Your search keyword '"COMPUTER network protocols"' showing total 753 results

1. The Criteria for Adapting a Blockchain Consensus Algorithm to IoT Networks †.

Author

Aghroud, Mohamed, Oualla, Mohamed, and El Bermi, Lahcen

Subjects

BLOCKCHAINS, INTERNET of things, COMPUTER algorithms, COMPUTER security, COMPUTER network protocols

Abstract

The Internet of Things (IoT) is a network of smart objects connected via the Internet, where each object is identified by a unique, accessible, and programmable address, while Blockchain is a technology for storing and transmitting information based on a decentralized system such that the centralized validation of transactions is replaced by a consensus mechanism. The integration of these two technologies requires consensus protocols to overcome the major challenges encountered in IoT systems, including issues related to security, storage capacity limits, computing power, etc. Therefore, different consensus algorithms have been implemented. For this purpose, this paper presents a research study on the criteria that would render a Blockchain consensus algorithm suitable for IoT networks, namely, computing power, latency, storage capacity, and security. [ABSTRACT FROM AUTHOR]

Published

2023

2. Accountable Private Set Cardinality for Distributed Measurement.

Author

FENSKE, ELLIS, MANI, AKSHAYA, JOHNSON, AARON, and SHERR, MICAH

Subjects

DISTRIBUTED computing, CRYPTOGRAPHY, COMPUTER network protocols, DATA privacy, COMPUTER security, COMPUTER network reliability

Abstract

We introduce cryptographic protocols for securely and efficiently computing the cardinality of set union and set intersection. Our private set-cardinality protocols (PSC) are designed for the setting in which a large set of parties in a distributed system makes observations, and a small set of parties with more resources and higher reliability aggregates the observations. PSC allows for secure and useful statistics gathering in privacy-preserving distributed systems. For example, it allows operators of anonymity networks such as Tor to securely answer the questions: Howmany unique users are using the network? and Howmany hidden services are being accessed? We prove the correctness and security of PSC in the Universal Composability framework against an active adversary that compromises all but one of the aggregating parties. Although successful output cannot be guaranteed in this setting, PSC either succeeds or terminates with an abort, and we furthermore make the adversary accountable for causing an abort by blaming at least one malicious party. We also show that PSC prevents adaptive corruption of the data parties from revealing past observations, which prevents them from being victims of targeted compromise, and we ensure safe measurements by making outputs differentially private. We present a proof-of-concept implementation of PSC and use it to demonstrate that PSC operates with lowcomputational overhead and reasonable bandwidth. It can count tens of thousands of unique observations from tens to hundreds of data-collecting parties while completing within hours. PSC is thus suitable for daily measurements in a distributed system. [ABSTRACT FROM AUTHOR]

Published

2022

3. MQTT TABANLI IOT SİSTEMİNE YAPILAN SALDIRILARIN MAKİNE ÖĞRENİMİ KULLANILARAK TESPİTİ.

Author

KAHYA, Ayça Nur and YOLAÇAN, Esra Nergis

Subjects

INTERNET of things, CYBERTERRORISM, INTERNET security, COMPUTER network protocols, COMPUTER security

Abstract

Copyright of Journal of Engineering & Architectural Faculty of Eskisehir Osmangazi University / Eskişehir Osmangazi Üniversitesi Mühendislik ve Mimarlık Fakültesi Dergisi is the property of Eskisehir Osmangazi University and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

4. A Unified Architectural Approach for Cyberattack-Resilient Industrial Control Systems.

Author

Zhou, Chunjie, Hu, Bowen, Shi, Yang, Tian, Yu-Chu, Li, Xuan, and Zhao, Yue

Subjects

INDUSTRIAL controls manufacturing, COMPUTER network protocols, INDUSTRY 4.0, COMPUTER security, EMERGING industries

Abstract

With the rapid development of functional requirements in the emerging Industry 4.0 era, modern industrial control systems (ICSs) are no longer isolated islands, making them more vulnerable to various cyberattack threats. Cyberattacks on ICSs may have disruptive consequences, such as significant social and economic losses. To proactively address the security issue of ICSs, this article presents a unified architectural approach from the perspectives of cyberthreats on ICSs, security-related ICS technologies, and methods for ICSs. It incorporates secure networks, secure control systems, secure physical processes, and their interactions seamlessly into a unified framework. To increase the resistance of ICSs against intrusions, the network security in our architectural approach is to secure the data in motion through the integration of secure network architecture, secure industrial network protocols, and secure end-to-end communications. The protection of control systems in our architectural approach is risk-based and hierarchical and encompasses prevention- and tolerance-centric defenses. It provides a layer-by-layer defense so that an acceptable level of cybersecurity risk is achieved and maintained. Aiming to maintain the stable operation of physical ICS processes, the secure control in our architectural approach implements a security process against process-aware attacks through a resilient safety control scheme. The global and systematic architectural approach presented in this article for the ICS cybersecurity will help facilitate the design and implementation of cyberattack-resilient ICSs in the networked world. For further development of ICS security technologies, emerging challenges are identified and discussed to motivate future research efforts. [ABSTRACT FROM AUTHOR]

Published

2021

5. Analyzing Security Protocols with Secrecy Types and Logic Programs.

Author

Abadi, Martín and Blanchet, Bruno

Subjects

COMPUTER network protocols, COMPUTER security, SECURITY systems, DATA protection, CRYPTOGRAPHY

Abstract

We study and further develop two language-based techniques for analyzing security protocols. One is based on a typed process calculus; the other, on untyped logic programs. Both focus on secrecy properties. We contribute to these two techniques, in particular by extending the former with a flexible, generic treatment of many cryptographic operations. We also establish an equivalence between the two techniques. [ABSTRACT FROM AUTHOR]

