Your search keyword '"COMPUTER network protocols"' showing total 45 results

1. Combinatorial Methods in Security Testing.

Author

Simos, Dimitris E., Kuhn, Rick, Voyiatzis, Artemios G., and Kacker, Raghu

Subjects

*COMPUTER security, *COMBINATORICS, *COMPUTER software security, *COMPUTER network protocols, *INTERNET of things

Abstract

Combinatorial methods can make software security testing much more efficient and effective than conventional approaches. [ABSTRACT FROM PUBLISHER]

Published

2016

2. Designing and Modeling of Covert Channels in Operating Systems.

Author

Lin, Yuqi, Malik, Saif U. R., Bilal, Kashif, Yang, Qiusong, Wang, Yongji, and Khan, Samee U.

Subjects

*COMPUTER operating systems, *COMPUTER security, *DATA security failures, *CLOUD computing, *FINITE state machines, *COMPUTER network protocols

Abstract

Covert channels are widely considered as a major risk of information leakage in various operating systems, such as desktop, cloud, and mobile systems. The existing works of modeling covert channels have mainly focused on using finite state machines (FSMs) and their transforms to describe the process of covert channel transmission. However, a FSM is rather an abstract model, where information about the shared resource, synchronization, and encoding/decoding cannot be presented in the model, making it difficult for researchers to realize and analyze the covert channels. In this paper, we use the high-level Petri Nets (HLPN) to model the structural and behavioral properties of covert channels. We use the HLPN to model the classic covert channel protocol. Moreover, the results from the analysis of the HLPN model are used to highlight the major shortcomings and interferences in the protocol. Furthermore, we propose two new covert channel models, namely: (a) two channel transmission protocol (TCTP) model and (b) self-adaptive protocol (SAP) model. The TCTP model circumvents the mutual inferences in encoding and synchronization operations; whereas the SAP model uses sleeping time and redundancy check to ensure correct transmission in an environment with strong noise. To demonstrate the correctness and usability of our proposed models in heterogeneous environments, we implement the TCTP and SAP in three different systems: (a) Linux, (b) Xen, and (c) Fiasco.OC. Our implementation also indicates the practicability of the models in heterogeneous, scalable and flexible environments. [ABSTRACT FROM AUTHOR]

Published

2016

3. Contributory Broadcast Encryption with Efficient Encryption and Short Ciphertexts.

Author

Wu, Qianhong, Qin, Bo, Zhang, Lei, Domingo-Ferrer, Josep, Farras, Oriol, and Manjon, Jesus A.

Subjects

*BROADCAST engineering, *DATA encryption, *CIPHERS, *SCHEME programming language, *COMPUTER network protocols, *COMPUTER security

Abstract

Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision $n$ -Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols. [ABSTRACT FROM AUTHOR]

Published

2016

4. Toward secure large-scale machine-to-machine comm unications in 3GPP networks: chall enges and solutions.

Author

Lai, Chengzhe, Lu, Rongxing, Zheng, Dong, Li, Hui, and Shen, Xuemin (sherman)

Subjects

*MACHINE-to-machine communications, *LONG-Term Evolution (Telecommunications), *MOBILE computing, *COMPUTER network protocols, *COMPUTER security, *STANDARDS

Abstract

With trillions of machines connecting to mobile communication networks to provide a wide variety of applications, supporting a massive number of machine-to-machine (M2M) communications devices has been considered an essential requirement for mobile operators. Meanwhile, cyber security is of paramount importance in M2M as all applications involving M2M cannot be widely accepted without security guarantees. In this article we focus on the standardization activities of 3GPP, especially group-based security for largescale M2M communications in 3GPP networks. We first introduce the main components of the machine-type communication (MTC) security architecture. Then we discuss several major challenges for group-oriented secure M2M communications in 3GPP systems, i.e. authentication signalling congestion and overload, and group message protection. Specifically, we identify the performance issues of authentication signalling congestion and overload in no/low mobility scenarios, and propose three group access authentication and key agreement protocols. Moreover, several 3GPP candidate solutions for group message protection are introduced. Finally, we present key issues and research directions related to group-based secure M2M communications, including security, privacy, and efficiency in mobility scenarios of MTC, and flexible and efficient group key management. [ABSTRACT FROM AUTHOR]

Published

2015

5. Safeguarding 5G wireless communication networks using physical layer security.

Author

Yang, Nan, Wang, Lifeng, Geraci, Giovanni, Elkashlan, Maged, Yuan, Jinhong, and Renzo, Marco

Subjects

*WIRELESS Application Protocol (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *COMPUTER engineering, *WIRELESS communications, *PHYSICAL layer security

Abstract

The fifth generation (5G) network will serve as a key enabler in meeting the continuously increasing demands for future wireless applications, including an ultra-high data rate, an ultrawide radio coverage, an ultra-large number of devices, and an ultra-low latency. This article examines security, a pivotal issue in the 5G network where wireless transmissions are inherently vulnerable to security breaches. Specifically, we focus on physical layer security, which safeguards data confidentiality by exploiting the intrinsic randomness of the communications medium and reaping the benefits offered by the disruptive technologies to 5G. Among various technologies, the three most promising ones are discussed: heterogenous networks, massive multiple-input multiple-output, and millimeter wave. On the basis of the key principles of each technology, we identify the rich opportunities and the outstanding challenges that security designers must tackle. Such an identification is expected to decisively advance the understanding of future physical layer security. [ABSTRACT FROM PUBLISHER]

Published

2015

6. On the Efficiency of Classical and Quantum Secure Function Evaluation.

Author

Winkler, Severin and Wullschleger, Jurg

Subjects

*COMPUTER security, *MATHEMATICAL bounds, *ENTROPY (Information theory), *QUANTUM mechanics, *COMPUTER network protocols, *QUANTUM communication, *QUANTUM computing

Abstract

We provide bounds on the efficiency of secure one-sided output two-party computation of arbitrary finite functions from trusted distributed randomness in the statistical case. From these results, we derive bounds on the efficiency of protocols that use different variants of oblivious transfer (OT) as a black box. When applied to implementations of OT, these bounds generalize most known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. In the second part, we study the efficiency of quantum protocols implementing OT. While most classical lower bounds for perfectly secure reductions of OT to distributed randomness still hold in the quantum setting, we present a statistically secure protocol that violates these bounds by an arbitrarily large factor. We then prove a weaker lower bound that does hold in the statistical quantum setting and implies that even quantum protocols cannot extend OT. Finally, we present two lower bounds for reductions of OT to commitments and a protocol based on string commitments that is optimal with respect to both of these bounds. [ABSTRACT FROM PUBLISHER]

Published

2014

7. Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys.

