Your search keyword '"COMPUTER network protocols"' showing total 1,283 results

1. Device Onboarding Using FDO and the Untrusted Installer Model.

Author

Cooper, Geoffrey H.

Subjects

*INTERNET of things, *COMPUTER security, *COMPUTER network protocols, *DATA structures, *WIRELESS Internet, *DATA encryption, *COMPUTER systems, *INSTALLATION of equipment

Abstract

The Internet of Things (IoT) market has expanded significantly, encompassing various sectors like home, retail, manufacturing, and transportation, with millions of devices and servers dedicated to monitoring real-world aspects. Regardless of the field, all IoT devices share the characteristic of transitioning from initial ownership to target application ownership to fulfill their intended functions, a process known as onboarding, which requires fast, reliable, and secure interaction between devices and servers. Two distinct approaches to onboarding, trusted and untrusted installers, exist, with trusted installers employing configurator tools to establish trust between devices and servers, while untrusted installers rely on mechanisms like ownership vouchers for authentication, offering scalability and parallel device onboarding.

Published

2024

2. The Criteria for Adapting a Blockchain Consensus Algorithm to IoT Networks †.

Author

Aghroud, Mohamed, Oualla, Mohamed, and El Bermi, Lahcen

Subjects

BLOCKCHAINS, INTERNET of things, COMPUTER algorithms, COMPUTER security, COMPUTER network protocols

Abstract

The Internet of Things (IoT) is a network of smart objects connected via the Internet, where each object is identified by a unique, accessible, and programmable address, while Blockchain is a technology for storing and transmitting information based on a decentralized system such that the centralized validation of transactions is replaced by a consensus mechanism. The integration of these two technologies requires consensus protocols to overcome the major challenges encountered in IoT systems, including issues related to security, storage capacity limits, computing power, etc. Therefore, different consensus algorithms have been implemented. For this purpose, this paper presents a research study on the criteria that would render a Blockchain consensus algorithm suitable for IoT networks, namely, computing power, latency, storage capacity, and security. [ABSTRACT FROM AUTHOR]

Published

2023

3. Ethical Hacking and Network Analysis with Wireshark

Author

Manish Sharma and Manish Sharma

Subjects

Computer network protocols, Computer networks--Security measures, Computer security, Hacking

Published

2024

4. Accountable Private Set Cardinality for Distributed Measurement.

Author

FENSKE, ELLIS, MANI, AKSHAYA, JOHNSON, AARON, and SHERR, MICAH

Subjects

DISTRIBUTED computing, CRYPTOGRAPHY, COMPUTER network protocols, DATA privacy, COMPUTER security, COMPUTER network reliability

Abstract

We introduce cryptographic protocols for securely and efficiently computing the cardinality of set union and set intersection. Our private set-cardinality protocols (PSC) are designed for the setting in which a large set of parties in a distributed system makes observations, and a small set of parties with more resources and higher reliability aggregates the observations. PSC allows for secure and useful statistics gathering in privacy-preserving distributed systems. For example, it allows operators of anonymity networks such as Tor to securely answer the questions: Howmany unique users are using the network? and Howmany hidden services are being accessed? We prove the correctness and security of PSC in the Universal Composability framework against an active adversary that compromises all but one of the aggregating parties. Although successful output cannot be guaranteed in this setting, PSC either succeeds or terminates with an abort, and we furthermore make the adversary accountable for causing an abort by blaming at least one malicious party. We also show that PSC prevents adaptive corruption of the data parties from revealing past observations, which prevents them from being victims of targeted compromise, and we ensure safe measurements by making outputs differentially private. We present a proof-of-concept implementation of PSC and use it to demonstrate that PSC operates with lowcomputational overhead and reasonable bandwidth. It can count tens of thousands of unique observations from tens to hundreds of data-collecting parties while completing within hours. PSC is thus suitable for daily measurements in a distributed system. [ABSTRACT FROM AUTHOR]

Published

2022

5. MQTT TABANLI IOT SİSTEMİNE YAPILAN SALDIRILARIN MAKİNE ÖĞRENİMİ KULLANILARAK TESPİTİ.

Author

KAHYA, Ayça Nur and YOLAÇAN, Esra Nergis

Subjects

INTERNET of things, CYBERTERRORISM, INTERNET security, COMPUTER network protocols, COMPUTER security

Abstract

Copyright of Journal of Engineering & Architectural Faculty of Eskisehir Osmangazi University / Eskişehir Osmangazi Üniversitesi Mühendislik ve Mimarlık Fakültesi Dergisi is the property of Eskisehir Osmangazi University and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

6. マスタリングTCP/IP. 情報セキュリティ編

Author

齋藤孝道 and 齋藤孝道

Subjects

Computer security, TCP/IP (Computer network protocol), Computer network protocols

Abstract

セキュリティ技術の網羅的な入門書 インターネット技術を学ぶうえで情報セキュリティを正しく理解することは不可欠ですが、ITにおけるネットワークの重要性が増し利用方法が多岐になるにつれて、技術者なら誰もが知っているべきセキュリティ技術の範囲はどんどん広がっています。 本書は、日々更新されていくネットワークセキュリティ技術にキャッチアップしていくために必要となる基礎を体系的に網羅した「マスタリングTCP/IPシリーズ」の1冊です。基本的な暗号技術、それらのセキュリティプロトコルへの応用、認証技術、Webアプリケーションへの多様化する攻撃手法の理解と対策などを扱っています。 第1版発行から10年弱が経過し、技術は進歩しセキュリティに対するニーズも高まっています。こういった背景を踏まえて、第2版では目次構成の見直しを行い、大幅な加筆修正を行っています。

Published

2022

7. A Messy State of the Union: Taming the Composite State Machines of TLS.

Author

Beurdouche, Benjamin, Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Fournet, Cédric, Kohlweiss, Markulf, Pironti, Alfredo, Strub, Pierre-Yves, and Zinzindohoue, Jean Karim

Subjects

*COMPUTER network protocols, *FINITE state machines, *CLIENT/SERVER computing, *COMPUTER security

