With the characteristic of spatial diversity and low cost, cooperative system is a tendency for t... more With the characteristic of spatial diversity and low cost, cooperative system is a tendency for the future communications. In the wireless communication system, there exist degradation factors such as signal fading, multipath transmission, signal inferences, bandwidth limitation and so on. In addition to these degradation factors, the wireless transmission is not a secure environment. The information might be leaked during the transmission. Currently , the issues of privacy and security have become increasingly important for the mobile users. Traditionally, the security scheme is applied to the higher network layer. Encryption can be complex and difficult without infrastructure. It is not suitable to apply to the equipment with low computing resources, such as Internet of Things (IoT) application. Within information theoretic security characterizes the fundamental ability of the physical layer to provide a secure transmission. Hence, this work concentrates on the secure cooperative ...
In this article, we propose a new symmetric communication system secured, founded upon strong zer... more In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users’ identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
In recent years, distributed systems, including cloud computing, are becoming increasingly popula... more In recent years, distributed systems, including cloud computing, are becoming increasingly popular. They are based on traditional security mechanisms that focus on access control policies and the use of cryptographic primitives. However, these mechanisms do not implement some more advanced security properties, including authentication policies. Kerberos V5, the most recent version, is a successful protocol that is designed to authenticate clients to multiple networked services. In this paper we propose a new mutuel Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hellman models. it is composed of three phases: 1) registration phase, based on the Diffie Hellman model, enabling the design and reliable exchange of client’s authentication parameters to the authentication server side; 2) communication phase, based upon the two functions S2KexS () and DKexS (), which aims to the exchange of encryption keys and creates a secure the communication ch...
The evolution of networks requires a high monitoring of their resources and a reliable security o... more The evolution of networks requires a high monitoring of their resources and a reliable security of exchanges to obtain a faithful communication between their systems. The automatic detection of intrusions has become an active discipline due to the increased needs of computer security and large malicious traffic with attacks that can infect systems. Intrusion detection and prevention systems are the recent technologies used to monitor data activities. Thus, their assessment is very useful. The main goal of this paper is to analyze some sniffers tools and to assess the performances of certain intrusion detection and prevention systems. The analysis measures assess the authenticity, availability, integrity and confidentiality but also certain parameters related to security, such as: Detection type, filtering detection method, real time reaction, updating, alerting, logging. A novel detection approach is designed to perform the monitoring of networks. It is based on PcapSockS sniffer th...
Currently, web applications have become more relevant to citizens' privacy. The heightened se... more Currently, web applications have become more relevant to citizens' privacy. The heightened security in this public space is not yet assured which always creates problems of mutual trust and validity of information. In fact, the majority of web applications are insecure, despite the widespread usage of SSL protocol ((13), (18)), which is, recently, the only protocol for securing the communication between the client and server. The objective of this paper is to propose a new mutual authentication system based on virtual passwords per session (MA VPS), as an alternative of SSL protocol. The aim is to introduce an authentication system able to the zero knowledge users' identification ensuring untraceability, portability, unpredictability , integrity and reusability of their authentication settings. The users' authentication is founded on the symmetric encryption by a virtual password regenerated in each session. The interest is to assure the integrity and the confidentiality...
Information Security Journal: A Global Perspective, 2020
ABSTRACT Nowadays, web application security is one of the relevant issues in the IT security doma... more ABSTRACT Nowadays, web application security is one of the relevant issues in the IT security domain due to the continued growth in the number of web-related attacks. As a result, attacks, with various and varied motivations, have developed and become increasingly sophisticated. They mainly target data related to economic activities. Thus, they cause significant damage to the overall functioning of information systems. To address the various threats, several robust taxonomies exist in the literature. Each taxonomy and classification has advantages and limitations. We first define the different threat classifications related to the context of Web applications. The objective of this analysis is to provide a synthesis of the advantages and disadvantages of each classification. The current work analyses different taxonomies for web applications threats, in order to propose our proper taxonomy. The proposed taxonomy takes advantage of the benefits of existing taxonomies and provides an integrated approach for classifying both client-side and server-side attacks. The finding will help researchers to find a clear and detailed taxonomy of the different threats related to web applications.