Author

Woo, Jeffrey Lok Tin and Tripunitara, Mahesh V.

Subjects

*CRYPTOGRAPHY, *COMPUTER security, *CLIENT/SERVER computing, *AUTHENTICATION (Law), *COMPUTER network protocols

Abstract

We motivate and present two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY) for authenticated transport of cryptographic keys for secure group-communication in enterprise and public-safety settings. A technical challenge, and our main contribution, is the analysis of the security of the composition. Towards this, we design our compositions to have intuitive appeal and thereby less prone to security vulnerabilities. We then employ protocol composition logic (PCL), a state-of-the-art approach for analyzing our composition. For this, we first articulate two properties that are of interest. Both properties are on the group key that is transported; we call them Group Key Confidentiality and Acquisition. Group Key Confidentiality is the property that if a principal possesses the key, then it is an authorized member of the group. Group Key Acquisition is the property that if a principal is a member of the group, then it is able to acquire the group key. In the course of our rigorous analysis, we discovered a flaw in our first design, which we point out, and which lead us to our second design. We have implemented both designs starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. Our implementations are available as open-source. We discuss our experience from the implementation, and present empirical results. [ABSTRACT FROM PUBLISHER]

Published

2014

8. A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation.

Author

Lacuesta, Raquel, Lloret, Jaime, Garcia, Miguel, and Peñalver, Lourdes

Subjects

*COMPUTER network protocols, *AD hoc computer networks, *COMPUTER security, *HYBRID systems, *DATA analysis, *INFORMATION sharing, *COMPUTER access control, *CRYPTOGRAPHY

Abstract

This paper presents a secure protocol for spontaneous wireless ad hoc networks which uses an hybrid symmetric/asymmetric scheme and the trust between users in order to exchange the initial data and to exchange the secret keys that will be used to encrypt the data. Trust is based on the first visual contact between users. Our proposal is a complete self-configured secure protocol that is able to create the network and share secure services without any infrastructure. The network allows sharing resources and offering new services among users in a secure environment. The protocol includes all functions needed to operate without any external support. We have designed and developed it in devices with limited resources. Network creation stages are detailed and the communication, protocol messages, and network management are explained. Our proposal has been implemented in order to test the protocol procedure and performance. Finally, we compare the protocol with other spontaneous ad hoc network protocols in order to highlight its features and we provide a security analysis of the system. [ABSTRACT FROM PUBLISHER]

Published

2013

9. Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption.

Author

Han, Jinguang, Susilo, Willy, Mu, Yi, and Yan, Jun

Subjects

*COMPUTER security, *DATA encryption, *COMPUTER network protocols, *ACCESS control, *POLYNOMIALS, *COMPUTATIONAL complexity, *COMPUTER users

Abstract

Decentralized attribute-based encryption (ABE) is a variant of a multiauthority ABE scheme where each authority can issue secret keys to the user independently without any cooperation and a central authority. This is in contrast to the previous constructions, where multiple authorities must be online and setup the system interactively, which is impractical. Hence, it is clear that a decentralized ABE scheme eliminates the heavy communication cost and the need for collaborative computation in the setup stage. Furthermore, every authority can join or leave the system freely without the necessity of reinitializing the system. In contemporary multiauthority ABE schemes, a user's secret keys from different authorities must be tied to his global identifier (GID) to resist the collusion attack. However, this will compromise the user's privacy. Multiple authorities can collaborate to trace the user by his GID, collect his attributes, then impersonate him. Therefore, constructing a decentralized ABE scheme with privacy-preserving remains a challenging research problem. In this paper, we propose a privacy-preserving decentralized key-policy ABE scheme where each authority can issue secret keys to a user independently without knowing anything about his GID. Therefore, even if multiple authorities are corrupted, they cannot collect the user's attributes by tracing his GID. Notably, our scheme only requires standard complexity assumptions (e.g., decisional bilinear Diffie-Hellman) and does not require any cooperation between the multiple authorities, in contrast to the previous comparable scheme that requires nonstandard complexity assumptions (e.g., q-decisional Diffie-Hellman inversion) and interactions among multiple authorities. To the best of our knowledge, it is the first decentralized ABE scheme with privacy-preserving based on standard complexity assumptions. [ABSTRACT FROM AUTHOR]

Published

2012

10. Code Reverse Engineering Problem for Identification Codes.

Author

Bringer, Julien and Chabanne, Hervé

Subjects

*REVERSE engineering, *CODING theory, *SYSTEM identification, *COMPUTER security, *COMPUTER network protocols, *INFORMATION theory

Abstract

At ITW'10, Bringer suggested to strengthen their previous identification protocol where the security depends on computational assumptions (related to the Polynomial Reconstruction problem) by extending the Code Reverse Engineering (CRE) problem to identification codes. We formalize this new problem and we extend security results by Tillich on this very problem. This enables us to prove the security of this protocol using information theoretical arguments. [ABSTRACT FROM AUTHOR]

Published

2012

11. Dense-Coding Attack on Three-Party Quantum Key Distribution Protocols.

Author

Gao, Fei, Qin, Su-Juan, Guo, Fen-Zhuo, and Wen, Qiao-Yan

Subjects

*CODING theory, *COMPUTER network protocols, *QUANTUM cryptography, *COMPUTER security, *KNOWLEDGE transfer, *ENCODING