Published

2005

6. New design of lightweight authentication protocol in wearable technology.

Author

Galih Bangun Santosa and Setiyo Budiyanto

Subjects

*WEARABLE technology, *NEAR field communication, *IMPERSONATION, *ELECTRONIC authentication, *ONLINE identity theft, *COMPUTER network protocols, *COMPUTER security

Abstract

Today, the use of wearable devices is becoming a thing inherent in the daily activities of urban communities. In practice, wearable communications may contain sensitive information regarding a user's health record, so authentication and confidentiality of data exchanged must be guaranteed. In addition, the success of authentication between users, wearable devices and smartphones is very important because there are various threats of attack on the authentication process. Based on previous studies, it was found that the security functionality of user impersonation attack is not owned by lightweight authentication protocols in the current wearable communication environment. So this research undertakes the design of a lightweight authentication protocol to be immune to user impersonation attacks to supplement the lack of security functionality in previous protocols with the support of performing a formal analysis using the Scyther Tool. The research method used is a Research Library supported by conducting protocol security test experiment. The developed protocol utilizes a modified and customized S-NCI key establishment protocol scheme to meet all targeted security functionality. The research resulted that the lightweight authentication protocol generated was immune to the impersonation attacks of users, then was able to add two new functionalities that added wearable devices and added smartphones. [ABSTRACT FROM AUTHOR]

Published

2019

7. Experimental demonstration of the DPTS QKD protocol over a 170 km fiber link.

Author

Da Lio, B., Bacco, D., Cozzolino, D., Ding, Y., Dalgaard, K., Rottwitt, K., and Oxenløwe, L. K.

Subjects

*QUANTUM computing, *COMPUTER network protocols, *COMPUTER security, *COMPUTER performance, *QUBITS, *OPTICAL fibers

Abstract

Quantum key distribution (QKD) is a promising technology that aims to solve the security problem arising from the advent of quantum computers. While the main theoretical aspects are well developed today, limited performances, in terms of the achievable link distance and the secret key rate, are preventing the deployment of this technology on a large scale. More recent QKD protocols, which use multiple degrees of freedom for encoding of the quantum states, allow enhancement of the system performances. Here, we present the experimental demonstration of the differential phase-time shifting protocol up to 170 km of the fiber link. We compare its performance with the well-known coherent one-way and differential phase shifting protocols, demonstrating a higher secret key rate up to 100 km. Moreover, we propagate a classical signal in the same fiber, proving the compatibility of quantum and classical light. [ABSTRACT FROM AUTHOR]

Published

2019

8. Formally analyzed m-coupon protocol with confirmation code (MCWCC).

Author

YILDIRIM, Kerim, DALKILIÇ, Gökhan, and DURU, Nevcihan

Subjects

*ELECTRONIC coupons (Retail trade), *COMPUTER network protocols, *MOBILE apps, *CONSUMER behavior, *COMPUTER security

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers. [ABSTRACT FROM AUTHOR]

Published

2019

9. Everlasting Multi-party Computation.

Author

Unruh, Dominique

Subjects

CRYPTOGRAPHY, COMPUTER security, QUANTUM theory, STRING theory, COMPUTER network protocols

Abstract

A protocol has everlasting security if it is secure against adversaries that are computationally unlimited after the protocol execution. This models the fact that we cannot predict which cryptographic schemes will be broken, say, several decades after the protocol execution. In classical cryptography, everlasting security is difficult to achieve: even using trusted setup like common reference strings or signature cards, many tasks such as secure communication and oblivious transfer cannot be achieved with everlasting security. An analogous result in the quantum setting excludes protocols based on common reference strings, but not protocols using a signature card. We define a variant of the Universal Composability framework, everlasting quantum-UC, and show that in this model, we can implement secure communication and general multi-party computation using signature cards as trusted setup. [ABSTRACT FROM AUTHOR]

Published

2018

10. On the Origin of Kerberos.

Author

Saltzer, Jerome H. and Walden, David

Subjects

*COMPUTER network protocols, *TELEPHONE systems, *COMPUTER engineering, *TELECOMMUNICATION systems, *COMPUTER security, *DATA security

Abstract

For a second generation secure telephone system, Howard Rosenblum in 1967 proposed and patented a key distribution system that he called Bellfield. 2 When in the 1960s the NSA developed a secure telephone system these requirements presented a problem: since anyone with a phone capable of encryptionmightplaceacalltoanyothersuchphone, it seemed that there had to be an advance arrangement to share a unique encryption key between every potential pair of telephones. Thus, cryptographic communication requires advance planning to choose encryption and decryption keys and to distribute those keys to the sender and receiver using a secure communication method. The remainder of this discussion assumes use of symmetric encryption, which means that the encryption and decryption keys are either identical or derivable one from the other, so the secure communication of the keys must assure bothconfidentialityandintegrity. [Extracted from the article]

Published

2021

11. A PUF-based hardware mutual authentication protocol.

Author

Barbareschi, Mario, De Benedictis, Alessandra, and Mazzocca, Nicola

Subjects

*COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *UNIQUENESS (Mathematics), *COMPUTER architecture

Abstract

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. [ABSTRACT FROM AUTHOR]

Published

2018

12. Precoding-Aided Spatial Modulation for the Wiretap Channel with Relay Selection and Cooperative Jamming.

Author

Bouida, Zied, Stavridis, Athanasios, Ghrayeb, Ali, Haas, Harald, Hasna, Mazen, and Ibnkahla, Mohamed

Subjects

COMPUTER network security, COMPUTER network protocols, INTERNET protocols, PROTOCOL analyzers, COMPUTER security

