Biblio

In network communication domain, one of the most widely used protocol for encrypting data and securing communications is the IPSec protocol. The design of this protocol is based on two main phases which are: exchanging keys phase and transferring data phase. In this paper we focus on enhancing the exchanging keys phase which is included in the security association (SA), using a chaotic cryptosystem. Initially IPSec is based on the Internet Key Exchange (IKE) protocol for establishing the SA. Actually IKE protocol is in charge for negotiating the connection and for authenticating both nodes. However; using IKE gives rise to a major problem related to security attack such as the Man in the Middle Attack. In this paper, we propose a chaotic cryptosystem solution to generate SA file for the connected nodes of the network. By solving a 4-Dimension chaotic system, a SA file that includes 128-bit keys will be established. The proposed solution is implemented and tested using FPGA boards.

In network communication domain, one of the most widely used protocol for encrypting data and securing communications is the IPSec protocol. The design of this protocol is based on two main phases which are: exchanging keys phase and transferring data phase. In this paper we focus on enhancing the exchanging keys phase which is included in the security association (SA), using a chaotic cryptosystem. Initially IPSec is based on the Internet Key Exchange (IKE) protocol for establishing the SA. Actually IKE protocol is in charge for negotiating the connection and for authenticating both nodes. However; using IKE gives rise to a major problem related to security attack such as the Man in the Middle Attack. In this paper, we propose a chaotic cryptosystem solution to generate SA file for the connected nodes of the network. By solving a 4-Dimension chaotic system, a SA file that includes 128-bit keys will be established. The proposed solution is implemented and tested using FPGA boards.

A key exchange protocol is an important primitive in the field of information and network security and is used to exchange a common secret key among various parties. A number of key exchange protocols exist in the literature and most of them are based on the Diffie-Hellman (DH) problem. But, these DH type protocols cannot resist to the modern computing technologies like quantum computing, grid computing etc. Therefore, a more powerful non-DH type key exchange protocol is required which could resist the quantum and exponential attacks. In the year 2013, Lei and Liao, thus proposed a lattice-based key exchange protocol. Their protocol was related to the NTRU-ENCRYPT and NTRU-SIGN and so, was referred as NTRU-KE. In this paper, we identify that NTRU-KE lacks the authentication mechanism and suffers from the man-in-the-middle (MITM) attack. This attack may lead to the forging the authenticated users and exchanging the wrong key.

Given the high frequency of information security incidents, feeling that we may soon become innocent victims of these events may be justified. Perpetrators of information security offenses take advantage of several methods to leave no evidence of their crimes, and this pattern of hiding tracks has caused difficulties for investigators searching for digital evidence. Use of the onion router (Tor) is a common way for criminals to conceal their identities and tracks. This paper aims to explain the composition and operation of onion routing; we conduct a forensic experiment to detect the use of the Tor browser and compare several browser modes, including incognito and normal. Through the experimental method described in this paper, investigators can learn to identify perpetrators of Internet crimes, which will be helpful in future endeavors in digital forensics.

This paper proposes a new cryptosystem that combines Diffie-Hellman protocol implemented with hyperelliptic curves over a Galois field GF(2n) with Tree Parity Machine synchronization for a Visible Light Communication indoor channel. The proposed cryptosystem security focuses on overcoming a weakness of neuronal synchronization; specifically, the stimulus vector that is public, which allows an attacker to try to synchronize with one of the participants of the synchronization. Real data receptions of the Visible Light Communication channel are included. In addition, there is an improvement of 115% over a range of 100 $łeq$ tsync$łeq$ 400 of the average synchronization time t\_sync, compared to the classic Tree Parity Machine synchronization.

It is a well-known fact that nowadays access to sensitive information is being performed through the use of a three-tier-architecture. Web applications have become a handy interface between users and data. As database-driven web applications are being used more and more every day, web applications are being seen as a good target for attackers with the aim of accessing sensitive data. If an organization fails to deploy effective data protection systems, they might be open to various attacks. Governmental organizations, in particular, should think beyond traditional security policies in order to achieve proper data protection. It is, therefore, imperative to perform security testing and make sure that there are no holes in the system, before an attack happens. One of the most commonly used web application attacks is by insertion of an SQL query from the client side of the application. This attack is called SQL Injection. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. To overcome the SQL injection problems, there is a need to use different security systems. In this paper, we will use 3 different scenarios for testing security systems. Using Penetration testing technique, we will try to find out which is the best solution for protecting sensitive data within the government network of Kosovo.

The analysis of real-world protocols, in particular key exchange protocols and protocols building on these protocols, is a very complex, error-prone, and tedious task. Besides the complexity of the protocols itself, one important reason for this is that the security of the protocols has to be reduced to the security of the underlying cryptographic primitives for every protocol time and again. We would therefore like to get rid of reduction proofs for real-world key exchange protocols as much as possible and in many cases altogether, also for higher-level protocols which use the exchanged keys. So far some first steps have been taken in this direction. But existing work is still quite limited, and, for example, does not support Diffie-Hellman (DH) key exchange, a prevalent cryptographic primitive for real-world protocols. In this paper, building on work by Kusters and Tuengerthal, we provide an ideal functionality in the universal composability setting which supports several common cryptographic primitives, including DH key exchange. This functionality helps to avoid reduction proofs in the analysis of real-world protocols and often eliminates them completely. We also propose a new general ideal key exchange functionality which allows higherlevel protocols to use exchanged keys in an ideal way. As a proof of concept, we apply our framework to three practical DH key exchange protocols, namely ISO 9798-3, SIGMA, and OPTLS.

Many a time's assumptions are key to inventions. One such notion in recent past is about data exchange between two disjoint computer systems. It is always assumed that, if any two computers are separated physically without any inter communication, it is considered to be very secure and will not be compromised, the exchange of data between them would be impossible. But recent growth in the field of computers emphasizes the requirements of security analysis. One such security concern is with the air-gapped systems. This paper deals with the flaws and flow of air-gapped systems.

When a large scale disaster strikes, it demands an efficient communication and coordination among first responders to save life and other community resources. Normally, the traditional communication infrastructures such as landline phone or cellular networks are damaged and dont provide adequate communication services to first responders for exchanging emergency related information. Wireless mesh networks is the promising alternatives in such type of situations. The security requirements for emergency response communications include privacy, data integrity, authentication, access control and availability. To build a secure communication system, usually the first attempt is to employ cryptographic keys. In critical-mission wireless mesh networks, a mesh router needs to maintain secure data communication with its neighboring mesh routers. The effective designs on fast pairwise key generation and rekeying for mesh routers are critical for emergency response and are essential to protect unicast traffic. In this paper, we present a security-enhanced session key generation and rekeying protocols EHPFS (enhanced 4-way handshake with PFS support). It eliminate the DoS attack problem of the 4-way handshake in 802.11s. EHPFS provides additional support for perfect forward secrecy (PFS). Even in case a Primary Master Key (PMK) is exposed, the session key PTK will not be compromised. The performance and security analysis show that EHPFS is efficient.

The incorporation of security mechanisms to protect spacecraft's TT&c; payload links is becoming a constant requirement in many space missions. More advanced mission concepts will allow spacecrafts to have higher levels of autonomy, which includes performing key management operations independently of control centers. This is especially beneficial to support missions operating distantly from Earth. In order to support such levels of autonomy, key agreement is one approach that allows spacecrafts to establish new cryptographic keys as they deem necessary. This work introduces an approach based on a trusted platform module that allows for key agreement to be performed with minimal computational efforts and protocol iterations. Besides, it allows for opportunistic control center reporting while avoiding man-in-the-middle and replay attacks.