Biblio

This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

This paper proposes an architecture of Secure Shell (SSH) honeypot using port knocking and Intrusion Detection System (IDS) to learn the information about attacks on SSH service and determine proper security mechanisms to deal with the attacks. Rapid development of information technology is directly proportional to the number of attacks, destruction, and data theft of a system. SSH service has become one of the popular targets from the whole vulnerabilities which is existed. Attacks on SSH service have various characteristics. Therefore, it is required to learn these characteristics by typically utilizing honeypots so that proper mechanisms can be applied in the real servers. Various attempts to learn the attacks and mitigate them have been proposed, however, attacks on SSH service are kept occurring. This research proposes a different and effective strategy to deal with the SSH service attack. This is done by combining port knocking and IDS to make the server keeps the service on a closed port and open it under user demand by sending predefined port sequence as an authentication process to control the access to the server. In doing so, it is evident that port knocking is effective in protecting SSH service. The number of login attempts obtained by using our proposed method is zero.