Data confidentiality and reputation schemes in distributed information systems

Fischmann, Matthias

11 September 2008

Diese Arbeit betrachtet zwei anspruchsvolle Probleme aus dem Bereich Computer- und Kommunikationssicherheit und Vertrauen. Beim Datenbank-Serviceprovider-Problem moechte ein Anwender seine Datenbank an einen Datenbank-Serviceprovider (DSP) uebergeben, damit dieser sie betreiben und ihm zur Verfuegung stellen kann. Er vertraut diesem DSP, und damit auch vertraglichen Abmachungen, nur bedingt und muss die Vertraulichkeit seiner Daten durch technische Massnahmen sicherstellen. Das zweite Problem ist das Verbreiten verlaesslicher Reputationsinformation ueber eine (moeglicherweise sehr grosse) Anzahl von Netzwerk-Knoten in einer Peer-to-Peer-Umgebung (P2P). Beide Probleme straeuben sich hartnaeckig gegen einfache Loesungen. Im Gegensatz zu traditionellen Sicherheitsproblemen in der Informatik hat der Gegner in beiden ein hohes Mass an Kontrolle ueber die Situation. Der nicht ausreichend vertrauenswuerdige DSP muss in der Lage sein, die Daten seines Kunden zu verarbeiten, ohne etwas ueber sie zu lernen, was intuitiv wie ein Widerspruch erscheint. In P2P-Anwendungen ist es wuenschenswert, dass Knoten anonym beitreten und jederzeit wieder austreten koennen, aber diese Anonymitaet erleichtert es, falsche Reputationsinformation zu verbreiten. Ein Knoten, der erstmalig in ein P2P-Netzwerk eintritt, muss den behaupteten Beobachtungen anderer Knoten vertrauen. Die Resultate dieser Arbeit sind keine Idealloesungen, und dennoch aufschlussreich in mehrerlei Hinsicht: Es werden gelockerte, aber immer noch nuetzliche Sicherheitsbegriffe fuer das DSP-Problem vorgeschlagen; es werden theoretische Grenzen des DSP-Loesungsraums gezogen; und die Auswirkung feindseligen Verhaltens in P2P-Reputationssystemen wird durch heuristische Methoden reduziert. Ein Nebeneffekt unserer Arbeit ist ein speziell fuer Reputationssysteme in P2P-Netzwerken geeignetes Simulations-Tool, das zum Vergleich und zum Fine-Tuning bestehender und zukuenftiger Forschungsarbeiten genutzt werden kann. / In this thesis we discuss two demanding problems from the field of computer and communication security that involve trust. The first is known as the database service provider problem: A database owner wants a database service provider (DSP) to host her database. She only trusts this DSP to a limited extent, so she does not want to rely solely on contractual solutions. It is therefore necessary to enforce confidentiality of her data by technical means. The second problem concerns a (potentially very large) number of network nodes in a peer-to-peer (P2P) environment. Both problems are notoriously hard because, other than in traditional computer security problems, the adversary has a lot of control over the situation. The untrusted DSP needs to be able to process the data without learning anything about it, which seems to be a contradiction. In P2P applications it is desirable that nodes can join anonymously, but anonymity makes it easy to spread false reputation information. A node that enters a P2P application network for the first time needs to trust the claimed observations of other nodes, independent of the rate of malicious behaviour. Our findings are not perfect solutions, but nevertheless instructive in several ways: We propose relaxed, but still practically useful, notions of security for the DSP problem; we identify theoretical limitations of the DSP solution space; and we gradually reduce the impact of adversarial behaviour in P2P reputation systems using heuristic methods. As a side effect of our work, we present a special-purpose framework for simulation of P2P reputation systems that can be used to compare and fine-tune previous and upcoming work.

