215 results on '"Secure Shell"'
Search Results
2. Realtime Risk Monitoring of SSH Brute Force Attacks
- Author
-
Fahrnberger, Günter, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Phillipson, Frank, editor, Eichler, Gerald, editor, Erfurth, Christian, editor, and Fahrnberger, Günter, editor
- Published
- 2022
- Full Text
- View/download PDF
3. Secure Shell Remote Access for Virtualized Computing Environment
- Author
-
Li, He, Cao, Rongqiang, Xiu, Hanwen, Wan, Meng, Li, Kai, Wang, Xiaoguang, Wang, Yangang, Wang, Jue, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Qiu, Meikang, editor, Gai, Keke, editor, and Qiu, Han, editor
- Published
- 2022
- Full Text
- View/download PDF
4. Investigations into decrypting live secure traffic in virtual environments
- Author
-
McLaren, Peter William Lindsay, Russell, Gordon, Tan, Zhiyuan, and Buchanan, Bill
- Subjects
004 ,decryption ,potentially malicious communications ,tunnelled traffic ,Secure Shell ,Transport Layer Security ,Advanced Encryption Standard symmetric block ,ChaCha20 ,004 Data processing & computer science ,QA75 Electronic computers. Computer science - Abstract
Malicious agents increasingly use encrypted tunnels to communicate with external servers. Communications may contain ransomware keys, stolen banking details, or other confidential information. Rapid discovery of communicated contents through decrypting tunnelled traffic can support effective means of dealing with these malicious activities. Decrypting communications requires knowledge of cryptographic algorithms and artefacts, such as encryption keys and initialisation vectors. Such artefacts may exist in volatile memory when software applications encrypt. Virtualisation technologies can enable the acquisition of virtual machine memory to support the discovery of these cryptographic artefacts. A framework is constructed to investigate the decryption of potentially malicious communications using novel approaches to identify candidate initialisation vectors, and use these to discover candidate keys. The framework focuses on communications that use the Secure Shell and Transport Layer Security protocols in virtualised environments for different operating systems, protocols, encryption algorithms, and software implementations. The framework minimises virtual machine impact, and functions at an elevated level to make detection by virtual machine software difficult. The framework analyses Windows and Linux memory and validates decrypts for both protocols when the Advanced Encryption Standard symmetric block or ChaCha20 symmetric stream algorithms are used for encryption. It also investigates communications originating from malware clients, such as bot and ransomware, that use Windows cryptographic libraries. The framework correctly decrypted tunnelled traffic with near certainty in almost all experiments. The analysis durations ranged from sub-second to less than a minute, demonstrating that decryption of malicious activity before network session completion is possible. This can enable in-line detection of unknown malicious agents, timely discovery of ransomware keys, and knowledge of exfiltrated confidential information.
- Published
- 2019
5. Deployment of Cloud Using Open-Source Virtualization: Study of VM Migration Methods and Benefits
- Author
-
Rastogi, Garima, Narayan, Satya, Krishan, Gopal, Sushil, Rama, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Aggarwal, V. B., editor, Bhatnagar, Vasudha, editor, and Mishra, Durgesh Kumar, editor
- Published
- 2018
- Full Text
- View/download PDF
6. Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection
- Author
-
Sentanoe, Stewart, Taubmann, Benjamin, Reiser, Hans P., Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, and Gruschka, Nils, editor
- Published
- 2018
- Full Text
- View/download PDF
7. Cancelable bimodal shell using fingerprint and iris.
- Author
-
Vallabhadas, Dilip Kumar and Sandhya, Mulagala
- Subjects
- *
HUMAN fingerprints , *FEATURE extraction , *ERROR rates , *DATABASES - Abstract
Authentication systems are now an important part of our daily life. Human biological, behavioral, and physical characteristics are usually applied in authenticating a person in various applications. Unimodal biometric systems have a number of limitations, such as noise sensitivity, population coverage, intra-class variations, non-universality, and vulnerability to spoofing. Multimodal biometric systems overcome these limitations and are being widely used in many real-world applications. In this work, to construct a three-dimensional (3-D) shell, we use fingerprint and iris. First, features are extracted from the fingerprint. Then, using a user key set, a two-dimensional spiral curve is generated from fingerprint features. Next, iris features are extracted using a pre-trained VGG-16 model, then feature vector-based random projection is applied to generate an iris feature vector. This generated feature vector is combined with the fingerprint shell to construct a secured 3-D shell. Finally, these fused 3-D templates are saved in the database and are used for matching. Our proposed technique has been evaluated on the three publicly available datasets, showing that it can preserve user privacy while maintaining the accuracy of the system with an equal error rate of 0.09%, 0.032%, and 0.015%. [ABSTRACT FROM AUTHOR]
- Published
- 2023
- Full Text
- View/download PDF
8. Getting Comfortable
- Author
-
Membrey, Peter, Hows, David, Membrey, Peter, and Hows, David
- Published
- 2015
- Full Text
- View/download PDF
9. Decrypting live SSH traffic in virtual environments.
- Author
-
McLaren, Peter, Russell, Gordon, Buchanan, William J., and Tan, Zhiyuan
- Subjects
VIRTUAL reality ,CRIMINAL investigation ,VIRTUAL communications ,CRIME prevention - Abstract
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including the detection and interception of data exfiltration of confidential data. [ABSTRACT FROM AUTHOR]
- Published
- 2019
- Full Text
- View/download PDF
10. Security
- Author
-
Alani, Mohammed M. and Alani, Mohammed M.
- Published
- 2012
- Full Text
- View/download PDF
11. GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN
- Author
-
Fumio Teraoka, Taku Wakui, and Takao Kondo
- Subjects
Backbone network ,computer.internet_protocol ,business.industry ,Computer science ,Secure Shell ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Autonomous system (Internet) ,Internet backbone ,Denial-of-service attack ,Border Gateway Protocol ,Anomaly detection ,The Internet ,Electrical and Electronic Engineering ,business ,computer ,Computer network - Abstract
This paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.