Abstract

Cryptanalysis is an important branch in the study of cryptography, including both the classical cryptography and the quantum one. In this paper we analyze the security of two three-party quantum key distribution protocols (QKDPs) proposed recently, and point out that they are susceptible to a simple and effective attack, i.e., the dense-coding attack. It is shown that the eavesdropper Eve can totally obtain the session key by sending entangled qubits as the fake signal to Alice and performing collective measurements after Alice's encoding. The attack process is just like a dense-coding communication between Eve and Alice, where a special measurement basis is employed. Furthermore, this attack does not introduce any errors to the transmitted information and consequently will not be discovered by Alice and Bob. The attack strategy is described in detail and a proof for its correctness is given. Finally, the root cause of this insecurity and a possible way to improve these protocols are discussed. [ABSTRACT FROM PUBLISHER]

Published

2011

12. An ISP-Friendly File Distribution Protocol: Analysis, Design, and Implementation.

Author

Minghong Lin, Lui, John C. S., and Dah-Ming Chiu

Subjects

*PEER-to-peer architecture (Computer networks), *COMPUTER security, *INTERNET service providers, *INTERNET, *COMPUTER network protocols

Abstract

In the past few years, P2P file distribution applications (e.g., BitTorrent) are becoming so popular that they are the dominating source of Internet traffic. This creates significant problems to Internet Service Providers (ISPs), not only because of the added complexity in traffic engineering, but the increase of traffic, in particular on the cross-ISP links, implies congestion and a higher operating cost. In this paper, we consider an ISP-friendly file distribution protocol which uses the "exploiting-the-locality principle" (ELP) to reduce the cross-ISP traffic. To show its benefit, we derive an upper and lower bound of cross-ISP traffic for the protocols which rely on ELP and show that the cross-ISP traffic can be reduced significantly when the number of peers within an ISP increases. To carry out realistic study, we design and implement our ISP-friendly protocol (which is compatible with the current BitTorrent protocol) and carry out large scale experiments on PlanetLab to measure the reduction of the cross ISP-traffic and the file downloading time. More important, we also show how the proposed ISP-friendly protocol can handle the "black-hole" security attack. This paper sheds light on the merits and design direction of ISP-friendly content distribution protocols. [ABSTRACT FROM AUTHOR]

Published

2010

13. P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains.

Author

Dewan, Prashant and Dasgupta, Partha

Subjects

*PEER-to-peer architecture (Computer networks), *COMPUTER network security, *COMPUTER security, *CLIENT/SERVER computing, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

Peer-to-peer (P2P) networks are vulnerable to peers who cheat, propagate malicious code, leech on the network, or simply do not cooperate. The traditional security techniques developed for the centralized distributed systems like client-server networks are insufficient for P2P networks by the virtue of their centralized nature. The absence of a central authority in a P2P network poses unique challenges for reputation management in the network. These challenges include identity management of the peers, secure reputation data management, Sybil attacks, and above all, availability of reputation data. In this paper, we present a cryptographic protocol for ensuring secure and timely availability of the reputation data of a peer to other peers at extremely low costs. The past behavior of the peer is encapsulated in its digital reputation, and is subsequently used to predict its future actions. As a result, a peer's reputation motivates it to cooperate and desist from malicious activities. The cryptographic protocol is coupled with self-certification and cryptographic mechanisms for identity management and countering Sybil attack. We illustrate the security and the efficiency of the system analytically and by means of simulations in a completely decentralized Gnutella-like P2P network. [ABSTRACT FROM AUTHOR]

Published

2010

14. A Key Caching Mechanism for Reducing WiMAX Authentication Cost in Handoff.

Author

Hsu, Shih-Feng and Lin, Yi-Bing

Subjects

*IEEE 802.16 (Standard), *KEYSTROKE timing authentication, *SIMULATION methods & models, *ACCESS control, *COMPUTER network protocols, *TELECOMMUNICATION systems, *COMPUTER security, *DATA transmission systems, *RADIO broadcasting

Abstract

The IEEE 802.1X is utilized in mobile Worldwide Interoperability for Microwave Access (WiMAX) authentication. This procedure incurs a long delay in WiMAX handoff. To resolve this issue, this paper proposes a key caching mechanism to eliminate the nonnecessary IEEE 802.1X authentication cost in WiMAX handoff. This mechanism is investigated through analytic and simulation modeling. Our study indicates that the key caching scheme can effectively speed up the handoff process. [ABSTRACT FROM AUTHOR]

Published

2009

15. Effect of Impulse Radio-Ultrawideband Based on Energy Collection on MAC Protocol Performance.

Author

Haapola, Jussi, Rabbachin, Alberto, Goratti, Leonardo, Pomalaza-Ráez, Carlos, and Oppermann, Ian

Subjects

*ACCESS control, *IMPULSE response, *FALSE alarms, *COMPUTER network protocols, *POWER resources, *TELECOMMUNICATION systems, *COMPUTER security, *DATA transmission systems, *RADIO broadcasting

Abstract

In this paper, we analyze the effects of the probabilities of detection, false alarm, and frame collision survival (in the presence of simultaneous transmissions) on medium access control (MAC) protocols using impulse-radio-ultrawideband (IR-UWB) energy-collection noncoherent receivers. The MAC protocols that were considered are all IEEE 802.15.4 compatible, i.e., the IEEE 802.15.4a optional UWB clear-channel-assessment mode, the IEEE 802.15.4a ALOHA mode, and a protocol termed preamble sense multiple access (PSMA). The impact on the network throughput, energy consumption, and delay are analytically derived and verified by simulation. The results show that these effects have a considerable impact on the performance of IR-UWB MAC protocols, and a classical analysis does not properly evaluate the protocols' performances. The results compare the performances of the MAC protocols and highlight a number of issues with regard to adapting narrowband protocols to UWB systems. The probability of frame collision survival on simultaneous transmissions is shown to have a significant impact on the performance of a MAC protocol. The comparison shows superior performance of the PSMA protocol under typical wireless-sensor-network operation ranges. [ABSTRACT FROM AUTHOR]

