Your search keyword '"Secure Shell"' showing total 7 results

1. Outsourced Ciphertext-Policy based Privacy Preservation for Mobile Cloud Computing

Author

Shengling Wang, Sheharyar, Zahid Mahmood, and Waqas Ahmad

Subjects

020203 distributed computing, Authentication, Computer science, business.industry, Secure Shell, Hash function, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Crowdsourcing, Mobile cloud computing, Mobile phone, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Verifiable secret sharing, business, computer, Mobile device, General Environmental Science, Anonymity

Abstract

With the rapid advancement of mobile phone technology, crowdsourced mobile applications are gaining importance for cheaper and abundant information gathering source. A couple of benefits of crowdsourcing are better (versatile) and less expensive responses to the requester, source of earning for crowd contributors at the same time. With the emergence of wireless access technologies and the popularity of smart and intelligent mobile terminals like smartphones, the privacy of requesters and contributors in a crowdsourced environment is becoming more crucial. Computation complexity of available privacy preserving tools and verification of outsourced schemes are not feasible for WSNs low power and resource constrained contributing devices. The low-end resource constrained mobile devices to have less capability to compute multiple access policies and the computation cost increases with the complexity of access strategy. To resolve this issue, we proposed a resourceful verifiable outsourced encryption policy based on ciphertext attributed policy (OS-ABE), which is a platform for computing exhaustive computing tasks during private data encryption and decryption. The proposed scheme works without revealing the personal data at outsource and leaves only the minimal calculation to the crowdsource contributor and the requester. To authenticate and overcome known attacks like DoS, false computing results at crowdsourced platforms, anonymity server is embedded to handle contributors privacy issues by providing a secure shell in the framework. This scheme is based on bilinear group of prime order in which two hash functions can verify outsourced computation and ensure integrity of data. The formal security and performance analysis is presented and found to be efficient and secure.

Published

2018

2. A flow-based detection method for stealthy dictionary attacks against Secure Shell

Author

Takeshi Ikenaga, Akihiro Satoh, and Yutaka Nakamura

Subjects

Flexibility (engineering), Dictionary attack, SIMPLE (military communications protocol), Computational complexity theory, Computer Networks and Communications, Computer science, Distributed computing, Secure Shell, computer.software_genre, Key (cryptography), Data mining, Safety, Risk, Reliability and Quality, SSH File Transfer Protocol, Protocol (object-oriented programming), computer, Software

Abstract

SANS has warned about the new variants of SSH dictionary attacks that are very stealthy in comparison with a simple attack. In this paper, we propose a new method to detect simple and stealthy attacks by combining two key innovations. First, on the basis of our assumptions, we employ two criteria: “the existence of a connection protocol” and “the inter-arrival time of an auth-packet and the next” . These criteria are not available, though, owing to the confidentiality and flexibility of the SSH protocol. Second, we resolve this problem by identifying “the transition point of each sub-protocol” through flow features and machine learning algorithms. We evaluate the effectiveness through experiments on real network traffic at the edges in campus networks. The experimental results show that our method provides high accuracy with acceptable computational complexity.

Published

2015

3. Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?

Author

A. Nur Zincir-Heywood and Riyad Alshammari

Subjects

Firewall (construction), Computer Networks and Communications, Computer science, business.industry, Network packet, Quality of service, Secure Shell, Header, Encryption, business, Port (computer networking), Computer network

Abstract

Identifying encrypted application traffic represents an important issue for many network tasks including quality of service, firewall enforcement and security. Solutions should ideally be both simple – therefore efficient to deploy – and accurate. This paper presents a machine learning based approach employing simple packet header feature sets and statistical flow feature sets without using the IP addresses, source/destination ports and payload information to unveil encrypted application tunnels in network traffic. We demonstrate the effectiveness of our approach as a forensic analysis tool on two encrypted applications, Secure SHell (SSH) and Skype, using traces captured from entirely different networks. Results indicate that it is possible to identify encrypted traffic tunnels with high accuracy without inspecting payload, IP addresses and port numbers. Moreover, it is also possible to identify which services run in encrypted tunnels.

Published

2011

4. The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems

Author

Paul Lu, Cam Macdonell, Morgan Kan, Paul Nalos, Michael Closson, Danny Ngo, and Mark Lee

Subjects

Computer Networks and Communications, Computer science, business.industry, Secure Shell, Distributed computing, Overlay, Trellis (graph), Theoretical Computer Science, Metacomputing, Artificial Intelligence, Hardware and Architecture, Wide area network, Component (UML), Single sign-on, Distributed File System, business, Software, Computer network

Abstract

Researchers often have non-privileged access to a variety of high-performance computer (HPC) systems in different administrative domains, possibly across a wide-area network. Consequently, the security infrastructure becomes an important component of an overlay metacomputer: a user-level aggregation of HPC systems. The Trellis security infrastructure (TSI) is layered on top of the widely-deployed secure shell (SSH) and systems administrators only need to provide unprivileged accounts to the users. The contribution of TSI is in demonstrating that a single sign-on (SSO) system, for a variety of use-case scenarios, can be implemented without requiring a completely new security infrastructure. We describe the use of TSI for a Canada-wide overlay metacomputer, for computational workloads (i.e., CISS-3) that spanned 22 administrative domains, at its peak had over 4000 concurrent jobs, and included a new distributed file system (i.e., Trellis NFS).

