Security Protocol

Mobility is now the central focus of the lives of European citizens in business, education, and leisure. This will be enriched by pervasiveness in the future. The Daidalos vision is to seamlessly integrate heterogeneous network technologies that allow network operators and service providers to offer new and profitable services, giving users access to a wide range of pervasive, personalised voice, data, and multimedia services. This paper discusses the security issues that need to be addressed to make Daidalos a real viable solution for future pervasive mobility. Issues include among others privacy & identity management, secure protocols, distributed key management, security in ad hoc networks.

Inherent to the wireless sensor networks are the two major problems of the broadcasting vulnerability, the limited computational capability and power budget. Even though security is a must in most applications, current sophisticated security protocols are not amenable to the primitiveness of the sensors. In this paper, we introduce a novel security protocol for wireless network of sensors that is very secure, yet simple and efficient. At the core of our security protocol is a simple and fast stream cipher cryptosystem that utilizes permutation vectors as encryption keys, forcing an intruder to a brute-force time complexity of Ω(2 n). In addition, our mechanism alleviates the effect of sensor capture, via its synchronized re-keying feature. In addition to the encryption efficiency, our system utilizes the group deployment of newly joining sensors for sensors power budgeting considerations. Experimental results show very promising future of our system in the wireless networks domain, excelling over other peers of modern cryptosystems (AES, DES, TripleDES), especially in the power budget arena.

A peer-to-peer database management system(P2PDBMS) is a collection of autonomous data sources, called peers. In this system each peer augments a conventional database management system with an inter-operability layer (i.e. mappings/policies) for sharing data and services. Peers exchange data in a pair-wise fashion on-the-fly in response to a query without any centralized control. Generally, the communication link between two peers is insecure and peers create a temporary session while exchanging data. When peers exchange highly confidential data between them over an insecure communication network, such as the Internet, the data might be trapped and disclosed by the intruders. In a P2PDBMS there is no centralized control for data exchange, hence we cannot assume any central third party security infrastructure (e.g. PKI) to protect confidential data. So far, there is currently no available/existing security protocol for secured data exchange in P2PDBMS. In this paper we propose three models for secure data exchange in P2PDBMSs and the corresponding security protocols. The proposed protocol allows the peers to compute their secret session keys dynamically during data exchange based on the policies between them. Our proposed protocol is robust against the man-in-the middle attack, the masquerade attack, and the reply attack.

The constantly increasing dependence on anytime-anywhere availability of data and the commensurately increasing fear of losing privacy motivate the need for privacy-preserving techniques. One inter- esting and common problem occurs when two parties need to privately compute an intersection of their respective sets of data. In doing so, one or both parties must obtain the intersection (if one exists), while

When studying the Transport Layer Security (TLS) Protocol, it is noticed that the most timeconsuming phase is the handshaking process between the client and the server, since many messages should be sent until successful negotiation is done and a secure session is created. The goal of this work is to design a security management system (SMS) to improve the handshaking process by making use of TLS client-side session caching, and allowing trusted users to share sessions with others, as well as giving the client an option to create his own private session with the server even when there is no trusted digital certificate from a certificate authority (CA) to link them. According to our experimental setup, the use of the proposed design has improved the performance by 3.5 times relative to the handshaking of traditional TLS.