Sicherheit

Datenbanken

Vertrauen

Vertraulichkeit

Service-Provider

Reputation

Reputationssysteme

Kryptographie

IT-Sicherheit

Kommunikationssicherheit

databases

trust

cryptography

IT security

communication security

security

confidentiality

service provider

reputation

reputation schemes

330 Wirtschaft

17 Wirtschaft

QP 345

ddc:330

A Polymorphic Finite Field Multiplier

Das, Saptarsi

06 1900

Cryptography algorithms like the Advanced Encryption Standard, Elliptic Curve Cryptography algorithms etc are designed using algebraic properties of finite fields. Thus performance of these algorithms depend on performance of the underneath field operations. Moreover, different algorithms use finite fields of widely varying order. In order to cater to these finite fields of different orders in an area efficient manner, it is necessary to design solutions in the form of hardware-consolidations, keeping the performance requirements in mind. Due to their small area occupancy and high utilization, such circuits are less likely to stay idle and therefore are less prone to loss of energy due to leakage power dissipation. There is another class of applications that rely on finite field algebra namely the various error detection and correction techniques. Most of the classical block codes used for detection of bit-error in communications over noisy communication channels apply the algebraic properties of finite fields. Cyclic redundancy check is one such algorithm used for detection of error in data in computer network. Reed-Solomon code is most notable among classical block codes because of its widespread use in storage devices like CD, DVD, HDD etc. In this work we present the architecture of a polymorphic multiplier for operations over various extensions of GF(2). We evolved the architecture of a textbook shift-and-add multiplier to arrive at the architecture of the polymorphic multiplier through a generalized mathematical formulation. The polymorphic multiplier is capable of morphing itself in runtime to create data-paths for multiplications of various orders. In order to optimally exploit the resources, we also introduced the capability of sub-word parallel execution in the polymorphic multiplier. The synthesis results of an instance of such a polymorphic multipliershowsabout41% savings in area with 21% degradation in maximum operating frequency compared to a collection of dedicated multipliers with equivalent functionality. We introduced the multiplier as an accelerator unit for field operations in the coarse grained runtime reconfigurable platform called REDEFINE. We observed about 40-50% improvement in performance of the AES algorithm and about 52×improvement in performance of Karatsuba-Ofman multiplication algorithm.

Mobile Communication - Security

Poymorphic Multiplier

Finite Field Arithmetic

Cryptography

Elliptic Curve Cryptography (ECC)

Public Key Cryptography Algorithms

Communication Engineering

Algorithms For Efficient Implementation Of Secure Group Communication Systems

Rahul, S

11 1900

A distributed application may be considered as a set of nodes which are spread across the network, and need to communicate with each other. The design and implementation of these distributed applications is greatly simplified using Group Communication Systems (GCSs) which provide multipoint to multipoint communication. Hence, GCSs can be used as building blocks for implementing distributed applications. The GCS is responsible for reliable delivery of group messages and management of group membership. The peer-to-peer model and the client-server model are the two models of distributed systems for implementing GCSs. In this thesis, our focus is on improving the capability of GCS based on the client-server model. Security is an important requirement of many distributed applications. For such applications, security has to be provided m the GCS itself. The security of a GCS includes confidentiality, authentication and non-repudiation of messages, and ensuring that the GCS is properly meeting its guarantees. The complexity and cost of implementation of the above three types of security guarantees greatly depend on whether the GCS servers are trusted by the group members or not. Making use of the GCS services provided by untrusted GCS servers becomes necessary when the GCS servers are managed by a third party. In this thesis, we have proposed algorithms for ensuring the above three security guarantees for GCSs in which servers are not trusted. As part of the solution, we have proposed a new digital multisignature scheme which allows group members to verify that a message has indeed been signed by all group members. The various group key management algorithms proposed in literature differ from each other with respect to the following four metrics: communication overhead, computational overhead, storage at each member and distribution of load among group members. We identify the need for a distributed group key management algorithm which minimizes the computational overhead on group members and propose an algorithm to achieve it.

Electrical Communication Engineering

Computer Communication Protocol

Computer Communication - Security

Safe Delivery Rule

Group Communication Systems

Electrical Communications

Traitements temps réel en codage source et canal pour des Communications hertziennes et acoustiques sous-marines

