret. In this case the Dealer does not know the secret and the secret Owner does not know the shares. We present opportunities for joining ASGS with other extended capabilities, with special emphasis on PVSS and pre-positioned secret sharing. Finally, we illustrate framework with practical implementation.

Published
2007

26. Image Encryption Using Koblitz’s Encoding and New Mapping Method Based on Elliptic Curve Random Number Generator

Author

Omar Reyad and Zbigniew Kotulski

Subjects
Elliptic curve, Digital signature, Computer science, business.industry, Key (cryptography), Cryptosystem, Overhead (computing), Affine transformation, Arithmetic, Elliptic curve cryptography, Encryption, business, Computer Science::Cryptography and Security
Abstract

Elliptic Curve Cryptography (ECC) has attractive advantages compared to other public-key cryptosystems that motivated cryptographers for using it. ECC offers equal security for a smaller key sizes, thereby reducing processing overhead, making it ideal for small devices, key agreement protocols and digital signature applications. Images are data types that occasionally include secret information, such as faces, places and signatures. Encryption scheme is a technique to protect images secrecy by encrypting them before transmission over public networks and unsecured channels. In this paper, we proposed an image encryption scheme which is based on computational operations (Add, Double, Multiply) on points that lie on a predefined elliptic curve (EC). For any ECC-based encryption scheme, converting a message (image pixel) to a coordinate on an affine curve is a mandatory prerequisite. The proposed image encryption scheme utilizes, both, the Koblitz’s encoding method and the novel proposed mapping method to convert pixels of a plainimage into coordinates of the predefined EC-points. Then, addition of the resulting points with the points resulting from the Chaos-Driven Elliptic Curve Pseudo-random Number Generator (C-D ECPRNG) is considered for completion of the image encryption process. Discussing Koblitz’s encoding method, creating the mapping table, the converting process and the encryption itself are given in detail along with their implementation. Finally, drawing EC-points is done to show changes in the distribution of points in each case.

Published
2015

27. On Mobile Agents Resistance to Traffic Analysis

Author

Konrad Kulesza, Kamil Kulesza, and Zbigniew Kotulski

Subjects
Traffic analysis, security protocols, General Computer Science, Computer science, Cryptographic protocol, Computer security, computer.software_genre, Theoretical Computer Science, side channel attacks, traffic analysis, Mobile agents security, computer, Anonymity, Computer Science(all)
Abstract

This paper will concern itself with a formulation of a traffic analysis problem for mobile agents. It is an interesting theoretical problem as well as a critical feature when using agents on a massive scale in decision making systems. The decision making systems are applied to demanding and complex environments such as stock markets. The mobile agents used are natural targets for attacks because they provide information for decision making. The resulting information can have a value measured in millions of dollars and information of such a high value attracts potential attacks. An efficient way to attack the user of decision making systems is to learn her strategy and respond in kind. In this respect even passive observation of agents can provide useful data, namely what information they are gathering. A common first defense is to provide anonymity for mobile agents. However, what happens when anonymity is gone? What information then becomes available and what steps will the user take? Yet, the problem has not been previously formulated for such a framework. We formulate it in terms of various factors used for traffic analysis. These factors originate from different side channels that provide information on the operating agents. At the end we state a paradox, which links an excessive use of countermeasures against traffic analysis with weakening system security.

Published
2006
Full Text
View/download PDF

28. On a mechanism of detection of coalitions for reputation systems in P2P networks

Author

Zbigniew Kotulski and Grzegorz Orynczak

Subjects
Competition (economics), Mechanism (biology), Order (exchange), Computer science, media_common.quotation_subject, Position (finance), Community or, Computer security, computer.software_genre, Construct (philosophy), computer, Reputation, media_common
Abstract

One of the most common types of attacks on reputation systems is made by reporting unfair ratings. They can be performed by the individual malicious members or by a group of agents forming a coalition and cooperating together in order to achieve particular purpose (e.g, to gain higher position in the community or to discredit the competition). Due to the fact, that such attacks are performed often by intelligent coalitions, they are much more harmful and harder to detect. This paper describes a novel algorithm for coalition detecting in reputation systems. By observing the agents which are controversially rated by the community it is possible to construct agents cooperation matrices and identify harmful coalitions. Detailed description of the algorithm is provided and presented simulation results confirm the effectiveness of the detection.