Abstract

We propose in this paper a physical-layer security (PLS) scheme for dual-hop cooperative networks in an effort to enhance the communications secrecy. The underlying model comprises a transmitting node (Alice), a legitimate node (Bob), and an eavesdropper (Eve). It is assumed that there is no direct link between Alice and Bob, and the communication between them is done through trusted relays over two phases. In the first phase, precoding-aided spatial modulation (PSM) is employed, owing to its low interception probability, while simultaneously transmitting a jamming signal from Bob. In the second phase, the selected relay detects and transmits the intended signal, whereas the remaining relays transmit the jamming signal received from Bob. We analyze the performance of the proposed scheme in terms of the ergodic secrecy capacity (ESC), the secrecy outage probability (SOP), and the bit error rate (BER) at Bob and Eve. We obtain closed-form expressions for the ESC and SOP and we derive very tight upper-bounds for the BER. We also optimize the performance with respect to the power allocation among the participating relays in the second phase. We provide examples with numerical and simulation results through which we demonstrate the effectiveness of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2018

13. An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment.

Author

Anandhi, S., Anitha, R., and Sureshkumar, Venkatasamy

Subjects

*RADIO frequency identification systems, *CLOUD computing, *COMPUTER security, *COMPUTER network protocols, *COMPUTER access control, *ELECTRONIC authentication, *DATA encryption

Abstract

Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost. [ABSTRACT FROM AUTHOR]

Published

2018

14. Fast Garbling of Circuits Under Standard Assumptions.

Author

Gueron, Shay, Lindell, Yehuda, Nof, Ariel, and Pinkas, Benny

Subjects

ELECTRONIC circuits, COMPUTER security, CRYPTOGRAPHY, PERMUTATIONS, COMPUTER network protocols, RANDOM functions (Mathematics)

Abstract

Protocols for secure computation enable mutually distrustful parties to jointly compute on their private inputs without revealing anything, but the result. Over recent years, secure computation has become practical and considerable effort has been made to make it more and more efficient. A highly important tool in the design of two-party protocols is Yao’s garbled circuit construction (Yao 1986), and multiple optimizations on this primitive have led to performance improvements in orders of magnitude over the last years. However, many of these improvements come at the price of making very strong assumptions on the underlying cryptographic primitives being used (e.g., that AES is secure for related keys, that it is circular-secure, and even that it behaves like a random permutation when keyed with a public fixed key). The justification behind making these strong assumptions has been that otherwise it is not possible to achieve fast garbling and thus fast secure computation. In this paper, we take a step back and examine whether it is really the case that such strong assumptions are needed. We provide new methods for garbling that are secure solely under the assumption that the primitive used (e.g., AES) is a pseudorandom function. Our results show that in many cases, the penalty incurred is not significant, and so a more conservative approach to the assumptions being used can be adopted. [ABSTRACT FROM AUTHOR]

Published

2018

15. On the Feasibility of Extending Oblivious Transfer.

Author

Lindell, Yehuda and Zarosim, Hila

Subjects

CRYPTOGRAPHY, COMPUTER security, MATHEMATICAL functions, KNOWLEDGE transfer, COMPUTER network protocols

Abstract

Oblivious transfer is one of the most basic and important building blocks in cryptography. As such, understanding its cost is of prime importance. Beaver (in: The 28th STOC, pp 479-488, 1996) showed that it is possible to obtain poly(n) oblivious transfers given only n actual oblivious transfer calls and using one-way functions, where n is the security parameter. In addition, he showed that it is impossible to extend oblivious transfer information theoretically. The notion of extending oblivious transfer is important theoretically (to understand the complexity of computing this primitive) and practically (since oblivious transfers can be expensive and thus extending them using only one-way functions is very attractive). Despite its importance, very little is known about the feasibility of extending oblivious transfer, beyond the fact that it is impossible information theoretically. Specifically, it is not known whether or not one-way functions are actually necessary for extending oblivious transfer, whether or not it is possible to extend oblivious transfers with adaptive security, and whether or not it is possible to extend oblivious transfers when starting with O(logn) oblivious transfers. In this paper, we address these questions and provide almost complete answers to all of them. We show that the existence of any oblivious transfer extension protocol with security for static semi-honest adversaries implies one-way functions, that an oblivious transfer extension protocol with adaptive security implies oblivious transfer with static security, and that the existence of an oblivious transfer extension protocol from only O(logn) oblivious transfers implies oblivious transfer itself. [ABSTRACT FROM AUTHOR]

Published

2018

16. Internet Protocol (IP) Steganography Using Modified Particle Swarm Optimization (MPSO) Algorithm.

Author

Abbas, Sana Adnan

Subjects

INTERNET protocols, COMPUTER networks, COMPUTER network protocols, COMPUTER security, INTERNET of things

Abstract

Copyright of Diyala Journal for Pure Science is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

17. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

Author

Baig, Ahmed Fraz, Hassan, Khwaja Mansoor ul, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Khan, Imran, and Ashraf, Muhammad Usman

Subjects

*WIRELESS communications, *TELECOMMUNICATION systems, *COMPUTER network protocols, *COMPUTER networks, *BIOMETRIC identification

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. [ABSTRACT FROM AUTHOR]

Published

2018

18. Development of the ECAT Preprocessor with the Trust Communication Approach.

Author

Ovaz Akpinar, Kevser and Ozcelik, Ibrahim

Subjects

COMPUTER network protocols, AUTOMATIC control systems, INTERNET protocols, COMPUTER security, DATA security