Goalic, André

01 June 2006

Les Sciences et Technologies de l'Information et de la Communication (STIC) continuent de progresser de façon spectaculaire dans tous les domaines de l'ingénierie ou de la production, des secteurs les plus traditionnels jusqu'aux industries de pointe. Les technologies mettant en oeuvre le traitement du signal et l'informatique permettant la mise au point de modèle de plus en plus réalistes, sont et seront à la base d'importantes innovations dans presque tous les secteurs de l'activité humaine : ingénierie, télécommunications, éducation, médecine, environnement, prévisions météorologiques, défense, transports, commerce et distribution, finance, loisirs, etc. Avec les outils de traitement et de modélisation, les STIC permettent également de nombreuses avancées dans les autres sciences : physique, chimie, biologie, sciences de la terre, sciences humaines ou sociales, etc. Dans le domaine des télécommunications, de nombreux secteurs sont concernés par l'apport de ces nouveaux outils. Dans le domaine du traitement de la parole, les performances des codeurs ont tendance à se dégrader au fur et à mesure que leurs débits diminuent, même si leurs conceptions font appel à des modèles de plus en plus sophistiqués. Le choix d'un codeur de parole est un compromis entre différents facteurs : qualité souhaitée, débit et complexité. En téléphonie acoustique numérique sous-marine, la portée dépend de la fréquence sachant que les fréquences élevées sont rapidement amorties. Des bas, très bas débits sont nécessaires pour atteindre des distances acceptables. On fera appel à des codeurs bas, voir très bas débits suivant la qualité de parole souhaitée. La montée en puissance des processeurs de signaux (Digital Signal Processor DSP), une puissance multipliée, par un facteur de l'ordre de 1000 dans les quinze dernières années, permet d'offrir aujourd'hui une large gamme de choix pouvant répondre à la plupart des situations rencontrées dans le domaine industriel. Après les codeurs temporels à hauts débits type MIC (64 kbits/s), MICDA DECT( Digital European Cordless Telephone 32 kbits/s), MIC bande élargie(64 kbits/s), les codeurs mixtes (paramétriques et temporels) à bas débits de type CELP{Code Excited Linear Prediction}} (4.8 kbits/s) ou MELP{Mixed Excited Linear Prediction}} (2.4 kbits/s), avec leurs nouveaux algorithmes de compression offrent de très bonne qualité de parole. La première partie de mes travaux de recherche a été consacrée au codage de source avec l'étude et le développement d'un codeur de type CELP (5,45 kbits/s) et à son implémentation sur un DSP{de type Motorola fréquence d'horloge 27 Mhz, 13.5 MIPS). Compte tenu des contraintes temps réel, l'intégration a été entièrement réalisée en langage d'assemblage, elle fait l'objet d'un chapitre dans le rapport final. Dans le domaine des communications numériques, après transmission sur un canal physique, le flux de données est entaché d'erreurs provenant de phénomènes d'évanouissements, d'interférences entre symboles, de bruits d'origines diverses (thermique, milieu, etc..). En codage canal, l'arrivée des systèmes itératifs, connus sous le nom de "Turbo Codes", avec les deux grandes familles, TCC (Turbo Codes Convolutifs) et TCB (Turbo Codes en Blocs), est à l'origine de nombreuses avancées permettant de récupérer l'information émise quasiment sans erreur dans les conditions de fonctionnement. Le codage de canal permet ainsi en réception, après égalisation éventuelle et démodulation, de corriger les erreurs de parcours avec un pourcentage de réussite très élevé. Les TCC et les TCB commencent à être intégrés dans différentes normes (satellites, communications mobiles, télévisions numériques etc.) et de nombreux travaux visent à les intégrer dans les secteurs les plus divers. Le département Signal et Communications de l'ENST-Bretagne s'intéresse plus particulièrement au TCB, à la fois à partir des codes BCH binaires, et des codes de Reed-Solomon RS. En 1996 j'ai commencé les premiers travaux d'intégration des TCB sur processeurs de signaux (DSP). Avec ses très grandes possibilités de parallélisme, l'option circuit permet d'atteindre des débits très élevés. L'option DSP apporte une très grande souplesse malgré son parallélisme limité et permet une évolutivité au niveau de l'intégration et de la mise à jour rapide des systèmes. Différents algorithmes ont été mis en oeuvre pour le décodage pondéré des TCB, à la fois de type BCH (Chase-Pyndiah, Chase-Hartmann-Rudolph-Nazarov) et de type RS (Chase-Pyndiah-Berlekamp-Massey), dans le cadre des thèses que j'ai co-encadrées et de différents travaux réalisés dans le cadre de contrats (SEEE-AM sur canal VLF-LF) ou de projets DS-GET (codage canal pour BLUETOOTH avec TCB, communications indoor sur canal 60 GHz. Les différents algorithmes ont été initialement développés en langage C en format flottant. Les implémentations{l'implémentation des codes RS est aujourd'hui en cours de développement dans le cadre d'un nouveau projet}, en format fixe, sur processeurs de signaux ont été optimisées en langage d'assemblage (DSP Motorola 56xxx, DSP Texas Instruments TMS320C6201) Avant de conclure un dernier chapitre est plus particulièrement consacré à la présentation d'une approche des activités temps réel. Il nous permet de présenter la téléphonie acoustique sous-marine et notamment les différentes plate-formes mises en oeuvre au cours des essais de 1994 et ceux de 2003 dans rade de Brest. Une plate forme temps réel d'essais de Turbo codes en blocs est également présentée. Son objectif est plus pédagogique. Un certain nombre de conclusions sont tirées en fin de rapport avant de présenter les perspectives pour la suite des travaux.

Codage source

Codage canal

Communications hertziennes

Communication security

Traitements temps réel

A Dynamic Security And Authentication System For Mobile Transactions : A Cognitive Agents Based Approach