A robust stream cipher algorithm is defined as unpredictable and random generator of the keystrea... more A robust stream cipher algorithm is defined as unpredictable and random generator of the keystreams under minimal perturbations over its inputs. It provides too strong encryption resisting to the attacks founded on the correlation of the regenerated keystreams. The robustness of a wireless network security requires efficient cryptographic primitives and security protocols able to prove the integrity, authentication and confidentiality of the sensitive information. In this paper, we aim to enhance the data confidentiality and integrity of the wireless network. To highlight the data integrity, we introduce a dynamic integrity check code that calculates a checksum from primitive polynomials generator. In our contribution, we focus on the dynamist, unpredictability and non-traceability of sensitive information. We progress our system by a process of regeneration of the primitive polynomials proper to any communication session without touching the internal behavior of the habitual systems. We aim also to introduce a solution which influences by any minimal perturbation on the sensitive elements. It inspires its robustness by its aptitude to regenerate lightweight, dynamic and robust cryptographic primitives able to ensure robust wireless network security.
Intrusion detection and prevention is a set of techniques that try to detect attacks as they occu... more Intrusion detection and prevention is a set of techniques that try to detect attacks as they occur or after the attacks took place. There are two recent and useful approaches to detect intrusions: misuse and anomaly. They collect network traffic activities from some points on the network or computer system and then use them to secure the network using one or both of the available detection methods. The IDPS suffer major vulnerabilities with large generation of false positives and negatives. The anomaly detection aims to specify behavior detection problems that require modeling of profile preliminary. This paper describes a new approach of intrusion detection based on specified profile built from training basis using a database that contains normal activities collected within monitored network. The modeling of profile represents a real challenge for network administrators and computer security researchers. Our main goal is in the first hand, to present an application of multilayer perceptron to make a monitored system, in the second hand, to build a classifier for traffic events. A supervised algorithm is suggested and used in training. The recognition phase aims to validate the new classifier. Our classifier is able to distinct between normal activity and intrusion. We describe in details our novel detection approach and we validate the proposed solutions. We demonstrated that this novel approach is robust, flexible and gives useful performances using multilayer perceptron.
International Journal of Advanced Computer Science and Applications, 2016
Nowadays, the protection and the security of data transited within computer networks represent a ... more Nowadays, the protection and the security of data transited within computer networks represent a real challenge for developers of computer applications and network administrators. The Intrusion Detection System and Intrusion Prevention System are the reliable techniques for a Good security. Any detected intrusion is based on data collection. So, the collection of an important and significant traffic on the monitored systems is an interesting feature. Thus, the first task of Intrusion Detection System and Intrusion Prevention System is to collect information's basis to treat and analyze them, and to make accurate decisions. Network analysis can be used to improve networks performances and their security, but it can also be used for malicious tasks. Our main goal in this article is to design a reliable and powerful network sniffer, called PcapSockS, based on pcap language and sockets, able to intercept traffic in three modes: connected, connectionless and raw mode. We start with the performances assessment performed on a list of most expanded and most recently used network sniffers. The study will be completed by a classification of these sniffers related to computer security objectives based on parameters library (libpcap/winpcap or libnet), filtering, availability, software or hardware, alert and real time. The PcapSockS provides a nice performance integrating reliable sniffing mechanisms that allow a supervision taking into account some low and high-level protocols for TCP and UDP network communications.
International Journal of Internet Technology and Secured Transactions, 2015
User authentication is the 'Achilles heel' of modern web applications security. Although strong s... more User authentication is the 'Achilles heel' of modern web applications security. Although strong schemes based on public key cryptography have been proposed, none of them is widely adopted. Specifically, they are difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme, which is based on public key cryptography and other cryptographic primitives. Our analysis shows that our scheme is efficient, and improves authentication security without sacrificing usability and depolaybility. Moreover, our scheme can be combined with HTTPS to effectively add another layer of security to web applications. In so doing, we demonstrate that our scheme can significantly improve the security of web applications with minimal impact on performance.