Published
2014

30. Adaptable Context Management Framework for Secure Network Services

Author

Mariusz Sepczuk, Marcin Alan Tunia, Albert Sitek, and Zbigniew Kotulski

Subjects
Secure voice, Computer science, Network service, Context management, Network application, Computer security, computer.software_genre, computer, Industrial and Manufacturing Engineering
Abstract

Last decades the contextual approach became an important methodology of analysing information processes in the dynamic environment. In this paper we propose a context management framework suitable for secure network services. The framework allows tracking the contextual information from its origin, through all stages of its processing up to application in security services protecting the secure network application. Besides the framework's description, an example of its application in constructing secure voice call network service is given.

Published
2014

31. Statistical Analysis of the Chaos-Driven Elliptic Curve Pseudo-random Number Generators

Author

Omar Reyad and Zbigniew Kotulski

Subjects
Pseudorandom number generator, Elliptic curve, Computer science, Applied mathematics, Hessian form of an elliptic curve, Elliptic curve cryptography, Schoof's algorithm, Lenstra elliptic curve factorization, Supersingular elliptic curve, Randomness
Abstract

In this paper, after a short survey describing several known constructions recommended for generating sequences of pseudo-random numbers based on elliptic curves over finite fields of prime order, we propose a method of generating such sequences of points with algorithms driven by a chaotic map. Our construction improves randomness of the sequence generated since it combines good statistical properties of an ECPRNG (Elliptic Curve Pseudo-Random Number Generator) and a CPRNG (Chaotic Pseudo-Random Number Generator). Theoretical analysis shows that periods of the proposed constructions are longer than in the case of the ECPRNG without modulation by a chaotic map. In the second part of the paper we present numerical analysis of the proposed construction to obtain optimal parameters of the generator. We also use some tests from the NIST’s SP 800-22 Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications to analyze statistical properties of the proposed constructions for different values of parameters.

Published
2014

32. Context-Aware Secure Routing Protocol for Real-Time Services

Author

Grzegorz Orynczak and Zbigniew Kotulski

Subjects
Routing protocol, Routing Information Protocol, Dynamic Source Routing, Zone Routing Protocol, Link-state routing protocol, Computer science, business.industry, Enhanced Interior Gateway Routing Protocol, Policy-based routing, Wireless Routing Protocol, business, Computer network
Abstract

The purpose of this paper is to propose a context-aware secure routing protocol suitable for real-time services. Since such a protocol undergoes a number of independent constraints connected with: dynamic changes of the environment, security assumptions, network limitations and end-users personal requirements, the context factors need specific treatment to be real support for an optimal route selection. The proposed framework systemizes the roles of all actors in establishing optimal and secure network connection for real-time services. The most suitable routing scheme is selected dynamically from the available portfolio, basing on actual context factors. Optimally, in the case of absence of any routing scheme satisfying a specific criterion given by context, a new scheme can be created on-demand, using the multi-constrained optimal path selection technique. The framework supports also additional optimization techniques (like fast packet retransmission, redundant routing etc.). Also the necessary security mechanisms have been implemented. Besides standard hard-security mechanisms, like private key encryption, also soft security techniques (i.e. reputation management) for detecting and blocking malicious nodes are used.

Published
2014

33. Cryptography and Security Systems

Author

Bogdan Ksiezopolski, Zbigniew Kotulski, and Katarzyna Mazur

Subjects
Power analysis, Hardware security module, Computer science, Financial cryptography, Cryptography standards, Strong cryptography, PKCS, Cryptography law, Computer security, computer.software_genre, computer, PKCS #1
Published
2014

34. Pseudorandom Number Generators Based on Chaotic Dynamical Systems

Author

Zbigniew Kotulski and Janusz Szczepanski

Subjects
Statistics and Probability, Pseudorandom number generator, Dynamical systems theory, Pseudorandomness, Chaotic, Complex system, Statistical and Nonlinear Physics, Pseudorandom generator theorem, Topology, Mixing (mathematics), Control theory, Ergodic theory, Mathematical Physics, Mathematics
Abstract