Babu, B Sathish

05 1900

In the world of high mobility, there is a growing need for people to communicate with each other and have timely access to information regardless of the location of the individuals or the information. This need is supported by the advances in the technologies of networking, wireless communications, and portable computing devices with reduction in the physical size of computers, lead to the rapid development in mobile communication infrastructure. Hence, mobile and wireless networks present many challenges to application, hardware, software and network designers and implementers. One of the biggest challenge is to provide a secure mobile environment. Security plays a more important role in mobile communication systems than in systems that use wired communication. This is mainly because of the ubiquitous nature of the wireless medium that makes it more susceptible to security attacks than wired communications. The aim of the thesis is to develop an integrated dynamic security and authentication system for mobile transactions. The proposed system operates at the transactions-level of a mobile application, by intelligently selecting the suitable security technique and authentication protocol for ongoing transaction. To do this, we have designed two schemes: the transactions-based security selection scheme and the transactions-based authentication selection scheme. These schemes use transactions sensitivity levels and the usage context, which includes users behaviors, network used, device used, and so on, to decide the required security and authentication levels. Based on this analysis, requisite security technique, and authentication protocols are applied for the trans-action in process. The Behaviors-Observations-Beliefs (BOB) model is developed using cognitive agents to supplement the working of the security and authentication selection schemes. A transaction classification model is proposed to classify the transactions into various sensitivity levels. The BOB model The BOB model is a cognitive theory based model, to generate beliefs over a user, by observing various behaviors exhibited by a user during transactions. The BOB model uses two types of Cognitive Agents (CAs), the mobile CAs (MCAs) and the static CAs (SCAs). The MCAs are deployed over the client devices to formulate beliefs by observing various behaviors of a user during the transaction execution. The SCA performs belief analysis, and identifies the belief deviations w.r.t. established beliefs. We have developed four constructs to implement the BOB model, namely: behaviors identifier, observations generator, beliefs formulator, and beliefs analyser. The BOB model is developed by giving emphasis on using the minimum computation and minimum code size, by keeping the resource restrictiveness of the mobile devices and infrastructure. The knowledge organisation using cognitive factors, helps in selecting the rational approach for deciding the legitimacy of a user or a session. It also reduces the solution search space by consolidating the user behaviors into an high-level data such as beliefs, as a result the decision making time reduces considerably. The transactions classification model This model is proposed to classify the given set of transactions of an application service into four sensitivity levels. The grouping of transactions is based on the operations they perform, and the amount of risk/loss involved if they are misused. The four levels are namely, transactions who’s execution may cause no-damage (level-0), minor-damage (level-1), significant-damage (level-2) and substantial-damage (level-3). A policy-based transaction classifier is developed and incorporated in the SCA to decide the transaction sensitivity level of a given transaction. Transactions-based security selection scheme (TBSS-Scheme) The traditional security schemes at application-level are either session or transaction or event based. They secure the application-data with prefixed security techniques on mobile transactions or events. Generally mobile transactions possesses different security risk profiles, so, empirically we may find that there is a need for various levels of data security schemes for the mobile communications environment, which face the resource insufficiency in terms of bandwidth, energy, and computation capabilities. We have proposed an intelligent security techniques selection scheme at the application-level, which dynamically decides the security technique to be used for a given transaction in real-time. The TBSS-Scheme uses the BOB model and transactions classification model, while deciding the required security technique. The selection is purely based on the transaction sensitivity level, and user behaviors. The Security techniques repository is used in the proposed scheme, organised under three levels based on the complexity of security techniques. The complexities are decided based on time and space complexities, and the strength of the security technique against some of the latest security attacks. The credibility factors are computed using the credibility module, over transaction network, and transaction device are also used while choosing the security technique from a particular level of security repository. Analytical models are presented on beliefs analysis, security threat analysis, and average security cost incurred during the transactions session. The results of this scheme are compared with regular schemes, and advantageous and limitations of the proposed scheme are discussed. A case study on application of the proposed security selection scheme is conducted over mobile banking application, and results are presented. Transactions-based authentication selection scheme (TBAS-Scheme) The authentication protocols/schemes are used at the application-level to authenticate the genuine users/parties and devices used in the application. Most of these protocols challenges the user/device to get the authentication information, rather than deploying the methods to identify the validity of a user/device. Therefore, there is a need for an authentication scheme, which intelligently authenticates a user by continuously monitoring the genuinity of the activities/events/ behaviors/transactions through out the session. Transactions-based authentication selection scheme provides a new dimension in authenticating users of services. It enables strong authentication at the transaction level, based on sensitivity level of the given transaction, and user behaviors. The proposed approach intensifies the procedure of authentication by selecting authentication schemes by using the BOB-model and transactions classification models. It provides effective authentication solution, by relieving the conventional authentication systems, from being dependent only on the strength of authentication identifiers. We have made a performance comparison between transactions-based authentication selection scheme with session-based authentication scheme in terms of identification of various active attacks, and average authentication delay and average authentication costs are analysed. We have also shown the working of the proposed scheme in inter-domain and intra-domain hand-off scenarios, and discussed the merits of the scheme comparing it with mobile IP authentication scheme. A case study on application of the proposed authentication selection scheme for authenticating personalized multimedia services is presented. Implementation of the TBSS and the TBAS schemes for mobile commerce application We have implemented the integrated working of both the TBSS and TBAS schemes for a mo-bile commerce application. The details on identifying vendor selection, day of purchase, time of purchase, transaction value, frequency of purchase behaviors are given. A sample list of mobile commerce transactions is presented along with their classification into various sensitivity levels. The working of the system is discussed using three cases of purchases, and the results on trans-actions distribution, deviation factor generation, security technique selection, and authentication challenge generation are presented. In summary, we have developed an integrated dynamic security and authentication system using, the above mentioned selection schemes for mobile transactions, and by incorporating the BOB model, transactions classification model, and credibility modules. We have successfully implemented the proposed schemes using cognitive agents based middleware. The results of experiments suggest that incorporating user behaviors, and transaction sensitivity levels will bring dynamism and adaptiveness to security and authentication system. Through which the mobile communication security could be made more robust to attacks, and resource savvy in terms of reduced bandwidth and computation requirements by using an appropriate security and authentication technique/protocol.