Published

2009

16. Limited Scale-Free Overlay Topologies for Unstructured Peer-to-Peer Networks.

Author

Guclu, Hasan and Yuksel, Murat

Subjects

*TOPOLOGY, *COMPUTER network protocols, *ALGORITHMS, *SEARCH engines, *COMPUTER security, *DATA protection, *SECURITY systems

Abstract

In unstructured peer-to-peer (P2P) networks, the overlay topology (or connectivity graph) among peers is a crucial component in addition to the peer/data organization and search. Topological characteristics have profound impact on the efficiency of a search on such unstructured P2P networks, as well as other networks. A key limitation of scale-free (power-law) topologies is the high load (i.e., high degree) on a very few number of hub nodes. In a typical unstructured P2P network, peers are not willing to maintain high degrees/loads as they may not want to store a large number of entries for construction of the overlay topology. Therefore, to achieve fairness and practicality among all peers, hard cutoffs on the number of entries are imposed by the individual peers, which limits scale-freeness of the overall topology, hence limited scale-free networks. Thus, it is expected that the efficiency of the flooding search reduces as the size of the hard cutoff does. We investigate the construction of scale-free topologies with hard cutoffs (i.e., there are not any major hubs) and the effect of these hard cutoffs on the, search efficiency. Interestingly, we observe that the efficiency of normalized flooding and random walk search algorithms increases as the hard cutoff decreases. [ABSTRACT FROM AUTHOR]

Published

2009

17. Dynamic Search Algorithm in Unstructured Peer-to-Peer Networks.

Author

Tsungnan Lin, Pochiang Lin, Hsinping Wang, and Chiahung Chen

Subjects

*ALGORITHMS, *COMPUTER network protocols, *NUMERICAL analysis, *TOPOLOGY, *INTERNET searching, *PERFORMANCE standards, *SEARCH engines, *COMPUTER security, *DATA protection, *SECURITY systems

Abstract

Designing efficient search algorithms is a key challenge in unstructured peer-to-peer networks. Flooding and random walk (RW) are two typical search algorithms. Flooding searches aggressively and covers the most nodes. However, it generates a large amount of query messages and, thus, does not scale. On the contrary, RW searches conservatively. It only generates a fixed amount of query messages at each hop but would take longer search time. We propose the dynamic search (DS) algorithm, which is a generalization of flooding and RW. DS takes advantage of various contexts under which each previous search algorithm performs well. It resembles flooding for short-term search and RW for long-term search. Moreover, DS could be further combined with knowledge-based search mechanisms to improve the search performance. We analyze the performance of DS based on some performance metrics including the success rate, search time, query hits, query messages, query efficiency, and search efficiency. Numerical results show that DS provides a good tradeoff between search performance and cost. On average, DS performs about 25 times better than flooding and 58 times better than RW in power-law graphs, and about 186 times better than flooding and 120 times better than RW in bimodal topologies. [ABSTRACT FROM AUTHOR]

Published

2009

18. Privacy-Preserving Kth Element Score over Vertically Partitioned Data.

Author

Vaidya, Jaideep and Clifton, Christopher W.

Subjects

*PARTITIONS (Mathematics), *COMPUTER network protocols, *ELECTRONIC data processing, *COMPUTER security, *DATABASE management, *COMPUTER software

Abstract

Given a large integer data set shared vertically by two parties, we consider the problem of securely computing a score separating the kth and the (k + 1)th element. An efficient secure protocol is developed to compute such a score while revealing little additional information. The proposed protocol is implemented using the Fairplay system and experimental results are reported. We show a real application of this protocol as a component used in the secure processing of top-k queries over vertically partitioned data. [ABSTRACT FROM AUTHOR]

Published

2009

19. Dynamic Routing with Security Considerations.

Author

Chin-Fu Kuo, Ai-Chun Pang, and Sheng-Kun Chan

Subjects

*ADAPTIVE routing (Computer network management), *COMPUTER network security, *COMPUTER network management, *DATA encryption, *COMPUTER network architectures, *COMPUTER network protocols, *DATA transmission systems, *COMPUTER algorithms, *COMPUTER security

Abstract

Security has become one of the major issues for data communication over wired and wireless networks. Different from the past work on the designs of cryptography algorithms and system infrastructures, we will propose a dynamic routing algorithm that could randomize delivery paths for data transmission. The algorithm is easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol in wired networks and Destination-Sequenced Distance Vector protocol in wireless networks, without introducing extra control messages. An analytic study on the proposed algorithm is presented, and a series of simulation experiments are conducted to verify the analytic results and to show the capability of the proposed algorithm. [ABSTRACT FROM AUTHOR]

Published

2009

20. A Secure Routing Protocol Against Byzantine Attacks for MANETs in Adversarial Environments.

Author

Ming Yu, Mengchu Zhou, and Wei Su

Subjects

*NETWORK routers, *MOBILE communication systems, *COMPUTER security, *COMPUTER algorithms, *COMPUTER network protocols, *INFORMATION theory, *NETWORK routing protocols, *COMPUTER systems, *COMMUNICATION & technology

Abstract

To secure a mobile ad hoc network (MANET) in adversarial environments, a particularly challenging problem is how to feasibly detect and defend possible attacks on routing protocols, particularly internal attacks, such as a Byzantine attack. In this paper, we propose a novel algorithm that detects internal attacks by using both message and route redundancy during route discovery. The route-discovery messages are protected by pairwise secret keys between a source and destination and some intermediate nodes along a route established by using public key cryptographic mechanisms. We also propose an optimal routing algorithm with routing metric combining both requirements on a node's trustworthiness and performance. A node builds up the trustworthiness on its neighboring nodes based on its observations on the behaviors of the neighbor nodes. Both of the proposed algorithms can be integrated into existing routing protocols for MANETs, such as ad hoc on-demand distance vector routing (AODV) and dynamic source routing (DSR). As an example, we present such an integrated protocol called secure routing against collusion (SRAC), in which a node makes a routing decision based on its trust of its neighboring nodes and the performance provided by them. The simulation results have demonstrated the significant advantages of the proposed attack detection and routing algorithm over some known protocols. [ABSTRACT FROM AUTHOR]