Abstract

The Transport Layer Security (TLS) protocol supports various authentication modes, key exchange methods, and protocol extensions. Confusingly, each combination may prescribe a different message sequence between the client and the server, and thus a key challenge for TLS implementations is to define a composite state machine that correctly handles these combinations. If the state machine is too restrictive, the implementation may fail to interoperate with others; if it is too liberal, it may allow unexpected message sequences that break the security of the protocol. We systematically test popular TLS implementations and find unexpected transitions in many of their state machines that have stayed hidden for years. We show how some of these flaws lead to critical security vulnerabilities, such as FREAK. While testing can help find such bugs, formal verification can prevent them entirely. To this end, we implement and formally verify a new composite state machine for OpenSSL, a popular TLS library. [ABSTRACT FROM AUTHOR]

Published

2017

8. A Unified Architectural Approach for Cyberattack-Resilient Industrial Control Systems.

Author

Zhou, Chunjie, Hu, Bowen, Shi, Yang, Tian, Yu-Chu, Li, Xuan, and Zhao, Yue

Subjects

INDUSTRIAL controls manufacturing, COMPUTER network protocols, INDUSTRY 4.0, COMPUTER security, EMERGING industries

Abstract

With the rapid development of functional requirements in the emerging Industry 4.0 era, modern industrial control systems (ICSs) are no longer isolated islands, making them more vulnerable to various cyberattack threats. Cyberattacks on ICSs may have disruptive consequences, such as significant social and economic losses. To proactively address the security issue of ICSs, this article presents a unified architectural approach from the perspectives of cyberthreats on ICSs, security-related ICS technologies, and methods for ICSs. It incorporates secure networks, secure control systems, secure physical processes, and their interactions seamlessly into a unified framework. To increase the resistance of ICSs against intrusions, the network security in our architectural approach is to secure the data in motion through the integration of secure network architecture, secure industrial network protocols, and secure end-to-end communications. The protection of control systems in our architectural approach is risk-based and hierarchical and encompasses prevention- and tolerance-centric defenses. It provides a layer-by-layer defense so that an acceptable level of cybersecurity risk is achieved and maintained. Aiming to maintain the stable operation of physical ICS processes, the secure control in our architectural approach implements a security process against process-aware attacks through a resilient safety control scheme. The global and systematic architectural approach presented in this article for the ICS cybersecurity will help facilitate the design and implementation of cyberattack-resilient ICSs in the networked world. For further development of ICS security technologies, emerging challenges are identified and discussed to motivate future research efforts. [ABSTRACT FROM AUTHOR]

Published

2021

9. Security Certificates in Public Web Sites of Banks from Balkan States.

Author

Petrov, Pavel and Dimitrov, Petar

Subjects

WEBSITE security, COMPUTER network protocols, WEBSITES, BANKING industry, COMPUTER security

Abstract

In the recent years a trend is formed to use the HTTPS protocol as the default protocol for accessing web pages and to be used by default by web applications. In order for this to be done, a valid certificate issued by authority body should be used. In the scope of the study in the spring of 2019 we examined the web sites of 20 banks licensed in Bulgaria, 24 banks licensed in Romania and 27 banks licensed in Serbia. The survey excludes the foreign bank branches, because we try to outline the "good practices" used by domestic administrators of banking websites. [ABSTRACT FROM AUTHOR]

Published

2019

10. Analyzing Security Protocols with Secrecy Types and Logic Programs.

Author

Abadi, Martín and Blanchet, Bruno

Subjects

COMPUTER network protocols, COMPUTER security, SECURITY systems, DATA protection, CRYPTOGRAPHY

Abstract

We study and further develop two language-based techniques for analyzing security protocols. One is based on a typed process calculus; the other, on untyped logic programs. Both focus on secrecy properties. We contribute to these two techniques, in particular by extending the former with a flexible, generic treatment of many cryptographic operations. We also establish an equivalence between the two techniques. [ABSTRACT FROM AUTHOR]

Published

2005

11. On the Origin of Kerberos.

Author

Saltzer, Jerome H. and Walden, David

Subjects

*COMPUTER network protocols, *TELEPHONE systems, *COMPUTER engineering, *TELECOMMUNICATION systems, *COMPUTER security, *DATA security

Abstract

For a second generation secure telephone system, Howard Rosenblum in 1967 proposed and patented a key distribution system that he called Bellfield. 2 When in the 1960s the NSA developed a secure telephone system these requirements presented a problem: since anyone with a phone capable of encryptionmightplaceacalltoanyothersuchphone, it seemed that there had to be an advance arrangement to share a unique encryption key between every potential pair of telephones. Thus, cryptographic communication requires advance planning to choose encryption and decryption keys and to distribute those keys to the sender and receiver using a secure communication method. The remainder of this discussion assumes use of symmetric encryption, which means that the encryption and decryption keys are either identical or derivable one from the other, so the secure communication of the keys must assure bothconfidentialityandintegrity. [Extracted from the article]

Published

2021

12. マスタリングTCP/IP －情報セキュリティ編－

Author

齋藤孝道 and 齋藤孝道

Subjects

Computer security, Computer network protocols, TCP/IP (Computer network protocol)

Abstract

セキュリティ技術の網羅的な入門書 インターネット技術を学ぶ上で情報セキュリティを正しく理解することは不可欠ですが、ITにおけるネットワークの重要性が増し利用方法が多岐になるにつれて、技術者なら誰もが知っているべきセキュリティ技術の範囲はどんどん広がっています。 本書は、日々更新されていくネットワークセキュリティ技術にキャッチアップしていくために必要となる基礎を体系的に網羅した「マスタリングTCP/IPシリーズ」の一冊です。基本的な暗号技術、それらのセキュリティプロトコルへの応用、認証技術、Webアプリケーションへの多様化する攻撃手法の理解と対策などを扱っています。

Published

2013

13. New design of lightweight authentication protocol in wearable technology.

Author

Galih Bangun Santosa and Setiyo Budiyanto

Subjects

*WEARABLE technology, *NEAR field communication, *IMPERSONATION, *ELECTRONIC authentication, *ONLINE identity theft, *COMPUTER network protocols, *COMPUTER security