Abstract

In the past several years, attacks over industrial control systems (ICS) have become increasingly frequent and sophisticated. The most common objectives of these types of attacks are controlling/monitoring the physical process, manipulating programmable controllers, or affecting the integrity of software and networking equipment. As one of the widely applied protocols in the ICS world, EtherCAT is an Ethernet-based protocol; thus, it is exposed to both TCP/IP and ICS-specific attacks. In this paper, we analyze EtherCAT field-level communication principles from the security viewpoint focusing on the protocol vulnerabilities, which have been rarely analyzed previously. Our research showed that it lacks the most common security parameters, such as authentication, encryption, and authorization, and is open to Media Access Control (MAC) spoofing, data injection, and other advanced attacks, which require superior skills. To prevent, detect, and reduce attacks over the EtherCAT-based critical systems, first, we improved the open-source Snort intrusion detection/prevention system (IDS/IPS) to support packets that are not processed over transport and network layers. Second, by incorporating a vulnerability analysis, we proposed the EtherCAT (ECAT) preprocessor. Third, we introduced a novel approach called trust-node identification and applied the approach as three rules into the preprocessor. In this sense, the ECAT preprocessor differs from other supported ICS preprocessors in the literature, such as DNP3 and Modbus/TCP. Besides supporting traditional rule expansion, it is also able to handle layer 2 packets and to apply deep packet inspection on EtherCAT packets using the trust-node approach. This method first identifies engineering-station approved nodes based on EtherCAT network information (ENI) configuration files and then deeply inspects incoming packets, considering protocol specifications. The improvements and approach have been tested on the physically developed testbed environment and we have proved that proposals can detect related attacks and provide a basic level of security over the EtherCAT-implemented systems. [ABSTRACT FROM AUTHOR]

Published

2018

19. Global Behavior of a Computer Virus Propagation Model on Multilayer Networks.

Author

Zhang, Chunming

Subjects

COMPUTER viruses, COMPUTER security, COMPUTER simulation, COMPUTER network protocols

Abstract

This paper presents a new linear computer viruses propagation model on multilayer networks to explore the mechanism of computer virus propagation. Theoretical analysis demonstrates that the maximum eigenvalue of the sum of all the subnetworks is a vital factor in determining the viral prevalence. And then, a new sufficient condition for the global stability of virus-free equilibrium has been obtained. The persistence of computer virus propagation system has also been proved. Eventually, some numerical simulation results verify the main conclusions of the theoretical analysis. [ABSTRACT FROM AUTHOR]

Published

2018

20. An efficient anonymous authentication protocol in multiple server communication networks (EAAM).

Author

Braeken, An, Kumar, Pardeep, Liyanage, Madhusanka, and Hue, Ta Thi Kim

Subjects

*COMPUTER network protocols, *COMPUTER access control, *MULTI-factor authentication, *BIOMETRIC identification, *COMPUTER security, *CRYPTOGRAPHY

Abstract

In a multi-server authentication environment, a user only needs to register once at a central registration place before accessing the different services on the different registered servers. Both, from a user point of view as for the management and maintenance of the infrastructure, these types of environments become more and more popular. Smartcard- or smartphone-based approaches lead to more secure systems because they offer two- or three-factor authentication, based on the strict combination of the user’s password, the user’s biometrics and the possession of the device. In this paper, we propose an efficient anonymous authentication protocol in multiple server communication networks, called the EAAM protocol, which is able to establish user anonymity, mutual authentication, and resistance against known security attacks. The novelty of the proposed scheme is that it does not require a secure channel during the registration between the user and the registration center and is resistant to a curious but honest registration system. These features are established in a highly efficient way with the minimum amount of communication flows between user and server during the establishment of the secret shared key and by using light-weight cryptographic techniques such as Chebyshev chaotic map techniques and symmetric key cryptography. The performance and security of the protocol are analyzed and compared with the latest new proposals in this field. [ABSTRACT FROM AUTHOR]

Published

2018

21. The once and future internet: infrastructural tragedy and ambiguity in the case of IPv6.

Author

Dourish, Paul

Subjects

*TCP/IP, *COMPUTER network protocols, *FILE Transfer Protocol (Computer network protocol), *INTERNET security, *COMPUTER security

Abstract

The Internet as we currently recognise it was institutionally established in 1983 when all hosts connected to the then ARPANET were required to have adopted the relatively new Transmission Control Protocol/Internet Protocol (TCP/IP) technologies. Thirteen years later, in 1996, a replacement standard was established for the IP protocol, to resolve key anticipated technical problems. More than 20 years later, those technical problems have indeed arisen, and yet the "new" protocol, IPv6, is still not widely deployed. This paper explores technical and institutional aspects of this case in order to examine how the evolving contexts of infrastructure use may turn technological solutions into infrastructural problems. [ABSTRACT FROM AUTHOR]

Published

2018

22. Cryptanalysis of an identity-based authenticated key exchange protocol.

Author

Hatri, Younes, Otmani, Ayoub, and Guenda, Kenza

Subjects

*CRYPTOGRAPHY, *RESIDUE codes, *MATHEMATICAL proofs, *COMPUTER network protocols, *COMPUTER security

Abstract

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity-based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked. [ABSTRACT FROM AUTHOR]

Published

2018

23. Card-based protocols using unequal division shuffles.

Author

Nishimura, Akihiro, Nishida, Takuya, Hayashi, Yu-ichi, Mizuki, Takaaki, and Sone, Hideaki

Subjects

*CRYPTOGRAPHY, *BOOLEAN functions, *PROBABILITY theory, *COMPUTER network protocols, *COMPUTER security

Abstract

Card-based cryptographic protocols can perform secure computation of Boolean functions. In 2013, Cheung et al. presented a protocol that securely produces a hidden AND value using five cards; however, it fails with a probability of 1/2. The protocol uses an unconventional shuffle operation called an unequal division shuffle; after a sequence of five cards is divided into a two-card portion and a three-card portion, these two portions are randomly switched so that nobody knows which is which. In this paper, we first show that the protocol proposed by Cheung et al. securely produces not only a hidden AND value but also a hidden OR value (with a probability of 1/2). We then modify their protocol such that, even when it fails, we can still evaluate the AND value in the clear. Furthermore, we present two five-card copy protocols (which can duplicate a hidden value) using unequal division shuffle. Because the most efficient copy protocol currently known requires six cards, our new protocols improve upon the existing results. We also design a general copy protocol that produces multiple copies using an unequal division shuffle. Furthermore, we show feasible implementations of unequal division shuffles by the use of card cases. [ABSTRACT FROM AUTHOR]

Published

2018

24. Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning.