- Published
- 2021
12. Analysis of Kubernetes for Distributed Healthcare System Development using COVID-19 Healthcare App
- Author
-
S. Mohanty, J. Prassanna, P. S. Jinturkar, and P. Pandey
- Subjects
Aging ,Authentication ,business.industry ,Computer science ,Data management ,Distributed computing ,Secure Shell ,Shell (computing) ,Health Professions (miscellaneous) ,Biochemistry, Genetics and Molecular Biology (miscellaneous) ,Automation ,General Biochemistry, Genetics and Molecular Biology ,Field (computer science) ,General Health Professions ,Dentistry (miscellaneous) ,Orchestration (computing) ,business ,General Dentistry ,Protocol (object-oriented programming) - Abstract
Introduction: Distributed computing is a field of computer science which deals with the study of distributed systems A system which has communication and coordination with each of its nodes and which interacts with each other to achieve a common target which is to effectively compute the computation These capabilities are conducive to implementing a systematic and efficient COVID-19 tracking application which can be accessed and worked on by numerous entities Objective: To provide information about a client-server architecture which is a platform for managing and maintaining container-ized workloads and services that forms a base for automation Methods: A Kubernetes cluster IS created with a calico pod network along with the main drivers of Kubelet, Kubeadm and Kubectl Secure Shell (SSH) protocol is used for secured shell and data management and authentication between the client and server Results: We have performed and distributed our tasks in such a way to show the developers that multiple tasks can be performed at the same time using Kubernetes orchestration platform and used to parallelize multiple tasks This increases the efficiency of the machine and the performance of the system becomes much faster Conclusion: A system which has communication and coordination with each of its nodes and which interacts with each other to achieve a common target which is to effectively compute the computation One such application which helps in the distribution of tasks and helps do the computation is Kubernetes It is based on a client-server architecture which is a platform for managing and maintaining containerized workloads and services that forms a base for automation © IJCRR
- Published
- 2021
13. Implementasi Compatibility Layer Pada Jaringan Server Diskless Berbasis Lubuntu 18.04 LTS
- Author
-
Ade Silvia Handayani, Ibnu ziad, and Farid Jatri Abiyyu
- Subjects
Source code ,Computer science ,Secure Shell ,media_common.quotation_subject ,computer.software_genre ,Terminal server ,Thin client ,Packet loss ,Computer cluster ,Cross-platform ,Operating system ,computer ,Jitter ,media_common - Abstract
Diskless server is a cluster computer network which uses SSH (Secure Shell) protocol to grant the client an access to the host's directory and modify it's content so that the client don't need a hardisk (Thin Client). One way to design a diskless server is by utilizing "Linux Terminal Server Project", an open source-based script for Linux. However, using Linux has it own drawback, such as it can't cross platform for running an aplication based on Windows system which are commonly used. This drawback can be overcomed by using a compatibility layer that converts a windows-based application's source code. The data which will be monitored is the compatibility layer implementation's result, and the throughput, packet loss, delay, and jitter. The result of measurement from those four parameters resulting in "Excellent" for throughput, "Perfect" for packet loss and delay, and "Good" for jitter.
- Published
- 2020
14. Secure Shell (SSH)
- Author
-
Jörg Schwenk
- Subjects
Physics ,Secure Shell ,Operating system ,computer.software_genre ,computer - Abstract
Das Secure-SHell-Protokoll (SSH) wird heute zum Administrieren von Unix-basierten Servern verwendet, auch fur virtuelle Cloud-Server. Dieser Einfuhrung beschreibt zunachst die Geschichte und die Nutzung von SSH, bevor auf die beiden Hauptbestandteile, den Handshake und das Binary Packet Protocol (BPP), eingegangen wird.
- Published
- 2022
15. A Profile of Prolonged, Persistent SSH Attack on a Kippo Based Honeynet.
- Author
-
Valli, Craig, Rabadia, Priya, and Woodard, Andrew
- Abstract
This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a/24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet. [ABSTRACT FROM AUTHOR]
- Published
- 2015
16. Experimental Evaluation of Security Monitoring and Notification on Network Intrusion Detection System for Server Security
- Author
-
Yavan Cahyan, Asep Saeppani, Muhammad Agreindra Helmiawan, and Eggi Julian
- Subjects
Information privacy ,File Transfer Protocol ,Computer science ,Server ,Secure Shell ,Ping of death ,Intrusion detection system ,Computer security ,computer.software_genre ,computer ,Protocol (object-oriented programming) ,Port (computer networking) - Abstract
Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.
- Published
- 2021
17. SSH and Telnet Protocols Attack Analysis Using Honeypot Technique: Analysis of SSH AND TELNET Honeypot
- Author
-
Muhammed Ali Aydin, Ebu Yusuf Guven, and Melike Baser
- Subjects
Telnet ,Honeypot ,Computer science ,business.industry ,computer.internet_protocol ,Secure Shell ,Information security ,Computer security ,computer.software_genre ,Upload ,Attack model ,Software ,business ,computer ,Risk management - Abstract
Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.
- Published
- 2021
18. Design and implementation of parallel processing for embedded system online experiment teaching platform
- Author
-
Yiting Wang, Yifan Zhang, Yuanbo Dou, Jianwei Niu, Shun Zuo, and Huiyong Li
- Subjects
Information engineering ,Parallel processing (DSP implementation) ,Computer science ,business.industry ,Secure Shell ,Reliability (computer networking) ,Embedded system ,ComputingMilieux_COMPUTERSANDEDUCATION ,Key (cryptography) ,business ,Protocol (object-oriented programming) ,Fault detection and isolation ,Task (project management) - Abstract
As the core course of information engineering specialty, embedded system course has the characteristics of great theoretical difficulty and strong practical operation. It is an important part of this course to cultivate students’ practical ability through experimental teaching. In order to overcome the impact of the lack of time and room on traditional experimental teaching, an online simulation experimental teaching platform for embedded system course rose in response to the proper time and conditions. Concurrent sharing and remote fault detection are the key to realize the system. This paper designs and implements an embedded system online simulation experiment teaching platform oriented to the combination of virtual and real. The platform supports concurrent access by multiple users based on the Secure Shell (SSH) protocol, and realizes the sharing of experimental resources by constructing a task pool. The method of fault detection and recovery using the heartbeat mechanism improves the reliability of the system. Practical applications have shown that the system can run stably for a long time, support a large number of students in online experiments at the same time, and improve the utilization of experimental equipment and the efficiency of students’ experiments.