Pseudorandom number generators are used in many areas of contemporary technology such as modern communication systems and engineering applications. In recent years a new approach to secure transmission of information based on the application of the theory of chaotic dynamical systems has been developed. In this paper we present a method of generating pseudorandom numbers applying discrete chaotic dynamical systems. The idea of construction of chaotic pseudorandom number generators (CPRNG) intrinsically exploits the property of extreme sensitivity of trajectories to small changes of initial conditions, since the generated bits are associated with trajectories in an appropriate way. To ensure good statistical properties of the CPRBG (which determine its quality) we assume that the dynamical systems used are also ergodic or preferably mixing. Finally, since chaotic systems often appear in realistic physical situations, we suggest a physical model of CPRNG.

Published
2001

35. APPLICATION OF DISCRETE CHAOTIC DYNAMICAL SYSTEMS IN CRYPTOGRAPHY — DCC METHOD

Author

Andrzej Paszkiewicz, Janusz Szczepański, Anna Zugaj, Karol Górski, and Zbigniew Kotulski

Subjects
Theoretical computer science, business.industry, Applied Mathematics, Chaotic, Plaintext, Cryptography, Encryption, Modeling and Simulation, Key (cryptography), Initial value problem, Cryptosystem, business, Engineering (miscellaneous), Realization (systems), Algorithm, Computer Science::Cryptography and Security, Mathematics
Abstract

In the paper we propose a method of constructing cryptosystems, utilizing a nonpredictability property of discrete chaotic systems. We point out the requirements for such systems to ensure their security. The presented algorithms of encryption and decryption are based on multiple iteration of a certain dynamical chaotic system coming from gas dynamics models. A plaintext message specifies a part of the initial condition of the system (a particle's initial position). A secret key specifies the remaining part of initial condition (the particle's initial angle) as well as a sequence of discrete choices of the pre-images in the encryption procedure. We also discuss problems connected with the practical realization of such chaotic cryptosystems. Finally we demonstrate numerical experiments illustrating the basic properties of the proposed cryptosystem.

Published
1999

36. Effective transmission properties of a randomly segmented elastic bar

Author

Zbigniew Kotulski

Subjects
Materials science, Acoustics and Ultrasonics, Bar (music), business.industry, Mechanical Engineering, Numerical analysis, Random media, Condensed Matter Physics, Rod, Transmission properties, Mechanics of Materials, Composite material, Telecommunications, business
Published
1995

37. A Virtualization-Level Future Internet Defense-in-Depth Architecture

Author

Pawel Szalachowski, Zbigniew Kotulski, Jerzy Konorski, Piotr Pacyna, Krzysztof Cabaj, and Grzegorz Kołaczek

Subjects
Computer science, business.industry, Node (networking), Testbed, Enterprise information security architecture, Virtualization, computer.software_genre, Computer security, Internet Architecture Board, Infranet, The Internet, Architecture, business, computer
Abstract

An EU Future Internet Engineering project currently underway in Poland defines three Parallel Internets (PIs). The emerging IIP System (IIPS, abbreviating the project’s Polish name), has a four-level architecture, with Level 2 responsible for creation of virtual resources of the PIs. This paper proposes a three-tier security architecture to address Level 2 threats of alien traffic injection and IIPS traffic manipulation or forging. It is argued that the measures to be taken differ in nature from those ensuring classical security attributes. A combination of hard- and soft-security mechanisms produces node reputation and trust metrics, which permits to eliminate or ostracize misbehaving nodes. Experiments carried out in a small-scale IIPS testbed are briefly discussed.