Abstract

Today, the use of wearable devices is becoming a thing inherent in the daily activities of urban communities. In practice, wearable communications may contain sensitive information regarding a user's health record, so authentication and confidentiality of data exchanged must be guaranteed. In addition, the success of authentication between users, wearable devices and smartphones is very important because there are various threats of attack on the authentication process. Based on previous studies, it was found that the security functionality of user impersonation attack is not owned by lightweight authentication protocols in the current wearable communication environment. So this research undertakes the design of a lightweight authentication protocol to be immune to user impersonation attacks to supplement the lack of security functionality in previous protocols with the support of performing a formal analysis using the Scyther Tool. The research method used is a Research Library supported by conducting protocol security test experiment. The developed protocol utilizes a modified and customized S-NCI key establishment protocol scheme to meet all targeted security functionality. The research resulted that the lightweight authentication protocol generated was immune to the impersonation attacks of users, then was able to add two new functionalities that added wearable devices and added smartphones. [ABSTRACT FROM AUTHOR]

Published

2019

14. Formally analyzed m-coupon protocol with confirmation code (MCWCC).

Author

YILDIRIM, Kerim, DALKILIÇ, Gökhan, and DURU, Nevcihan

Subjects

*ELECTRONIC coupons (Retail trade), *COMPUTER network protocols, *MOBILE apps, *CONSUMER behavior, *COMPUTER security

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers. [ABSTRACT FROM AUTHOR]

Published

2019

15. Experimental demonstration of the DPTS QKD protocol over a 170 km fiber link.

Author

Da Lio, B., Bacco, D., Cozzolino, D., Ding, Y., Dalgaard, K., Rottwitt, K., and Oxenløwe, L. K.

Subjects

*QUANTUM computing, *COMPUTER network protocols, *COMPUTER security, *COMPUTER performance, *QUBITS, *OPTICAL fibers

Abstract

Quantum key distribution (QKD) is a promising technology that aims to solve the security problem arising from the advent of quantum computers. While the main theoretical aspects are well developed today, limited performances, in terms of the achievable link distance and the secret key rate, are preventing the deployment of this technology on a large scale. More recent QKD protocols, which use multiple degrees of freedom for encoding of the quantum states, allow enhancement of the system performances. Here, we present the experimental demonstration of the differential phase-time shifting protocol up to 170 km of the fiber link. We compare its performance with the well-known coherent one-way and differential phase shifting protocols, demonstrating a higher secret key rate up to 100 km. Moreover, we propagate a classical signal in the same fiber, proving the compatibility of quantum and classical light. [ABSTRACT FROM AUTHOR]

Published

2019

16. A PUF-based hardware mutual authentication protocol.

Author

Barbareschi, Mario, De Benedictis, Alessandra, and Mazzocca, Nicola

Subjects

*COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *UNIQUENESS (Mathematics), *COMPUTER architecture

Abstract

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. [ABSTRACT FROM AUTHOR]

Published

2018

17. An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment.

Author

Anandhi, S., Anitha, R., and Sureshkumar, Venkatasamy

Subjects

*RADIO frequency identification systems, *CLOUD computing, *COMPUTER security, *COMPUTER network protocols, *COMPUTER access control, *ELECTRONIC authentication, *DATA encryption

Abstract

Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost. [ABSTRACT FROM AUTHOR]

Published

2018

18. Networking Named Content.

Author

Jacobson, Van, Smetters, Diana K., Thornton, James D., Plass, Michael, Briggs, Nick, and Braynard, Rebecca

Subjects

*COMPUTER network security, *NETWORK routers, *COMPUTER architecture, *COMPUTER security, *COMPUTER network protocols, *DATA protection, *COMPUTER operating systems, *MANAGEMENT

Abstract

Current network use is dominated by content distribution and retrieval yet current networking protocols are designed for conversations between hosts. Accessing content and services requires mapping from the what that users care about to the network's where. We present Content-Centric Networking (CCN) which uses content chunks as a primitive---decoupling location from identity, security and access, and retrieving chunks of content by name. Using new approaches to routing named content, derived from IP, CCN simultaneously achieves scalability, security, and performance. We describe our implementation of the architecture's basic features and demonstrate its performance and resilience with secure file downloads and VoIP calls. [ABSTRACT FROM AUTHOR]

Published

2012

19. Cryptographic Protocol : Security Analysis Based on Trusted Freshness

Author

Ling Dong, Kefei Chen, Ling Dong, and Kefei Chen

Subjects

Computer networks--Security measures, Computer network protocols, Data encryption (Computer science), Computer security

Abstract

'Cryptographic Protocol: Security Analysis Based on Trusted Freshness'mainly discusses how to analyze and design cryptographic protocols based on the idea of system engineering and that of the trusted freshness component. A novel freshness principle based on the trusted freshness component is presented; this principle is the basis for an efficient and easy method for analyzing the security of cryptographic protocols. The reasoning results of the new approach, when compared with the security conditions, can either establish the correctness of a cryptographic protocol when the protocol is in fact correct, or identify the absence of the security properties, which leads the structure to construct attacks directly. Furthermore, based on the freshness principle, a belief multiset formalism is presented. This formalism's efficiency, rigorousness, and the possibility of its automation are also presented.The book is intended for researchers, engineers, and graduate students in the fields of communication, computer science and cryptography, and will be especially useful for engineers who need to analyze cryptographic protocols in the real world.Dr. Ling Dong is a senior engineer in the network construction and information security field. Dr. Kefei Chen is a Professor at the Department of Computer Science and Engineering, Shanghai Jiao Tong University.