- Published
- 2021
19. Runtime verification for trustworthy secure shell deployment
- Author
-
Axel Curmi, Mark Vella, and Christian Colombo
- Subjects
Computer science ,business.industry ,Secure Shell ,Runtime verification ,Process (computing) ,Cryptographic protocol ,computer.software_genre ,Software deployment ,Embedded system ,Malware ,SSH File Transfer Protocol ,business ,Protocol (object-oriented programming) ,computer - Abstract
Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a cryptographic protocol deployment --- particularly that of the Secure Shell Protocol (SSH). We aim to show that our approach, which does not require any specific security hardware or operating system modifications, is feasible through the design of a framework and work-in-progress empirical evaluation. We provide: (i) The design of the setup involving SSH, (ii) The provision of the RV-TEE setup with SSH implementation, including (iii) An overview of the property extraction process through a methodical analysis of the SSH protocol specifications.
- Published
- 2021
20. Towards Quantum Resistant Key Agreement Schemes Using Unpredictability
- Author
-
Mohamed Helmy Megahed, Emad A Elsamahy, and Alaa Elhao
- Subjects
Public-key cryptography ,Secure communication ,Computer science ,business.industry ,Elliptic curve Diffie–Hellman ,Secure Shell ,Distributed computing ,Key (cryptography) ,Cryptography ,Elliptic curve cryptography ,business ,Quantum computer - Abstract
Elliptic curve Diffie Hellman (ECDH) is one of today’s most commonly used key agreement schemes, gaining universal usage amongst secure communication protocols such as transport layer security (TLS) and secure shell (SSH). This popularity is attributed to elliptic curve cryptography’s (ECC) known benefits including offering high-security levels for lesser key sizes in comparison to other known public key counterparts. With public key schemes being under the threat of becoming obsolete due to quantum computing and associated algorithms, we propose an enhancement to ECDH aiming at exponentially increasing the hardness of exhaustive search methods utilizing quantum computing powers. In order to reach a key agreement scheme that would withstand future and post-quantum processing powers, we introduce an enhancement that will be based on a distinct cryptographic property labeled ’Unpredictability’, which offers algorithms the ability to use multiple key pairs (up to 256), in different combinations, all whilst maintaining substantially similar arithmetic operations. The resultant scheme is labelled as unpredictable elliptic curve Diffie Hellman (UP-ECDH)
- Published
- 2021
21. SSH brute force attack mitigation in Internet of Things (IoT) network : An edge device security measure
- Author
-
S M Meena and Meenaxi M. Raikar
- Subjects
Edge device ,business.industry ,Computer science ,Secure Shell ,Volume (computing) ,Intrusion detection system ,Computer security ,computer.software_genre ,Brute-force attack ,Attack patterns ,The Internet ,business ,computer ,Protocol (object-oriented programming) - Abstract
With the explosive growth of IoT applications, billions of things are now connected via edge devices and a colossal volume of data is sent over the internet. Providing security to the user data becomes crucial. The rise in zero-day attacks are a challenge in IoT scenarios. With the large scale of IoT application detection and mitigation of such attacks by the network administrators is cumbersome. The edge device Raspberry pi is remotely logged using Secure Shell (SSH) protocol in 90% of the IoT applications. The case study of SSH brute force attack on the edge device Raspberry pi is demonstrated with experimentation in the IoT networking scenario using Intrusion Detection System (IDS). The IP crawlers available on the internet are used by the attacker to obtain the IP address of the edge device. The proposed system continuously monitors traffic, analysis the log of attack patterns, detects and mitigates SSH brute attack. An attack hijacks and wastes the system resources depriving the authorized users of the resources. With the proposed IDS, we observe 25% CPU conservation, 40% power conservation and 10% memory conservation in resource utilization, as the IDS, mitigates the attack and releases the resources blocked by the attacker.
- Published
- 2021
22. Causal analysis of attacks against honeypots based on properties of countries
- Author
-
Matej Zuzcak and Petr Bujok
- Subjects
Honeypot ,Computer Networks and Communications ,Population size ,Secure Shell ,Developing country ,020206 networking & telecommunications ,Statistical model ,0102 computer and information sciences ,02 engineering and technology ,01 natural sciences ,Geography ,010201 computation theory & mathematics ,Information and Communications Technology ,0202 electrical engineering, electronic engineering, information engineering ,Econometrics ,Cluster analysis ,Set (psychology) ,Software ,Information Systems - Abstract
This study studies the influence of country attributes on the number of secure shell attacks originating from it detected by the author's honeynet. Four statistical models are described, based on three sources of data from various countries. The studied attributes of the countries can be broadly divided into demographic, technological, and economic, with each source providing a slightly different set of attributes. Statistical methods such as partial least-squares path modelling are used, clustering countries by their assessed similarity. The population size has the greatest effect on the number of attacks, as expected, though it has to be noted that developing countries did not provide relevant data to the sources used and thus were not included. The following influential attributes were technical such as the access to information and communication technologies (ICT), and the use of ICT, with the economic influence being notable only in rather small countries. The Netherlands was an interesting anomaly, being clustered alongside large countries, even though its country attributes were very much like those of its neighbours.
- Published
- 2019
23. Development of a web interface for submitting jobs to SLURM
- Author
-
Fabian Leon and Gilberto Díaz
- Subjects
Remote communication ,Computer science ,Shell (computing) ,0211 other engineering and technologies ,Pharmaceutical Science ,02 engineering and technology ,010501 environmental sciences ,computer.software_genre ,SLURM ,lcsh:Technology ,01 natural sciences ,Job queue ,Upload ,021105 building & construction ,CGI ,Pharmacology (medical) ,0105 earth and related environmental sciences ,COLA (software architecture) ,lcsh:T ,Secure Shell ,computer.file_format ,Complementary and alternative medicine ,lcsh:TA1-2040 ,Operating system ,User interface ,Cluster Linux ,lcsh:Engineering (General). Civil engineering (General) ,computer ,Batch file - Abstract
espanolProtocolos como Shell seguro han sido utilizados comunmente por los clusters de Linux para permitir a los usuarios enviar trabajos a SLURM. Sin embargo, implica el uso de un emulador de consola para establecer la comunicacion remota que, en algunos casos, no esta disponible. Por lo tanto, este documento presenta el desarrollo de la API Web Submit SLURM, que ofrece una interfaz web rapida y segura para enviar trabajos a SLURM, consultar la cola de trabajos, crear y cargar archivos batch. EnglishProtocols such Secure Shell have been commonly used by Linux clusters to allow users sending jobs to SLURM. However, it implies the use of a console emulator to establish the remote communication which, in some cases, is not available. Therefore, this paper presents the development of the Web Submit SLURM API which offers a quick and safe web interface for submitting jobs to SLURM, querying the job queue, and creating and uploading batch files.