In the Internet of Things vision, every physical object has a virtual component that can produce and consume services. Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. In the Internet of Things (IoT), everything real becomes virtual, which means that each person and thing has a locatable, addressable, and readable counterpart on the Internet. These virtual entities can produce and consume services and collaborate toward a common goal. The user's phone knows about his physical and mental state through a network of devices that surround his body, so it can act on his behalf. The embedded system in a swimming pool can share its state with other virtual entities. With these characteristics, the IoT promises to extend "anywhere, anyhow, anytime" computing to "anything, anyone, any service." Several significant obstacles remain to fulfill the IoT vision, among them security. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet's ethical use-is fully focused on exploiting the current version's foundational weaknesses. This does not bode well for the IoT, which incorporates many constrained devices. Indeed, realizing the IoT vision is likely to spark novel and ingenious malicious models. The challenge is to prevent the growth of such models or at least to mitigate and limit their impact. Meeting this challenge requires understanding the characteristics of things and the technologies that empower the IoT. Mobile applications are already intensifying users' interaction with the environment, and researchers have made considerable progress in developing sensory devices to provide myriad dimensions of information to enrich the user experience. However, without strong security foundations, attacks and malfunctions in the IoT will outweigh any of its benefits. Traditional protection mechanisms-lightweight cryptography, secure protocols, and privacy assurance-are not enough. Rather, researchers must discover the full extent of specific obstacles. They must analyze current security protocols and mechanisms and decide if such approaches are worth integrating into the IoT as is or if adaptations or entirely new designs will better accomplish security goals. The proper legal and technical framework is essential. To establish it, analysts must thoroughly understand the risks associated with various IoT scenarios, such as air travel, which has many interrelated elements, including safety, privacy, and economy [1]. Only then is it possible to justify the cost of developing security and privacy mechanisms. All these requirements underline some critical first steps in implementing IoT security measures successfully: understand the IoT conceptually, evaluate Internet security's current state, and explore how to move from solutions that meet current requirements and constraints to those that can reasonably assure a secure IoT.

Fear of security breaches has been a major reason for the business world's reluctance to embrace the Internet as a viable means of communication. A widely adopted solution consists of physically separating private networks from the rest of Internet using firewalls. This paper discusses the current cryptographic security measures available for the Internet infrastructure as an alternative to physical segregation. First the IPsec architecture including security protocols in the Internet Layer and the related key management proposals are introduced. The transport layer security protocol and security issues in the network control and management are then presented. The paper is addressed to readers with a basic understanding of common security mechanisms including encryption, authentication and key exchange techniques.

As Wireless Local Area Networks (WLANs) are rapidly deployed to expand the field of wireless products, the provision of authentication and privacy of the information transfer will be mandatory. These functions need to take into account the inherent limitations of the WLAN medium such as limited bandwidth, noisy wireless channel and limited computational power. Moreover, some of the IEEE 802.11 WLAN characteristics such as the use of a point coordinator and the polling based Point Coordination Function (PCF) have also to be considered in this design. In this paper, we introduce a security protocol for the IEEE 802.11 PCF that provides privacy and authentication, and is designed to reduce security overheads while taking into account the WLAN characteristics. We prove this protocol using the original and modified BAN logic.

In this paper we present PasS (Privacy as a Service); a set of security protocols for ensuring the privacy and legal compliance of customer data in cloud computing architectures. PasS allows for the secure storage and processing of users' confidential data by leveraging the tamper-proof capabilities of cryptographic coprocessors. Using tamper-proof facilities provides a secure execution domain in the computing cloud that is physically and logically protected from unauthorized access. PasS central design goal is to maximize users' control in managing the various aspects related to the privacy of sensitive data. This is achieved by implementing user-configurable software protection and data privacy mechanisms. Moreover, PasS provides a privacy feedback process which informs users of the different privacy operations applied on their data and makes them aware of any potential risks that may jeopardize the confidentiality of their sensitive information. To the best of our knowledge, PasS is the first practical cloud computing privacy solution that utilizes previous research on cryptographic coprocessors to solve the problem of securely processing sensitive data in cloud computing infrastructures.

Rapidly growing 802.11 wireless local area networks continue to gain popularity in business and computer industry. This growing popularity and usage also caused many improvements on both physical layer and security mechanisms. In this study we investigated the performance of wireless local area networks (WLANs) and security mechanisms available for WLANs. These security mechanisms are wired equivalent privacy (WEP), Wi-Fi

In this paper we discuss the often overlooked timeliness property of fair exchange protocols. We gather different available definitions of this property, and propose a new and stronger interpretation for timeliness in the context of security protocols. We discuss common timeliness-related pitfalls in fair exchange protocol design, and show a particular timeliness attack effective in several optimistic protocols proposed in the literature. Finally, we provide guidelines that may help to avoid common mistakes in protocol design, and propose our own protocol that ensures both fairness and timeliness.

With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to selfimprove and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software.

Wireless Local Area Networks (WLANs) are gaining popularity as they are fast, cost effective, flexible and easy to use. They are, however, faced with some serious security challenges and the choice of security protocol is a critical issue for IT administrators.

