Secure data aggregation for wireless sensor network

Tran-Thi-Thuy, Trang

January 2010

Like conventional networks, security is also a big concern in wireless sensor networks. However, security in this type of networks faces not only typical but also new challenges. Constrained devices, changing topology or susceptibility to unprecedented security threats such as node capture and node compromise has refrained developers from applying conventional security solutions into wireless sensor networks. Hence, developing security solutions for wireless sensor networks not only requires well security analysis but also offers a low power and processing consuming.In this thesis, we implemented security solution targeting IRIS sensor motes. In our implementation, a public key-based key exchange is used to establish shared secret keys between sensor nodes. These secret keys are used to provide authenticity, integrity and freshness for transmission data. Our implementation ensures the flexibility in integrating our solution with available TinyOS operating system. Additionally, the thesis work also focuses on evaluating the performance in wireless sensor networks both in memory and energy consuming.

ntnudaim

Information security

Employing Ethernet Multiple Spanning Tree Protocol in an OpMiGua network

Veisllari, Raimena

January 2010

Hybrid optical packet/circuit switched networking architectures are increasingly becoming an interesting research field. They integrate and combine the high resource utilization of statistically multiplexed packet switched networks with the low processing requirements and guaranteed quality of service provided by circuit switched networks. The aim of this thesis is to integrate the OpMiGua hybrid optical network with Ethernet. Specifically, the work is focused on the compatibility of the Ethernet’s loop-free topology protocols with the redundant multiple traffic service paths of OpMiGua. We analyse the problems and limitations imposed on the network architecture and propose our topology solution called the SM chain-connectivity. The analysis and the proposed schemes are verified based on results obtained from simulations. Furthermore, we design an integrated logical OpMiGua node that relies on an Ethernet switch instead of the Optical Packet Switch for the Statistically Multiplexed traffic. To date, to our knowledge there are no studies analysing the compatibility of Ethernet and its protection mechanisms in a hybrid optical network. This is the first work addressing the use of Ethernet in OpMiGua.

ntnudaim

Information security

Automated Security Analysis of Infrastructure Clouds

Bleikertz, Sören

January 2010

Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. In particular, these highly flexible but complex cloud computing environments are prone to misconfigurations leading to security incidents, eg, erroneous exposure of services due to faulty network security configurations. In this thesis we present a novel approach in the security assessment of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API and translating it into a generic data model for later analysis. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization andautomated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical andtheoretical scenarios. Furthermore, a framework is presented which allows the evaluation of configuration changes in the agile and dynamic cloud environments with regard to properties like vulnerabilities or expected availability. In case of a vulnerability perspective, this evaluation can be used to monitor the securitylevels of the configuration over its lifetime and to indicate degradations.

ntnudaim

Information security

Specification of security properties by JML

Dulaj, Ilir

January 2010

Nowadays, verification of programs is gaining increased importance. The software industry appears more and more interested in methods and tools to ensure security in their applications. Java Modeling Language has been successfully used in the past by programmers to express their intentions in the Design by Contract fashion in sequential programming. One of the design goals of JML was to improve the functional software correctness of Java applications. Regarding the verification of security properties, JML was mostly successful in Java Smart Card applets due to the specifics of these applications. In this thesis work we investigate the feasibility of JML to express high-level security properties in Java applications that have more realistic requirements and are implemented in the object oriented technology. We do a threat analysis of a case study regarding a medical clinic and derive the required security properties to secure the application. We develop a prototype application where we specify high-level security properties with JML and use a runtime assertion checking tool to verify the code. We model the functional behavior of the prototype that establishes the security proper-ties as a finite state automaton. Our prototype is developed based on this automaton. States and state transitions modeled in the automaton are expressed in the prototype with JML annotations and verified during runtime. We observe that currently available features in JML are not very feasible to capture the security related behavior of Java programs on the level of the entire application.

ntnudaim

Information security

Network Coding based Information Security in Multi-hop Wireless Networks

Fan, Yanfei

January 2010

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions.