Published

2009

21. Investigating the Performance of Power-Aware IEEE 802.11 in Multihop Wireless Networks.

Author

Alawieh, Basel, Assi, Chadi M., and Mouftah, Hussein

Subjects

*WIRELESS communications, *COMPUTER security, *IEEE 802.16 (Standard), *DATA transmission systems, *COMPUTER network security, *COMMUNICATION & technology, *INFORMATION technology, *COMPUTER systems, *COMPUTER network protocols

Abstract

We address two issues of contemporary interest in the area of enhancing the performance of ad hoc networks, where the IEEE 802.11 distributed coordination function (DCF) is the adopted medium-access control (MAC). We investigate the effects that transmission power control and tuning carrier sensing (CS) threshold have on network throughput, and we study the inter- play between them. To accomplish this, we develop a realistic analytical model that characterizes the transmission activities that are governed by the IEEE 802.11 DCF in a single-channel power-aware multihop wireless network. We observe that selecting a smaller CS threshold will severely impact the spatial reuse, whereas a larger CS threshold will yield excessive interference among concurrent transmissions. Accordingly, we discovered that performing power control has either a minor or negligible effect in both situations, respectively. Furthermore, when the CS threshold is selected appropriately, power control shows its effectiveness in reducing collisions and, hence, improving system performance. Finally, using our model, we demonstrate the potential adverse impacts of request-to-send/clear-to-send (RTS/CTS) control packets on the network capacity and compare its performance with the two-way basic access method. [ABSTRACT FROM AUTHOR]

Published

2009

22. Computationally Efficient PKI-Based Single Sign-On Protocol PKASSO for Mobile Devices.

Author

Park, Ki-Woong, Sang Seok Lim, and Park, Kyu Ho

Subjects

*KEYSTROKE timing authentication, *COMPUTER security, *COMPUTER access control, *ACCESS control, *ELECTRONIC information resources, *SOFTWARE protection, *COMPUTER passwords, *COMPUTER network protocols

Abstract

In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds). [ABSTRACT FROM AUTHOR]

Published

2008

23. Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting.

Author

Dutta, Ratna and Barua, Rana

Subjects

*COMPUTER network protocols, *COMPUTER security, *INFORMATION theory, *COMMUNICATION, *INFORMATION science, *ALGORITHMS

Abstract

In this paper, we present and analyze a variant of Burmester-Desmedt group key agreement protocol (BD) and enhance it to dynamic setting where a set of users can leave or join the group at any time during protocol execution with updated keys. In contrast to BD protocol, let us refer to our protocol as DB protocol. Although the DB protocol is similar to BD protocol, there are subtle differences between them: 1) Key computation in DB protocol is different and simpler than in BD protocol with same complexity of BD protocol; 2) Number of rounds required in our authenticated DB protocol is one less than that in authenticated BD protocol introduced by Katz-Yung; 3) DB protocol is more flexible than BD protocol in the sense that DB protocol is dynamic. The reusability of user's precomputed data in previous session enables the join and leave algorithms of our DB protocol to reduce most user's computation complexities which can be useful in real life applications; and 4) DB protocol has the ability to detect the presence of corrupted group members, although one can not detect who among the group members are behaving improperly. [ABSTRACT FROM AUTHOR]

Published

2008

24. Distributed Correlative Power Control Schemes for Mobile Ad hoc Networks Using Directional Antennas.

Author

Alawieh, Basel, Assi, Chadi M., and Ajib, Wessam

Subjects

*AD hoc computer networks, *COMPUTER network protocols, *COMPUTER security, *SECURITY systems, *POWER resources, *ANTENNA arrays

Abstract

Medium access control (MAC) protocols simultaneously integrating transmission power (TP) control with directional antennas have the potential to enhance both energy savings and capacity throughput in wireless multihop Mobile Ad hoc NET-works (MANETs). In this paper, we present a model to calculate future interference in networks with directional antennas, and based on this model, we derive some relations that should exist between the required TP of RTS, CTS, DATA, and ACK frames for successful data packet delivery in MANETs based on the directional version of the IEEE 802.11 distributed coordination function. From these relations, we propose a distributed power control scheme. Furthermore, we show, via simulations, that the true potentials from the proposed control scheme cannot be shown due to the imperfection of the derived model. Based on these observations, we introduce another class of power control algorithm that instead deploys a prediction filter (Kalman or extended Kalman) to estimate future interference. Simulation experiments for different topologies are used to verify the significant through- put and energy gains that can be obtained by the proposed power control schemes. [ABSTRACT FROM AUTHOR]

Published

2008

25. Game Theoretic Stochastic Routing for Fault Tolerance and Security in Computer Networks.

Author

Bohacek, Stephan, Hespanha, João P., Junsoo Lee, Chansook Lim, and Obraczka, Katia

Subjects

*COMPUTER network security, *FAULT-tolerant computing, *ROUTING (Computer network management), *COMPUTER security, *FIREWALLS (Computer security), *FAULT tolerance (Engineering), *SECURITY systems industry, *SECURITY systems, *COMPUTER network protocols

Abstract

We introduce the Game-Theoretic Stochastic Routing (GTSR) framework, a proactive alternative to today's reactive approaches to route repair. GTSR minimizes the impact of link and router failure by 1) computing multiple paths between source and destination and 2) selecting among these paths randomly to forward packets. Besides improving fault tolerance, the fact that GTSR makes packets take random paths from source to destination also improves security. In particular, it makes connection eavesdropping attacks maximally difficult as the attacker would have to listen on all possible routes. The approaches developed are suitable for network layer routing, as well as for application layer overlay routing and multipath transport protocols such as the Stream Control Transmission Protocol (SCTP). Through simulations, we validate our theoretical results and show how the resulting routing algorithms perform in terms of the security/fault-tolerant/delay/throughput trade-off. We also show that a beneficial side effect of these algorithms is an increase in throughput, as they make use of multiple paths. [ABSTRACT FROM AUTHOR]

