Your search keyword '"COMPUTER network protocols"' showing total 85 results

1. Device Onboarding Using FDO and the Untrusted Installer Model.

Author

Cooper, Geoffrey H.

Subjects

*INTERNET of things, *COMPUTER security, *COMPUTER network protocols, *DATA structures, *WIRELESS Internet, *DATA encryption, *COMPUTER systems, *INSTALLATION of equipment

Abstract

The Internet of Things (IoT) market has expanded significantly, encompassing various sectors like home, retail, manufacturing, and transportation, with millions of devices and servers dedicated to monitoring real-world aspects. Regardless of the field, all IoT devices share the characteristic of transitioning from initial ownership to target application ownership to fulfill their intended functions, a process known as onboarding, which requires fast, reliable, and secure interaction between devices and servers. Two distinct approaches to onboarding, trusted and untrusted installers, exist, with trusted installers employing configurator tools to establish trust between devices and servers, while untrusted installers rely on mechanisms like ownership vouchers for authentication, offering scalability and parallel device onboarding.

Published

2024

2. The Criteria for Adapting a Blockchain Consensus Algorithm to IoT Networks †.

Author

Aghroud, Mohamed, Oualla, Mohamed, and El Bermi, Lahcen

Subjects

BLOCKCHAINS, INTERNET of things, COMPUTER algorithms, COMPUTER security, COMPUTER network protocols

Abstract

The Internet of Things (IoT) is a network of smart objects connected via the Internet, where each object is identified by a unique, accessible, and programmable address, while Blockchain is a technology for storing and transmitting information based on a decentralized system such that the centralized validation of transactions is replaced by a consensus mechanism. The integration of these two technologies requires consensus protocols to overcome the major challenges encountered in IoT systems, including issues related to security, storage capacity limits, computing power, etc. Therefore, different consensus algorithms have been implemented. For this purpose, this paper presents a research study on the criteria that would render a Blockchain consensus algorithm suitable for IoT networks, namely, computing power, latency, storage capacity, and security. [ABSTRACT FROM AUTHOR]

Published

2023

3. MQTT TABANLI IOT SİSTEMİNE YAPILAN SALDIRILARIN MAKİNE ÖĞRENİMİ KULLANILARAK TESPİTİ.

Author

KAHYA, Ayça Nur and YOLAÇAN, Esra Nergis

Subjects

INTERNET of things, CYBERTERRORISM, INTERNET security, COMPUTER network protocols, COMPUTER security

Abstract

Copyright of Journal of Engineering & Architectural Faculty of Eskisehir Osmangazi University / Eskişehir Osmangazi Üniversitesi Mühendislik ve Mimarlık Fakültesi Dergisi is the property of Eskisehir Osmangazi University and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

4. A Messy State of the Union: Taming the Composite State Machines of TLS.

Author

Beurdouche, Benjamin, Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Fournet, Cédric, Kohlweiss, Markulf, Pironti, Alfredo, Strub, Pierre-Yves, and Zinzindohoue, Jean Karim

Subjects

*COMPUTER network protocols, *FINITE state machines, *CLIENT/SERVER computing, *COMPUTER security

Abstract

The Transport Layer Security (TLS) protocol supports various authentication modes, key exchange methods, and protocol extensions. Confusingly, each combination may prescribe a different message sequence between the client and the server, and thus a key challenge for TLS implementations is to define a composite state machine that correctly handles these combinations. If the state machine is too restrictive, the implementation may fail to interoperate with others; if it is too liberal, it may allow unexpected message sequences that break the security of the protocol. We systematically test popular TLS implementations and find unexpected transitions in many of their state machines that have stayed hidden for years. We show how some of these flaws lead to critical security vulnerabilities, such as FREAK. While testing can help find such bugs, formal verification can prevent them entirely. To this end, we implement and formally verify a new composite state machine for OpenSSL, a popular TLS library. [ABSTRACT FROM AUTHOR]

Published

2017

5. Formally analyzed m-coupon protocol with confirmation code (MCWCC).

Author

YILDIRIM, Kerim, DALKILIÇ, Gökhan, and DURU, Nevcihan

Subjects

*ELECTRONIC coupons (Retail trade), *COMPUTER network protocols, *MOBILE apps, *CONSUMER behavior, *COMPUTER security

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers. [ABSTRACT FROM AUTHOR]

Published

2019

6. A PUF-based hardware mutual authentication protocol.

Author

Barbareschi, Mario, De Benedictis, Alessandra, and Mazzocca, Nicola

Subjects

*COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *UNIQUENESS (Mathematics), *COMPUTER architecture

Abstract

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. [ABSTRACT FROM AUTHOR]

Published

2018

7. Precoding-Aided Spatial Modulation for the Wiretap Channel with Relay Selection and Cooperative Jamming.

Author

Bouida, Zied, Stavridis, Athanasios, Ghrayeb, Ali, Haas, Harald, Hasna, Mazen, and Ibnkahla, Mohamed

Subjects

COMPUTER network security, COMPUTER network protocols, INTERNET protocols, PROTOCOL analyzers, COMPUTER security

Abstract

We propose in this paper a physical-layer security (PLS) scheme for dual-hop cooperative networks in an effort to enhance the communications secrecy. The underlying model comprises a transmitting node (Alice), a legitimate node (Bob), and an eavesdropper (Eve). It is assumed that there is no direct link between Alice and Bob, and the communication between them is done through trusted relays over two phases. In the first phase, precoding-aided spatial modulation (PSM) is employed, owing to its low interception probability, while simultaneously transmitting a jamming signal from Bob. In the second phase, the selected relay detects and transmits the intended signal, whereas the remaining relays transmit the jamming signal received from Bob. We analyze the performance of the proposed scheme in terms of the ergodic secrecy capacity (ESC), the secrecy outage probability (SOP), and the bit error rate (BER) at Bob and Eve. We obtain closed-form expressions for the ESC and SOP and we derive very tight upper-bounds for the BER. We also optimize the performance with respect to the power allocation among the participating relays in the second phase. We provide examples with numerical and simulation results through which we demonstrate the effectiveness of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2018