Published

2012

20. Everlasting Multi-party Computation.

Author

Unruh, Dominique

Subjects

CRYPTOGRAPHY, COMPUTER security, QUANTUM theory, STRING theory, COMPUTER network protocols

Abstract

A protocol has everlasting security if it is secure against adversaries that are computationally unlimited after the protocol execution. This models the fact that we cannot predict which cryptographic schemes will be broken, say, several decades after the protocol execution. In classical cryptography, everlasting security is difficult to achieve: even using trusted setup like common reference strings or signature cards, many tasks such as secure communication and oblivious transfer cannot be achieved with everlasting security. An analogous result in the quantum setting excludes protocols based on common reference strings, but not protocols using a signature card. We define a variant of the Universal Composability framework, everlasting quantum-UC, and show that in this model, we can implement secure communication and general multi-party computation using signature cards as trusted setup. [ABSTRACT FROM AUTHOR]

Published

2018

21. Precoding-Aided Spatial Modulation for the Wiretap Channel with Relay Selection and Cooperative Jamming.

Author

Bouida, Zied, Stavridis, Athanasios, Ghrayeb, Ali, Haas, Harald, Hasna, Mazen, and Ibnkahla, Mohamed

Subjects

COMPUTER network security, COMPUTER network protocols, INTERNET protocols, PROTOCOL analyzers, COMPUTER security

Abstract

We propose in this paper a physical-layer security (PLS) scheme for dual-hop cooperative networks in an effort to enhance the communications secrecy. The underlying model comprises a transmitting node (Alice), a legitimate node (Bob), and an eavesdropper (Eve). It is assumed that there is no direct link between Alice and Bob, and the communication between them is done through trusted relays over two phases. In the first phase, precoding-aided spatial modulation (PSM) is employed, owing to its low interception probability, while simultaneously transmitting a jamming signal from Bob. In the second phase, the selected relay detects and transmits the intended signal, whereas the remaining relays transmit the jamming signal received from Bob. We analyze the performance of the proposed scheme in terms of the ergodic secrecy capacity (ESC), the secrecy outage probability (SOP), and the bit error rate (BER) at Bob and Eve. We obtain closed-form expressions for the ESC and SOP and we derive very tight upper-bounds for the BER. We also optimize the performance with respect to the power allocation among the participating relays in the second phase. We provide examples with numerical and simulation results through which we demonstrate the effectiveness of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2018

22. Internet Protocol (IP) Steganography Using Modified Particle Swarm Optimization (MPSO) Algorithm.

Author

Abbas, Sana Adnan

Subjects

INTERNET protocols, COMPUTER networks, COMPUTER network protocols, COMPUTER security, INTERNET of things

Abstract

Copyright of Diyala Journal for Pure Science is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

23. On the Feasibility of Extending Oblivious Transfer.

Author

Lindell, Yehuda and Zarosim, Hila

Subjects

CRYPTOGRAPHY, COMPUTER security, MATHEMATICAL functions, KNOWLEDGE transfer, COMPUTER network protocols

Abstract

Oblivious transfer is one of the most basic and important building blocks in cryptography. As such, understanding its cost is of prime importance. Beaver (in: The 28th STOC, pp 479-488, 1996) showed that it is possible to obtain poly(n) oblivious transfers given only n actual oblivious transfer calls and using one-way functions, where n is the security parameter. In addition, he showed that it is impossible to extend oblivious transfer information theoretically. The notion of extending oblivious transfer is important theoretically (to understand the complexity of computing this primitive) and practically (since oblivious transfers can be expensive and thus extending them using only one-way functions is very attractive). Despite its importance, very little is known about the feasibility of extending oblivious transfer, beyond the fact that it is impossible information theoretically. Specifically, it is not known whether or not one-way functions are actually necessary for extending oblivious transfer, whether or not it is possible to extend oblivious transfers with adaptive security, and whether or not it is possible to extend oblivious transfers when starting with O(logn) oblivious transfers. In this paper, we address these questions and provide almost complete answers to all of them. We show that the existence of any oblivious transfer extension protocol with security for static semi-honest adversaries implies one-way functions, that an oblivious transfer extension protocol with adaptive security implies oblivious transfer with static security, and that the existence of an oblivious transfer extension protocol from only O(logn) oblivious transfers implies oblivious transfer itself. [ABSTRACT FROM AUTHOR]

Published

2018

24. Fast Garbling of Circuits Under Standard Assumptions.

Author

Gueron, Shay, Lindell, Yehuda, Nof, Ariel, and Pinkas, Benny

Subjects

ELECTRONIC circuits, COMPUTER security, CRYPTOGRAPHY, PERMUTATIONS, COMPUTER network protocols, RANDOM functions (Mathematics)

Abstract

Protocols for secure computation enable mutually distrustful parties to jointly compute on their private inputs without revealing anything, but the result. Over recent years, secure computation has become practical and considerable effort has been made to make it more and more efficient. A highly important tool in the design of two-party protocols is Yao’s garbled circuit construction (Yao 1986), and multiple optimizations on this primitive have led to performance improvements in orders of magnitude over the last years. However, many of these improvements come at the price of making very strong assumptions on the underlying cryptographic primitives being used (e.g., that AES is secure for related keys, that it is circular-secure, and even that it behaves like a random permutation when keyed with a public fixed key). The justification behind making these strong assumptions has been that otherwise it is not possible to achieve fast garbling and thus fast secure computation. In this paper, we take a step back and examine whether it is really the case that such strong assumptions are needed. We provide new methods for garbling that are secure solely under the assumption that the primitive used (e.g., AES) is a pseudorandom function. Our results show that in many cases, the penalty incurred is not significant, and so a more conservative approach to the assumptions being used can be adopted. [ABSTRACT FROM AUTHOR]

Published

2018

25. Detection and Prevention of Cybersecurity Risks of Cloud-connected Machinery in Industrial Internet of Things System (IIoT)

Author

Lao, Shing Kit and Kaur, Sandeep (Supervisor)

Subjects

Internet of things, Computer security, Computer network protocols, Cloud computing

Abstract

Internet of Things (IoT) is the interconnection of physical devices, which are equipped with sensor to collect data, and management platforms to perform analysis on the data collected. IoT helps people to make decision or further control on other devices automatically. Industrial Internet of Things (IIoT) is the application of IoT in various industries such as manufacturing, energy plant or water supply. (As cited in abstract.)

Published

2022

26. WiFi Attack Vectors.

Author

Berghel, Hal and Uecker, Jacob

Subjects

*COMPUTER security, *IEEE 802.11 (Standard), *COMPUTER network protocols, *COMPUTER hackers, *ETHERNET, *COMPUTERS

Abstract

The article presents information on security risks of WiFi connectivity. While many users may know that WiFi is vulnerable to hacking, far fewer know why. The genesis of the wireless insecurity problem was the 802.11 standard. The vulnerabilities were built into the protocols. Nowhere is this more evident than in the bungled implementation of the RC4 symmetric, stream cipher algorithm in the implementation of Wired Equivalent Privacy (WEP). The WEP implementation of RC4 is flawed in several ways. It should be noted that even if the implementation of RC4 was corrected, WEP would still be vulnerable to replay attacks, checksum forging, message integrity check forging, and sundry authentication attacks resulting from the fact that both the plaintext challenge and cipher text response are broadcast. IEEE standard for IV selection was ambiguous, so many wireless vendors use sequential IV generators that begin with 00:00:00 and wrap with FF:FF:FF. Other WEP weaknesses that may be exploited include defective key-generation implementations. INSET: URL Pearls.