Author

Verma, Abhishek and Ranga, Virender

Subjects

INTRUSION detection systems (Computer security), COMPUTER network security, INFORMATION & communication technology security, COMPUTER network protocols, COMPUTER security

Abstract

A lot of research is being done on the development of effective Network Intrusion Detection Systems. Anomaly based Network Intrusion Detection Systems are preferred over Signature based Network Intrusion Detection Systems because of their better significance in detecting novel attacks. The research on the datasets being used for training and testing purpose in the detection model is equally concerned as better dataset quality can advance offline Intrusion Detection. Benchmark datasets like KDD99 and NSL-KDD cup 99 are outdated and face some major issues, which make them unsuitable for evaluating Anomaly based Network Intrusion Detection Systems. This paper presents the statistical analysis of labelled flow based CIDDS-001 dataset using k-nearest neighbour classification and k-means clustering algorithms. The analysis is done with respect to some prominent evaluation metrics used for evaluating Network Intrusion Detection Systems including Detection Rate, Accuracy and False Positive Rate. [ABSTRACT FROM AUTHOR]

Published

2018

25. An Improvement Over Lee et al.'s Key Agreement Protocol.

Author

Oraei, Hossein, Pourpouneh, Mohsen, and Ramezanian, Rasoul

Subjects

KEY agreement protocols (Computer network protocols), COMPUTER security, INTERNET protocols, COMPUTER network protocols, COMPUTER network security

Abstract

In 2004, Hwang et al. proposed a group key exchange protocol for sharing a secure key in a group. Their protocol is an extension from the two party key exchange protocol to the group one. Recently, Jung-San Lee et al. noted that Hwang et al. group key exchange protocol has two security weaknesses. First, the forward secrecy is not confirmed in case that a new member joins the group and second, if a group member leaves the group, the backward secrecy is compromised. They proposed an improvement over this key exchange protocol in order to provide both forward and backward secrecy among group members. In this paper, we propose another improvement over Lee et al. key exchange, and we show that our key exchange protocol not only preservers both forward and backward secrecy, but also it is more efficient than their protocol when a member leaves the group. Finally, we give a formal analysis for the correctness of the proposed protocol via Scyther model checking tool. [ABSTRACT FROM AUTHOR]

Published

2018

26. Fast and efficient probing of heterogeneous IoT networks.

Author

Metongnon, Lionel and Sadre, Ramin

Subjects

COMPUTER operating systems, INTERNET of things, COMPUTER network protocols, COMPUTER security, WIRELESS LANs

Abstract

The Internet of Things (IoT) leads to the interconnectivity of a wide range of device types running an equally wide range of operating systems and applications. This heterogeneity of hardware and software poses significant challenges to security. Constrained IoT devices often do not have enough resources to carry the overhead of an intrusion protection system or complex security protocols. Furthermore, they are often not properly managed and updated. Network scans are a valuable tool to discover vulnerable devices. In the context of IoT, the initiator of the scan can be particularly interested in finding constrained devices, assuming that they are easier targets for attacks. However, in IoT networks hosting devices of various types, performing a scan with a high discovery rate can be a challenging task, since a scan working well for, eg, a WiFi network might easily overload a low-power network such as IEEE 802.15.4. In this paper,we propose an approach to increase the efficiency of network scans in heterogeneous environments by combining them with active round-trip time measurements. The measurements allow the scanner to differentiate IoT nodes by the used network technology.Using the knowledge gained from this differentiation, our approach adapts the scan strategy to reduce probe losses, and hence the speed and efficiency of the scan. We validate our approach through simulations of a mixed IoT infrastructure consisting of WiFi and multihop IEEE 802.15.4 subnetworks. [ABSTRACT FROM AUTHOR]

Published

2018

27. Formal verification of a radio network random access protocol.

Author

Roumane, Ahmed, Kechar, Bouabdellah, and Kouninef, Belkacem

Subjects

*UNIVERSAL Mobile Telecommunications System, *RADIO networks, *COMPUTER network protocols, *MACHINE theory, *COMPUTER security

Abstract

In this paper, the random access procedure of Universal Mobile Telecommunications System network is investigated. We have proposed a model based on communicating timed automata that represents the main functions related to the random access procedure including the user equipment, the base station (node B or BTS), and the channel. Then, we have used computational tree logic formula to specify the proprieties to be verified. The model and the formulas serve as inputs to the model checker, which is used as a verification engine, ie, UPPAAL and SPIN. The formal verification approach shows that the protocol has several drawbacks that may not be detected by simulation. [ABSTRACT FROM AUTHOR]

Published

2017

28. Electronic institutions and neural computing providing law-compliance privacy for trusting agents.

Author

Lopez, Mar, Carbo, Javier, Molina, Jose M., and Pedraza, Juanita

Subjects

COMPUTER security, ARTIFICIAL neural networks, MULTIAGENT systems, COMPUTER network protocols, CONTROL theory (Engineering)

Abstract

In this paper we present an integral solution for law-compliance privacy-protection into trust models for agent systems. Several privacy issues are concerned into trust relationships. Specifically, we define which privacy rights must legally be guaranteed in trusting communities of agents. From them, we describe additional interaction protocols that are required to implement such guarantees. Next, we apply additional message exchanges into a specific application domain (the Agent Trust and Reputation testbed) using JADE agent platform. The decisions about how to apply these control mechanisms (about when to launch the corresponding JADE protocol) has been efficiently carried out by neural computing. It uses past behavior of agents to decide (classify) which agents are worthy to share privacy with, considering which number of past interactions we should take into account. Furthermore, we also enumerate the corresponding privacy violations that would have taken place if these control mechanisms (in form of interaction protocols) were ignored or misused. From the possible existence of privacy violations, a regulatory structure is required to address (prevent and fix) the corresponding harmful consequences. We use Islander (an electronic institution editor) to formally define the scenes where privacy violation may be produced, attached to the ways to repair it: the defeasible actions that could voluntarily reduce or eliminate the privacy damage, and the obligations that the electronic institution would impose as penalties. [ABSTRACT FROM AUTHOR]