The fast increase of mobile Internet use motivates the need for WiFi sharing solutions, where a mobile user connects to the Internet via a nearby foreign network while its home network is far away. This situation creates security challenges which are only partially solved by existing solutions like VPNs. Such solutions neglect the security of the visited network, and private users or organizations are thus reluctant to share their connection. In this paper, we present and implement SWISH, an efficient, full scale solution to this problem. SWISH is based on establishing a tunnel from the visited network to the user's home network. All the data from the mobile is then forwarded through this tunnel. Internet access is therefore provided without endangering the visited network. We also propose protocol extensions that allow the visited network to charge for the data it forwards, and to protect the privacy of the mobile user while preventing abuse. SWISH was successfully deployed on university networks, demonstrating that it can be conveniently implemented in existing networks with a minimal impact on performance.

Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment. This reuse facilitates development and deployment of highly connected systems, but also makes the communication system vulnerable to electronic attacks. This paper gives an overview of IT security issues in industrial automation systems which are based on open communication systems. First, security objectives, electronic attack methods, and the available countermeasures for general IT systems are described. General security objectives and best practices are listed. Particularly for the TCP/IP protocol suite, a wide range of cryptography-based secure communication protocols is available. The paper describes their principles and scope of application. Next, we focus on industrial communication systems, which have a number of security-relevant characteristics distinct from the office IT systems. Confidentiality of transmitted data may not be required; however, data and user authentication, as well as access control are crucial for the mission critical and safety critical operation of the automation system. As a result, modern industrial automation systems, if they include security measures at all, emphasize various forms of access control. The paper describes the status of relevant specifications and implementations for a number of standardized automation protocols. Finally, we illustrate the application of security concepts and tools by brief case studies describing security issues in the configuration and operation of substations, plants, or for remote access.

Smart meter is an advanced energy meter that measures consumption of electrical energy providing additional information compared to a conventional energy meter. Integration of smart meters into electricity grid involves implementation of a variety of techniques and software, depending on the features that the situation demands. Design of a smart meter depends on the requirements of the utility company as well as the customer. This paper discusses various features and technologies that can be integrated with a smart meter. In fact, deployment of smart meters needs proper selection and implementation of a communication network satisfying the security standards of smart grid communication. This paper outlines various issues and challenges involved in design, deployment, utilization, and maintenance of the smart meter infrastructure. In addition, several applications and advantages of smart meter, in the view of future electricity market are discussed in detail. This paper explains the importance of introducing smart meters in developing countries. In addition, the status of smart metering in various countries is also illustrated.

The term "Internet of Things" (IoT) refers to an ecosystem of interconnected physical objects and devices that are accessible through the Internet and can communicate with each other. The main strength of the IoT vision is the high impact it has created and will continue to do so on several aspects of the everyday life and behavior of its potential users. This book presents some of the state-of-the-art research work in the field of the IoT, especially on the issues of communication protocols, interoperability of protocols and semantics, trust security and privacy issues, reference architecture design, and standardization. It will be a valuable source of knowledge for researchers, engineers, practitioners, and graduate and doctoral students who are working in various fields of the IoT. It will also be useful for faculty members of graduate schools and universities.

Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. We present a suite of security protocols optimized for sensor networks: SPINS. SPINS has two secure building blocks: SNEP and µTESLA. SNEP includes: data confidentiality, two-party data authentication, and evidence of data freshness. µTESLA provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.

Wireless Sensor Networks (WSN) is an emerging technology and recently attracted a lot of interest in the research community due to their wide range of applications. These networks are likely to be composed of hundreds, and potentially thousands of tiny sensor nodes, functioning autonomously, and in many cases, without access to renewable energy resources. Wireless sensor network is highly vulnerable to attacks because it consists of various resources constrained devices with their low battery power, less memory, and associated low energy, susceptibility to physical capture, and the use of insecure wireless communication channels. So it becomes essential to be familiar with the security aspects of WSN before designing WSN system. Sensor network possesses unique challenges to protocol builders, because these tiny wireless devices are often deployed in unattended environment with limited capabilities. Hence these networks are vulnerable to different types of malicious attacks.

With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment.