Mobile Transactions

Mobile Communication

Computer And Communication Security

Mobile Communications - Security

Mobile Transactions - Authentication

Mobile Transactions - Security

Transactions Classification Model

Cognitive Agents

Mobile Multimedia Applications

Mobile e-Commerce

Mobile Multimedia Services

Communication Engineering

An Extension Of Multi Layer IPSec For Supporting Dynamic QoS And Security Requirements

Kundu, Arnab

02 1900

Governments, military, corporations, financial institutions and others exchange a great deal of confidential information using Internet these days. Protecting such confidential information and ensuring their integrity and origin authenticity are of paramount importance. There exist protocols and solutions at different layers of the TCP/IP protocol stack to address these security requirements. Application level encryption viz. PGP for secure mail transfer, TLS based secure TCP communication, IPSec for providing IP layer security are among these security solutions. Due to scalability, wide acceptance of the IP protocol, and its application independent character, the IPSec protocol has become a standard for providing Internet security. The IPSec provides two protocols namely the Authentication header (AH) and the Encapsulating Security Payload (ESP). Each protocol can operate in two modes, viz. transport and tunnel mode. The AH provides data origin authentication, connectionless integrity and anti replay protection. The ESP provides all the security functionalities of AH along with confidentiality. The IPSec protocols provide end-to-end security for an entire IP datagram or the upper layer protocols of IP payload depending on the mode of operation. However, this end-to-end model of security restricts performance enhancement and security related operations of intermediate networking and security devices, as they can not access or modify transport and upper layer headers and original IP headers in case of tunnel mode. These intermediate devices include routers providing Quality of Service (QoS), TCP Performance Enhancement Proxies (PEP), Application level Proxy devices and packet filtering firewalls. The interoperability problem between IPSec and intermediate devices has been addressed in literature. Transport friendly ESP (TF-ESP), Transport Layer Security (TLS), splitting of single IPSec tunnel into multiple tunnels, Multi Layer IPSec (ML-IPSec) are a few of the proposed solutions. The ML-IPSec protocol solves this interoperability problem without violating the end-to-end security for the data or exposing some important header fields unlike the other solutions. The ML-IPSec uses a multilayer protection model in place of the single end-to-end model. Unlike IPSec where the scope of encryption and authentication applies to the entire IP datagram, this scheme divides the IP datagram into zones. It applies different protection schemes to different zones. When ML-IPSec protects a traffic stream from its source to its destination, it first partitions the IP datagram into zones and applies zone-specific cryptographic protections. During the flow of the ML-IPSec protected datagram through an authorized intermediate gateway, certain type I zones of the datagram may be decrypted and re-encrypted, but the other zones will remain untouched. When the datagram reaches its destination, the ML-IPSec will reconstruct the entire datagram. The ML-IPSec protocol, however suffers from the problem of static configuration of zones and zone specific cryptographic parameters before the commencement of the communication. Static configuration requires a priori knowledge of routing infrastructure and manual configuration of all intermediate nodes. While this may not be an issue in a geo-stationary satellite environment using TCP-PEP, it could pose problems in a mobile or distributed environment, where many stations may be in concurrent use. The ML-IPSec endpoints may not be trusted by all intermediate nodes in a mobile environment for manual configuration without any prior arrangement providing the mutual trust. The static zone boundary of the protocol forces one to ignore the presence of TCP/IP datagrams with variable header lengths (in case of TCP or IP headers with OPTION fields). Thus ML-IPSec will not function correctly if the endpoints change the use of IP or TCP options, especially in case of tunnel mode. The zone mapping proposed in ML-IPSec is static in nature. This forces one to configure the zone mapping before the commencement of the communication. It restricts the protocol from dynamically changing the zone mapping for providing access to intermediate nodes without terminating the existing ML-IPSec communication. The ML-IPSec endpoints can off course, configure the zone mapping with maximum number of zones. This will lead to unnecessary overheads that increase with the number of zones. Again, static zone mapping could pose problems in a mobile or distributed environment, where communication paths may change. Our extension to the ML-IPSec protocol, called Dynamic Multi Layer IPSec (DML-IPSec) proposes a multi layer variant with the capabilities of dynamic zone configuration and sharing of cryptographic parameters between IPSec endpoints and intermediate nodes. It also accommodates IP datagrams with variable length headers. The DML-IPSec protocol redefines some of the IPSec and ML-IPSec fundamentals. It proposes significant modifications to the datagram processing stage of ML-IPSec and proposes a new key sharing protocol to provide the above-mentioned capabilities. The DML-IPSec supports the AH and ESP protocols of the conventional IPSec with some modifications required for providing separate cryptographic protection to different zones of an IP datagram. This extended protocol defines zone as a set of non-overlapping and contiguous partitions of an IP datagram, unlike the case of ML-IPSec where a zone may consist of non-contiguous portions. Every zone is provided with cryptographic protection independent of other zones. The DML-IPSec categorizes zones into two separate types depending on the accessibility requirements at the intermediate nodes. The first type of zone, called type I zone, is defined on headers of IP datagram and is required for examination and modification by intermediate nodes. One type I zone may span over a single header or over a series of contiguous headers of an IP datagram. The second type of zone, called type II zone, is meant for the payload portion and is kept secure between