Towards securing networks of resource constrained devices: a study of cryptographic primitives and key distribution schemes

Chan, Kevin Sean

25 August 2008

Wireless networks afford many benefits compared to wired networks in terms of their usability in dynamic situations, mobility of networked devices, and accessibility of hazardous environments. The devices used in these networks are generally assumed to be limited in resources such as energy, memory, communications range, and computational ability. Operating in remote or hostile environments, this places them in danger of being compromised by some malicious entity. This work addresses these issues to increase the security of these networks while still maintaining acceptable levels of networking performance and resource usage. We investigate new methods for data encryption on personal wireless hand-held devices. An important consideration for resource-constrained devices is the processing required to encrypt data for transmission or for secure storage. Significant latency from data encryption diminishes the viability of these security services for hand-held devices. Also, increased processing demands require additional energy for each device, where both energy and processing capability are limited. Therefore, one area of interest for hand-held wireless devices is being able to provide data encryption while minimizing the processing and energy overhead as a cost to provide such a security service. We study the security of a wavelet-based cryptosystem and consider its viability for use in hand-held devices. This thesis also considers the performance of wireless sensor networks in the presence of an adversary. The sensor nodes used in these networks are limited in available energy, processing capability and transmission range. Despite these resource constraints and expected malicious attacks on the network, these networks require widespread, highly-reliable communications. Maintaining satisfactory levels of network performance and security between entities is an important goal toward ensuring the successful and accurate completion of desired sensing tasks. However, the resource-constrained nature of the sensor nodes used in these applications provides challenges in meeting these networking and security requirements. We consider link-compromise attacks and node-spoofing attacks on wireless sensor networks, and we consider the performance of various key predistribution schemes applied to these networks. New key predistribution techniques to improve the security of wireless sensor networks are proposed.

Cryptography

Sensor networks

Network security

Computers--Access control

Data protection

Computer security

Data encryption (Computer science)

Provable security support for kerberos (and beyond)

Kumar, Virendra

18 May 2012

Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Like other standard protocols, Kerberos is no exception to security flaws and weaknesses, as has been demonstrated in several prior works. Provable security guarantees go a long way in restoring users' faith, thus making a protocol an even stronger candidate for standards. In this thesis, our goal was thus to provide provable security support for Kerberos and other practical protocols. Our contributions are three-fold: We first look at the symmetric encryption schemes employed in the current version 5 of Kerberos. Several recent results have analyzed a significant part of Kerberos v.5 using formal-methods-based approaches, which are meaningful only if the underlying encryption schemes satisfy strong cryptographic notions of privacy and authenticity. However, to our knowledge these schemes were never analyzed and proven to satisfy such notions. This thesis aims to bridge this gap. Our provable security analyses confirm that some of the encryption scheme options in Kerberos v.5 already provide privacy and authenticity, and for the remaining we suggest slight modifications for the same. We next turn our attention to the ways in which the keys and other random strings needed in cryptographic schemes employed by practical protocols are generated. Randomness needs to be carefully generated for the provable security guarantees to hold. We propose an efficient pseudorandom generator (PRG) based on hash functions. The security of our PRG relies on exponential collision-resistance and regularity of the underlying hash function. Our PRG can be used to generate various strings, like session keys, sequence numbers, confounders, etc., which are all suggested to be generated randomly in the Kerberos v.5 specification, but no algorithms are mentioned. Each of the above strings are required to satisfy different properties, all of which are trivially satisfied by the pseudorandom strings output by a PRG. Finally, we look at the problem of revocation associated with two relatively new types of encryption schemes: identity-based encryption (IBE) and attribute-based encryption (ABE). While these encryption schemes are relatively less efficient compared to public-key encryption schemes, they have already been used (and are very likely to be used in future, as well) in many practical protocols due to their attractive features. Any setting, public-key, identity-based, or attribute-based, must provide a means to revoke users from the system. However, unlike public-key encryption, there has been little prior work on studying the revocation mechanisms in an IBE or ABE. We propose new primitives and their efficient and provably secure instantiations, focusing on the revocation problem. We would like to note that even though all the results presented in this thesis are motivated mainly by provable security in practice, only the first bullet above has a direct impact on a practical and widely deployed protocol Kerberos. Our PRG is the most efficient construction among theoretical PRGs, but it may still not be efficient enough to be directly usable in practical protocols. And our results and techniques for revocation in IBE and ABE have found much wider applications in information security, such as mobile social networks, cloud-based secure health records, data outsourcing systems, vehicular ad-hoc networks, etc.

Encryption scheme

Kerberos

Provable security

Revocation

Pseudorandom generator

Computer security

Data protection

Data encryption (Computer science)

Knowledge based anomaly detection

Prayote, Akara, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2007

Traffic anomaly detection is a standard task for network administrators, who with experience can generally differentiate anomalous traffic from normal traffic. Many approaches have been proposed to automate this task. Most of them attempt to develop a sufficiently sophisticated model to represent the full range of normal traffic behaviour. There are significant disadvantages to this approach. Firstly, a large amount of training data for all acceptable traffic patterns is required to train the model. For example, it can be perfectly obvious to an administrator how traffic changes on public holidays, but very difficult, if not impossible, for a general model to learn to cover such irregular or ad-hoc situations. In contrast, in the proposed method, a number of models are gradually created to cover a variety of seen patterns, while in use. Each model covers a specific region in the problem space. Any novel or ad-hoc patterns can be covered easily. The underlying technique is a knowledge acquisition approach named Ripple Down Rules. In essence we use Ripple Down Rules to partition a domain, and add new partitions as new situations are identified. Within each supposedly homogeneous partition we use fairly simple statistical techniques to identify anomalous data. The special feature of these statistics is that they are reasonably robust with small amounts of data. This critical situation occurs whenever a new partition is added. We have developed a two knowledge base approach. One knowledge base partitions the domain. Within each domain statistics are accumulated on a number of different parameters. The resultant data are passed to a knowledge base which decides whether enough parameters are anomalous to raise an alarm. We evaluated the approach on real network data. The results compare favourably with other techniques, but with the advantage that the RDR approach allows new patterns of use to be rapidly added to the model. We also used the approach to extend previous work on prudent expert systems - expert systems that warn when a case is outside its range of experience. Of particular significance we were able to reduce the false positive to about 5%.