Published

2007

26. Password-Based Authentication: Preventing Dictionary Attacks.

Author

Chakrabarti, Saikat and Singhal, Mukesh

Subjects

*COMPUTER passwords, *COMPUTER security, *ELECTRONIC surveillance, *DATA encryption, *ZERO-knowledge proofs, *COMPUTER network protocols, *CRYPTOGRAPHY software, *CIPHERS

Abstract

The article discusses protocols for preventing attacks on password-based computer authentication. The use of passwords on insecure communication channels such as the Internet can allow others to eavesdrop and learn passwords. Challenge-response protocols have been established to protect passwords by requiring users to answer a challenge prior to password verification. A password-based encrypted key exchange uses session keys to prevent password attacks. A secure remote password (SRP) combines zero-knowledge proofs and asymmetric key-exchange protocols. Though the standard model of key exchange is utilized in cryptography, alternative models use block ciphers in place of ideal ciphers. Reverse Turing tests (RTT) prevent automated programs from stealing passwords.

Published

2007

27. Information Leak Vulnerabilities in SIP Implementations.

Author

Hong Yan, Hui Zhang, Sripanidkulchai, Kunwadee, Zon-Yin Shae, and Saha, Debanjan

Subjects

*INTERNET telephony, *VOICE mail systems, *COMPUTER network protocols, *COMPUTER network architectures, *INTERNET industry, *COMPUTER security, *COMPUTER network security, *ACCESS control, *COMPUTER viruses

Abstract

The article discusses the results of the study on the methods of protecting the session initiation protocol (SIP) from information leak exposures which is used for voice over Internet Protocol signaling. Several forms of the exploitation of implementation vulnerabilities involve unauthorized access, worms, viruses, and denial of service attacks. The researchers introduced techniques to fingerprint SIP devices and develop a fingerprinting tool called SIPProbe that gathered fingerprints and determine SIP implementations. The study showed several useful applications of SIP fingerprinting such as higher priority given to messages from voice gateways, customization of messages for specific user agents, and slow processing of messages that are suspected to be malicious.

Published

2006

28. Using SAML to Protect the Session Initiation Protocol (SIP).

Author

Tschofenig, Hannes, Falk, Rainer, Peterson, Jon, Hodges, Jeff, Sicker, Douglas, and Polk, James

Subjects

*INTERNET telephony, *VOICE mail systems, *COMPUTER network protocols, *COMPUTER network architectures, *DIGITAL telephone systems, *INTERNET industry, *COMPUTER security, *COMPUTER network security

Abstract

The article discusses the application of Security Assertion Markup Language (SAML) to protect Session Initiation Protocol (SIP) in voice over Internet Protocol signaling. SAML standard was used to supports the expression of security assertions which include authentication, role membership, or permissions. The flexibility of SAML assertions allows for the encoding of the identity imformation about the user, its generic authentication and authorization attributes to accommodate full authorization mechanisms and enable trait-based authorization. Moreover, SIP can be used together with SAML which was reflected in the present standardization work within the Internet Engineering Task Force.

Published

2006

29. Secure Internet Access to Gateway Using Secure Socket Layer.

Author

Bhatt, Deep Vardhan, Schuize, Stefan, and Hancke, Gerhard P.

Subjects

*TCP/IP, *COMPUTER network resources, *DATA protection, *COMPUTER security, *COMPUTER network protocols

Abstract

The Internet is the most widely used medium to access remote sites. Data sent and received using transmission control protocol/Internet Protocol (TCP/IP) is in plain text format and can be accessed and tampered with quite easily and, hence, provides no data security. This is the case especially if the data are confidential and access to the gateway server has to be strictly controlled, although there are several protocols and mechanisms that have been thoroughly scrutinized to tackle these problems. This paper also intends to provide a model that uses secure socket layer (SSL) to provide a secure channel between client and gateway server. A smart card will be used for client authentication and encryption/decryption of the data. [ABSTRACT FROM AUTHOR]

Published

2006

30. Securing Wi-Fi Networks.

Author

Hole, Kjell J., Dyrnes, Erlend, and Thorsheim, Per

Subjects

*COMPUTER network protocols, *DATA protection, *COMPUTER security, *BACK up systems, *SECURITY systems industry, *INFORMATION technology

Abstract

As Wi-Fi networks have become increasingly popular, many corporations have added Wi-Fi access to give employees easier access to corporate data and services. Although information technology personnel control W-Fi access points in the corporate network, they cannot control access points in home networks. These networks thus give hackers new opportunities to gain unauthorized access to corporate computer systems and their data. The results of an investigation conducted to assess the security level in Wi-Fi networks in Bergen, Norway provide a context for analyzing some popular wireless security techniques and for offering suggestions on how to better protect these networks from hackers.

Published

2005

31. Solutions to Performance Problems in VoIP Over a 802.11 Wireless LAN.

Author

Wei Wang, Soung Chang Liew, and Victor O. K. Li

Subjects

*WIRELESS LANs, *INTERNET telephony, *MULTICASTING (Computer networks), *COMPUTER network protocols, *COMPUTER network architectures, *ACCESS control, *COMPUTER security