Published

2005

27. Wireless Infidelity II: Airjacking.

Author

Berghel, Hal and Uecker, Jacob

Subjects

*WIRELESS communications, *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *COMPUTER operating systems, *COMPUTER network protocols

Abstract

This article assesses the extent of the security risks involved in wireless networking technology by considering three possible scenarios demonstrating vulnerabilities. The Service Set ID (SSID) is a 32 byte or less network name of a service set. This name is used by other network devices to initiate a connection. Wireless Application Protocols (WAP) may be configured as "open" or "closed." In the open mode, the WAP broadcasts its SSID to the world, while in closed mode, it does not. A computer with a WiFi card set to SSID=ANY will attempt to authenticate with the open WAPs with the strongest signals. This is called association polling and is built into Windows XP by default when wireless is enabled. The goal of Wired Equivalent Privacy (WEP) was to bring some of the security available in wired networks to WiFi. Unfortunately, the designers bungled the job. WEP suffers from two fundamental deficiencies — it was poorly designed and it was poorly implemented. Other than that, it's fine. A key WEP vulnerability results from the implementation of the RC4 symmetric stream cipher algorithm. INSET: URL Pearls.

Published

2004

28. Standards Insecurity.

Author

Mercuri, Rebecca T.

Subjects

*STANDARDS, *COMPUTER industry, *CERTIFICATION, *COMPUTER security, *COMPUTER network protocols

Abstract

This article presents the author's comments on the authenticity of standards meant for the computer industry. It is informed that standards play a significant and vital role for the industry by enforcing security baselines and enabling compatibilities among various products. However, the author holds that, they should not be relied on blindly. According to the author, despite the creation of a standard through an open process, transparency in the certification process is not guaranteed.

Published

2003

29. SECURITY FLAWS IN 802.11 DATA LINK PROTOCOLS.

Author

Cam-Winget, Nancy, Housley, Russ, Wagner, David, and Walker, Jesse

Subjects

*COMPUTER network security, *COMPUTER network protocols, *COMPUTER security, *WIRELESS LANs, *LOCAL area networks, *WIRELESS communications

Abstract

This article investigates the security problems in the 802.11-based data link protocol, Wireless Equivalent Privacy (WEP). It is evident that anyone with a radio receiver can eavesdrop on a wireless local area network (WLAN), and therefore widely acknowledged that a WLAN needs a mechanism to counter this threat. The IEEE 802.11 standard defines a data confidentiality mechanism known as WEP. The security goal of WEP is data confidentiality equivalent to that of a wired LAN. WEP falls short of this objective, which is an intuitively appealing but vague security goal. As a consequence, WEP was insufficiently thought through, and numerous flaws quickly appeared. The discovery of shortcomings led to a process to replace WEP by more robust security protocols. The study of WEP flaws illustrates the difficulties in security protocol design. An understanding of these flaws helps clarify the choices made by the designers of the new protocols. WEP has several serious inherent problems. It does not meet its fundamental goals of wired-equivalent confidentiality.

Published

2003

30. Caustic Cookies.

Author

Berghel, Hal

Subjects

*COOKIES (Computer science), *HTTP (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *HARD disks, *INFORMATION resources management

Abstract

The article discusses that cookies can be beneficial in electronic commerce but can invade personal privacy. The modern Websites' medium is defined, enabled, and constrained by a pair of Internet protocols, HTTP and HTML. HTTP is a platform-independent, client/server protocol defined for any packet-switched digital network that supports the lower-level Transmission Control Protocol /Internet Protocol suite. HTTP is an application layer protocol that sits directly a top Transmission Control Protocol, which in turn sits atop Internet Protocol. HTTP is rather unique, in that it is stateless. Once the transaction cycle is complete, the connection between client and server is disconnected. HTTP needs transaction persistence. The persistence would take the form of depositing digital information on the client's hard disk. This persistent state object came to be known as cookies. In any case, the technical description of a cookie is a piece of transaction state information left on the client before the HTTP transaction cycle is concluded. Included in this state Cookies are virtually unlimited in the range of information they can store. When such information gets stored in cookies, it is most likely the result of an end user unwisely volunteering this information in the first place. INSET: Berghel's URL Pearls..

Published

2001

31. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

Author

Baig, Ahmed Fraz, Hassan, Khwaja Mansoor ul, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Khan, Imran, and Ashraf, Muhammad Usman

Subjects

*WIRELESS communications, *TELECOMMUNICATION systems, *COMPUTER network protocols, *COMPUTER networks, *BIOMETRIC identification

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. [ABSTRACT FROM AUTHOR]

Published

2018

32. An efficient anonymous authentication protocol in multiple server communication networks (EAAM).

Author

Braeken, An, Kumar, Pardeep, Liyanage, Madhusanka, and Hue, Ta Thi Kim

Subjects

*COMPUTER network protocols, *COMPUTER access control, *MULTI-factor authentication, *BIOMETRIC identification, *COMPUTER security, *CRYPTOGRAPHY

Abstract

In a multi-server authentication environment, a user only needs to register once at a central registration place before accessing the different services on the different registered servers. Both, from a user point of view as for the management and maintenance of the infrastructure, these types of environments become more and more popular. Smartcard- or smartphone-based approaches lead to more secure systems because they offer two- or three-factor authentication, based on the strict combination of the user’s password, the user’s biometrics and the possession of the device. In this paper, we propose an efficient anonymous authentication protocol in multiple server communication networks, called the EAAM protocol, which is able to establish user anonymity, mutual authentication, and resistance against known security attacks. The novelty of the proposed scheme is that it does not require a secure channel during the registration between the user and the registration center and is resistant to a curious but honest registration system. These features are established in a highly efficient way with the minimum amount of communication flows between user and server during the establishment of the secret shared key and by using light-weight cryptographic techniques such as Chebyshev chaotic map techniques and symmetric key cryptography. The performance and security of the protocol are analyzed and compared with the latest new proposals in this field. [ABSTRACT FROM AUTHOR]