8. An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment.

Author

Anandhi, S., Anitha, R., and Sureshkumar, Venkatasamy

Subjects

*RADIO frequency identification systems, *CLOUD computing, *COMPUTER security, *COMPUTER network protocols, *COMPUTER access control, *ELECTRONIC authentication, *DATA encryption

Abstract

Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost. [ABSTRACT FROM AUTHOR]

Published

2018

9. Internet Protocol (IP) Steganography Using Modified Particle Swarm Optimization (MPSO) Algorithm.

Author

Abbas, Sana Adnan

Subjects

INTERNET protocols, COMPUTER networks, COMPUTER network protocols, COMPUTER security, INTERNET of things

Abstract

Copyright of Diyala Journal for Pure Science is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

10. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

Author

Baig, Ahmed Fraz, Hassan, Khwaja Mansoor ul, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Khan, Imran, and Ashraf, Muhammad Usman

Subjects

*WIRELESS communications, *TELECOMMUNICATION systems, *COMPUTER network protocols, *COMPUTER networks, *BIOMETRIC identification

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. [ABSTRACT FROM AUTHOR]

Published

2018

11. Development of the ECAT Preprocessor with the Trust Communication Approach.

Author

Ovaz Akpinar, Kevser and Ozcelik, Ibrahim

Subjects

COMPUTER network protocols, AUTOMATIC control systems, INTERNET protocols, COMPUTER security, DATA security

Abstract

In the past several years, attacks over industrial control systems (ICS) have become increasingly frequent and sophisticated. The most common objectives of these types of attacks are controlling/monitoring the physical process, manipulating programmable controllers, or affecting the integrity of software and networking equipment. As one of the widely applied protocols in the ICS world, EtherCAT is an Ethernet-based protocol; thus, it is exposed to both TCP/IP and ICS-specific attacks. In this paper, we analyze EtherCAT field-level communication principles from the security viewpoint focusing on the protocol vulnerabilities, which have been rarely analyzed previously. Our research showed that it lacks the most common security parameters, such as authentication, encryption, and authorization, and is open to Media Access Control (MAC) spoofing, data injection, and other advanced attacks, which require superior skills. To prevent, detect, and reduce attacks over the EtherCAT-based critical systems, first, we improved the open-source Snort intrusion detection/prevention system (IDS/IPS) to support packets that are not processed over transport and network layers. Second, by incorporating a vulnerability analysis, we proposed the EtherCAT (ECAT) preprocessor. Third, we introduced a novel approach called trust-node identification and applied the approach as three rules into the preprocessor. In this sense, the ECAT preprocessor differs from other supported ICS preprocessors in the literature, such as DNP3 and Modbus/TCP. Besides supporting traditional rule expansion, it is also able to handle layer 2 packets and to apply deep packet inspection on EtherCAT packets using the trust-node approach. This method first identifies engineering-station approved nodes based on EtherCAT network information (ENI) configuration files and then deeply inspects incoming packets, considering protocol specifications. The improvements and approach have been tested on the physically developed testbed environment and we have proved that proposals can detect related attacks and provide a basic level of security over the EtherCAT-implemented systems. [ABSTRACT FROM AUTHOR]

Published

2018

12. Global Behavior of a Computer Virus Propagation Model on Multilayer Networks.

Author

Zhang, Chunming

Subjects

COMPUTER viruses, COMPUTER security, COMPUTER simulation, COMPUTER network protocols

Abstract

This paper presents a new linear computer viruses propagation model on multilayer networks to explore the mechanism of computer virus propagation. Theoretical analysis demonstrates that the maximum eigenvalue of the sum of all the subnetworks is a vital factor in determining the viral prevalence. And then, a new sufficient condition for the global stability of virus-free equilibrium has been obtained. The persistence of computer virus propagation system has also been proved. Eventually, some numerical simulation results verify the main conclusions of the theoretical analysis. [ABSTRACT FROM AUTHOR]

Published

2018

13. An efficient anonymous authentication protocol in multiple server communication networks (EAAM).

Author

Braeken, An, Kumar, Pardeep, Liyanage, Madhusanka, and Hue, Ta Thi Kim

Subjects

*COMPUTER network protocols, *COMPUTER access control, *MULTI-factor authentication, *BIOMETRIC identification, *COMPUTER security, *CRYPTOGRAPHY

Abstract

In a multi-server authentication environment, a user only needs to register once at a central registration place before accessing the different services on the different registered servers. Both, from a user point of view as for the management and maintenance of the infrastructure, these types of environments become more and more popular. Smartcard- or smartphone-based approaches lead to more secure systems because they offer two- or three-factor authentication, based on the strict combination of the user’s password, the user’s biometrics and the possession of the device. In this paper, we propose an efficient anonymous authentication protocol in multiple server communication networks, called the EAAM protocol, which is able to establish user anonymity, mutual authentication, and resistance against known security attacks. The novelty of the proposed scheme is that it does not require a secure channel during the registration between the user and the registration center and is resistant to a curious but honest registration system. These features are established in a highly efficient way with the minimum amount of communication flows between user and server during the establishment of the secret shared key and by using light-weight cryptographic techniques such as Chebyshev chaotic map techniques and symmetric key cryptography. The performance and security of the protocol are analyzed and compared with the latest new proposals in this field. [ABSTRACT FROM AUTHOR]

Published

2018

14. Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning.

