Innovative location based scheme for Internet Security Protocol : a proposed location based scheme N-Kerberos Security Protocol using intelligent logic of believes, particularly by modified BAN logic

Abdelmajid, Nabih T.

January 2010

The importance of the data authentication has resulted in the science of the data protection. Interest in this knowledge has been growing due to the increase in privacy of the user's identity, especially after the widespread use of online transactions. Many security techniques are available to maintain the privacy of the user's identity. These include password, smart card or token and face recognition or finger print. But unfortunately, the possibility to duplicate the identity of a user is still possible. Recently, specialists used the user's physical location as a new factor in order to increase the strength of the verification of the user's identity. This thesis focused on the authentication-based user's location. It is based on the idea of using the Global Position System in order to verify the user identity. Improving Kerberos protocol using GPS signal is proposed in order to eliminate the effect of replay attack. This proposal does not expect a high performance from the user during the implementation of the security system. Moreover, to give users more confidence to use security protocol, it has to be evaluated before accepting it. Thus, a measurement tool used to validate protocols called BAN logic was described. In this thesis, a new form of BAN logic which aims to raise the efficiency checking process of the protocol protection strength using the GPS signal is proposed. The proposed form of Kerberos protocol has been analysed using the new form of BAN logic. The new scheme has been tested and compared with the existing techniques to demonstrate its merits and capabilities.

004

Innovative Location Based Scheme for Internet Security Protocol. A proposed Location Based Scheme N-Kerberos Security Protocol Using Intelligent Logic of Believes, Particularly by Modified BAN Logic.

Abdelmajid, Nabih T.

January 2010

The importance of the data authentication has resulted in the science of the data protection. Interest in this knowledge has been growing due to the increase in privacy of the user's identity, especially after the widespread use of online transactions. Many security techniques are available to maintain the privacy of the user's identity. These include password, smart card or token and face recognition or finger print. But unfortunately, the possibility to duplicate the identity of a user is still possible. Recently, specialists used the user's physical location as a new factor in order to increase the strength of the verification of the user's identity. This thesis focused on the authentication-based user's location. It is based on the idea of using the Global Position System in order to verify the user identity. Improving Kerberos protocol using GPS signal is proposed in order to eliminate the effect of replay attack. This proposal does not expect a high performance from the user during the implementation of the security system. Moreover, to give users more confidence to use security protocol, it has to be evaluated before accepting it. Thus, a measurement tool used to validate protocols called BAN logic was described. In this thesis, a new form of BAN logic which aims to raise the efficiency checking process of the protocol protection strength using the GPS signal is proposed. The proposed form of Kerberos protocol has been analysed using the new form of BAN logic. The new scheme has been tested and compared with the existing techniques to demonstrate its merits and capabilities.

Internet security

; N-Kerberos Security Protocol

; Global Position System; GPS

; BAN logic

Formální analýza kryptografických protokolů / Formal analysis of cryptographic protocols

Petrovský, Peter

January 2015

This diploma thesis deals with cryptography. It describes its basic allocation and problems of number theory that needs to be addressed. It also deals with methods used to review the formal security of cryptographic protocols from a mathematical point of view. It analyse the tools used to automatic and semi-automatic evaluation of the safety of cryptographic protocols. It describes the process of working with these tools and finally test the security of protocols Kerberos, EKE and Unilateral authentication using symmetric cryptography, HMAC function and hash function. These tests are in tools AVISPA, ProVerif and Scyther. At the end is comparison of results.

Logics of Knowledge and Cryptography : Completeness and Expressiveness

Cohen, Mika

January 2007

An understanding of cryptographic protocols requires that we examine the knowledge of protocol participants and adversaries: When a participant receives a message, does she know who sent it? Does she know that the message is fresh, and not merely a replay of some old message? Does a network spy know who is talking to whom? This thesis studies logics of knowledge and cryptography. Specifically, the thesis addresses the problem of how to make the concept of knowledge reflect feasible computability within a Kripke-style semantics. The main contributions are as follows. 1. A generalized Kripke semantics for first-order epistemic logic and cryptography, where the later is modeled using private constants and arbitrary cryptographic operations, as in the Applied Pi-calculus. 2. An axiomatization of first-order epistemic logic which is sound and complete relative to an underlying theory of cryptographic terms, and to an omega-rule for quantifiers. Besides standard axioms and rules from first-order epistemic logic, the axiomatization includes some novel axioms for the interaction between knowledge and cryptography. 3. Epistemic characterizations of static equivalence and Dolev-Yao message deduction. 4. A generalization of Kripke semantics for propositional epistemic logic and symmetric cryptography. 5. Decidability, soundness and completeness for propositional BAN-like logics with respect to message passing systems. Completeness and decidability are generalised to logics induced from an arbitrary base of protocol specific assumptions. 6. An epistemic definition of message deduction. The definition lies between weaker and stronger versions of Dolev-Yao deduction, and coincides with weaker Dolev-Yao regarding all atomic messages. For composite messages, the definition withstands a well-known counterexample to Dolev-Yao deduction. 7. Protocol examples using mixes, a Crowds style protocol, and electronic payments. / QC 20100524

epistemic logic

first-order logic

formal cryptography

static equivalence

security protocols

BAN logic

multi-agent system

completeness

logical omniscience problem

Computer science

Datavetenskap

Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications : multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications

Mapoka, Trust Tshepo

January 2015

Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.

Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications. Multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications

Mapoka, Trust Tshepo

January 2015

Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.