Published

2018

33. The once and future internet: infrastructural tragedy and ambiguity in the case of IPv6.

Author

Dourish, Paul

Subjects

*TCP/IP, *COMPUTER network protocols, *FILE Transfer Protocol (Computer network protocol), *INTERNET security, *COMPUTER security

Abstract

The Internet as we currently recognise it was institutionally established in 1983 when all hosts connected to the then ARPANET were required to have adopted the relatively new Transmission Control Protocol/Internet Protocol (TCP/IP) technologies. Thirteen years later, in 1996, a replacement standard was established for the IP protocol, to resolve key anticipated technical problems. More than 20 years later, those technical problems have indeed arisen, and yet the "new" protocol, IPv6, is still not widely deployed. This paper explores technical and institutional aspects of this case in order to examine how the evolving contexts of infrastructure use may turn technological solutions into infrastructural problems. [ABSTRACT FROM AUTHOR]

Published

2018

34. Cryptanalysis of an identity-based authenticated key exchange protocol.

Author

Hatri, Younes, Otmani, Ayoub, and Guenda, Kenza

Subjects

*CRYPTOGRAPHY, *RESIDUE codes, *MATHEMATICAL proofs, *COMPUTER network protocols, *COMPUTER security

Abstract

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity-based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked. [ABSTRACT FROM AUTHOR]

Published

2018

35. Card-based protocols using unequal division shuffles.

Author

Nishimura, Akihiro, Nishida, Takuya, Hayashi, Yu-ichi, Mizuki, Takaaki, and Sone, Hideaki

Subjects

*CRYPTOGRAPHY, *BOOLEAN functions, *PROBABILITY theory, *COMPUTER network protocols, *COMPUTER security

Abstract

Card-based cryptographic protocols can perform secure computation of Boolean functions. In 2013, Cheung et al. presented a protocol that securely produces a hidden AND value using five cards; however, it fails with a probability of 1/2. The protocol uses an unconventional shuffle operation called an unequal division shuffle; after a sequence of five cards is divided into a two-card portion and a three-card portion, these two portions are randomly switched so that nobody knows which is which. In this paper, we first show that the protocol proposed by Cheung et al. securely produces not only a hidden AND value but also a hidden OR value (with a probability of 1/2). We then modify their protocol such that, even when it fails, we can still evaluate the AND value in the clear. Furthermore, we present two five-card copy protocols (which can duplicate a hidden value) using unequal division shuffle. Because the most efficient copy protocol currently known requires six cards, our new protocols improve upon the existing results. We also design a general copy protocol that produces multiple copies using an unequal division shuffle. Furthermore, we show feasible implementations of unequal division shuffles by the use of card cases. [ABSTRACT FROM AUTHOR]

Published

2018

36. Formal verification of a radio network random access protocol.

Author

Roumane, Ahmed, Kechar, Bouabdellah, and Kouninef, Belkacem

Subjects

*UNIVERSAL Mobile Telecommunications System, *RADIO networks, *COMPUTER network protocols, *MACHINE theory, *COMPUTER security

Abstract

In this paper, the random access procedure of Universal Mobile Telecommunications System network is investigated. We have proposed a model based on communicating timed automata that represents the main functions related to the random access procedure including the user equipment, the base station (node B or BTS), and the channel. Then, we have used computational tree logic formula to specify the proprieties to be verified. The model and the formulas serve as inputs to the model checker, which is used as a verification engine, ie, UPPAAL and SPIN. The formal verification approach shows that the protocol has several drawbacks that may not be detected by simulation. [ABSTRACT FROM AUTHOR]

Published

2017

37. Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Author

Wen, Shameng, Meng, Qingkun, Feng, Chao, and Tang, Chaojing

Subjects

*REVERSE engineering, *COMPUTER network protocols, *FUZZY logic, *PROTOTYPES, *COMPUTER security

Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. [ABSTRACT FROM AUTHOR]

Published

2017

38. Mutual authentications to parties with QR-code applications in mobile systems.

Author

Huang, Cheng-Ta, Zhang, Yu-Hong, Lin, Li-Chiun, Wang, Wei-Jen, and Wang, Shiuh-Jeng

Subjects

*TWO-dimensional bar codes, *CELL phone systems, *END users (Information technology), *COMPUTER access control, *COMPUTER security, *USER-centered system design, *INTERNET service providers, *COMPUTER network protocols

Abstract

User authentication over the Internet has long been an issue for Internet service providers and users. A good authentication protocol must provide high security and mutual authentication on both sides. In addition, it must balance security and usability, which has been shown in the literature to be a difficult problem. To solve this problem, we propose a novel mutual authentication protocol with high security and usability. The proposed protocol was developed for quick response code, a type of two-dimensional barcode that can be photographed and quickly decoded by smartphones. We implemented a prototype using the proposed mutual authentication protocol and demonstrated how the prototype improves usability in a mobile communication system. We also used the Gong-Needham-Yahalom logic with several well-known attack models to analyze the security of the proposed protocol, and we obtained satisfactory results. We expect that using the proposed protocol, Internet service providers will be able to provide a mutual authentication mechanism with high security and usability. [ABSTRACT FROM AUTHOR]

Published

2017

39. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

40. Privacy-enhanced attribute-based private information retrieval.

Author

Lai, Jianchang, Mu, Yi, Guo, Fuchun, Jiang, Peng, and Susilo, Willy

Subjects

*DATA privacy, *INFORMATION storage & retrieval systems, *COMPUTER network protocols, *COMPUTER security, *COMPUTER users