Information Security

Network Coding

Privacy Preservation

Availability

Electrical and Computer Engineering

Business Continuity Planning in the IT Age - A railway sector case study

Govindarajan, Arulmozhivarman

January 2012

In today's business Information technology (IT) and Information plays a key role. Due todevelopment and influence of Information Technology, using systems, IT services andnetworks cannot be avoided in the business and they all need to be protected and secured.In order to ensure such a higher sort of security and protection, the Information securitysystem (ISS) have been used. Still the businesses today are enveloped with higher risks andupshots which are also being narrower and keeping changed consistently. At suchcircumstance the solution providing method should be very unique and narrower to each andevery slot of business, for a competitive and higher security. Thus such compact solutionsbeen given by Business Continuity Planning (BCP) method. Business Continuity Plan, a chiefidea engendered from the stream of information security.This research involves with a case study in regard to the Railway sector in making a BusinessContinuity Planning (BCP) on Network security, System Security and Physical Security of it.Thus the way of presentation been more systematically followed up in order to make thereader to understand the results more easily.Following in the Chapter 1 and Chapter 2, the Introduction and background studies which areneeded to be known to draw a BCP plan on Network, System and Physical Securities. Chapter3 Result section, will gives the recommendation that need to be followed for drawing aNetwork, System and Physical Securities in a railway network. / Done in Southern Indian Railways, India.

Information Technology

Information Security

Business Continuity Planning

Information System.

Network Coding based Information Security in Multi-hop Wireless Networks

Fan, Yanfei

January 2010

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions.

Information Security

Network Coding

Privacy Preservation

Availability

Electrical and Computer Engineering

Provably Secure Randomized Blind Signature Scheme and Its Application

Sun, Wei-Zhe

19 July 2011

Due to resource-saving and efficiency consideration, electronic voting (e-voting) gradually replaces traditional paper-based voting in some developed countries. An anonymous e-voting system that can be used in elections with large electorates must meet various security requirements, such as anonymity, uncoercibility, tally correctness, unrecastability, verifiability, and so on. Especially, the uncoercibility property is an essential property which can greatly reduce the possibility of coercion and bribe. Since each voter can obtain one and only one voting receipt in an electronic voting system, coercers or bribers can enforce legal voters to show their voting receipts to identify whether the enforced voters follow their will or not. It turns out that the coercion and bribe will succeed more easily in digital environments than that in traditional paper-based voting. In this dissertation, we analyze four possible scenarios leading to coercion and discover that the randomization property is necessary to blind-signature-based e-voting systems against coercion. Based on this result, we extend our research and come up with two provably secure randomized blind signature schemes from different cryptographic primitives, which can be adopted as key techniques for an electronic voting system against coercion and bribery.

Information Security

Blind Signatures

Cryptography

Uncoercibility

Electronic Voting

Robust Remote Authentication Schemes with Smart Cards

Chan, Yung-Cheng

14 July 2005

Due to low computation cost and convenient portability, smart cards are usually adopted to store the personal secret information of users for remote authentication. Although many remote authentication schemes using smart cards have been introduced in the literatures, they still suffer from some possible attacks or cannot guarantee the quality of performance for smart cards. In this thesis, we classify the security criteria of remote authentication and propose a new remote login scheme using smart cards to satisfy all of these criteria. Not only does the proposed scheme achieve the low computation requirement for smart cards, but it can withstand the replay and the off-line dictionary attacks as well. Moreover, our scheme requires neither any password table for verification nor clock synchronization between each user and the server while providing both mutual authentication and the uniqueness of valid cards.

Information security

Login

Remote authentication

Smart cards

Cryptography

An Efficient Mutual Authentication for Mobile Communication

Chen, Hsin-Yu

22 July 2005

Owing to the fast progress of mobile communication technologies and the ubiquity of mobile networks, users can communicate with each other anytime and anywhere as long as they carry their smart and tiny mobile phones. This convenient communication service is quite popular and gradually joins in the people¡¦s life. Nevertheless, lots of attacks, such as the men-in-the-middle attacks and the replay attacks, are seriously threatening the security of the mobile networks and affecting the quality of the service simultaneously. Many security mechanisms for mobile communication have been introduced in the literature. Among these mechanisms, authentication plays a very important role in the entire mobile network system and acts as the first defense against the attackers since it can ensure the correctness of the identities of communication entities before they engage in any other communication activities. Therefore, to guarantee the quality of this advanced service, an efficient (especially, user efficient) and secure authentication scheme is urgently desired. In this thesis, we will propose a robust authentication scheme for mobile communication systems. Not only does the proposed scheme achieve mutual authentication, but also it greatly reduces the computation and communication cost of mobile users as compared with the existing authentication schemes.

Authentication protocols

Secure communication

Information security

Symmetric cryptosystems

Mobile communication