The Circle of Security intervention uses a group treatment modality to provide parent education and psychotherapy that is based on attachment theory. The purpose of this study was to track changes in children's attachment classifications pre-and immediately postintervention. Participants were 65 toddler-or preschooler-caregiver dyads recruited from Head Start and Early Head Start programs. As predicted, there were significant within-subject changes from disorganized to organized attachment classifications, with a majority changing to the secure classification. In addition, only 1 of the 13 preintervention securely attached children shifted to an insecure classification. Results suggest that the Circle of Security protocol is a promising intervention for the reduction of disorganized and insecure attachment in high-risk toddlers and preschoolers.

Security in mobile ad hoc networks is difficult to achieve, notably because of the vulnerability of wireless links, the limited physical protection of nodes, the dynamically changing topology, the absence of a certification authority, and the lack of a centralized monitoring or management point. Earlier studies on mobile ad hoc networks (MANETs) aimed at proposing protocols for some fundamental problems, such as routing, and tried to cope with the challenges imposed by the new environment. These protocols, however, fully trust all nodes and do not consider the security aspect. They are consequently vulnerable to attacks and misbehavior.

... Fasee Ullah, Masood Ahmad, Masood Habib, Jawad Muhammad Department of Computer Sciences City ... One of the early encouraging steps towards sensor network architecture is Polastre et al. ... Aim of this protocol to solve different key issues exchange during communication ...

Internet-enabled wireless devices continue to proliferate and are expected to surpass tradition-al Internet clients in the near future. This has opened up exciting new opportunities in the mobile e-commerce market. However, data secu-rity and privacy remain major ...

Sensors are tiny computers with limited computational capability and physical resources. The implementation of secure protocols for sensor network is a big challenge. In order to provide high security for sensor networks, it is very important to choose a small, efficient and effective encryption algorithm as a security primitive. The TEA (Tiny Encryption Algorithm) is an efficient algorithm that requires little memory and resources. These features make the TEA a good candidate for security mechanism for sensors.

Due to the sensitive nature of the data gathered by many wireless sensor networks (WSNs) it is becoming critical that this data be protected. However, due to the constrained nature of the resources available on sensor nodes, traditional wireless networking security solutions are not viable due to their processing requirements, power consumption, speed and communications overhead. We review the threats and attacks faced by WSNs and then the current state of the art of dedicated WSN security protocols are examined and compared, focusing on their relative strengths and weaknesses.

This paper describes a chat room application suitable for teaching basic network programming and security protocols. A client/server design illustrates the structure of current scalable network services while a multicast version demonstrates the need for efficient simultaneous distribution of network content to multiple receivers (e.g., as required by video broadcasts). The system also includes implementations of two security protocols, one similar to Kerberos and another based on public key encryption.

With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment.

Protocol Composition Logic (PCL) is a logic for proving security properties of network protocols that use public and symmetric key cryptography. The logic is designed around a process calculus with actions for possible protocol steps including generating new random numbers, sending and receiving messages, and performing decryption and digital signature verification actions. The proof system consists of axioms about individual protocol actions and inference rules that yield assertions about protocols composed of multiple steps. Although assertions are written only using the steps of the protocol, the logic is sound in a strong sense: each provable assertion involving a sequence of actions holds in any protocol run containing the given actions and arbitrary additional actions by a malicious adversary. This approach lets us prove security properties of protocols under attack while reasoning only about the actions of honest parties in the protocol. PCL supports compositional reasoning about complex security protocols and has been applied to a number of industry standards including SSL/TLS, IEEE 802.11i and Kerberos V5.

Wepresenttheon-the-∞ymodel-checkerOFMC,atoolthatcombinestwoideasforanalyzing security protocols based on lazy, demand-driven search. The flrst is the use of lazy data- types as a simple way of building e-cient on-the-∞y model-checkers for protocols with very large, or even inflnite, state-spaces. The second is the integration of symbolic techniques and optimizations for modeling a lazy Dolev-Yao intruder, whose actions are generated in a demand-driven way. We

Timed Automata is an extension to the automatatheoretic approach for the modeling of real time systems that introduces time into the classical automata. It has become an important research area in both the context of formal languages and modeling and verification of real time systems since it was proposed by Alur and Dill in the early nineties. Timed automata proposes an efficient model checking method for verification real time systems having mature and efficient automatic verification tools. One of the application areas of timed automata is the verification of security protocols which are known to be time sensitive. This study aims to make use of timed automata as a verification tool for security protocols and gives a case study on the initial part of the Neuman-Stubblebine Repeated Authentication Protocol.