Nowadays, client authentication in Web applications for each user based on passwords and a static... more Nowadays, client authentication in Web applications for each user based on passwords and a statically salts [11, 13, 18, 19]. The aim of this article is to propose random generator of a safe cryptographic salt per session (RGSCS). The interest to introduce this regenerator is to contribute to the evolution of the cryptographic quality of the systems of strong zero knowledge authentication based on passwords. In Section 3, we propose a model for regeneration a SOTS based on random functions and on CRC code. To study the behavior of the RGSCS, which is the objective of Section 4, we have, in one hand, defined and proved a metric on the finite set of periodic binary sequences not necessarily the same period, the uncorrelation, the impact of the distribution of lengths and the unpredictability of primitive signals and in the other hand, evaluated the performance of our purpose by using several tests. The outcome showed that RGSCS has a chaotic behavior. As for Section 5, is devoted to the implementation of our RGSCS algorithm under PHP5. This article is finished by a conclusion.
2014 Second World Conference on Complex Systems (WCCS), 2014
Currently, the security of the users' privacy in public spaces has more concerns especially in we... more Currently, the security of the users' privacy in public spaces has more concerns especially in web applications. Also, the unconsciousness of users by the importance of the quality cryptographic of these authentication parameters makes their commoditized accounts. Hence, investment in the computer discipline becomes more demanding to prevent potential attacks. In this paper, we introduce a new strong zero knowledge authentication system based on virtual passwords (SAVP). Its objective of this paper is to ensure the identification of users on the network by ensuring intractability, portability, unpredictability, integrity and reusability of their authentication settings. In the second section, we study the difficulties and users habits followed in the selection, storage or memorizing passwords, as well, the evolution and the limits of all categories of texture password authentication. Also, we locate the importance of integration of salts in authentication mechanisms and their impacts on the robustness of passwords regenerated. As for the third section, we start with a detail description of all mechanisms and component contributing to the robustness of our mutual authentication system. Our goal is to provide a strong zero knowledge authentication system based on salts generated by a cryptographically secure random regenerator, algorithm for dynamic rotation of binary strings, symmetric cryptography primitive, one-way hash function and random nonce to provide mutual authentication. The security analysis of our proposal, which is the goal of the fourth section, shows their ability to resist against multiple types of attacks.
International Journal of Network Security & Its Applications, 2014
The majority of current web authentication is built on username/password. Unfortunately, password... more The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
International Journal of Network Security & Its Applications, 2015
In this article, we propose a new symmetric communication system secured, founded upon strong zer... more In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users' authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users' authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users' identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
With the characteristic of spatial diversity and low cost, cooperative system is a tendency for t... more With the characteristic of spatial diversity and low cost, cooperative system is a tendency for the future communications. In the wireless communication system, there exist degradation factors such as signal fading, multipath transmission, signal inferences, bandwidth limitation and so on. In addition to these degradation factors, the wireless transmission is not a secure environment. The information might be leaked during the transmission. Currently , the issues of privacy and security have become increasingly important for the mobile users. Traditionally, the security scheme is applied to the higher network layer. Encryption can be complex and difficult without infrastructure. It is not suitable to apply to the equipment with low computing resources, such as Internet of Things (IoT) application. Within information theoretic security characterizes the fundamental ability of the physical layer to provide a secure transmission. Hence, this work concentrates on the secure cooperative ...
In this article, we propose a new symmetric communication system secured, founded upon strong zer... more In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users’ identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
In recent years, distributed systems, including cloud computing, are becoming increasingly popula... more In recent years, distributed systems, including cloud computing, are becoming increasingly popular. They are based on traditional security mechanisms that focus on access control policies and the use of cryptographic primitives. However, these mechanisms do not implement some more advanced security properties, including authentication policies. Kerberos V5, the most recent version, is a successful protocol that is designed to authenticate clients to multiple networked services. In this paper we propose a new mutuel Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hellman models. it is composed of three phases: 1) registration phase, based on the Diffie Hellman model, enabling the design and reliable exchange of client’s authentication parameters to the authentication server side; 2) communication phase, based upon the two functions S2KexS () and DKexS (), which aims to the exchange of encryption keys and creates a secure the communication ch...
The evolution of networks requires a high monitoring of their resources and a reliable security o... more The evolution of networks requires a high monitoring of their resources and a reliable security of exchanges to obtain a faithful communication between their systems. The automatic detection of intrusions has become an active discipline due to the increased needs of computer security and large malicious traffic with attacks that can infect systems. Intrusion detection and prevention systems are the recent technologies used to monitor data activities. Thus, their assessment is very useful. The main goal of this paper is to analyze some sniffers tools and to assess the performances of certain intrusion detection and prevention systems. The analysis measures assess the authenticity, availability, integrity and confidentiality but also certain parameters related to security, such as: Detection type, filtering detection method, real time reaction, updating, alerting, logging. A novel detection approach is designed to perform the monitoring of networks. It is based on PcapSockS sniffer th...