endpoints of IPSec communications. The single type II zone starts immediately after the last type I zone and spans till the end of the IP datagram. If no intermediate processing is required during the entire IPSec session, the single type II zone may cover the whole IP datagram; otherwise the single type II zone follows one or more type I zones of the IP datagram. The DML-IPSec protocol uses a mapping from the octets of the IP datagram to different zones, called zone map for partitioning an IP datagram into zones. The zone map contains logical boundaries for the zones, unlike physical byte specific boundaries of ML-IPSec. The physical boundaries are derived on-the-fly, using either the implicit header lengths or explicit header length fields of the protocol headers. This property of the DML-IPSec zones, enables it to accommodate datagrams with variable header lengths. Another important feature of DML-IPSec zone is that the zone maps need not remain constant through out the entire lifespan of IPSec communication. The key sharing protocol may modify any existing zone map for providing service to some intermediate node. The DML-IPSec also redefines Security Association (SA), a relationship between two endpoints of IPSec communication that describes how the entities will use security services to communicate securely. In the case of DML-IPSec, several intermediate nodes may participate in defining these security protections to the IP datagrams. Moreover, the scope of one particular set of security protection is valid on a single zone only. So a single SA is defined for each zone of an IP datagram. Finally all these individual zonal SA’s are combined to represent the security relationship of the entire IP datagram. The intermediate nodes can have the cryptographic information of the relevant type I zones. The cryptographic information related to the type II zone is, however, hidden from any intermediate node. The key sharing protocol is responsible for selectively sharing this zone information with the intermediate nodes. The DML-IPSec protocol has two basic components. The first one is for processing of datagrams at the endpoints as well as intermediate nodes. The second component is the key sharing protocol. The endpoints of a DML-IPSec communication involves two types of processing. The first one, called Outbound processing, is responsible for generating a DML-IPSec datagram from an IP datagram. It first derives the zone boundaries using the zone map and individual header field lengths. After this partitioning of IP datagram, zone wise encryption is applied (in case of ESP). Finally zone specific authentication trailers are calculated and appended after each zone. The other one, Inbound processing, is responsible for generating the original IP datagram from a DML-IPSec datagram. The first step in the inbound processing, the derivation of zone boundary, is significantly different from that of outbound processing as the length fields of zones remain encrypted. After receiving a DML-IPSec datagram, the receiver starts decrypting type I zones till it decrypts the header length field of the header/s. This is followed by zone-wise authentication verification and zone-wise decryption. The intermediate nodes processes an incoming DML-IPSec datagram depending on the presence of the security parameters for that particular DML-IPSec communication. In the absence of the security parameters, the key sharing protocol gets executed; otherwise, all the incoming DML-IPSec datagrams get partially decrypted according to the security association and zone mapping at the inbound processing module. After the inbound processing, the partially decrypted IP datagram traverses through the networking stack of the intermediate node . Before the IP datagram leaves the intermediate node, it is processed by the outbound module to reconstruct the DML-IPSec datagram. The key sharing protocol for sharing zone related cryptographic information among the intermediate nodes is the other important component of the DML-IPSec protocol. This component is responsible for dynamically enabling intermediate nodes to access zonal information as required for performing specific services relating to quality or security. Whenever a DML-IPSec datagram traverses through an intermediate node, that requires access to some of the type I zones, the inbound security database is searched for cryptographic parameters. If no entry is present in the database, the key sharing protocol is invoked. The very first step in this protocol is a header inaccessible message from the intermediate node to the source of the DML-IPSec datagram. The intermediate node also mentions the protocol headers that it requires to access in the body portion of this message. This first phase of the protocol, called the Zone reorganization phase, is responsible for deciding the zone mapping to provide access to intermediate nodes. If the current zone map can not serve the header request, the DML-IPSec endpoint reorganizes the existing zone map in this phase. The next phase of the protocol, called the Authentication Phase is responsible for verifying the identity of the intermediate node to the source of DML-IPSec session. Upon successful authentication, the third phase, called the Shared secret establishment phase commences. This phase is responsible for the establishment of a temporary shared secret between the source and intermediate nodes. This shared secret is to be used as key for encrypting the actual message transfer of the DML-IPSec security parameters at the next phase of the protocol. The final phase of the protocol, called the Security parameter sharing phase, is solely responsible for actual transfer of the security parameters from the source to the intermediate nodes. This phase is also responsible for updation of security and policy databases of the intermediate nodes. The successful execution of the four phases of the key sharing protocol enables the DML-IPSec protocol to dynamically modify the zone map for providing access to some header portions for intermediate nodes and also to share the necessary cryptographic parameters required for accessing relevant type I zones without disturbing an existing DML-IPSec communication. We have implemented the DML-IPSec for ESP protocol according to the definition of zones along with the key sharing algorithm. RHEL version 4 and Linux kernel version 2.6.23.14 was used for the implementation. We implemented the multi-layer IPSec functionalities inside the native