Author

Verma, Abhishek and Ranga, Virender

Subjects

INTRUSION detection systems (Computer security), COMPUTER network security, INFORMATION & communication technology security, COMPUTER network protocols, COMPUTER security

Abstract

A lot of research is being done on the development of effective Network Intrusion Detection Systems. Anomaly based Network Intrusion Detection Systems are preferred over Signature based Network Intrusion Detection Systems because of their better significance in detecting novel attacks. The research on the datasets being used for training and testing purpose in the detection model is equally concerned as better dataset quality can advance offline Intrusion Detection. Benchmark datasets like KDD99 and NSL-KDD cup 99 are outdated and face some major issues, which make them unsuitable for evaluating Anomaly based Network Intrusion Detection Systems. This paper presents the statistical analysis of labelled flow based CIDDS-001 dataset using k-nearest neighbour classification and k-means clustering algorithms. The analysis is done with respect to some prominent evaluation metrics used for evaluating Network Intrusion Detection Systems including Detection Rate, Accuracy and False Positive Rate. [ABSTRACT FROM AUTHOR]

Published

2018

15. Electronic institutions and neural computing providing law-compliance privacy for trusting agents.

Author

Lopez, Mar, Carbo, Javier, Molina, Jose M., and Pedraza, Juanita

Subjects

COMPUTER security, ARTIFICIAL neural networks, MULTIAGENT systems, COMPUTER network protocols, CONTROL theory (Engineering)

Abstract

In this paper we present an integral solution for law-compliance privacy-protection into trust models for agent systems. Several privacy issues are concerned into trust relationships. Specifically, we define which privacy rights must legally be guaranteed in trusting communities of agents. From them, we describe additional interaction protocols that are required to implement such guarantees. Next, we apply additional message exchanges into a specific application domain (the Agent Trust and Reputation testbed) using JADE agent platform. The decisions about how to apply these control mechanisms (about when to launch the corresponding JADE protocol) has been efficiently carried out by neural computing. It uses past behavior of agents to decide (classify) which agents are worthy to share privacy with, considering which number of past interactions we should take into account. Furthermore, we also enumerate the corresponding privacy violations that would have taken place if these control mechanisms (in form of interaction protocols) were ignored or misused. From the possible existence of privacy violations, a regulatory structure is required to address (prevent and fix) the corresponding harmful consequences. We use Islander (an electronic institution editor) to formally define the scenes where privacy violation may be produced, attached to the ways to repair it: the defeasible actions that could voluntarily reduce or eliminate the privacy damage, and the obligations that the electronic institution would impose as penalties. [ABSTRACT FROM AUTHOR]

Published

2017

16. Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Author

Wen, Shameng, Meng, Qingkun, Feng, Chao, and Tang, Chaojing

Subjects

*REVERSE engineering, *COMPUTER network protocols, *FUZZY logic, *PROTOTYPES, *COMPUTER security

Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. [ABSTRACT FROM AUTHOR]

Published

2017

17. Detection and Prevention of Cybersecurity Risks of Cloud-connected Machinery in Industrial Internet of Things System (IIoT)

Author

Lao, Shing Kit and Kaur, Sandeep (Supervisor)

Subjects

Internet of things, Computer security, Computer network protocols, Cloud computing

Abstract

Internet of Things (IoT) is the interconnection of physical devices, which are equipped with sensor to collect data, and management platforms to perform analysis on the data collected. IoT helps people to make decision or further control on other devices automatically. Industrial Internet of Things (IIoT) is the application of IoT in various industries such as manufacturing, energy plant or water supply. (As cited in abstract.)

Published

2022

18. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

19. Improved Identification Protocol in the Quantum Random Oracle Model.

Author

Wen Gao, Yupu Hu, Baocang Wang, and Jia Xie

Subjects

SEARCH algorithms, COMPUTER network protocols, COMPUTER security, CRYPTOGRAPHY, DATA encryption

Abstract

Boneh et al. [6] proposed an identification protocol in Asiacrypt 2011 that is secure in the classical random oracle model but insecure in the quantum random oracle model. This paper finds that a constant parameter plays a significant role in the security of the protocol and the variation of this parameter changes the security greatly. Therefore, an improved identification protocol that replaces a variable with this constant parameter is introduced. This study indicates that, when the variable is chosen appropriately, the improved identification protocol is secure in both the classical and the quantum random oracle models. Finally, we find the secure lower bound for this variable. [ABSTRACT FROM AUTHOR]

Published

2017

20. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model.

Author

Wu, Zehui and Wei, Qiang

Subjects

*SOFTWARE-defined networking, *COMPUTER security, *PROGRAMMABLE controllers, *QUALITATIVE chemical analysis, *COMPUTER network protocols

Abstract

SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results. [ABSTRACT FROM AUTHOR]

Published

2017

21. An analysis of safety evidence management with the Structured Assurance Case Metamodel.

Author

de la Vara, Jose Luis, Génova, Gonzalo, Álvarez-Rodríguez, Jose María, and Llorens, Juan

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER science, *INDUSTRIAL safety, *COMPUTER security

Abstract

SACM (Structured Assurance Case Metamodel) is a standard for assurance case specification and exchange. It consists of an argumentation metamodel and an evidence metamodel for justifying that a system satisfies certain requirements. For assurance of safety-critical systems, SACM can be used to manage safety evidence and to specify safety cases. The standard is a promising initiative towards harmonizing and improving system assurance practices, but its suitability for safety evidence management needs to be further studied. To this end, this paper studies how SACM 1.1 supports this activity according to requirements from industry and from prior work. We have analysed the notion of evidence in SACM, its evidence lifecycle, the classes and associations of the evidence metamodel, and the link of this metamodel with the argumentation one. As a result, we have identified several improvement opportunities and extension possibilities in SACM. The notions of evidence and evidence assertion should be clarified, the overlaps between metamodel elements should be reduced, and a wider support to the lifecycle of the artefacts used as safety evidence could be provided. Addressing these aspects will allow SACM to better fit safety evidence management needs and practices, especially beyond the scope of a safety case. The results and the conclusions drawn are especially valuable for practitioners interested in SACM adoption and vendors interested in developing tool support for SACM-based safety evidence management. [ABSTRACT FROM AUTHOR]

Published

2017

22. Comparison of group key establishment protocols.

Author

SŞAHİN, Serap and ASLANOĞLU, Rabia

Subjects

*COMPUTER network protocols, *KEY agreement protocols (Computer network protocols), *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *CRYPTOGRAPHY