- Published
- 2019
24. A Heuristic Statistical Testing Based Approach for Encrypted Network Traffic Identification
- Author
-
Xiaosong Zhang, Zhongliu Zhuo, Niu Weina, Guowu Yang, Xiaojiang Du, and Mohsen Guizani
- Subjects
Handshake ,Computer Networks and Communications ,Computer science ,Heuristic (computer science) ,protocol-independent ,Aerospace Engineering ,02 engineering and technology ,computer.software_genre ,Encryption ,0203 mechanical engineering ,statistical testing ,Randomness tests ,Electrical and Electronic Engineering ,Transport Layer Security ,business.industry ,Secure Shell ,020302 automobile design & engineering ,Cryptographic protocol ,Statistical classification ,Identification (information) ,machine learning ,handshake skipping ,Automotive Engineering ,Encrypted traffic identification ,Malware ,Data mining ,business ,computer - Abstract
In recent years, malware with strong concealment uses encrypted protocol to evade detection. Thus, encrypted traffic identification can help security analysts to be more effective in narrowing down those encrypted network traffic. Existing methods are protocol independent, such as statistical-based and machine-learning-based approaches. Statistical-based approaches, however, are confined to payload length and machine-learning-based approaches have a low recognition rate for encrypted traffic using undisclosed protocols. In this paper, we proposed a heuristic statistical testing (HST) approach that combines both statistics and machine learning and has been proved to alleviate their respective deficiencies. We manually selected four randomness tests to extract small payload features for machine learning to improve real-time performances. We also proposed a simple handshake skipping method called HST-R to increase the classification accuracy. We compared our approach with other identification approaches on a testing dataset consisting of traffic that uses two known, two undisclosed, and one custom cryptographic protocols. Experimental results showed that HST-R performs better than other traditional coding-based, entropy-based, and ML-based approaches. We also showed that our handshake skipping method could generalize better for unknown cryptographic protocols. Finally, we also conducted experimental comparisons among different classification algorithms. The results showed that C4.5, with our method, has the highest identification accuracy for secure sockets layer and secure shell traffic. Basic Research Programs of Sichuan Province, Science and Technology Foundation of State Grid Corporation of China, National Natural Science Foundation of China Scopus
- Published
- 2019
25. Design of cross-cultural teaching management system for international students based on cloud service platform.
- Author
-
Sun, Taiwei
- Subjects
- *
FOREIGN students , *STREAMING video & television , *TECHNOLOGICAL innovations , *WEB portals , *ONLINE education , *STUDENT mobility - Abstract
Recently online teaching resources management has become an interesting domain in China due to emerging technologies like Video Internet of Things (VIoT). We propose a novel integrated framework for efficient teaching resources management using VIoT and cloud computing services. The proposed model designs a VIoT system to analyze the need for front-end portals. We employ a cloud platform for international students based on business goals and functional requirements to optimize sensor design. The proposed model first builds the VIoT front-end web portal to elaborate the design schemes, architecture, and various design ideas. Then, we integrate the VIoT system with other cloud-based modules such as the teaching management module, application management module, and system-object module. We represent the proposed model from three perspectives like Secure Shell (SSH) framework implementation, interfaces, and certain function modules. The experimental outcomes demonstrate that the system developed in this study has a specific influence. [ABSTRACT FROM AUTHOR]
- Published
- 2022
- Full Text
- View/download PDF
26. Design and Implementation of Raspberry House: An IoT Security Framework
- Author
-
Hiroyuki Ohno, Wen Fei, and Srinivas Sampalli
- Subjects
Firmware ,Computer science ,computer.internet_protocol ,Secure Shell ,020206 networking & telecommunications ,02 engineering and technology ,computer.software_genre ,Computer security ,Internet protocol suite ,Default gateway ,Server ,SAFER ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,computer ,Private network - Abstract
The rising popularity of the Internet of Things (IoT) on a global scale has led to an increase in cyber threats, and researchers are paying more attention to its security issues. So far, research on IoT security has focused on large-scale devices, but there is relatively less research on the security of small IoT devices. Therefore, our objective is to mainly study how to make the operation of small IoT devices safer. Raspberry House is a TCP/IP Layer 3 gateway built with Raspberry Pi, which can connect IoT devices to the private network generated by it, thereby preventing IoT devices from being exposed to outside networks. In addition, through a private network, IoT devices can also update their firmware wirelessly. This paper also studies the communication between IoT devices through different secure connections such as Secure Shell (SSH), and evaluates their results in different environments. Experimental evaluation of TCP/IP Layer 3 Gateway indicates that the proposed framework can provide security for small IoT devices.
- Published
- 2021
27. Python Network Automation Labs: SSH paramiko and netmiko
- Author
-
Brendan Choi
- Subjects
business.industry ,Computer science ,Secure Shell ,Network engineering ,Python (programming language) ,computer.software_genre ,Networking hardware ,Upgrade ,Scripting language ,Network automation ,Software engineering ,business ,computer ,computer.programming_language - Abstract
In this chapter, you will use Python’s SSH libraries, paramiko and netmiko, to control your networking devices. paramiko is what Ansible relies on for SSH connection management to network devices, and netmiko is an engineer-friendly version of paramiko as netmiko also relies on paramiko. By studying how these network modules work, you can learn the inner workings of other applications relying on these network modules. In the first half of this chapter, you will learn to replace basic network engineer manual tasks using Python scripts and the paramiko library. In the second half of this chapter, you will learn to write Python scripts using the netmiko library. Once you master how to use these SSH modules, you can apply them to your work immediately. These SSH labs will serve as the cornerstones in developing the IOS XE upgrade application at the end of this book.