Abstract

A private information retrieval protocol allows a user to retrieve w th data item (or k items) of its choice from a database of N data items without revealing its choice w to the server. The traditional private information retrieval protocols based on the notion of oblivious transfer must publish the description of each data item stored in the database in order for the user to make a choice before users run the protocol (each data item’s content is not revealed though). Aiming to eliminate the information leakage of the data item in the private information retrieval system, in this work, we propose a novel attribute-based private information retrieval protocol which can enhance the data privacy. In our proposed protocol, each data item is associated with a set of attributes which is not made public to users who are only given a universal attribute set, which reveals no information about individual data item. For each query, the user can only obtain the data items whose attributes are within its chosen attribute set. We provide a rigorous security analysis of our protocol and demonstrate its efficiency and feasibility. [ABSTRACT FROM AUTHOR]

Published

2018

41. Development of the ECAT Preprocessor with the Trust Communication Approach.

Author

Ovaz Akpinar, Kevser and Ozcelik, Ibrahim

Subjects

COMPUTER network protocols, AUTOMATIC control systems, INTERNET protocols, COMPUTER security, DATA security

Abstract

In the past several years, attacks over industrial control systems (ICS) have become increasingly frequent and sophisticated. The most common objectives of these types of attacks are controlling/monitoring the physical process, manipulating programmable controllers, or affecting the integrity of software and networking equipment. As one of the widely applied protocols in the ICS world, EtherCAT is an Ethernet-based protocol; thus, it is exposed to both TCP/IP and ICS-specific attacks. In this paper, we analyze EtherCAT field-level communication principles from the security viewpoint focusing on the protocol vulnerabilities, which have been rarely analyzed previously. Our research showed that it lacks the most common security parameters, such as authentication, encryption, and authorization, and is open to Media Access Control (MAC) spoofing, data injection, and other advanced attacks, which require superior skills. To prevent, detect, and reduce attacks over the EtherCAT-based critical systems, first, we improved the open-source Snort intrusion detection/prevention system (IDS/IPS) to support packets that are not processed over transport and network layers. Second, by incorporating a vulnerability analysis, we proposed the EtherCAT (ECAT) preprocessor. Third, we introduced a novel approach called trust-node identification and applied the approach as three rules into the preprocessor. In this sense, the ECAT preprocessor differs from other supported ICS preprocessors in the literature, such as DNP3 and Modbus/TCP. Besides supporting traditional rule expansion, it is also able to handle layer 2 packets and to apply deep packet inspection on EtherCAT packets using the trust-node approach. This method first identifies engineering-station approved nodes based on EtherCAT network information (ENI) configuration files and then deeply inspects incoming packets, considering protocol specifications. The improvements and approach have been tested on the physically developed testbed environment and we have proved that proposals can detect related attacks and provide a basic level of security over the EtherCAT-implemented systems. [ABSTRACT FROM AUTHOR]

Published

2018

42. Global Behavior of a Computer Virus Propagation Model on Multilayer Networks.

Author

Zhang, Chunming

Subjects

COMPUTER viruses, COMPUTER security, COMPUTER simulation, COMPUTER network protocols

Abstract

This paper presents a new linear computer viruses propagation model on multilayer networks to explore the mechanism of computer virus propagation. Theoretical analysis demonstrates that the maximum eigenvalue of the sum of all the subnetworks is a vital factor in determining the viral prevalence. And then, a new sufficient condition for the global stability of virus-free equilibrium has been obtained. The persistence of computer virus propagation system has also been proved. Eventually, some numerical simulation results verify the main conclusions of the theoretical analysis. [ABSTRACT FROM AUTHOR]

Published

2018

43. An Improvement Over Lee et al.'s Key Agreement Protocol.

Author

Oraei, Hossein, Pourpouneh, Mohsen, and Ramezanian, Rasoul

Subjects

KEY agreement protocols (Computer network protocols), COMPUTER security, INTERNET protocols, COMPUTER network protocols, COMPUTER network security

Abstract

In 2004, Hwang et al. proposed a group key exchange protocol for sharing a secure key in a group. Their protocol is an extension from the two party key exchange protocol to the group one. Recently, Jung-San Lee et al. noted that Hwang et al. group key exchange protocol has two security weaknesses. First, the forward secrecy is not confirmed in case that a new member joins the group and second, if a group member leaves the group, the backward secrecy is compromised. They proposed an improvement over this key exchange protocol in order to provide both forward and backward secrecy among group members. In this paper, we propose another improvement over Lee et al. key exchange, and we show that our key exchange protocol not only preservers both forward and backward secrecy, but also it is more efficient than their protocol when a member leaves the group. Finally, we give a formal analysis for the correctness of the proposed protocol via Scyther model checking tool. [ABSTRACT FROM AUTHOR]

Published

2018

44. Fast and efficient probing of heterogeneous IoT networks.

Author

Metongnon, Lionel and Sadre, Ramin

Subjects

COMPUTER operating systems, INTERNET of things, COMPUTER network protocols, COMPUTER security, WIRELESS LANs

Abstract

The Internet of Things (IoT) leads to the interconnectivity of a wide range of device types running an equally wide range of operating systems and applications. This heterogeneity of hardware and software poses significant challenges to security. Constrained IoT devices often do not have enough resources to carry the overhead of an intrusion protection system or complex security protocols. Furthermore, they are often not properly managed and updated. Network scans are a valuable tool to discover vulnerable devices. In the context of IoT, the initiator of the scan can be particularly interested in finding constrained devices, assuming that they are easier targets for attacks. However, in IoT networks hosting devices of various types, performing a scan with a high discovery rate can be a challenging task, since a scan working well for, eg, a WiFi network might easily overload a low-power network such as IEEE 802.15.4. In this paper,we propose an approach to increase the efficiency of network scans in heterogeneous environments by combining them with active round-trip time measurements. The measurements allow the scanner to differentiate IoT nodes by the used network technology.Using the knowledge gained from this differentiation, our approach adapts the scan strategy to reduce probe losses, and hence the speed and efficiency of the scan. We validate our approach through simulations of a mixed IoT infrastructure consisting of WiFi and multihop IEEE 802.15.4 subnetworks. [ABSTRACT FROM AUTHOR]

Published

2018

45. Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning.