Abstract

Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing-based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users. [ABSTRACT FROM AUTHOR]

Published

2017

23. Efficient private subset computation.

Author

Dou, Jiawei, Gong, Linming, Li, Shundong, and Ma, Li

Subjects

COMPUTER security, CRYPTOGRAPHY, COMPUTER network protocols, DATA encryption, DATA security

Abstract

We consider how to privately determine whether a private set owned by Bob is a subset of another private set owned by Alice. This problem has many applications in online collaboration. We first propose an encoding method to encode a set to a vector, which can reduce a set computation problem to a vector computation. Based on this encoding scheme and two different homomorphic encryption schemes, we present two efficient protocols for private subset problem in case where both private sets are subsets of a known universal set. These protocols are secure both in the semi-honest model and in the malicious model. We then show how to use these protocols to privately determine whether a private number is a factor of another private number. Copyright © 2017 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

24. Provably secure user authentication and key agreement scheme for wireless sensor networks.

Author

Das, Ashok Kumar, Kumari, Saru, Odelu, Vanga, Li, Xiong, Wu, Fan, and Huang, Xinyi

Subjects

COMPUTER access control, WIRELESS sensor networks, COMPUTER security, KEY agreement protocols (Computer network protocols), SMART cards, COMPUTER network protocols

Abstract

In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols [ABSTRACT FROM AUTHOR]

Published

2016

25. Multi-proxy multi-signature binding positioning protocol.

Author

Xue, Qingshui, Li, Fengying, Chen, Huafeng, Zhang, Huajun, and Cao, Zhenfu

Subjects

DIGITAL signatures, COMPUTER network protocols, COMPUTER security, WIRELESS Internet, GLOBAL Positioning System, ENCRYPTION protocols

Abstract

For the first time, one new conception, multi-proxy multi-signature binding positioning protocol, is proposed. Based on the secure positioning protocol, one model of multi-proxy multi-signature binding positioning protocol is proposed. In the model, positioning protocol is bound to multi-proxy multi-signature tightly, not loosely. Further, we propose one scheme of multi-proxy multi-signature binding positioning protocol, its correctness is proved, and its security is analyzed. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

26. Combinatorial Methods in Security Testing.

Author

Simos, Dimitris E., Kuhn, Rick, Voyiatzis, Artemios G., and Kacker, Raghu

Subjects

*COMPUTER security, *COMBINATORICS, *COMPUTER software security, *COMPUTER network protocols, *INTERNET of things

Abstract

Combinatorial methods can make software security testing much more efficient and effective than conventional approaches. [ABSTRACT FROM PUBLISHER]

Published

2016

27. Privacy-enhanced attribute-based private information retrieval.

Author

Lai, Jianchang, Mu, Yi, Guo, Fuchun, Jiang, Peng, and Susilo, Willy

Subjects

*DATA privacy, *INFORMATION storage & retrieval systems, *COMPUTER network protocols, *COMPUTER security, *COMPUTER users

Abstract

A private information retrieval protocol allows a user to retrieve w th data item (or k items) of its choice from a database of N data items without revealing its choice w to the server. The traditional private information retrieval protocols based on the notion of oblivious transfer must publish the description of each data item stored in the database in order for the user to make a choice before users run the protocol (each data item’s content is not revealed though). Aiming to eliminate the information leakage of the data item in the private information retrieval system, in this work, we propose a novel attribute-based private information retrieval protocol which can enhance the data privacy. In our proposed protocol, each data item is associated with a set of attributes which is not made public to users who are only given a universal attribute set, which reveals no information about individual data item. For each query, the user can only obtain the data items whose attributes are within its chosen attribute set. We provide a rigorous security analysis of our protocol and demonstrate its efficiency and feasibility. [ABSTRACT FROM AUTHOR]

Published

2018

28. Mecanismes de connectivitat remota: creació d'una VPN basada en wireguard i integració amb mecanismes d'autenticació

Author

Canyelles Toledano, Martí, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, and Costa Prats, Juan José

Subjects

Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors [Àrees temàtiques de la UPC], communications networks, Xarxes punt a punt (Xarxes d'ordinadors), redes punto a punto (Redes de ordenadores), Seguretat informàtica, telecomunicación, Protocolos de redes de ordenadores, Telecomunicació, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], safety at work, telecommunication, Computer security, Peer-to-peer architecture (Computer networks), Computer network protocols, point-to-Point Networks (Computer Networks), redes de comunicaciones, seguridad en el trabajo, Protocols de xarxes d'ordinadors, seguridad informática, Computer networking protocols

Abstract

This project aims to study the pandemic applicability of remote connectivity mechanisms by the UTG North Campus ICT (UTGCNTIC) department of the UPC. The work consists of studying the current landscape regarding VPN protocols and Single Sign-On systems with SAML (Security Assertion Markup Language). Following the research, a practical application of the knowledge learned was set up by creating a Virtual Private Network (VPN) based on the WireGuard protocol and integrated with a Single Sign-On system with SAML. The mentioned department currently has an OpenVPN based VPN. This project focuses on finding better alternatives and concludes that the solution still needs more time to finish the development. WireGuard has been used to implement a VPN. KeyCloak and JumpCloud are used as Identity Providers (IdP) for the authentication Single Sign-On (SSO). El objetivo de este proyecto es estudiar la aplicabilidad en tiempos de pandemia de mecanismos de conectividad remota por el departamento UTG Campus norte TIC (UTGCNTIC) de la UPC. El trabajo consiste en el estudio del panorama actual referente a los protocolos VPN y de los sistemas de autenticación única (Single Sign-On) con SAML (Security Assertion Markup Language o lenguaje de marcado para confirmaciones de seguridad). Posteriormente a la investigación, se ha realizado una aplicación práctica de los conocimientos aprendidos creando una Red Privada Virtual (VPN o Virtual Private Network) basada en el protocolo WireGuard e integrada con un sistema de Single Sign-On con SAML. El departamento mencionado cuenta actualmente con una VPN basada en OpenVPN. Este proyecto se enfoca en encontrar mejores alternativas y concluye que la solución aún necesita más tiempo para terminar el desarrollo. WireGuard se ha utilizado para implementar una VPN. KeyCloak y JumpCloud se utilizan como proveedores de identidad (IdP) para la autenticación de inicio de sesión único (SSO). L'objectiu d'aquest projecte és estudiar l'aplicabilitat en temps de pandèmia de mecanismes de connectivitat remota pel departament UTG Campus nord TIC (UTGCNTIC) de la UPC. El treball consisteix en l'estudi del panorama actual referent als protocols VPN i dels sistemes d'autenticació única (Single Sign-On) amb SAML (Security Assertion Markup Language o llenguatge de marcatge d'afirmacions de seguretat). Posteriorment a la recerca, s'ha realitzat una aplicació pràctica dels coneixements apresos creant una Xarxa Privada Virtual (VPN o Virtual Private Network) basada en el protocol WireGuard i integrada amb un sistema de Single Sign-On amb SAML. L'esmentat departament té actualment una VPN basada en OpenVPN. Aquest projecte es centra a trobar millors alternatives i conclou que la solució encara necessita més temps per acabar el desenvolupament. S'ha utilitzat WireGuard per implementar una VPN. KeyCloak i JumpCloud s'utilitzen com a proveïdors d'identitat (IdP) per a l'autenticació d'inici de sessió únic (Single Sign-On, SSO).