Computer networks -- Security measures.

Computer networks -- Access control.

Computer security.

Data protection.

The viable governance model (VGM) : a theoretical model of IT governance with a corporate setting

Millar, Gary, Engineering & Information Technology, Australian Defence Force Academy, UNSW

January 2009

Empirical studies into IT governance have considerably advanced our understanding of the mechanisms and practices used by contemporary organisations to govern their current and future use of IT. However, despite the progress made in identifying the various elements employed by contemporary IT governance arrangements, there has been relatively little research into the formulation of a holistic model of IT governance that integrates the growing collection of parts into a coherent whole. To further advance the concept of IT governance, the Viable Governance Model (VGM) is proposed. The VGM is a theoretical model of IT governance within a corporate setting that is based on the laws and principles of cybernetics as embodied in Stafford Beer's Viable System Model (VSM). Cybernetics, the science of control and communication in biological and artificial systems, establishes a firm theoretical foundation upon which to design a system that directs and controls the IT function in a complex enterprise. The VGM is developed using an approach based on design science. Given the theoretical nature of the artefact that is being designed, the development and evaluation activities are primarily conceptual in nature. That is, the development activity involves the design of a theoretical model of IT governance using theoretical concepts and constructs drawn from several reference disciplines including cybernetics, organisation theory, and complexity theory. The conceptual evaluation of the VGM indicates that the model is sufficiently robust to incorporate many of the empirical findings arising from academic and professional research. The resultant model establishes a "blueprint", or set of design principles, that can be used by IS practitioners to design and implement a system of IT governance that is appropriate to their organisational contingencies. Novel aspects of this research include: the integration of corporate and IT governance; the reinterpretation of the role of the enterprise architecture (EA) within a complex enterprise; the exposition of the relationship between the corporate and divisional IT groups; and the resolution of the centralisation versus decentralisation dilemma that confront designers of IT governance arrangements.

Data protection

Information technology : management

Corporate governance

Business enterprises : computer networks

Cybernetics

Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law.

Quentin Cregan

Unknown Date

Computer intrusions and attacks compromise individuals, companies and communities. Whilst it is clear that computer and information security studies point to a generalised increase in the number and sophistication of computer security attacks over the past decade and that nations now entirely rely upon computer systems, insufficient attention is paid to the protection of those systems. Computer data and network systems affect our everyday lives, from the supply-chain software that ensures that the shelves are stocked at the supermarket, to systems that manage finance and share markets. Compromises of computer security are, therefore, rightly seen both as an attack on those individual entities whose systems and information are compromised, and as a communal attack upon the people and organisations that rely upon or use computer systems, both directly and indirectly. The aim of this thesis is to give an analysis of computer system security, information protections and the legal ramifications of computer security compromise, notably, data security compromise in Australia. Ultimately, the aim is to address three overlapping questions: what are the ways in which systems are breached, what are the legal consequences of a breach and are those consequences adequate? This paper looks at the underlying technology and relationships between actors involved in the majority of security compromises and looks at the common factors in how systems and networks are attacked and actors damaged. The paper then goes on to look at criminal liability for security compromises and shows how a criminal analysis feeds into the proper civil law consideration of the topic. Finally, the paper looks at data security through the lens of privacy. Ultimately, this paper concludes that Australia is inconsistent in its legal responses to information security incidents. Such variations are based on the area of law being discussed and dependent on the breach methodology and outcome. The criminal law provides the most current and potent legal protection any business or individual has had in this field. This is followed by statutory privacy law which provides a narrow degree of coverage and provides only a weak conciliation process for addressing data security issues. Finally, common law and equity provide the most uncertain commercial remedies for those that suffer data security breach. This paper concludes that present protections are inadequate and uncertain, and that change is required.

18 Law and Legal Studies

Contributions to image encryption and authentication

Uehara, Takeyuki.

January 2003

Thesis (Ph.D.)--University of Wollongong, 2003. / Typescript. Bibliographical references: leaf 201-211.

Extending an MPEG-21 viewer to manage access rights

Lönneborg, Rickard.

January 2004

Thesis (M.Sc.(Hons.))--University of Wollongong, 2004. / Typescript. Includes bibliographical references: leaf 61-63.

Asynchronous transfer mode security /

Shankaran, Rajan.

January 1999

Thesis (M. Sc.) (Hons.) -- University of Western Sydney, Nepean, 1999. / Thesis submitted in fulfilment of the requirements for the award of the degree Master of Science (Honors) from the University of Western Sydney, Nepean, School of Computing and Information Technology. Bibliography : p. 87-88.

Detecting and resolving redundancies in EP3P policies

Salim, Farzad.

January 2006

Thesis (M.Comp.Sc.)--University of Wollongong, 2006. / Typescript. Includes bibliographical references: leaf 98-102.

Digital rights management for smart containment objects

Fares, Tony Yussef.

January 2005

Thesis (Ph.D.)--University of Wollongong, 2005. / Typescript. Includes appendices. Includes bibliographical references: leaf 201-214.