Published
2012

40. Mobile identity management system in heterogeneous wireless networks

Author

Zbigniew Kotulski and ŁUkasz Kucharzewski

Subjects
business.industry, Computer science, Wireless network, Mobile computing, Public key infrastructure, Trusted third party, Computer security, computer.software_genre, WiMAX, Industrial and Manufacturing Engineering, Wireless security, Mobile identity management, business, computer, Heterogeneous network, Computer network
Abstract

Heterogeneous wireless networks increasingly encroach on our lives. Various technologies and mobile applications more often than usual are now used by mobile users. Intensive development of mobile networks not only sets new standards for radio, but increasingly focuses on providing security for traffic transmitted in wireless networks. Security in wireless networks has never been the primary objective of the designers of new network standards. The reason for this fact were both low hardware resources of equipment, but also lack of awareness of users about the potential vulnerabilities. Creating a secure, independent of network architecture solutions effectively raising the level of security of transmitted data between end users is the main priority of our research. Current wireless security solutions do not provide sufficient protection of the integrity, confidentiality of data, are not designed to operate in heterogeneous networks, or are too complex to implement. Both networks WiMAX, LTE and WiFi, there are methods that protect the resources in these networks, but they are not consistent with each other. The proposed security system requires the use of mobile version of the PKI to verify the identity of mobile users. Mobile PKI center is an innovative solution, not yet introduced for casual use. Such a solution in heterogeneous wireless networks is a fast, secure and transparent to transmission medium. Designing secure and efficient authentication protocols to enable fast connections to the heterogeneous network is challenging. In the proposed system in this paper, the users authenticate their identity digital certificates that are issued by a trusted third party (CA). PKI uses the algorithms based on elliptic curves. Advantages of elliptic curves in mobile environment will be particularly evident. This ensures adequate protection of data in a heterogeneous networks. In this system, it is possible to implement many new secure services for end users secure email, secure chat, secure remote access.

Published
2011

41. Agent based infrastructure for real-time applications

Author

Grzegorz Orynczak and Zbigniew Kotulski

Subjects
Routing protocol, Voice over IP, Multicast, business.industry, Computer science, Network packet, Quality of service, Distributed computing, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Overlay network, Industrial and Manufacturing Engineering, Server, business, Computer network
Abstract

In this paper we propose a new infrastructure for real-time applications. As a preliminary, we describe basic characteristics of the most popular real-time services like VoIP, videoconferencing, live media streaming, and network multiplayer games. We focus on the end-to-end latency, bandwidth and efficient transmission methods. Next, we present our project concepts, infrastructure model, details of implementation and our testing environment which was designed for testing many aspects of real-time services. The system combines mechanisms for ensuring best possible connection quality (QoS), load balance of servers in infrastructure and gives control over the packet routing decisions. Additionally, provided security mechanisms make it a good choice even in the environment where a high security level is required. The system is based on the Peer-to-Peer (P2P) model and data between users is routed over an overlay network, consisting of all participating peers as network nodes. This overlay can by used for application level multicast or live media stream. In the logging process each user is assigned to a specific node (based on his geographic location and nodes load). Because nodes are participating in data transmission, we have control over the data flow route. It is possible to specify the desired route, so, regardless of the external routing protocol, we can avoid paths that are susceptible to eavesdropping. Another feature of the presented system is usage of agents. Each agent acts within the single node. Its main task is to constantly control the quality of transmission. It analyzes such parameters like link bandwidth use, number of lost packets, time interval between each packet etc. The information collected by the agents from all nodes allows to build a dynamic routing table. Every node uses the Dijkstra's algorithm to find the best at the moment route to all other nodes. The routes are constantly modified as a consequence of changes found by agents or updates sent by other nodes. In VoD services agents also analyze popularity of streamed media, which helps build intelligent video cache. To ensure greater security and high reliability of the system, we have provided a reputation mechanism. It is used during bringing up to date the information about possible routes and their quality, given by other nodes. Owing to this solution nodes and routes which are more reliable get higher priority.

Published
2011

42. Secure time information in the internet key exchange protocol

Author

Pawel Szalachowski and Zbigniew Kotulski

Subjects
Key-agreement protocol, business.industry, computer.internet_protocol, Computer science, Internet layer, Oakley protocol, Cryptographic protocol, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, law.invention, Internet protocol suite, law, Internet Protocol, Universal composability, business, computer, Key exchange, Computer network
Abstract

Many network services and protocols can work correctly only when freshness of messages sent between participants is assured and when the protocol parties' internal clocks are adjusted. In this paper we present a novel, secure and fast procedure which can be used to ensure data freshness and clock synchronization between two communicating parties. Next, we show how this solution can be used in other cryptographic protocols. As an example of application we apply our approach to the Internet Key Exchange (IKE) protocol family.