Published

2021

29. Intrusion detection in mobile ad hoc networks: techniques, systems, and future challenges.

Author

Kumar, Sunil and Dutta, Kamlesh

Subjects

INTRUSION detection systems (Computer security), AD hoc computer networks, CYBERTERRORISM, COUNTERTERRORISM, DATA security, SENSOR networks, COMPUTER security, COMPUTER network protocols

Abstract

In recent years, Mobile Ad hoc NETworks (MANETs) have generated great interest among researchers in the development of theoretical and practical concepts, and their implementation under several computing environments. However, MANETs are highly susceptible to various security attacks due to their inherent characteristics. In order to provide adequate security against multi-level attacks, the researchers are of the opinion that detection-based schemes should be incorporated in addition to traditionally used prevention techniques because prevention-based techniques cannot prevent the attacks from compromised internal nodes. Intrusion detection system is an effective defense mechanism that detects and prevents the security attacks at various levels. This paper tries to provide a structured and comprehensive survey of most prominent intrusion detection techniques of recent past and present for MANETs in accordance with technology layout and detection algorithms. These detection techniques are broadly classified into nine categories based on their primary detection engine/(s). Further, an attempt has been made to compare different intrusion detection techniques with their operational strengths and limitations. Finally, the paper concludes with a number of future research directions in the design and implementation of intrusion detection systems for MANETs. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

30. A scalable anomaly detection and mitigation architecture for legacy networks via an OpenFlow middlebox.

Author

Giotis, Kostas, Androulidakis, George, and Maglaris, Vasilis

Subjects

DENIAL of service attacks, OPENFLOW (Computer network protocol), COMPUTER network protocols, CYBERTERRORISM, INTERNET protocols, COMPUTER security, DATA security

Abstract

In this paper, we investigate the applicability of inserting an OpenFlow middlebox to enhance the remotely triggered black hole routing mechanism, to mitigate distributed denial of service (DDoS) attacks in legacy networks. Specifically, we propose a modular architecture that exploits the network programmability of software-defined networking within the context of network functions virtualization, deploying on-demand virtualized network functions (VNFs) capable to manipulate and filter malicious traffic. Leveraging on the OpenFlow control functionality, we match and handle traffic on a per-flow level, preserving connectivity to/from the victim while pushing the mitigation process upstream, towards the edge of the affected network. To that end, a multilevel anomaly detection and identification mechanism was developed, pinpointing the victim in case an attack is detected. Subsequently, a virtualized network function instructs the edge router to forward all traffic destined to the victim to an OpenFlow switch, acting as a middlebox capable to filter malicious traffic identified by an OpenFlow controller, while preserving benign flows. The proposed architecture was implemented and evaluated based on the combination of datasets containing traces of real DDoS attacks and normal background traffic from our university campus network. Our analysis illustrated a clear clustering of Internet protocol prefixes used by malicious sources; thus, we implemented a longest common prefix aggregation algorithm to enable scaling of the proposed mitigation process, overcoming constraints due to hardware limitations of OpenFlow devices. Our analysis verifies that the proposed modular and scalable schema can efficiently identify DDoS attack victims and filter malicious traffic, without exhausting system and network resources. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

31. Designing and Modeling of Covert Channels in Operating Systems.

Author

Lin, Yuqi, Malik, Saif U. R., Bilal, Kashif, Yang, Qiusong, Wang, Yongji, and Khan, Samee U.

Subjects

*COMPUTER operating systems, *COMPUTER security, *DATA security failures, *CLOUD computing, *FINITE state machines, *COMPUTER network protocols

Abstract

Covert channels are widely considered as a major risk of information leakage in various operating systems, such as desktop, cloud, and mobile systems. The existing works of modeling covert channels have mainly focused on using finite state machines (FSMs) and their transforms to describe the process of covert channel transmission. However, a FSM is rather an abstract model, where information about the shared resource, synchronization, and encoding/decoding cannot be presented in the model, making it difficult for researchers to realize and analyze the covert channels. In this paper, we use the high-level Petri Nets (HLPN) to model the structural and behavioral properties of covert channels. We use the HLPN to model the classic covert channel protocol. Moreover, the results from the analysis of the HLPN model are used to highlight the major shortcomings and interferences in the protocol. Furthermore, we propose two new covert channel models, namely: (a) two channel transmission protocol (TCTP) model and (b) self-adaptive protocol (SAP) model. The TCTP model circumvents the mutual inferences in encoding and synchronization operations; whereas the SAP model uses sleeping time and redundancy check to ensure correct transmission in an environment with strong noise. To demonstrate the correctness and usability of our proposed models in heterogeneous environments, we implement the TCTP and SAP in three different systems: (a) Linux, (b) Xen, and (c) Fiasco.OC. Our implementation also indicates the practicability of the models in heterogeneous, scalable and flexible environments. [ABSTRACT FROM AUTHOR]