- Published
- 2021
28. Secure Shell (SSH)
- Author
-
Robert La Lau
- Subjects
Firewall (construction) ,Terminal (electronics) ,business.industry ,Computer science ,Secure Shell ,File transfer ,Encryption ,business ,Communications protocol ,Protocol (object-oriented programming) ,Port (computer networking) ,Computer network - Abstract
Secure shell is a network protocol for the creation of encrypted connections. In its original and purest form, it is used to open a remote terminal and execute commands. However, the protocol can also be used for file transfer (SCP, SFTP); as an encrypted transport protocol for other, possible less strongly secured protocols; and for port forwarding—the redirection of requests for certain ports to ports on other servers—a technique often used to allow machines on different sides of a firewall to communicate.
- Published
- 2021
29. Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH
- Author
-
Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis
- Subjects
Authentication ,Post-quantum cryptography ,Computer science ,business.industry ,Secure Shell ,020206 networking & telecommunications ,Cryptography ,02 engineering and technology ,Internet security ,Public-key cryptography ,020204 information systems ,0202 electrical engineering, electronic engineering, information engineering ,Key encapsulation ,business ,Key exchange ,Computer network - Abstract
The advances in quantum computing present a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time. To address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH), the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantum-resistant key encapsulation and authentication schemes. In this paper, we evaluate protocol handshake performance when both post-quantum key exchange and authentication are integrated into TLS and SSH. Our experiments consider realistic network conditions and reveal that the introduced handshake latency ranges between 1-300% for TLS and 0.5-50% for SSH depending on the post-quantum algorithms used. In addition, we examine how the initial TCP window size affects post-quantum TLS and SSH performance, and show that even a small size increase can reduce the observed post-quantum slowdown by 50%. Finally, we discuss alternatives that can encourage the early adoption of post-quantum cryptography with minimum protocol performance degradation.
- Published
- 2020
30. Webpage controlled surveillance bot using Raspberry Pi
- Author
-
V.G. Rajendran, S. Arunbhaarat, S. Jayalalitha, and S. Radhakrishnan
- Subjects
Computer science ,business.industry ,Secure Shell ,ComputerApplications_COMPUTERSINOTHERSYSTEMS ,USB ,computer.software_genre ,law.invention ,Raspberry pi ,law ,Feature (computer vision) ,Web page ,Operating system ,Robot ,Wireless ,business ,computer ,Ip address - Abstract
This paper deals with designing and building a webpage based on control of a mini size robot by using raspberry pi. In case of a situation where humans cannot able to move in the particular places so that the robot can roam around in a given environment while transmitting back realtime video data to the manually hosted webpage, also the program can be invoked through SSH (Secure Shell) connection (wireless real-time programming). Using a USB based camera the real-time video data can be captured and the robot movement can be controlled in a given environment. The designed robot is compact and it has the main feature of wireless transmission and reception of data using the inbuilt Wi-Fi module that can be controlled and viewed through a webpage. The webpage can be hosted by using Raspberry pi's IP address. Microweb framework type flask has been utilized to give instructions from the web page to the raspberry pi model to control the movement of the robot.
- Published
- 2020
31. POSTER: Distributed SSH Bruteforce Attack Detection with Flow Content Similarity and Login Failure Reputation
- Author
-
Pratibha Khandait, Neminath Hubballi, and Namrata Tiwari
- Subjects
Computer science ,Secure Shell ,Window (computing) ,Login ,Poisson distribution ,computer.software_genre ,symbols.namesake ,Brute-force attack ,Similarity (network science) ,Flow (mathematics) ,Content (measure theory) ,symbols ,Data mining ,computer - Abstract
In this paper we propose a method to detect distributed bruteforcing by modeling failed login attempts as a Poisson probability distribution. We use content similarity between known SSH connection and flow characteristics of failed login attempts to attribute a flow to SSH application and subsequently either as failure or success. Using the failed login count in a window time, we label window as either normal or containing bruteforce attempts.
- Published
- 2020
32. Performance Evaluation of Widely Used Portknoking Algorithms.
- Author
-
Khan, Z.A., Javaid, N., Arshad, M.H., Bibi, A., and Qasim, B.
- Abstract
Port knocking is a technique by which only a single packet or special sequence will permit the firewall to open a port on a machine where all ports are blocked by default. It is a passive authorization technique which offers firewall-level authentication to ensure authorized access to potentially vulnerable network services. In this paper, we present performance evaluation and analytical comparison of three widely used port knocking (PK) algorithms, Aldaba, FWKNOP and SIG-2. Comparative analysis is based upon ten selected parameters; Platforms (Supported OS), Implementation (PK, SPA or both), Protocols (UDP, TCP, ICMP), Out of Order packet delivery, NAT (Network Address Translation), Encryption Algorithms, Root privileges (For installation and operation), Weak Passwords, Replay Attacks and IPv6 compatibility. Based upon these parameters, relative performance score has been given to each algorithm. Finally, we deduce that FWKNOP due to compatibility with windows client is the most efficient among chosen PK implementations. [ABSTRACT FROM PUBLISHER]
- Published
- 2012
- Full Text
- View/download PDF
33. Implementation of NETCONF Standard by Major Customers in Croatia
- Author
-
D. Valencic
- Subjects
NETCONF ,Router ,Command-line interface ,business.industry ,computer.internet_protocol ,Computer science ,Secure Shell ,Simple Network Management Protocol ,Networking hardware ,NETCONF, standard, computer networks, router, switch, implementation, customer ,The Internet ,business ,Protocol (object-oriented programming) ,computer ,Computer network - Abstract
The traditional way of managing and configuring network devices is by using Command Line Interface (CLI) method with Secure Shell (SSH) protocol and Simple Network Management Protocol (SNMP). CLI has proven to be a very complex and ineffective solution, especially with fast development and more complexity in the computer networking area. To solve these issues, IETF (Internet Engineering Task Force) standard organization created in 2006 the NETCONF (Network Configuration Protocol) standard. Using the NETCONF standard should enable standardized, simpler, programmatic and more efficient configuration of R/S (router/switch) devices. Today, more than ten years after the creation of the NETCONF standard there is the question about the actual acceptance of the NETCONF protocol in current customers’ networks and about the actual maturity of the NETCONF standard. The scope of this paper is to show the results of the scientific research (qualitative or quantitative) made with major customers (partners and end customers) in Croatia with R/S network devices: in which networks and on which type of devices NETCONF is implemented, what are the reasons for NETCONF (non)implementation, their knowledge about the NETCONF standard, their view of availability of NETCONF training and documentation, etc.