Currently, web applications have become more relevant to citizens' privacy. The heightened se... more Currently, web applications have become more relevant to citizens' privacy. The heightened security in this public space is not yet assured which always creates problems of mutual trust and validity of information. In fact, the majority of web applications are insecure, despite the widespread usage of SSL protocol ((13), (18)), which is, recently, the only protocol for securing the communication between the client and server. The objective of this paper is to propose a new mutual authentication system based on virtual passwords per session (MA VPS), as an alternative of SSL protocol. The aim is to introduce an authentication system able to the zero knowledge users' identification ensuring untraceability, portability, unpredictability , integrity and reusability of their authentication settings. The users' authentication is founded on the symmetric encryption by a virtual password regenerated in each session. The interest is to assure the integrity and the confidentiality...
Information Security Journal: A Global Perspective, 2020
ABSTRACT Nowadays, web application security is one of the relevant issues in the IT security doma... more ABSTRACT Nowadays, web application security is one of the relevant issues in the IT security domain due to the continued growth in the number of web-related attacks. As a result, attacks, with various and varied motivations, have developed and become increasingly sophisticated. They mainly target data related to economic activities. Thus, they cause significant damage to the overall functioning of information systems. To address the various threats, several robust taxonomies exist in the literature. Each taxonomy and classification has advantages and limitations. We first define the different threat classifications related to the context of Web applications. The objective of this analysis is to provide a synthesis of the advantages and disadvantages of each classification. The current work analyses different taxonomies for web applications threats, in order to propose our proper taxonomy. The proposed taxonomy takes advantage of the benefits of existing taxonomies and provides an integrated approach for classifying both client-side and server-side attacks. The finding will help researchers to find a clear and detailed taxonomy of the different threats related to web applications.
A robust stream cipher algorithm is defined as unpredictable and random generator of the keystrea... more A robust stream cipher algorithm is defined as unpredictable and random generator of the keystreams under minimal perturbations over its inputs. It provides too strong encryption resisting to the attacks founded on the correlation of the regenerated keystreams. The robustness of a wireless network security requires efficient cryptographic primitives and security protocols able to prove the integrity, authentication and confidentiality of the sensitive information. In this paper, we aim to enhance the data confidentiality and integrity of the wireless network. To highlight the data integrity, we introduce a dynamic integrity check code that calculates a checksum from primitive polynomials generator. In our contribution, we focus on the dynamist, unpredictability and non-traceability of sensitive information. We progress our system by a process of regeneration of the primitive polynomials proper to any communication session without touching the internal behavior of the habitual systems. We aim also to introduce a solution which influences by any minimal perturbation on the sensitive elements. It inspires its robustness by its aptitude to regenerate lightweight, dynamic and robust cryptographic primitives able to ensure robust wireless network security.
Intrusion detection and prevention is a set of techniques that try to detect attacks as they occu... more Intrusion detection and prevention is a set of techniques that try to detect attacks as they occur or after the attacks took place. There are two recent and useful approaches to detect intrusions: misuse and anomaly. They collect network traffic activities from some points on the network or computer system and then use them to secure the network using one or both of the available detection methods. The IDPS suffer major vulnerabilities with large generation of false positives and negatives. The anomaly detection aims to specify behavior detection problems that require modeling of profile preliminary. This paper describes a new approach of intrusion detection based on specified profile built from training basis using a database that contains normal activities collected within monitored network. The modeling of profile represents a real challenge for network administrators and computer security researchers. Our main goal is in the first hand, to present an application of multilayer perceptron to make a monitored system, in the second hand, to build a classifier for traffic events. A supervised algorithm is suggested and used in training. The recognition phase aims to validate the new classifier. Our classifier is able to distinct between normal activity and intrusion. We describe in details our novel detection approach and we validate the proposed solutions. We demonstrated that this novel approach is robust, flexible and gives useful performances using multilayer perceptron.