Published

2016

32. Novel Duplicate Address Detection with Hash Function.

Author

Song, GuangJia and Ji, ZhenZhou

Subjects

*INTERNET protocol address, *COMPARATIVE studies, *COMPUTER network protocols, *COMPUTER security, *COMPUTER simulation

Abstract

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. [ABSTRACT FROM AUTHOR]

Published

2016

33. A Lightweight Security Protocol for NFC-based Mobile Payments.

Author

Badra, Mohamad and Badra, Rouba Borghol

Subjects

COMPUTER security, COMPUTER network protocols, NEAR field communication, MOBILE commerce, CENTRAL processing units, SCALABILITY

Abstract

In this work, we describe a security solution that can be used to securely establish mobile payment transactions over the Near-Field Communication (NFC) radio interface. The proposed solution is very lightweight one; it uses symmetric cryptographic primitives on devices having memory and CPU resources limitations. We show that our approach maintains the security of NFC communications and we further demonstrate that our solution is simple, scalable, cost-effective, and incurs minimal computational processing overheads. [ABSTRACT FROM AUTHOR]

Published

2016

34. Contributory Broadcast Encryption with Efficient Encryption and Short Ciphertexts.

Author

Wu, Qianhong, Qin, Bo, Zhang, Lei, Domingo-Ferrer, Josep, Farras, Oriol, and Manjon, Jesus A.

Subjects

*BROADCAST engineering, *DATA encryption, *CIPHERS, *SCHEME programming language, *COMPUTER network protocols, *COMPUTER security

Abstract

Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision $n$ -Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols. [ABSTRACT FROM AUTHOR]

Published

2016

35. Key Vulnerabilities of Industrial Automation and Control Systems and Recommendations to Prevent Cyber-Attacks.

Author

Calvo, I., Etxeberria-Agiriano, I., Iñigo, M. A., and González-Nalda, P.

Subjects

AUTOMATIC control systems, CYBERTERRORISM, COMPUTER network protocols, WIRELESS communications, ROAD maps, COMPUTER security

Abstract

Until recently, Industrial Automation and Control Systems (IACS) were largely isolated from corporate systems by means of proprietary protocols, which facilitated their protection against cyber-attacks under the principle of security through obscurity. However, the widespread adoption of the new communication technologies, such as the Internet protocols and wireless communications has changed this scenario. In recent years there have been many evidences of cyberattacks to IACS that exploit their vulnerabilities. Unfortunately, these attacks have increased significantly during the last five years, and quite clearly only the tip of the iceberg comes to the public knowledge. The purpose of this article is twofold: (1) to raise awareness about the security vulnerabilities that most companies are facing at their IACS and (2) to propose a roadmap that seeks to guide designers and programmers in the new and complex world of industrial cyber-security. [ABSTRACT FROM AUTHOR]

Published

2016

36. Topology-Hiding Broadcast Based on NTRUEncrypt.

Author

Bo Mi and Dongyan Liu

Subjects

DATA encryption, TOPOLOGY, COMPUTER security, CRYPTOGRAPHY, COMPUTER network protocols

Abstract

Secure multi-party computation (MPC) has been a research focus of cryptography in resent studies. However, hiding the topology of the network in secure computation is a rather novel goal. Inspired by a seminal paper [1], we proposed a topology-hiding broadcast protocol based on NTRUEncrypt and secret sharing. The topology is concealed as long as any part of the network is corrupted. And we also illustrated the merits of our protocol by performance and security analysis. [ABSTRACT FROM AUTHOR]

Published

2016

37. Orthus v2 Authentication Protocol Enhancement, and Supporting Enterprise Architecture.

Author

Rogers, Dean

Subjects

COMPUTER access control, COMPUTER network protocols, COMPUTER architecture, COMPUTER security, IDENTITY management systems, DATA encryption

Abstract

The message negotiations involved in the Orthus authentication protocol for self-contained realms are a matter of prior publication. Orthus provides Authentication of a compliant entity to a realm, and a clear demarcation between realm membership verification and service access. Version II of the protocol introduces some security enhancements. Furthermore, functional descriptions of the supplementary application and functioning of supporting services and architecture in the Enterprise Environment are provided. Namely, those protocol exchanges necessary for the establishment of realm-to-realm trusts, and hierarchies, including a remote realm location protocol, and security hardening functions such as key revocation and re-issue procedures are described. [ABSTRACT FROM AUTHOR]

Published

2015

38. Toward secure large-scale machine-to-machine comm unications in 3GPP networks: chall enges and solutions.

Author

Lai, Chengzhe, Lu, Rongxing, Zheng, Dong, Li, Hui, and Shen, Xuemin (sherman)

Subjects

*MACHINE-to-machine communications, *LONG-Term Evolution (Telecommunications), *MOBILE computing, *COMPUTER network protocols, *COMPUTER security, *STANDARDS

Abstract

With trillions of machines connecting to mobile communication networks to provide a wide variety of applications, supporting a massive number of machine-to-machine (M2M) communications devices has been considered an essential requirement for mobile operators. Meanwhile, cyber security is of paramount importance in M2M as all applications involving M2M cannot be widely accepted without security guarantees. In this article we focus on the standardization activities of 3GPP, especially group-based security for largescale M2M communications in 3GPP networks. We first introduce the main components of the machine-type communication (MTC) security architecture. Then we discuss several major challenges for group-oriented secure M2M communications in 3GPP systems, i.e. authentication signalling congestion and overload, and group message protection. Specifically, we identify the performance issues of authentication signalling congestion and overload in no/low mobility scenarios, and propose three group access authentication and key agreement protocols. Moreover, several 3GPP candidate solutions for group message protection are introduced. Finally, we present key issues and research directions related to group-based secure M2M communications, including security, privacy, and efficiency in mobility scenarios of MTC, and flexible and efficient group key management. [ABSTRACT FROM AUTHOR]