Abstract

Voice over Internet Protocol (VoIP) over a wireless local area network (WLAN) is poised to become an important Internet application. However, two major technical problems that stand in the way are: 1) low VoIP capacity in WLAN and 2) unacceptable VoIP performance in the presence of coexisting traffic from other applications. With each VoIP stream typically requiring less than 10 kb/s, an 802.llb WLAN operated at 11 Mb/s could in principle support more than 500 VoIP sessions. In actuality, no more than a few sessions can be supported due to various protocol overheads (for GSM 6.10, it is about 12). This paper proposes and investigates a scheme that can Improve the VoIP capacity by close to 100% without changing the standard 802.11 CSMA/CA protocol. In addition, we show that VoIP delay and loss performance in WLAN can be compromised severely in the presence of coexisting transmission control protocol (TCP) traffic, even when the number of VoW sessions is limited to half its potential capacity. A touted advantage of VoIP over traditional telephony is that it enables the creation of novel applications that integrate voice with data. The inability of VoIP and TCP traffic to coexist harmoniously over the WLAN poses a severe challenge to this vision. Fortunately, the problem can be largely solved by simple solutions that require only changes to the medium-access control (MAC) protocol at the access point. Specifically, in our proposed solutions, the MAC protocol at the wireless end stations does not need to be modified, making the solutions more readily deployable over the existing network infrastructure. [ABSTRACT FROM AUTHOR]

Published

2005

32. Host Mobility for IP Networks: A Comparison.

Author

Henderson, Thomas R.

Subjects

*COMPUTER network protocols, *INTERNET, *COMPUTER security

Abstract

The growth of wireless networking is enabling many Internet hosts to become mobile. This article describes and compares three alternatives for providing host mobility management in IP-based networks. Authors summarize the operation and behavior of Mobile IP, on which the Internet Engineering Task Force has focused as a host mobility solution. They describe two alternative architectures for providing mobility management. Their qualitative comparison focuses on contrasting the different performance, security, deployment, scalability, and robustness properties of each approach.

Published

2003

33. Protecting Privacy in Remote-Patient Monitoring.

Author

Kara, Atsushi

Subjects

*PATIENT monitoring, *INTERNET, *COMPUTER network protocols, *DATA encryption, *COMPUTER security

Abstract

Focuses on the privacy issues raised on audio-video-based remote-patient monitoring via the Internet as of May 2001. Protocols on Internet security; Basis for the foundation of encryption and authentication procedures; Goal in remote-monitoring technology.

Published

2001

34. Using CSP to Detect Errors in the TMN Protocol.

Author

Lowe, Gavin and Roscoe, Bill

Subjects

*COMPUTER network protocols, *CRYPTOGRAPHY, *MOBILE communication systems, *EAVESDROPPING, *DATA encryption, *COMPUTER viruses, *COMPUTER security

Abstract

In this paper we use FDR, a model checker for CSP, to detect errors in the TMN protocol [18]. We model the protocol and a very general intruder as CSP processes, and use the model checker to test whether the intruder can successfully attack the protocol. We consider three variants on the protocol, and discover a total of 10 different attacks leading to breaches of security. [ABSTRACT FROM AUTHOR]

Published

1997

35. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties.

Author

Focardi, Riccardo and Gorrieri, Roberto

Subjects

*SOFTWARE verification, *ACCESS control, *COMPUTER network protocols, *SECURITY systems, *COMPUTER security, *COMPUTER industry

Abstract

The Compositional Security Checker (CoSeC for short) is a semantic-based tool for the automatic verification of some compositional information flow properties. The specifications given as inputs to CoSeC are terms of the Security Process Algebra, a language suited for the specification of concurrent systems where actions belong to two different levels of confidentiality. The information flow security properties which can be verified by CoSeC are some of those classified in [8]. They derive from some classic notions, e.g., Noninterference [11]. The tool is based on the same architecture as the Concurrency Workbench [5], from which some modules have been imported unchanged. The usefulness of the tool is tested with the significant case-study of an access-monitor, presented in several versions in order to illustrate the relative merits of the various information flow properties that CoSeC can check. Finally, we present an application in the area of network security: we show that the theory (and the tool) can be reasonably applied also for singling out security flaws in a simple, yet paradigmatic, communication protocol. [ABSTRACT FROM AUTHOR]

Published

1997

36. A Model for Secure Protocols and Their Compositions.

Author

Heintze, Nevin and Tygar, J. D.

Subjects

*COMPUTER network protocols, *COMPUTER security, *SECURITY systems, *DATA protection, *COMPUTER networks, *STANDARDS

Abstract

This article develops a foundation for reasoning about protocol security. A model-based approach for defining protocol security properties is adopted. This allows describing security properties in greater detail and precision than previous frameworks for reasoning about protocol security. One can split the notion of security into two parts: the secret-security and the time-security of protocols. By secret-security, it means that messages believed to be secret are never revealed. By time-security, it means that stale messages cannot be replayed to subvert the protocol.

Published

1996

37. The New Standard-Bearer.

Author

Philip Qu

Subjects

*RADIO frequency identification systems, *AUTOMATIC tracking, *IDENTIFICATION equipment, *COMPUTER security, *DVD-Video discs, *FREQUENCIES of oscillating systems, *COMPUTER network protocols

Abstract

The article reports that China has proposed a standard for tracking goods using radio frequency identification (RFID) tags especially when bolstered by a developing coordination with Wal-Mart Inc., the world's largest merchandiser from Bentonville, Arkansas. Wal-Mart Inc. has planned to lead the way in commercial use of RFID technology to track its products from factory to store shelf. China's standard initiatives have been applied even in some of the hottest areas of technology including computer networking which has Wi-Fi security known as Wireless Authentication and Privacy Infrastructure, next-generation DVDs wherein the Chinese government has approved Enhanced Video Disk and race for the next generation of software to run on high-definition DVDs that is concerned with the way audio and video data on DVDs are encoded..

Published

2005

38. Authentication in Transient Storage Device Attachments.

Author

Rich, Donald

Subjects

*STORAGE area networks (Computer networks), *AUTHENTICATION (Law), *DATA warehousing, *COMPUTER network security, *DYNAMIC storage allocation (Computer science), *COMPUTER security, *COMPUTER network protocols

Abstract

The article discusses digital storage devices, or transient storage devices (TSD). Businesses need authentication of these devices before they allow a host to mount them due to security issues. The Institute of Electrical & Electronics Engineers' (IEEE) Computer Society has developed a protocol for standards in authentication for TSDs. The IEEE directive states that the host can authenticate TSD's identity and the TSD can also authenticate the host's identity. Analysts say authentication will solve many problems associated with the spread of TSDs.