Linux implementation of IPSec protocol. The SA structure was updated to hold necessary SA information for multiple zones instead of single SA of the normal IPSec. The zone mapping for different zones was implemented along with the kernel implementation of SA. The inbound and outbound processing modules of the IPSec endpoints were re-implemented to incorporate multi-layer IPSec capability. We also implemented necessary modules for providing partial IPSec processing capabilities at the intermediate nodes. The key sharing protocol consists of some user space utilities and corresponding kernel space components. We use ICMP protocol for the communications required for the execution of the protocol. At the kernel level, pseudo character device driver was implemented to update the kernel space data structures and necessary modifications were made to relevant kernel space functions. User space utilities and corresponding kernel space interface were provided for updating the security databases. As DML-IPSec ESP uses same Security Policy mechanism as IPSec ESP, existing utilities (viz. setkey) are used for the updation of security policy. However, the configuration of the SA is significantly different as it depends on the DML-IPSec zones. The DML-IPSec ESP implementation uses the existing utilities (setkey and racoon) for configuration of the sole type II zone. The type I zones are configured using the DML-IPSec application. The key sharing protocol also uses this application to reorganize the zone mapping and zone-wise cryptographic parameters. The above feature enables one to use default IPSec mechanism for the configuration of the sole type II zone. For experimental validation of DML-IPSec, we used the testbed as shown in the above figure. An ESP tunnel is configured between the two gateways GW1 and GW2. IN acts as an intermediate node and is installed with several intermediate applications. Clients C11 and C21 are connected to GW1 and GW2 respectively. We carried out detailed experiments for validating our solution w.r.t firewalling service. We used stateful packet filtering using iptables along with string match extension at IN. First, we configured the firewall to allow only FTP communication (using port information of TCP header and IP addresses of Inner IP header ) between C11 and C21. In the second experiment, we configured the firewall to allow only Web connection between C11 and C21 using the Web address of C11 (using HTTP header, port information of TCP header and IP addresses of Inner IP header ). In both experiments, we initiated the FTP and WEB sessions before the execution of the key sharing protocol. The session could not be established as the access to upper layer headers was denied. After the execution of the key sharing protocol, the sessions could be established, showing the availability of protocol headers to the iptables firewall at IN following the successful key sharing. We use record route option of ping program to validate the claim of handling datagrams with variable header lengths. This option of ping program records the IP addresses of all the nodes traversed during a round trip path in the IP OPTION field. As we used ESP in tunnel mode between GW1 and GW2, the IP addresses would be recorded inside the encrypted Inner IP header. We executed ping between C11 and C21 and observed the record route output. Before the execution of the key sharing protocol, the IP addresses of IN were absent in the record route output. After the successful execution of key sharing protocol, the IP addresses for IN were present at the record route output. The DML-IPSec protocol introduces some processing overhead and also increases the datagram size as compared to IPSec and ML-IPSec. It increases the datagram size compared to the standard IPSec. However, this increase in IP datagram size is present in the case of ML-IPSec as well. The increase in IP datagram length depends on the number of zones. As the number of zone increases this overhead also increases. We obtain experimental results about the processing delay introduced by DML-IPSec processing. For this purpose, we executed ping program from C11 to C21 in the test bed setup for the following cases: 1.ML-IPSec with one type I and one type II zone and 2. DML-IPSec with one type I and one type II zone. We observe around 10% increase in RTT in DML-IPSec with two dynamic zones over that of ML-IPSec with two static zones. This overhead is due to on-the-fly derivation of the zone length and related processing. The above experiment analyzes the processing delay at the endpoints without intermediate processing. We also analyzed the effect of intermediate processing due to dynamic zones of DML-IPSec. We used iptables firewall in the above mentioned experiment. The RTT value for DML-IPSec with dynamic zones increases by less than 10% over that of ML-IPSec with static zones. To summarize our work, we have proposed an extension to the multilayer IPSec protocol, called Dynamic Multilayer IPSec (DML-IPSec). It is capable of dynamic modification of zones and sharing of cryptographic parameters between endpoints and intermediate nodes using a key sharing protocol. The DML-IPSec also accommodates datagrams with variable header lengths. The above mentioned features enable any intermediate node to dynamically access required header portions of any DML-IPSec protected datagrams. Consequently they make the DML-IPSec suited for providing IPSec over mobile and distributed networks. We also provide complete implementation of ESP protocol and provide experimental validation of our work. We find that our work provides the dynamic support for QoS and security services without any significant extra overhead compared to that of ML-IPSec. The thesis begins with an introduction to communication security requirements in TCP/IP networks. Chapter 2 provides an overview of communication security protocols at different layers. It also describes the details of IPSec protocol suite. Chapter 3 provides a study on the interoperability issues between IPSec and intermediate devices and discusses about different solutions. Our proposed extension to the ML-IPSec protocol, called Dynamic ML-IPSec(DML-IPSec) is presented in Chapter 4. The design and implementation details of DML-IPSec in Linux environment is presented in Chapter 5. It also provides experimental validation of the protocol. In Chapter 6, we summarize the research work, highlight the contributions of the work and discuss the directions for further research.