Published

2015

39. Analysis on the Performance of Server-less RFID Searching Protocol.

Author

Ping Huang, Haibing Mu, and Fei Zeng

Subjects

NETWORK performance, INTERNET servers, RADIO frequency identification systems, COMPUTER network protocols, COMPUTER security, COMPUTER access control

Abstract

Radio frequency identification (RFID) has spread into many fields. Its security and privacy has received more and more attention. Based on traditional authentication protocols, some other branches related to practical applications have been introduced including server-less authentication and searching protocols. The server-less searching protocol is extended from server-less authentication protocol and both of them are executedwithout the support from the backend servers. Through analyzing some proposed protocols, we found that the probabilistic tracking attack is one of the major threats on the serverless RFID security protocols. The probability of being tracked and the cost on computation are related with the probability of the undesired tag's response. Based on the analysis, a practical conclusion is given which can be used in most of the server-less RFID systems. [ABSTRACT FROM AUTHOR]

Published

2015

40. Formal analysis of privacy in Direct Anonymous Attestation schemes.

Author

Smyth, Ben, Ryan, Mark D., and Chen, Liqun

Subjects

*MATHEMATICAL equivalence, *RSA algorithm, *COMPUTER security, *DATA privacy, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy. [ABSTRACT FROM AUTHOR]

Published

2015

41. Securing Voice Call Transmission over Cellular Communication.

Author

Gupta, Daya Sagar and Biswas, G.P.

Subjects

COMPUTER security, CELLULAR neural networks (Computer science), CYBERTERRORISM, COMPUTER users, COMPUTER network protocols

Abstract

Voice call transmissions on cellular networks are not end-to-end secure and thus, attacks like call tracing, modification etc by an adversary is easily feasible, that is, any adversary Eve, can trace the call, and can intercept the voice, which is transmitted over an unsecured medium from a user (Alice) to another user (Bob) through mobile phones. Thus, it's not safe to private talk on the mobile phones. In this paper, we propose a scheme, which provides entire security between valid end users over the security protection provided by the network system. A common secret key is pre-negotiated between end users (many such schemes are available) to initiate the communication. We present a global construction of our proposed protocol. In addition to this, we also discuss the security proofs of our proposed protocol. [ABSTRACT FROM AUTHOR]

Published

2015

42. Secure Internet Voting Protocol (SIVP): a secure option for electoral processes

Author

Cristina Satizábal, Rafael Páez, Jordi Forné, Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, and Universitat Politècnica de Catalunya. SISCOM - Smart Services for Information Systems and Communication Networks

Subjects

Blind signature, General Computer Science, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors [Àrees temàtiques de la UPC], Computer science, Electronic voting, media_common.quotation_subject, Cryptography, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Computer security, computer.software_genre, Public-key cryptography, Voting, Computer network protocols, 0202 electrical engineering, electronic engineering, information engineering, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Protocols de comunicació [Àrees temàtiques de la UPC], Network protocols, media_common, Protocol (science), Information security, business.industry, 020206 networking & telecommunications, Electronic voting systems, Applied cryptography, Computer networks--Security measures, 020201 artificial intelligence & image processing, Public key cryptography, Ordinadors, Xarxes d'--Mesures de seguretat, business, Communications protocol, computer, Protocols de xarxes d'ordinadors

Abstract

© 2021 Elsevier. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/ Colombia government wants to implement electronic voting. However, the existing electronic voting protocols only include some of the required security features and Colombia needs a protocol with all these features to ensure fraud-free elections. In this paper, we present the design of SIVP (Secure Internet Voting Protocol), a new voting protocol for electoral processes, based on blind signatures and public key cryptography. This protocol has six phases and provides: eligibility, democracy, privacy, verifiability, accuracy, fairness, robustness, receipt-freeness and coercion-resistant. Also, we compare the number of cryptographic operations per phase of SIVP with other four protocols and conclude that the computational load of our protocol is not excessively high despite including more security features.

Published

2021

43. Cybersecurity: You Cannot Secure What You Cannot See.

Author

Zahn, David

Subjects

INTERNET security, COMPUTER security, COMPUTER network protocols, INFORMATION technology security, SIMPLE Network Management Protocol (Computer network protocol)

Abstract

The article outlines several factors to consider on how to protect companies from cyber incidents. It mentions the three basic scenarios that may lead to cyber incidents which include malicious attacks, human errors and the intentional actions of disgruntled current or former employees. It offers information on the Windows Management Instrumentation (WMI) and Simple Network Management Protocol (SNMP) that could interrogate for detailed configuration information.

Published

2016

44. Vulnerability aware graphs for RFID protocol security benchmarking.

Author

Chang, Shan, Lu, Li, Liu, Xiaoqiang, Song, Hui, and Yao, Qingsong

Subjects

*GRAPH theory, *RADIO frequency identification systems, *COMPUTER network protocols, *COMPUTER security, *BENCHMARK problems (Computer science)

Abstract

Security and privacy issues in Radio Frequency Identification (RFID) systems mainly result from limited storage and computation resources of RFID tags and unpredictable communication environment. Although many security protocols for RFID system have been proposed, most of them have various flaws. We propose a random graph-based methodology enabling automated benchmarking of RFID security. First, we formalize the capability of adversaries by a set of atomic actions. Second, Vulnerability Aware Graphs (VAGs) were developed to elaborate the interactions between adversaries and RFID systems, which are used to discover the potential attacks of adversaries via some paths on the graphs. The quantitative analysis on VAGs can predict the probability that the adversary leverages the potential flaws to perform attacks. Moreover, a joint entropy-based method is provided to measure the indistinguishability of RFID tags under passive attacks. Analysis and simulation were conducted to show the validity and effectiveness of VAGs. [ABSTRACT FROM AUTHOR]