Network security is an important issue especially in wireless networks where the network is open and the network perimeter is not exactly known. This makes them more vulnerable to attacks such as eavesdropping, message interception and modifications. Several security protocols designed for wired-line networks have been adopted for use in wireless networks. However, they may not be suitable for wireless networks and devices since scenarios and capabilities applicable to wired-line networks may not be valid in wireless networks. For example, wireless devices often have limited battery power, and performing several message exchanges used in typical wired-line security protocols may rapidly deplete the devices' battery. Cryptographic primitives consume energy and could degrade the battery performance of wireless networks. In this paper, we classify energy saving mechanisms for security protocols in wireless networks. We apply these energy saving mechanisms to existing security protocols and demonstrate the reduction in energy consumption that is possible with the suggested approaches.

The Kerberos-One-Time protocol is a key distribution protocol promoted for use with Javacards to provide secure communication over the GSM mobile phone network. From inspection we suspected a replay attack was possible on the protocol. To check this, we formally specified the protocol using Object-Z and then analysed its behaviour in the presence of an attacker using the Symbolic Analysis Laboratory's model checker. To produce accurate results efficiently, our formalism included an abstraction of the protocol's data structures that captured just those characteristics that we believed made the protocol vulnerable. Ultimately, the model checker's analysis confirmed our suspicions about the protocol's weakness.

Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

The combination of physics, mathematics, and computer science in quantum computing has developed from a visionary idea to one of the most fascinating and promising areas of quantum mechanics in the past two decades. Research in the field of quantum cryptography promises extremely fast, robust, and impenetrable electronic and photonic security; almost unbreakable! Moreover, the long standing eavesdropping problem of the "man in the middle" attack may finally be solved once and for all. As computing power increases, and as hackers and attackers become more sophisticated, it is feared that sooner or later, traditional cryptography based on mathematically intractable algorithms may be no match for parallelized quantum based processors. For this reason, quantum cryptography, based on the laws of quantum statistical mechanics provides a welcome solution to this fear. This paper explores the basic tenets of quantum cryptography and how the mathematical principles therein apply to the quantum key distribution problem; a central concern in the implementation of quantum cryptography in distributed networks. The quantum key distribution protocol implemented in BB84 protocol is also described and compared to traditional cryptographic systems. A short overview of recent commercial implementations of quantum cryptography is presented with the encountered successes and limitations discussed. This paper explores the development of quantum networks, from the onset of the development of secure communication based on quantum cryptography and concludes with a brief outline of the key challenges facing quantum cryptography implementation in wireless applications and long haul communications.

Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of non-repudiation protocols for multiple entities. We extend an existing multi-party non-repudiation (MPNR) protocol to allow an originator to send different messages to many recipients in a single transaction. We further propose an optimistic multi-party nonrepudiation protocol for exchange of different messages. The performance of our protocols with enhanced functionalities is still promising in comparison with existing MPNR protocols. q .sg (J. Zhou), onieva@lcc. uma.es (J.A. Onieva), [email protected] (J. Lopez).

Recently, multimedia security is becoming more important with the continuous increase of digital communications on the internet. Moreover, special and reliable security is needed in many digital applications (such as video conferencing and medical imaging systems). The classical techniques for data security are not appropriate for the current multimedia usage. As a result, we need to develop new security protocols or adapt the available security protocols to be applicable for securing the multimedia applications. Encryption of MPEG-4 video streaming using AES has not been studied. In this paper, the performance of AES in encrypting MPEG-4 video is considered. The performance of AES is compared to two symmetric encryption techniques namely; RC4 and XOR. Three data types (text, audio and video) are used to test the effectiveness of AES in encrypting MPEG-4. Simulations showed the efficiency of the AES encryption technique in such application for the different data type given.

As wireless network usage thrivingly grows, MAC address spoofing recently poses a serious security threat to a public wireless network. In the past, several schemes have been proposed to leverage this problem. However, these previous methods incur high deployment costs in employing countermeasure protocols. In this paper, we present a lightweight agent-based access control framework to counter MAC address spoofing