Computer Communication Protocols

Internet Protocol Service

Computer Security

Internet Protocol Security

Intermediate QoS and Security Service

Multi Layer IPSec (ML-IPSec)

Authentication Header (AH)

Communication Security Protocols

IP Security

Encapsulating Security Payload (ESP)

Quality of Service (QoS)

Transport Friendly ESP (TF-ESP)

Transport Layer Security (TLS)

Computer Science

Design Techniques for Secure IoT Devices and Networks

Malin Priyamal Prematilake (12201746)

25 July 2023

<p>The rapid expansion of consumer Internet-of-Things (IoT) technology across various application domains has made it one of the most sought-after and swiftly evolving technologies. IoT devices offer numerous benefits, such as enhanced security, convenience, and cost reduction. However, as these devices need access to sensitive aspects of human life to function effectively, their abuse can lead to significant financial, psychological, and physical harm. While previous studies have examined the vulnerabilities of IoT devices, insufficient research has delved into the impact and mitigation of threats to users' privacy and safety. This dissertation addresses the challenge of protecting user safety and privacy against threats posed by IoT device vulnerabilities. We first introduce a novel IWMD architecture, which serves as the last line of defense against unsafe operations of Implantable and Wearable Medical Devices (IWMDs). We demonstrate the architecture's effectiveness through a prototype artificial pancreas. Subsequent chapters emphasize the safety and privacy of smart home device users. First, we propose a unique device activity-based categorization and learning approach for network traffic analysis. Utilizing this technology, we present a new smart home security framework and a device type identification mechanism to enhance transparency and access control in smart home device communication. Lastly, we propose a novel traffic shaping technique that hinders adversaries from discerning user activities through traffic analysis. Experiments conducted on commercially available IoT devices confirm that our solutions effectively address these issues with minimal overhead.</p>

Digital health

System and network security

Networking and communications

Embedded Systems Security

Implantable Medical Device

internet of things sensors

Internet of Things (loT)

Internet of Things Healthcare Market

Security

Health

device identification

activity identification

Security Framework

Privacy

Safety

Network security.

Computer engineering.

Smart Home Privacy

IMD security

IMD

IWMD

IWMD Security

Securing Wireless Communication via Information-Theoretic Approaches: Innovative Schemes and Code Design Techniques

Shoushtari, Morteza

21 June 2023

Historically, wireless communication security solutions have heavily relied on computational methods, such as cryptographic algorithms implemented in the upper layers of the network stack. Although these methods have been effective, they may not always be sufficient to address all security threats. An alternative approach for achieving secure communication is the physical layer security approach, which utilizes the physical properties of the communication channel through appropriate coding and signal processing. The goal of this Ph.D. dissertation is to leverage the foundations of information-theoretic security to develop innovative and secure schemes, as well as code design techniques, that can enhance security and reliability in wireless communication networks. This dissertation includes three main phases of investigation. The first investigation analyzes the finite blocklength coding problem for the wiretap channel model which is equipped with the cache. The objective was to develop and analyze a new wiretap coding scheme that can be used for secure communication of sensitive data. Secondly, an investigation was conducted into information-theoretic security solutions for aeronautical mobile telemetry (AMT) systems. This included developing a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system, as well as examining the potential of post-quantum cryptography approaches as future secrecy solutions for AMT systems. The investigation focused on exploring code-based techniques and evaluating their feasibility for implementation. Finally, the properties of nested linear codes in the wiretap channel model have been explored. Investigation in this phase began by exploring the duality relationship between equivocation matrices of nested linear codes and their corresponding dual codes. Then a new coding algorithm to construct the optimum nested linear secrecy codes has been invented. This coding algorithm leverages the aforementioned duality relationship by starting with the worst nested linear secrecy codes from the dual space. This approach enables us to derive the optimal nested linear secrecy code more efficiently and effectively than through a brute-force search for the best nested linear secrecy codes directly.

Wireless communication security

information-theoretic security

wiretap channel

wiretap caching channel

secrecy coding

error-correction coding

coset coding

aeronautical mobile telemetry security

post-quantum cryptosystems

cryptographic algorithms

nested linear codes

duality relationship in coding theory

dual codes

optimum nested linear secrecy codes

Engineering