Published

2015

45. An efficient strongly secure authenticated key exchange protocol without random oracles.

Author

Yang, Zheng

Subjects

COMPUTER network protocols, COMPUTER security, RANDOM functions (Mathematics), BILINEAR forms, OPERATIONS (Algebraic topology)

Abstract

Since the introduction of extended Canetti-Krawczyk (eCK) security model for two-party key exchange, many protocols have been proposed to provide eCK security. However, most of those protocols are provably secure in the random oracle model or rely on special design technique, which is well known as the NAXOS trick. In contrast to previous schemes, we present an eCK secure protocol in the standard model, without NAXOS trick and without knowledge of secret key assumption for public key registration. The security proof of our scheme is based on standard pairing assumption, collision-resistant hash functions, Bilinear Decision Diffie-Hellman and Decision Linear Diffie-Hellman assumptions, and pseudo-random functions with pairwise independent random source. Although our proposed protocol is based on bilinear groups, it does not require any pairing operation during key exchange procedure. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

46. Safeguarding 5G wireless communication networks using physical layer security.

Author

Yang, Nan, Wang, Lifeng, Geraci, Giovanni, Elkashlan, Maged, Yuan, Jinhong, and Renzo, Marco

Subjects

*WIRELESS Application Protocol (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *COMPUTER engineering, *WIRELESS communications, *PHYSICAL layer security

Abstract

The fifth generation (5G) network will serve as a key enabler in meeting the continuously increasing demands for future wireless applications, including an ultra-high data rate, an ultrawide radio coverage, an ultra-large number of devices, and an ultra-low latency. This article examines security, a pivotal issue in the 5G network where wireless transmissions are inherently vulnerable to security breaches. Specifically, we focus on physical layer security, which safeguards data confidentiality by exploiting the intrinsic randomness of the communications medium and reaping the benefits offered by the disruptive technologies to 5G. Among various technologies, the three most promising ones are discussed: heterogenous networks, massive multiple-input multiple-output, and millimeter wave. On the basis of the key principles of each technology, we identify the rich opportunities and the outstanding challenges that security designers must tackle. Such an identification is expected to decisively advance the understanding of future physical layer security. [ABSTRACT FROM PUBLISHER]

Published

2015

47. An enhanced Kerberos protocol with non-interactive zero-knowledge proof.

Author

Zhu, Yuesheng, Ma, Limin, and Zhang, Jinjiang

Subjects

COMPUTER network protocols, COMPUTER access control, COMPUTER passwords, CYBERTERRORISM, CRYPTOGRAPHY, COMPUTER security

Abstract

As one of the most important trusted third-party-based authentication protocols, Kerberos is widely used to provide authentication service in distributed networks. However, it is vulnerable to common brute force password-guessing attacks because of its password-based mechanism. Some enhanced Kerberos protocols based on public key cryptography were proposed as solutions, but they require excessive computation and communication resources. In this paper, a new enhanced Kerberos protocol with non-interactive zero-knowledge proof is proposed, in which the clients and the authentication server can mutually authenticate each other without revealing any information during the authentication process. Our security analysis and experimental results have shown that the proposed scheme can resist password-guessing attacks and is more convenient and efficient than previous schemes. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

48. Optimistic fair exchange in the enhanced chosen-key model.

Author

Wang, Yang, Au, Man Ho, and Susilo, Willy

Subjects

*COMPUTER security, *COMPUTER network protocols, *CYBERTERRORISM, *DIGITAL signatures, *SCHEME programming language

Abstract

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the existing chosen-key model through two concrete OFE schemes that serve as counterexamples. Finally, we revisit two existing generic constructions of optimistic fair exchange schemes, one based on verifiably encrypted signatures, and the other based on conventional signatures and ring signatures. Our result shows that the two generic approaches can still offer schemes secure in our enhanced model, which captures the real scenario that dishonest users may have access to the full signatures generated by the signer. [ABSTRACT FROM AUTHOR]

Published

2015

49. Hash-Based Password Authentication Protocol Against Phishing and Pharming Attacks.

Author

IKSU KIM and YONGYUN CHO

Subjects

COMPUTER access control, COMPUTER network protocols, PHISHING prevention, COMPUTER security, INTERNET fraud

Abstract

Until now, although many researchers proposed a variety of authentication protocol to verify the identity of the clients, most of these protocols are inefficient and ineffective. Gouda et al. proposed an anti-phishing single password protocol, but it is vulnerable to pharming attacks. In this paper, we show that the protocol is insecure, and propose a hash-based password authentication protocol against phishing and pharming attacks. In the proposed protocol, the authentication tickets passed between clients and servers are secure because they are hash values which can be verified only by clients and servers. The authentication ticket is used only once, which ensures that the proposed protocol is secure against a variety of attacks such as replay, man-in-the-middle, phishing, and pharming. Because the proposed authentication protocol does not require encryption keys during the authentication phase, it is suitable for wireless and mobile communication systems. [ABSTRACT FROM AUTHOR]

Published

2015

50. A Traceable Optimistic Fair Exchange Protocol in the Standard Model.

Author

Ganjavi, Ramin, Asaar, Maryam Rajabzadeh, and Salmasizadeh, Mahmoud

Subjects

COMPUTER network protocols, DIGITAL signatures, INFORMATION technology security, COMPUTER network security, COMPUTER security

Abstract

An Optimistic Fair Exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol execution, both of them receive their items or none of them receive anything. In an OFE protocol there is a semi-trusted third party, named arbitrator, which involves in the protocol if it is necessary. But there is a security problem when arbitrator acts dishonestly and colludes with the verifier, that is, the arbitrator can complete the transaction without getting signer's agreement. Huang et C al. in 2011 addressed this issue by formalizing the accountability property. However, Huang et al.'s scheme is secure in the random oracle model which is not available in the real world. We present the first generic accountable OFE protocol that is secure in the standard model by using traceable ring signatures (TRSs) as our primitive. We prove the security of our protocol under the chosen-key model and multi-user setting [ABSTRACT FROM AUTHOR]

Published

2015