- Published
- 2020
34. A Method for Microservices Handover in A Local Area Network
- Author
-
Rimba Frida Pusparini, Muhammad Helmi Utomo, Ridha Muldina Negara, Reza Afshari, and Favian Dewanta
- Subjects
File Transfer Protocol ,Handover ,business.industry ,Computer science ,Secure Shell ,Server ,Cloud computing ,Microservices ,business ,SSH File Transfer Protocol ,Edge computing ,Computer network - Abstract
The trend of internet of things (IoT) makes the cloud less effective because networked control systems need low latency while cloud have high latency for processing data from sensors and devices. In that kind of situation, fog computing is introduced as the complement of cloud computing. However, unlike cloud services, fog services are limited to certain geographical area. As a consequence, fog services handover is needed in order to accommodate user’s mobility. This paper is focusing on microservices handover that follows user’s movement. The microservices installed in the current fog node are sent to another service coverage of a new fog node for continuing the same service to the users. Fog node contains a docker that runs MySQL, python script, and busybox services. When it comes to handover, docker will freeze current session and convert it to a checkpoint file. The file is created by taking a snapshot of the container, which consists of processes in memory, volume or image. The file will be sent by using secure shell (SSH) or file transfer protocol (FTP). At the destination fog node, the file will be processed in order to resume the service. The results show that delay of SSH is always higher than FTP in all experiments, in which the largest delays are 484.026 seconds for SSH protocol and 146.41 seconds for FTP protocols. As for checkpoint and restore process, those delays tend to be similar with respect to both SSH and FTP protocols but they are still affected by the size of snapshot and checkpoint file.
- Published
- 2020
35. OAuth SSH with Globus Auth
- Author
-
Kyle Chard, Lee Liming, Rachana Ananthakrishnan, Steven Tuecke, Ian Foster, Jason Alt, and Ryan Chard
- Subjects
Authentication ,Software ,business.industry ,Computer science ,Secure Shell ,Identity (object-oriented programming) ,Operating system ,computer.software_genre ,business ,computer ,Protocol (object-oriented programming) ,Identity management - Abstract
The Secure Shell (SSH) protocol and its OpenSSH implementation are a cornerstone of modern scientific computing, enabling users to access remote computers, transfer data, and execute programs. We describe here extensions to the OpenSSH software that enable an additional authentication method, namely OAuth tokens from Globus Auth. Integration with Globus Auth allows users to authenticate using one of hundreds of supported identity providers, and makes it possible for external applications and services to use short-term tokens to access remote computers securely on behalf of users.
- Published
- 2020
36. SciTokens SSH: Token-based Authentication for Remote Login to Scientific Computing Environments
- Author
-
You Alex Gao, Jim Basney, and Alex Withers
- Subjects
Service (systems architecture) ,Authentication ,Computer science ,Secure Shell ,Security token ,Login ,Security policy ,JSON ,computer ,Variety (cybernetics) ,Computational science ,computer.programming_language - Abstract
SciTokens SSH is a pluggable authentication module (PAM) that uses JSON Web Tokens (JWTs) for authentication to the Secure Shell (SSH) remote login service. SciTokens SSH supports multiple token issuers with local token verification, so scientific computing providers are not forced to rely on a single OAuth server for token issuance and verification. The decentralized design for SciTokens SSH was motivated by the distributed nature of scientific computing environments, where scientists use computational resources from multiple providers, with a variety of security policies, distributed across the globe.
- Published
- 2020
37. Human Behavior Traits Detection and Avoidance Using Secure Shell Based Environment
- Author
-
S. Sabrinathan, K. Sureshkumar, D.Sathish Kumar, S. Kalpana, and R.Rumesh Balaji
- Subjects
Password ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Authentication ,Mobile phone ,Computer science ,Secure Shell ,Security token ,Login ,Computer security ,computer.software_genre ,computer ,Personally identifiable information ,Vulnerability (computing) - Abstract
Now a day it is not possible to have mobile phone with network connection all time. That time anyone use user's username and password to login user account without user permission sever sent the security notification to the user mail ID but due to poor network coverage or zero data connect the security notification cannot reach the user. In case user use two step authentication to secure the account but two step authentication having token vulnerability so we purpose to secure the login page vulnerability by adding new authentication. In this authentication is extra layer for security it automatically find unauthorized user and block the device and keep users personal information's safe
- Published
- 2020
38. Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks
- Author
-
Chao-Wei Syu, Lin-Huang Chang, and Tsung-Han Lee
- Subjects
business.industry ,Network packet ,Computer science ,Deep learning ,Secure Shell ,05 social sciences ,050801 communication & media studies ,Intrusion detection and prevention ,Denial-of-service attack ,Convolutional neural network ,0508 media and communications ,Multilayer perceptron ,0502 economics and business ,050211 marketing ,Artificial intelligence ,business ,Software-defined networking ,Computer network - Abstract
The Software Defined Network (SDN) provides higher programmable functionality for network configuration and management dynamically. Moreover, SDN introduces a centralized management approach by dividing the network into control and data planes. In this paper, we introduce a deep learning enabled intrusion detection and prevention system (DL-IDPS) to prevent secure shell (SSH) brute-force attacks and distributed denial-of-service (DDoS) attacks in SDN. The packet length in SDN switch has been collected as a sequence for deep learning models to identify anomalous and malicious packets. Four deep learning models, including Multilayer Perceptron (MLP), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) and Stacked Auto-encoder (SAE), are implemented and compared for the proposed DL-IDPS. The experimental results show that the proposed MLP based DL-IDPS has the highest accuracy which can achieve nearly 99% and 100% accuracy to prevent SSH Brute-force and DDoS attacks, respectively.