Published

2017

29. Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Author

Wen, Shameng, Meng, Qingkun, Feng, Chao, and Tang, Chaojing

Subjects

*REVERSE engineering, *COMPUTER network protocols, *FUZZY logic, *PROTOTYPES, *COMPUTER security

Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. [ABSTRACT FROM AUTHOR]

Published

2017

30. Mutual authentications to parties with QR-code applications in mobile systems.

Author

Huang, Cheng-Ta, Zhang, Yu-Hong, Lin, Li-Chiun, Wang, Wei-Jen, and Wang, Shiuh-Jeng

Subjects

*TWO-dimensional bar codes, *CELL phone systems, *END users (Information technology), *COMPUTER access control, *COMPUTER security, *USER-centered system design, *INTERNET service providers, *COMPUTER network protocols

Abstract

User authentication over the Internet has long been an issue for Internet service providers and users. A good authentication protocol must provide high security and mutual authentication on both sides. In addition, it must balance security and usability, which has been shown in the literature to be a difficult problem. To solve this problem, we propose a novel mutual authentication protocol with high security and usability. The proposed protocol was developed for quick response code, a type of two-dimensional barcode that can be photographed and quickly decoded by smartphones. We implemented a prototype using the proposed mutual authentication protocol and demonstrated how the prototype improves usability in a mobile communication system. We also used the Gong-Needham-Yahalom logic with several well-known attack models to analyze the security of the proposed protocol, and we obtained satisfactory results. We expect that using the proposed protocol, Internet service providers will be able to provide a mutual authentication mechanism with high security and usability. [ABSTRACT FROM AUTHOR]

Published

2017

31. Anonymous Password Authenticated Key Exchange Protocol in the Standard Model.

Author

Hu, Xuexian, Zhang, Jiang, Zhang, Zhenfeng, and Liu, Fengmei

Subjects

ENTROPY, COMPUTER network protocols, HEURISTIC algorithms, COMPUTER access control, COMPUTER security

Abstract

Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE- S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie-Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE- S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model. [ABSTRACT FROM AUTHOR]

Published

2017

32. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

33. TAPCS: Traffic-aware pseudonym changing strategy for VANETs.

Author

Boualouache, Abdelwahab and Moussaoui, Samira

Subjects

VEHICULAR ad hoc networks, COMPUTER security, COMPUTER simulation, COMPUTER network protocols, STRATEGIC planning

Abstract

Location privacy is one of the main challenges in Vehicular Ad-hoc Networks (VANETs), since weak protection may hinder the public acceptance of this technology. Frequently changing pseudonyms are commonly accepted as a solution to protect the location privacy in VANETs. However, a simple pseudonym change is not enough to provide the required protection. Although many pseudonym changing strategies have been proposed to enhance the location privacy protection provided by this approach, the development of an effective strategy is not yet achieved. In this paper, we propose a new pseudonym changing strategy called Traffic-Aware Pseudonym Changing Strategy (TAPCS). The aim of this strategy is to provide an effective location privacy protection against the different types of pseudonyms linking attacks that can be performed by a strong passive adversary model. TAPCS is a distributed pseudonym changing strategy and is one of the strategies that use the radio silence technique. Unlike the existing distributed pseudonym changing strategies that use this technique, TAPCS aims to provide a high level of location privacy protection without impacting the safety in the VANETs. The analytical evaluation and simulation results demonstrate the effectiveness of the proposed strategy. [ABSTRACT FROM AUTHOR]

Published

2017

34. Improved Identification Protocol in the Quantum Random Oracle Model.

Author

Wen Gao, Yupu Hu, Baocang Wang, and Jia Xie

Subjects

SEARCH algorithms, COMPUTER network protocols, COMPUTER security, CRYPTOGRAPHY, DATA encryption

Abstract

Boneh et al. [6] proposed an identification protocol in Asiacrypt 2011 that is secure in the classical random oracle model but insecure in the quantum random oracle model. This paper finds that a constant parameter plays a significant role in the security of the protocol and the variation of this parameter changes the security greatly. Therefore, an improved identification protocol that replaces a variable with this constant parameter is introduced. This study indicates that, when the variable is chosen appropriately, the improved identification protocol is secure in both the classical and the quantum random oracle models. Finally, we find the secure lower bound for this variable. [ABSTRACT FROM AUTHOR]

Published

2017

35. On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake.

Author

Tiloca, Marco, Gehrmann, Christian, and Seitz, Ludwig

Subjects

*DENIAL of service attacks, *CLIENT/SERVER computing, *COMPUTER network protocols, *COMPUTER security, *SCALABILITY

Abstract

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half-open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack. [ABSTRACT FROM AUTHOR]

Published

2017

36. Survey on UAANET Routing Protocols and Network Security Challenges.

Author

MAXA, JEAN-AIMÉ, MOHAMED SLIM BEN MAHMOUD, and LARRIEU, NICOLAS

Subjects

DRONE aircraft, AD hoc computer networks, COMPUTER network protocols, ROUTING (Computer network management), COMPUTER security, COMPUTER network resources

Abstract

UAV Ad hoc Networks (UAANETs) is a subset of the well-known mobile ad hoc network (MANET) paradigm. It refers to the deployment of a swarm of small Unmanned Aerial Vehicles (UAVs) and Ground Control Stations (GCS). These UAVs collaborate in order to relay data (command and control traffic and remotely sensed data) between each other and to the Ground Control Station (GCS). Compared to other types of ad hoc networks, UAANETs have some unique features and bring several major challenges to the research community. One of these is the design of UAANET routing protocol. It must establish an efficient route between UAVs and adjust in real time to the rapidly changing topology. It must also be secured to protect the integrity of the network against malicious attackers. Security of routing protocols has been widely investigated in wired networks and MANETs, but as far as we are aware, there is no previous research paper dealing with the security features of UAANET routing protocols. This paper focuses on characteristics of UAANETs and provides a review of the literature on associated routing protocols. We also highlight the analysis of the security features of these protocols. Security requirements, potential threats and countermeasures are all described. [ABSTRACT FROM AUTHOR]

Published

2017

37. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model.