Published
2011

43. Non—cryptographic methods for improving real time transmission security and integrity

Author

Zbigniew Kotulski and Grzegorz Orynczak

Subjects
Scheme (programming language), Steganography, Computer science, Network packet, business.industry, Reliability (computer networking), Eavesdropping, Cryptography, Industrial and Manufacturing Engineering, IP header, Path (graph theory), business, computer, Computer network, computer.programming_language
Abstract

In this paper we present a few non cryptographic methods for improving the security, integrity and reliability of real time services. The methods presented in this paper apply to real time transmitting systems, which are based on the Peer-to-Peer (P2P) model. A basic idea of the first technique is to use agents for detecting steganographic content in packet headers, so packets with suspicious entries in the IP header fields will be blocked or the fields will be erased. The two other presented techniques are based on reputation and trust systems, so trust and reputation basic definitions, types and modelling methods are shown. Also a simple design scheme of using these mechanisms in a P2P real-time data transmitting infrastructure is presented. Additionally, we describe an idea of path selecting technique, which can be used to avoid paths that are susceptible to eavesdropping.

Published
2011

44. Comparative evaluation of performance-boosting tools for Python

Author

Zbigniew Kotulski and ŁUkasz Kucharzewski

Subjects
Data exchange, Computer science, business.industry, Data security, Architecture, Computer security, computer.software_genre, Encryption, business, WiMAX, computer, Industrial and Manufacturing Engineering, Computer network
Abstract

This document presents thorough information on the WiMAX technology, its detailed architecture and illustrates security mechanisms employed. The first part discusses basic properties and components of WiMAX network. Individual sub-layers of the network operation have been presented. The second part describes all security-related aspects and solutions employed to ensure secure data exchange: cryptographic keys generation and exchange, authentication processes and encrypted data exchange. The last part illustrates potential attacks, means of effective protection and methods for improving security in WiMAX networks.

Published
2011

45. Middleware non-repudiation service for the data warehouse

Author

Zbigniew Kotulski and Bogdan Ksiezopolski

Subjects
Service (systems architecture), Database, Computer science, Data security, computer.software_genre, Computer security, Industrial and Manufacturing Engineering, Data warehouse, Non-repudiation, Security service, Middleware (distributed applications), Systems architecture, Data architecture, computer
Abstract

Nowadays, storing the information is fundamental for the correct functioning of any organization. The critical factor is to guarantee the security of the stored data. In the traditional database systems the security requirements are limited to confidentiality, integrity, availability of the data and user authorization. The criticality of the database system and data repositories for modern business with the new requirements of law and governments, makes the development of new system architecture necessary which ensures sophisticated set of security services. In this paper we propose the database architecture that ensures the non-repudiation of the user queries and data warehouse actions. These security services are accomplished by means of the middleware layer in the data warehouse architecture.

Published
2010

46. SPOT: Optimization Tool for Network Adaptable Security

Author

Pawel Szalachowski, Zbigniew Kotulski, and Bogdan Ksiezopolski

Subjects
Cloud computing security, Security association, business.industry, Computer science, Network Access Control, Security through obscurity, Computer security model, Cryptographic protocol, business, Security information and event management, Security testing, Computer network
Abstract

Recently we have observed the growth of the intelligent application especially with its mobile character, called e-anything. The implementation of these applications provides guarantee of security requirements of the cryptographic protocols which are used in the application. Traditionally the protocols have been configured with the strongest possible security mechanisms. Unfortunately, when the application is used by means of the mobile devices, the strongest protection can lead to the denial of services for them. The solution of this problem is introducing the quality of protection models which will scale the protection level depending on the actual threat level. In this article we would like to introduce the application which manages the protection level of the processes in the mobile environment. The Security Protocol Optimizing Tool (SPOT) optimizes the cryptographic protocol and defines the protocol version appropriate to the actual threat level. In this article the architecture of the SPOT is presented with a detailed description of the included modules.