- Published
- 2020
39. Measuring the Prevalence of the Password Authentication Vulnerability in SSH
- Author
-
Dalton A. Hahn, Alexandru G. Bardas, and Ron Andrews
- Subjects
Password ,Authentication ,business.industry ,Computer science ,computer.internet_protocol ,Secure Shell ,Computer security ,computer.software_genre ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Server ,The Internet ,Password authentication protocol ,business ,Communications protocol ,computer - Abstract
Securing and hardening network protocols and services is a resource-consuming and continuous effort. Thus, it is important to question how prolific known, mitigable features of those protocols are. The Secure Shell (SSH) protocol is a good example due to its known vulnerability in using password based authentication. We take a closer look at these configurations to identify how prevalent the use of password authentication is at an internet scale. We show that current scanning tools and services provide a starting point in evaluating prevalence, but need to be validated for specific implementations. We also demonstrate that it is possible to augment some of these tools and services to determine the prevalence of password authentication in SSH specifically. As part of our evaluation, we propose a novel method for probing an SSH service to establish if password authentication is allowed, without being intrusive or causing harm to the host. Finally, we show that our analysis has resulted in determining that more than 65% of the over 20 million SSH servers on the public internet allow password authentication.
- Published
- 2020
40. Deprecating RC4 in Secure Shell (SSH)
- Author
-
Loganaden Velvindron
- Subjects
Computer science ,business.industry ,Secure Shell ,The Internet ,RC4 ,Computer security ,computer.software_genre ,business ,computer - Abstract
This document deprecates RC4 in Secure Shell (SSH). Therefore, this document formally obsoletes and moves to Historic RFC4345.
- Published
- 2020
41. Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448
- Author
-
Mark D. Baushke, Simon Josefsson, and Aris Adamantiadis
- Subjects
Computer science ,business.industry ,Secure Shell ,Curve25519 ,The Internet ,business ,Protocol (object-oriented programming) ,Key exchange ,Computer network - Abstract
This document describes the specification for using Curve25519 and Curve448 key exchange methods in the Secure Shell (SSH) protocol.
- Published
- 2020
42. Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol
- Author
-
Ben Harris and Loganaden Velvindron
- Subjects
Public-key cryptography ,Digital Signature Algorithm ,business.industry ,Computer science ,Secure Shell ,The Internet ,SSH File Transfer Protocol ,business ,Protocol (object-oriented programming) ,Computer network - Abstract
This document describes the use of the Ed25519 and Ed448 digital signature algorithm in the Secure Shell (SSH) protocol.
- Published
- 2020
43. Review and Analysis of Cowrie Artefacts and Their Potential to be Used Deceptively
- Author
-
Samuel G. Wakeling, Warren Z. Cabral, Craig Valli, and Leslie F. Sikos
- Subjects
Honeypot ,Computer science ,Network security ,business.industry ,Secure Shell ,02 engineering and technology ,Computer security ,computer.software_genre ,Brute-force attack ,020204 information systems ,Server ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,business ,computer - Abstract
Honeypots are progressively becoming a fundamental cybersecurity tool to detect, prevent and record new threats and attack methodologies used by attackers to penetrate systems. The current technology is advancing rapidly; with the use of virtualisation, and most recently, virtual containers, the deployment of honeypots has become increasingly easier. A varied collection of open source honeypots such as Cowrie are available today, which can be easily downloaded and deployed within minutes—with default settings. Cowrie is a medium-interaction secure shell (SSH) and Telnet honeypot intended to log brute force and shell interaction attacks. However, the current issue with the default Cowrie configuration is that it is easily detected by adversaries using automated scripts and tools. To increase Cowrie's deceptive capabilities, it is essential to understand, modify, and leverage all capabilities of the honeypot. However, this process is complex, because there are no standard frameworks to interpret the artefacts used by the Cowrie honeypot and how these artefacts link to the type of deceptiveness presented to the cyber-attacker. Therefore, there is a need for some type of infrastructure that can interpret these basic deception techniques and tools, and later developing them into feasible cybersecurity defence mechanisms. This study pursues to develop an understanding about its capabilities, and how these capabilities can be used to bait attackers. The resulting annotations can help cybersecurity defenders better understand the effectiveness of the Cowrie artefacts and how they can be used deceptively.
- Published
- 2019
44. An Empirical Analysis of Plugin-Based Tor Traffic over SSH Tunnel
- Author
-
Zhong Guan, Gaopeng Gou, Yangyang Guan, and Bingxu Wang
- Subjects
Traffic analysis ,Computer science ,business.industry ,Server ,Secure Shell ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,ComputingMilieux_COMPUTERSANDSOCIETY ,Client-side ,Encryption ,business ,Tunneling protocol ,Server-side ,Computer network - Abstract
Tor is the most widely used system for anonymous low-latency communication. However, the anonymity of TOr is not invulnerable according to a large amount of researches, even with the traffic obfuscation provided by pluggable transports. Concerned about security issues such as identity leakage, users deploy fronting servers as proxies that forward traffic to the entry node of Tor, and encrypted tunneling services such as secure shell (SSH) protocol are commonly used to connect users with proxies. To quantitatively analyze the plugin-based Tor traffic over encrypted tunnels, experiments involving the traffic identification and correlation are performed. Identification aims at recognizing tunneled Tor flows among background traffic at the client side, while correlation associates outward flows of Tor at the server side with corresponding inward flows at the client side. We access to the self-built server through the SSH proxy and Tor successively, capturing data flows generated by different pluggable transports and upper applications. Then identification and correlation techniques based on various machine learning algorithms are used to break anonymity. The accuracy and F1 scores reach above 95% while false positive rates approach 0% under certain conditions. The result demonstrates that Tor traffic encrypted by tunneling protocols is also at risk of anonymity revealing when confronted with traffic analysis.