Author

Wu, Zehui and Wei, Qiang

Subjects

*SOFTWARE-defined networking, *COMPUTER security, *PROGRAMMABLE controllers, *QUALITATIVE chemical analysis, *COMPUTER network protocols

Abstract

SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results. [ABSTRACT FROM AUTHOR]

Published

2017

38. An analysis of safety evidence management with the Structured Assurance Case Metamodel.

Author

de la Vara, Jose Luis, Génova, Gonzalo, Álvarez-Rodríguez, Jose María, and Llorens, Juan

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER science, *INDUSTRIAL safety, *COMPUTER security

Abstract

SACM (Structured Assurance Case Metamodel) is a standard for assurance case specification and exchange. It consists of an argumentation metamodel and an evidence metamodel for justifying that a system satisfies certain requirements. For assurance of safety-critical systems, SACM can be used to manage safety evidence and to specify safety cases. The standard is a promising initiative towards harmonizing and improving system assurance practices, but its suitability for safety evidence management needs to be further studied. To this end, this paper studies how SACM 1.1 supports this activity according to requirements from industry and from prior work. We have analysed the notion of evidence in SACM, its evidence lifecycle, the classes and associations of the evidence metamodel, and the link of this metamodel with the argumentation one. As a result, we have identified several improvement opportunities and extension possibilities in SACM. The notions of evidence and evidence assertion should be clarified, the overlaps between metamodel elements should be reduced, and a wider support to the lifecycle of the artefacts used as safety evidence could be provided. Addressing these aspects will allow SACM to better fit safety evidence management needs and practices, especially beyond the scope of a safety case. The results and the conclusions drawn are especially valuable for practitioners interested in SACM adoption and vendors interested in developing tool support for SACM-based safety evidence management. [ABSTRACT FROM AUTHOR]

Published

2017

39. An improved password-based authentication scheme for session initiation protocol using smart cards without verification table.

Author

Farash, Mohammad Sabsinejad

Subjects

*COMPUTER passwords, *COMPUTER access control, *COMPUTER network protocols, *VERIFICATION of computer systems, *COMPUTER security

Abstract

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2017

40. Comparison of group key establishment protocols.

Author

SŞAHİN, Serap and ASLANOĞLU, Rabia

Subjects

*COMPUTER network protocols, *KEY agreement protocols (Computer network protocols), *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *CRYPTOGRAPHY

Abstract

Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing-based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users. [ABSTRACT FROM AUTHOR]

Published

2017

41. Design of optical fiber communication network monitoring and detection system based on address resolution protocol cheats.

Author

Zhang, Hao and Dai, GuangLong

Subjects

*OPTICAL fiber communication, *COMPUTER network protocols, *COMPUTER network security, *FIBER optics, *COMPUTER security

Abstract

Optical fiber communication network security is getting more and more prominent, while the optical fiber communication network monitoring is another challenges of the optical fiber communication network security. In order to Address Resolution Protocol key technology was used. In addition, design of optical fiber communication network detection system was also designed. [ABSTRACT FROM AUTHOR]

Published

2016

42. An Efficient 3D Elliptic Curve Diffie–Hellman (ECDH) Based Two-Server Password-Only Authenticated Key Exchange Protocol with Provable Security.

Author

Kumari, K. Anitha, Sadasivam, G. Sudha, and Rohini, L.

Subjects

*COMPUTER network protocols, *CRYPTOGRAPHY, *ELLIPTIC curves, *COMPUTER security, *COMPUTER algorithms, *COMPUTER access control

Abstract

In large-scale distributed systems, where adversarial attacks have extensive impact, authentication provides fortification against threats involving impersonation of entities and tampering of data. Towards this, we introduce the first tetrahedron (three-dimensional (3D)) based two-server Password Authenticated and Key Exchange (PAKE) protocol to represent text passwords. A 3D PAKE protocol is a hybrid cryptographic algorithm that requires two servers for authentication; one server engages with users and the other is hidden from the clients. A remarkable aspect of the proposed 3D PAKE protocol is that reclaiming password from the stored credentials is not possible when either one/both the servers gets compromised. In this paper, we discuss the properties of tetrahedron that mesh well with Diffie–Hellman key exchange protocol and elliptic curve cryptography encryption scheme and proved that the protocol is resistant against cryptographic attacks without the involvement of public key infrastructure. The proposed protocol is the first provably secure two-server PAKE protocol against an offline dictionary attack. [ABSTRACT FROM PUBLISHER]

Published

2016

43. Efficient private subset computation.

Author

Dou, Jiawei, Gong, Linming, Li, Shundong, and Ma, Li

Subjects

COMPUTER security, CRYPTOGRAPHY, COMPUTER network protocols, DATA encryption, DATA security

Abstract

We consider how to privately determine whether a private set owned by Bob is a subset of another private set owned by Alice. This problem has many applications in online collaboration. We first propose an encoding method to encode a set to a vector, which can reduce a set computation problem to a vector computation. Based on this encoding scheme and two different homomorphic encryption schemes, we present two efficient protocols for private subset problem in case where both private sets are subsets of a known universal set. These protocols are secure both in the semi-honest model and in the malicious model. We then show how to use these protocols to privately determine whether a private number is a factor of another private number. Copyright © 2017 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

44. Provably secure user authentication and key agreement scheme for wireless sensor networks.

Author

Das, Ashok Kumar, Kumari, Saru, Odelu, Vanga, Li, Xiong, Wu, Fan, and Huang, Xinyi