Published
2010

47. On Authentication Method Impact upon Data Sampling Delay in Wireless Sensor Networks

Author

Pawel Szalachowski, Bogdan Ksiezopolski, and Zbigniew Kotulski

Subjects
Key distribution in wireless sensor networks, business.industry, Computer science, Authentication protocol, Sensor node, Embedded system, Lightweight Extensible Authentication Protocol, Mobile wireless sensor network, Message authentication code, business, Hash-based message authentication code, Wireless sensor network, Computer network
Abstract

Traffic in Wireless Sensor Network (WSN) consists of short packets sent by nodes that are usually identical in respect of software applied and their hardware architecture. In such a communication environment it is important to guarantee authentication of the nodes. The most popular way to achieve this basic security service is using Message Authentication Code (MAC). The sensor node’s harbware is very limited so the cryptography used must be very efficient. In the article we focus on the influence of the authentication method’s performance on delays in data sampling by the sensor nodes. We present efficiency results for MACs generation in the node. We compare the results for approved, standardized and commonly-used schemes: CMAC, GMAC and HMAC based on MD5 and SHA-1. Additionally, we compare the obtained results with the performance of PKC-based authentication method using the ECDSA.

Published
2010

48. Analysis of neural networks usage for detection of a new attack in IDS

Author

Przemyslaw Kukielka and Zbigniew Kotulski

Subjects
Data set, Identification (information), Knowledge extraction, Artificial neural network, Process (engineering), Computer science, Multilayer perceptron, Intrusion detection system, Data mining, computer.software_genre, Implementation, computer, Industrial and Manufacturing Engineering
Abstract

Generally, Intrusion Detection Systems (IDS) work using two methods of identification of attacks: by signatures, that are specific defined elements of the network traffic possible to identify and by anomalies being some deviation form of the network behaviour assumed as normal. Recently, some attempts have been made to implement artificial intelligence method for detection of attacks. Many such implementations use for testing and learning process the data set provided by KDD (Knowledge Discovery and Data Mining Competition) project in 1999. Unfortunately, KDD99 data set was created more than eight years ago and during this time many new attacks have been discovered. In this paper we present our research on updating KDD99 data with traces of attacks of new types. After updating, the data set was used for training and testing MLP (Multi Layer Perceptron) neural network architecture IDS.

Published
2010

49. Adaptation of the neural network-based IDS to new attacks detection

Author

Przemysław Kukiełka and Zbigniew Kotulski

Subjects
FOS: Computer and information sciences, Computer Science - Cryptography and Security, Cryptography and Security (cs.CR)
Abstract

In this paper we report our experiment concerning new attacks detection by a neural network-based Intrusion Detection System. What is crucial for this topic is the adaptation of the neural network that is already in use to correct classification of a new "normal traffic" and of an attack representation not presented during the network training process. When it comes to the new attack it should also be easy to obtain vectors to test and to retrain the neural classifier. We describe the proposal of an algorithm and a distributed IDS architecture that could achieve the goals mentioned above., Comment: 9 pages, 3 figures, 4 tables

Published
2010
Full Text
View/download PDF

50. Wave propagation in randomly stratified media and the law of large numbers

Author

Zbigniew Kotulski

Subjects
Acoustics and Ultrasonics, Wave propagation, Mechanical Engineering, Scalar (mathematics), Stochastic matrix, chemistry.chemical_element, Condensed Matter Physics, Classical mechanics, chemistry, Mechanics of Materials, Aluminium, Law of large numbers, Slab, Mathematics
Abstract

The propagation of scalar harmonic waves through a randomly stratified slab is investigated. The transition matrix method is applied for the analysis of the problem. To obtain the effective parameters of the material of the slab the law of large numbers for non-commuting products is applied. The results are illustrated with the numerical example of the propagation of elastic waves in steel-titanium laminate in an aluminium environment.

Published
1992

Catalog

Books, media, physical & digital resources
See catalog results