- Published
- 2019
45. Robot Operating System Integrated robot control through Secure Shell(SSH)
- Author
-
Santosh Tantravahi, Naveen Samudrala, Rajesh Kannan Megalingam, Hemanth Sai Surya Kumar Tammana, Nagasai Thokala, and Hari Sudarshan Rahul Puram
- Subjects
Rescue robot ,Router ,business.industry ,Computer science ,Secure Shell ,Bandwidth (computing) ,Robot ,Wired communication ,business ,Computer hardware ,Data transmission ,Robot control - Abstract
The paper presents the operation of a robot through SSH. The robot is a disaster rescue robot and is ROS integrated. Through SSH the robot's CPU is accessed from a robot operating console. Commands are passed from the console to the robot's computing unit through SSH. These commands are used to execute the already existing programs in the robot's processing unit and transmit the results to the operating console through wired or wireless communication. Different programs were executed and their results were presented in this paper. The communication between operating console and robot's CPU is established using a high bandwidth router to avoid the delay in data transmission.
- Published
- 2019
46. Using Honeypot Programs for Providing Defense of Banking Network Infrastructure
- Author
-
Yuriy Lakh and Rostyslav Shymkiv
- Subjects
Password ,Task (computing) ,Honeypot ,Work (electrical) ,Brute-force attack ,Computer science ,Secure Shell ,Server ,Information security ,Computer security ,computer.software_genre ,computer - Abstract
the main task of the work was to analyze the possible options for using honeypot lures to protect effectively the network perimeter of a banking system. The analyses have been performed using a low-interactive program honeypot, which purpose is to protect open Secure Shell ports on servers of the banking network infrastructure. As an experimental result of the honeypot’s successful using there were received data on the attacker’s actions. Their detailed carried out analysis as well as application results have been presented in the graphs and visualizations with additional programs. In particular, the most frequently used types of logins as well as passwords values during active phase of attacks had been analyzed and due to the obtained results were proposed methods and tools allowing avoid such types of attacks. Recommendations for developing network secure perimeter of a banking system according to the modern information security requirements had been proposed.
- Published
- 2019
47. Outsourced Ciphertext-Policy based Privacy Preservation for Mobile Cloud Computing
- Author
-
Shengling Wang, Sheharyar, Zahid Mahmood, and Waqas Ahmad
- Subjects
020203 distributed computing ,Authentication ,Computer science ,business.industry ,Secure Shell ,Hash function ,020207 software engineering ,02 engineering and technology ,Computer security ,computer.software_genre ,Encryption ,Crowdsourcing ,Mobile cloud computing ,Mobile phone ,Ciphertext ,0202 electrical engineering, electronic engineering, information engineering ,General Earth and Planetary Sciences ,Verifiable secret sharing ,business ,computer ,Mobile device ,General Environmental Science ,Anonymity - Abstract
With the rapid advancement of mobile phone technology, crowdsourced mobile applications are gaining importance for cheaper and abundant information gathering source. A couple of benefits of crowdsourcing are better (versatile) and less expensive responses to the requester, source of earning for crowd contributors at the same time. With the emergence of wireless access technologies and the popularity of smart and intelligent mobile terminals like smartphones, the privacy of requesters and contributors in a crowdsourced environment is becoming more crucial. Computation complexity of available privacy preserving tools and verification of outsourced schemes are not feasible for WSNs low power and resource constrained contributing devices. The low-end resource constrained mobile devices to have less capability to compute multiple access policies and the computation cost increases with the complexity of access strategy. To resolve this issue, we proposed a resourceful verifiable outsourced encryption policy based on ciphertext attributed policy (OS-ABE), which is a platform for computing exhaustive computing tasks during private data encryption and decryption. The proposed scheme works without revealing the personal data at outsource and leaves only the minimal calculation to the crowdsource contributor and the requester. To authenticate and overcome known attacks like DoS, false computing results at crowdsourced platforms, anonymity server is embedded to handle contributors privacy issues by providing a secure shell in the framework. This scheme is based on bilinear group of prime order in which two hash functions can verify outsourced computation and ensure integrity of data. The formal security and performance analysis is presented and found to be efficient and secure.
- Published
- 2018
48. Detecting Malicious Activity With DNS Backscatter Over Time
- Author
-
Kensuke Fukuda, John Heidemann, and Abdul Qadeer
- Subjects
Computer Networks and Communications ,Computer science ,business.industry ,BitTorrent tracker ,Domain Name System ,Secure Shell ,020206 networking & telecommunications ,02 engineering and technology ,Computer security ,computer.software_genre ,Electronic mail ,Computer Science Applications ,020204 information systems ,Server ,0202 electrical engineering, electronic engineering, information engineering ,Electrical and Electronic Engineering ,DNS hijacking ,Backscatter (email) ,Heartbleed ,business ,computer ,Software ,Computer network - Abstract
Network-wide activity is when one computer (the originator ) touches many others (the targets ). Motives for activity may be benign (mailing lists, content-delivery networks, and research scanning), malicious (spammers and scanners for security vulnerabilities), or perhaps indeterminate (ad trackers). Knowledge of malicious activity may help anticipate attacks, and understanding benign activity may set a baseline or characterize growth. This paper identifies domain name system (DNS) backscatter as a new source of information about network-wide activity. Backscatter is the reverse DNS queries caused when targets or middleboxes automatically look up the domain name of the originator. Queries are visible to the authoritative DNS servers that handle reverse DNS. While the fraction of backscatter they see depends on the server’s location in the DNS hierarchy, we show that activity that touches many targets appear even in sampled observations. We use information about the queriers to classify originator activity using machine-learning. Our algorithm has reasonable accuracy and precision (70–80%) as shown by data from three different organizations operating DNS servers at the root or country level. Using this technique, we examine nine months of activity from one authority to identify trends in scanning, identifying bursts corresponding to Heartbleed, and broad and continuous scanning of secure shell.
- Published
- 2017
49. Secure Shell
- Author
-
van Tilborg, Henk C. A., editor and Jajodia, Sushil, editor
- Published
- 2011
- Full Text
- View/download PDF
50. Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm.
- Author
-
Bellare, Mihir, Kohno, Tadayoshi, and Namprempre, Chanathip
- Subjects
DATA encryption ,COMPUTER operating systems ,CRYPTOGRAPHY ,SECURITY systems ,SYSTEMS software ,INTERNET ,WIDE area networks ,SECURITY systems industry - Abstract
The secure shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper, we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol and to SSH implementations. We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest. [ABSTRACT FROM AUTHOR]
- Published
- 2004
- Full Text
- View/download PDF
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.