Published

2006

5. A package of Linux scripts for the parallelization of Monte Carlo simulations

Author

Josep Sempau and Andreu Badal

Subjects

Pseudorandom number generator, Source code, business.industry, Computer science, media_common.quotation_subject, Secure Shell, String (computer science), General Physics and Astronomy, Parallel computing, Set (abstract data type), Software, Hardware and Architecture, Code (cryptography), business, media_common, Generator (mathematics)

Abstract

Despite the fact that fast computers are nowadays available at low cost, there are many situations where obtaining a reasonably low statistical uncertainty in a Monte Carlo (MC) simulation involves a prohibitively large amount of time. This limitation can be overcome by having recourse to parallel computing. Most tools designed to facilitate this approach require modification of the source code and the installation of additional software, which may be inconvenient for some users. We present a set of tools, named clonEasy, that implement a parallelization scheme of a MC simulation that is free from these drawbacks. In clonEasy, which is designed to run under Linux, a set of “clone” CPUs is governed by a “master” computer by taking advantage of the capabilities of the Secure Shell (ssh) protocol. Any Linux computer on the Internet that can be ssh-accessed by the user can be used as a clone. A key ingredient for the parallel calculation to be reliable is the availability of an independent string of random numbers for each CPU. Many generators—such as RANLUX, RANECU or the Mersenne Twister—can readily produce these strings by initializing them appropriately and, hence, they are suitable to be used with clonEasy. This work was primarily motivated by the need to find a straightforward way to parallelize PENELOPE, a code for MC simulation of radiation transport that (in its current 2005 version) employs the generator RANECU, which uses a combination of two multiplicative linear congruential generators (MLCGs). Thus, this paper is focused on this class of generators and, in particular, we briefly present an extension of RANECU that increases its period up to ∼ 5 × 10 27 and we introduce seedsMLCG, a tool that provides the information necessary to initialize disjoint sequences of an MLCG to feed different CPUs. This program, in combination with clonEasy, allows to run PENELOPE in parallel easily, without requiring specific libraries or significant alterations of the sequential code. Program summary 1

Published

2006

6. A15: Secure signal tunneling for SCADA and PLCs using SSH protocol

Author

Przemyslaw Plesowicz

Subjects

Engineering, Transport Layer Security, SCADA, business.industry, Secure Shell, Server, The Internet, business, Tunneling protocol, SSH File Transfer Protocol, Computer network, Private network

Abstract

The high popularity and availability of Internet and intranets allows easy creation of distributed control systems. One of the very important condition distributed system has to comply is security, especially when the Internet is used as data transmission medium. It is necessary to protect transmitted data from unprivileged access or change. There are several approaches to transmission security: VPN (Virtual Private Network) standard, SSL (Secure Socket Layer) library. This paper focuses on another solution – TCP connections tunneling using well known SSH protocol. Opposite to above mentioned solutions, use of SSH client application requires almost no user privileges on client system, and client applications need not to be modified – so this is zero-cost solution. To accomplish this task – universal tool for TCP/IP data tunneling has been built. It allows to establish secure connection between two parts of automatic control system connected via TCP/IP-based computer network. This paper presents tool for securing measurement/control data transmission, secure operation on remote PLCs, data acquisition servers and use of SCADA system connected to the installation through the Internet, using TCP/IP connection forwarding via SSH tunnel. Presented example shows also simplicity of this solution.

Published

2004

7. Development of Ethernet emulation driver for reflective memory

Author

Seong-Heon Seo

Subjects

Ethernet, Emulation, Computer science, Transmission Control Protocol, Mechanical Engineering, Secure Shell, Linux kernel, computer.software_genre, law.invention, Nuclear Energy and Engineering, law, Internet Protocol, Operating system, Network File System, General Materials Science, Distributed control system, computer, Civil and Structural Engineering

Abstract

Reflective memory (RFM) is adopted as a real time network in the KSTAR plasma control system (PCS). Since the data uploaded from any computer are automatically shared among all the computers on the RFM network, the design of a distributed control system based on RFM is easily implemented through the management of memory mapping. The data providers and consumers are logically well seperated so that, if memory mapping information is given, a new control unit can be added without any modification to the existing system except connecting a new RFM module through an optical cable. The KSTAR PCS is also connected with the Ethernet in addition to the RFM because the RFM does not support the Transmission Control Protocol/Internet Protocol (TCP/IP) and many network services of the operating system such as the Network File System (NFS) and the Secure Shell (SSH) are based on the TCP/IP. Therefore we developed an Ethernet emulation driver for the RFM to eliminate the need for a separate Ethernet network. The driver was tested on the Linux kernel 2.6.31. The algorithm of the emulation driver is explained and the experimental setup is presented.

Published

2010