Published

2007

39. Simplifying Public Key Management.

Author

Gutmann, Peter and Arbaugh, William A.

Subjects

*COMPUTER network protocols, *COMPUTER networks, *COMPUTER security, *DATA protection, *SECURITY systems, *ELECTRONIC data processing

Abstract

Focuses on the adoption of secure shell (SSH) protocol in public key management. Advantages of SSH; Features; Effectiveness of SSH in deploying security mechanisms.

Published

2004

40. Scientists Develop New Digital-Content Protection Technology.

Subjects

*ELECTRONIC security systems, *DATA protection, *COMPUTER security, *ACCESS control, *COPYRIGHT of electronic information resources, *DIGITAL communications, *MULTIMEDIA communications, *COMPUTER network protocols, *SECURITY systems, *UNIVERSITIES & colleges

Abstract

The article focuses on the development of a novel digital content protection technology by the engineering team from the University of Maryland. The technology aims to solve the unauthorized copying, distribution, and usage of multimedia and text. The researchers are hoping to hinder collusion attacks, in which various users complot to steal copyrighted material protected by fingerprints. The new technology uses shorter Internet protocol protection code that turns to a small spreading signal and sets securely the multiple bits of fingerprint code.

Published

2006

41. Explicit Communication Revisited: Two New Attacks on Authentication Protocols.

Author

Abadi, Martín

Subjects

*KEYSTROKE timing authentication, *COMPUTER network protocols, *CRYPTOGRAPHY, *COMPUTER security, *COMPUTER networks, *IMPERSONATION

Abstract

SSH and AKA are recent, practical protocols for secure connections over an otherwise unprotected network. This paper shows that, despite the use of public-key cryptography, SSH and AKA do not provide authentication as intended. The flaws of SSH and AKA can be viewed as the result of their disregarding a basic principle for the design of sound authentication protocols: the principle that messages should be explicit. [ABSTRACT FROM AUTHOR]

Published

1997

42. Securing the ZigBee Protocol in the Smart Grid.

Author

Melaragno, Anthony Patrick, Bandara, Damindra, Wijesekera, Duminda, and Michael, James Bret

Subjects

*COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *SMART power grids, *COMPUTER science

Abstract

The design-implement-fix process is sufficient for previously unknown attack vectors. However, engineers should use established knowledge, such as known attack patterns, in the analysis of security protocols prior to their acceptance and implementation. [ABSTRACT FROM AUTHOR]

Published

2012

43. An efficient and scalable re-authentication protocol over wireless sensor network.

Author

Kim, Jangseong, Baek, Joonsang, and Shon, Taeshik

Subjects

*SCALABILITY, *COMPUTER network protocols, *WIRELESS sensor networks, *AUTHENTICATION (Law), *UBIQUITOUS computing, *COMPUTER security, *DATA encryption, *MOBILE communication systems

Abstract

Although wireless sensor network is considered as one of promising technologies for ubiquitous computing environment, more researches for re-authentication of mobile nodes in wireless sensor network are required due to user mobility, one of important properties in ubiquitous computing environment. As the citizens in a city can be mobile user in wireless sensor network and the resource of the sensor nodes is limited, scalability of re-authentication is important. In other words, re-authentication with less communication cost should be proposed. In this paper, we suggest an efficient method of membership verification for re-authentication of mobile node and show the performance analysis of our membership verification. Using this method, we propose an efficient and scalable reauthentication protocol over wireless sensor network. Also, we provide performance and security analysis of our protocol. [ABSTRACT FROM PUBLISHER]

Published

2011

44. Flexible Robust Group Key Agreement.

Author

Jarecki, Stanislaw, Kim, Jihye, and Tsudik, Gene

Subjects

*ROBUST control, *COMPUTER network protocols, *TELECOMMUNICATION, *APPLICATION software, *BROADCASTING industry, *LOGARITHMS, *MALWARE, *BANDWIDTHS, *DATA encryption

Abstract

A robust group key agreement protocol (GKA) allows a set of players to establish a shared secret key, regardless of network/node failures. Current constant-round GKA protocols are either efficient and nonrobust or robust but not efficient; assuming a reliable broadcast communication medium, the standard encryption-based group key agreement protocol can be robust against arbitrary number of node faults, but the size of the messages broadcast by every player is proportional to the number of players. In contrast, nonrobust group key agreement can be achieved with each player broadcasting just constant-sized messages. We propose a novel 2-round group key agreement protocol, which tolerates up to T node failures, using O(T)-sized messages for any T. We show that the new protocol implies a fully-robust group key agreement with logarithmic-sized messages and expected round complexity close to 2, assuming random node faults. The protocol can be extended to withstand malicious insiders at small constant factor increases in bandwidth and computation. The proposed protocol is secure under the (standard) Decisional Square Diffie-Hellman assumption. [ABSTRACT FROM AUTHOR]

Published

2011

45. Traceback of DDoS Attacks Using Entropy Variations.

Author

Yu, Shui, Zhou, Wanlei, Doss, Robin, and Jia, Weijia

Subjects

*DENIAL of service attacks, *INTERNET, *COMPUTER security, *ENTROPY (Information theory), *INTERNET protocols, *LOCAL area networks, *INTERNET traffic, *COMPUTER crimes, *COMPUTER network protocols

Abstract

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. However, the memoryless feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this paper, we propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet marking techniques. In comparison to the existing DDoS traceback methods, the proposed strategy possesses a number of advantages—it is memory nonintensive, efficiently scalable, robust against packet pollution, and independent of attack traffic patterns. The results of extensive experimental and simulation studies are presented to demonstrate the effectiveness and efficiency of the proposed method. Our experiments show that accurate traceback is possible within 20 seconds (approximately) in a large-scale attack network with thousands of zombies. [ABSTRACT FROM AUTHOR]

Published

2011