International Journal of Advanced Computer Science and Applications, 2016
Nowadays, the protection and the security of data transited within computer networks represent a ... more Nowadays, the protection and the security of data transited within computer networks represent a real challenge for developers of computer applications and network administrators. The Intrusion Detection System and Intrusion Prevention System are the reliable techniques for a Good security. Any detected intrusion is based on data collection. So, the collection of an important and significant traffic on the monitored systems is an interesting feature. Thus, the first task of Intrusion Detection System and Intrusion Prevention System is to collect information's basis to treat and analyze them, and to make accurate decisions. Network analysis can be used to improve networks performances and their security, but it can also be used for malicious tasks. Our main goal in this article is to design a reliable and powerful network sniffer, called PcapSockS, based on pcap language and sockets, able to intercept traffic in three modes: connected, connectionless and raw mode. We start with the performances assessment performed on a list of most expanded and most recently used network sniffers. The study will be completed by a classification of these sniffers related to computer security objectives based on parameters library (libpcap/winpcap or libnet), filtering, availability, software or hardware, alert and real time. The PcapSockS provides a nice performance integrating reliable sniffing mechanisms that allow a supervision taking into account some low and high-level protocols for TCP and UDP network communications.
International Journal of Internet Technology and Secured Transactions, 2015
User authentication is the 'Achilles heel' of modern web applications security. Although strong s... more User authentication is the 'Achilles heel' of modern web applications security. Although strong schemes based on public key cryptography have been proposed, none of them is widely adopted. Specifically, they are difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme, which is based on public key cryptography and other cryptographic primitives. Our analysis shows that our scheme is efficient, and improves authentication security without sacrificing usability and depolaybility. Moreover, our scheme can be combined with HTTPS to effectively add another layer of security to web applications. In so doing, we demonstrate that our scheme can significantly improve the security of web applications with minimal impact on performance.
Nowadays, client authentication in Web applications for each user based on passwords and a static... more Nowadays, client authentication in Web applications for each user based on passwords and a statically salts [11, 13, 18, 19]. The aim of this article is to propose random generator of a safe cryptographic salt per session (RGSCS). The interest to introduce this regenerator is to contribute to the evolution of the cryptographic quality of the systems of strong zero knowledge authentication based on passwords. In Section 3, we propose a model for regeneration a SOTS based on random functions and on CRC code. To study the behavior of the RGSCS, which is the objective of Section 4, we have, in one hand, defined and proved a metric on the finite set of periodic binary sequences not necessarily the same period, the uncorrelation, the impact of the distribution of lengths and the unpredictability of primitive signals and in the other hand, evaluated the performance of our purpose by using several tests. The outcome showed that RGSCS has a chaotic behavior. As for Section 5, is devoted to the implementation of our RGSCS algorithm under PHP5. This article is finished by a conclusion.
2014 Second World Conference on Complex Systems (WCCS), 2014
Currently, the security of the users' privacy in public spaces has more concerns especially in we... more Currently, the security of the users' privacy in public spaces has more concerns especially in web applications. Also, the unconsciousness of users by the importance of the quality cryptographic of these authentication parameters makes their commoditized accounts. Hence, investment in the computer discipline becomes more demanding to prevent potential attacks. In this paper, we introduce a new strong zero knowledge authentication system based on virtual passwords (SAVP). Its objective of this paper is to ensure the identification of users on the network by ensuring intractability, portability, unpredictability, integrity and reusability of their authentication settings. In the second section, we study the difficulties and users habits followed in the selection, storage or memorizing passwords, as well, the evolution and the limits of all categories of texture password authentication. Also, we locate the importance of integration of salts in authentication mechanisms and their impacts on the robustness of passwords regenerated. As for the third section, we start with a detail description of all mechanisms and component contributing to the robustness of our mutual authentication system. Our goal is to provide a strong zero knowledge authentication system based on salts generated by a cryptographically secure random regenerator, algorithm for dynamic rotation of binary strings, symmetric cryptography primitive, one-way hash function and random nonce to provide mutual authentication. The security analysis of our proposal, which is the goal of the fourth section, shows their ability to resist against multiple types of attacks.
International Journal of Network Security & Its Applications, 2014
The majority of current web authentication is built on username/password. Unfortunately, password... more The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
International Journal of Network Security & Its Applications, 2015
In this article, we propose a new symmetric communication system secured, founded upon strong zer... more In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users' authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users' authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users' identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
Uploads
Papers by yassine sadqi