Author

Verma, Abhishek and Ranga, Virender

Subjects

INTRUSION detection systems (Computer security), COMPUTER network security, INFORMATION & communication technology security, COMPUTER network protocols, COMPUTER security

Abstract

A lot of research is being done on the development of effective Network Intrusion Detection Systems. Anomaly based Network Intrusion Detection Systems are preferred over Signature based Network Intrusion Detection Systems because of their better significance in detecting novel attacks. The research on the datasets being used for training and testing purpose in the detection model is equally concerned as better dataset quality can advance offline Intrusion Detection. Benchmark datasets like KDD99 and NSL-KDD cup 99 are outdated and face some major issues, which make them unsuitable for evaluating Anomaly based Network Intrusion Detection Systems. This paper presents the statistical analysis of labelled flow based CIDDS-001 dataset using k-nearest neighbour classification and k-means clustering algorithms. The analysis is done with respect to some prominent evaluation metrics used for evaluating Network Intrusion Detection Systems including Detection Rate, Accuracy and False Positive Rate. [ABSTRACT FROM AUTHOR]

Published

2018

46. Electronic institutions and neural computing providing law-compliance privacy for trusting agents.

Author

Lopez, Mar, Carbo, Javier, Molina, Jose M., and Pedraza, Juanita

Subjects

COMPUTER security, ARTIFICIAL neural networks, MULTIAGENT systems, COMPUTER network protocols, CONTROL theory (Engineering)

Abstract

In this paper we present an integral solution for law-compliance privacy-protection into trust models for agent systems. Several privacy issues are concerned into trust relationships. Specifically, we define which privacy rights must legally be guaranteed in trusting communities of agents. From them, we describe additional interaction protocols that are required to implement such guarantees. Next, we apply additional message exchanges into a specific application domain (the Agent Trust and Reputation testbed) using JADE agent platform. The decisions about how to apply these control mechanisms (about when to launch the corresponding JADE protocol) has been efficiently carried out by neural computing. It uses past behavior of agents to decide (classify) which agents are worthy to share privacy with, considering which number of past interactions we should take into account. Furthermore, we also enumerate the corresponding privacy violations that would have taken place if these control mechanisms (in form of interaction protocols) were ignored or misused. From the possible existence of privacy violations, a regulatory structure is required to address (prevent and fix) the corresponding harmful consequences. We use Islander (an electronic institution editor) to formally define the scenes where privacy violation may be produced, attached to the ways to repair it: the defeasible actions that could voluntarily reduce or eliminate the privacy damage, and the obligations that the electronic institution would impose as penalties. [ABSTRACT FROM AUTHOR]

Published

2017

47. Anonymous Password Authenticated Key Exchange Protocol in the Standard Model.

Author

Hu, Xuexian, Zhang, Jiang, Zhang, Zhenfeng, and Liu, Fengmei

Subjects

ENTROPY, COMPUTER network protocols, HEURISTIC algorithms, COMPUTER access control, COMPUTER security

Abstract

Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE- S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie-Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE- S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model. [ABSTRACT FROM AUTHOR]

Published

2017

48. TAPCS: Traffic-aware pseudonym changing strategy for VANETs.

Author

Boualouache, Abdelwahab and Moussaoui, Samira

Subjects

VEHICULAR ad hoc networks, COMPUTER security, COMPUTER simulation, COMPUTER network protocols, STRATEGIC planning

Abstract

Location privacy is one of the main challenges in Vehicular Ad-hoc Networks (VANETs), since weak protection may hinder the public acceptance of this technology. Frequently changing pseudonyms are commonly accepted as a solution to protect the location privacy in VANETs. However, a simple pseudonym change is not enough to provide the required protection. Although many pseudonym changing strategies have been proposed to enhance the location privacy protection provided by this approach, the development of an effective strategy is not yet achieved. In this paper, we propose a new pseudonym changing strategy called Traffic-Aware Pseudonym Changing Strategy (TAPCS). The aim of this strategy is to provide an effective location privacy protection against the different types of pseudonyms linking attacks that can be performed by a strong passive adversary model. TAPCS is a distributed pseudonym changing strategy and is one of the strategies that use the radio silence technique. Unlike the existing distributed pseudonym changing strategies that use this technique, TAPCS aims to provide a high level of location privacy protection without impacting the safety in the VANETs. The analytical evaluation and simulation results demonstrate the effectiveness of the proposed strategy. [ABSTRACT FROM AUTHOR]

Published

2017

49. Securing The Commercial Internet.

Author

Bhimani, Anish

Subjects

*COMPUTER network security, *COMPUTER security, *WORLD Wide Web, *DATA protection, *FIREWALLS (Computer security), *COMPUTER network protocols

Abstract

The Internet can bring down physical barriers to commerce, almost immediately giving even the smallest business access to untapped markets around the world. By the same token, consumers can conduct business and make purchases from organizations previously unavailable to them. Armed with these goals, individuals have flocked to the Internet, and most businesses have set out to set up storefronts on the Internet and its World Wide Web. Just about every major business in the U.S., perhaps in the world, has a home page on the Internet on which can be found information about their services and products. As the Internet grew, the community expanded, and the existing security framework was found lacking. Over the past few years, people have seen evidence of this fact, in the form of Internet-based attacks on commercial systems. Awareness of these attacks has spawned the use of network security tools, such as firewalls, to protect individual networks from attack. More sophisticated attacks can take advantage of basic flaws in the Internet's infrastructure. INSET: Basic Flaws in Internet Infrastructure..

Published

1996

50. Distributing Trust with the Rampart Toolkit.

Author

Reiter, Michael K.

Subjects

*COMPUTER network protocols, *COMPUTER security, *SYSTEMS design, *COMPUTER programming, *COMPUTER software, *COMPUTER networks

Abstract

The article describes a research on distributing trust among a group of nodes. Central to this effort is a toolkit of group communication protocols called Rampart. The Rampart group communication protocols are designed to distribute trust among a group of nodes in a distributed system so while individual nodes need not be fully trusted, the group can be. An overarching goal of computer security mechanisms is to limit the extent to which each component of a system must be trusted to implement a desired security policy. This goal leads to system designs in which components are labeled trusted or untrusted. Rampant supports distributed process groups, a programming paradigm shown to simply construction of distributed programs tolerant of simple failures. Rampart has been adapted for two notable applications: sealed-bid auctions and cryptographic key management. Initial experiences with the system indicate that it can greatly simplify the task of distributing trust among multiple nodes in a system, and that it performs sufficiently well to support a wide range of applications.

Published

1996