Subjects

COMPUTER access control, WIRELESS sensor networks, COMPUTER security, KEY agreement protocols (Computer network protocols), SMART cards, COMPUTER network protocols

Abstract

In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols [ABSTRACT FROM AUTHOR]

Published

2016

45. Multi-proxy multi-signature binding positioning protocol.

Author

Xue, Qingshui, Li, Fengying, Chen, Huafeng, Zhang, Huajun, and Cao, Zhenfu

Subjects

DIGITAL signatures, COMPUTER network protocols, COMPUTER security, WIRELESS Internet, GLOBAL Positioning System, ENCRYPTION protocols

Abstract

For the first time, one new conception, multi-proxy multi-signature binding positioning protocol, is proposed. Based on the secure positioning protocol, one model of multi-proxy multi-signature binding positioning protocol is proposed. In the model, positioning protocol is bound to multi-proxy multi-signature tightly, not loosely. Further, we propose one scheme of multi-proxy multi-signature binding positioning protocol, its correctness is proved, and its security is analyzed. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

46. Fault-tolerant symmetrically-private information retrieval.

Author

Wang, Tian-Yin, Cai, Xiao-Qiu, and Zhang, Rui-Ling

Subjects

*FAULT-tolerant computing, *INFORMATION retrieval, *COMPUTER network protocols, *COMPUTER users, *COMPUTER security, *DATABASES, *QUANTUM information theory

Abstract

We propose two symmetrically-private information retrieval protocols based on quantum key distribution, which provide a good degree of database and user privacy while being flexible, loss-resistant and easily generalized to a large database similar to the precedent works. Furthermore, one protocol is robust to a collective-dephasing noise, and the other is robust to a collective-rotation noise. [ABSTRACT FROM AUTHOR]

Published

2016

47. Private and oblivious set and multiset operations.

Author

Blanton, Marina and Aguiar, Everaldo

Subjects

*DATA privacy, *COMPUTER network protocols, *COMPUTER security, *INFORMATION theory, *MATHEMATICAL optimization

Abstract

Privacy-preserving set operations are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and expect that each participant knows her input set in the clear. In this work, we put forward a new framework for secure multi-party set and multiset operations in which the inputs can be arbitrarily partitioned among the participants, knowledge of an input (multi)set is not required for any party, and the secure set operations can be composed and can also be securely outsourced to third-party computation providers. In this framework, we construct a comprehensive suite of secure protocols for set operations and their various extensions. Our protocols are secure in the information-theoretic sense and are designed to minimize the round complexity. We then also build support for multiset operations by providing (i) a generic conversion from a multiset to a set, which makes the protocols for set operations applicable to multisets and (ii) direct instantiations of multiset operations of improved performance. All of our protocols have communication and computation complexity of $$O(m \log m)$$ and logarithmic round complexity for sets or multisets of size m, which compares favorably with prior work. Practicality of our solutions is shown through experimental results, and novel optimizations based on set compaction allow us to improve performance of our protocols in practice. Our protocols are secure in both semi-honest and malicious security models. [ABSTRACT FROM AUTHOR]

Published

2016

48. Combinatorial Methods in Security Testing.

Author

Simos, Dimitris E., Kuhn, Rick, Voyiatzis, Artemios G., and Kacker, Raghu

Subjects

*COMPUTER security, *COMBINATORICS, *COMPUTER software security, *COMPUTER network protocols, *INTERNET of things

Abstract

Combinatorial methods can make software security testing much more efficient and effective than conventional approaches. [ABSTRACT FROM PUBLISHER]

Published

2016

49. A Trajectory Privacy Model for Radio-Frequency Identification System.

Author

Zhang, Wei, Wu, Longkai, Liu, Sanya, Huang, Tao, Guo, Yajun, and Hsu, Chingfang

Subjects

COMPUTER security, RADIO frequency identification systems, COMPUTER network protocols, SECURITY systems, DATA privacy

Abstract

Here we propose a trajectory privacy model to solve privacy and security problems with radio-frequency identification (RFID) systems. The model first formalizes an Adversary Model and then defines an adversary indistinguishability privacy game and interval security privacy game according to the ability of the adversary. Based on the privacy game between adversary and challenger, the author gives the definition of weak trajectory privacy and strong trajectory privacy. Finally, we analyzed the privacy protection level of present RFID systems with the help of this trajectory privacy model. It can be seen that the trajectory privacy model can effectively analyze and find the privacy vulnerabilities of RFID security protocols. [ABSTRACT FROM AUTHOR]

Published

2016

50. Intrusion detection in mobile ad hoc networks: techniques, systems, and future challenges.

Author

Kumar, Sunil and Dutta, Kamlesh

Subjects

INTRUSION detection systems (Computer security), AD hoc computer networks, CYBERTERRORISM, COUNTERTERRORISM, DATA security, SENSOR networks, COMPUTER security, COMPUTER network protocols

Abstract

In recent years, Mobile Ad hoc NETworks (MANETs) have generated great interest among researchers in the development of theoretical and practical concepts, and their implementation under several computing environments. However, MANETs are highly susceptible to various security attacks due to their inherent characteristics. In order to provide adequate security against multi-level attacks, the researchers are of the opinion that detection-based schemes should be incorporated in addition to traditionally used prevention techniques because prevention-based techniques cannot prevent the attacks from compromised internal nodes. Intrusion detection system is an effective defense mechanism that detects and prevents the security attacks at various levels. This paper tries to provide a structured and comprehensive survey of most prominent intrusion detection techniques of recent past and present for MANETs in accordance with technology layout and detection algorithms. These detection techniques are broadly classified into nine categories based on their primary detection engine/(s). Further, an attempt has been made to compare different intrusion detection techniques with their operational strengths and limitations. Finally, the paper concludes with a number of future research directions in the design and implementation of intrusion detection systems for MANETs. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016