WorldWideScience

Sample records for qos-compliant security protocol

  1. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  2. Security and SCADA protocols

    International Nuclear Information System (INIS)

    Igure, V. M.; Williams, R. D.

    2006-01-01

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

  3. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how....... We construct an oblivious RAM that hides the client's access pattern with information theoretic security with an amortized $\\log^3 N$ query overhead. And how to employ a second server that is guaranteed not to conspire with the first to improve the overhead to $\\log^2 N$, while also avoiding...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

  4. Deterministic secure communication protocol without using entanglement

    OpenAIRE

    Cai, Qing-yu

    2003-01-01

    We show a deterministic secure direct communication protocol using single qubit in mixed state. The security of this protocol is based on the security proof of BB84 protocol. It can be realized with current technologies.

  5. Static Validation of Security Protocols

    DEFF Research Database (Denmark)

    Bodei, Chiara; Buchholtz, Mikael; Degano, P.

    2005-01-01

    We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques ...... suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as Needham-Schroeder symmetric key, Otway-Rees, Yahalom, Andrew secure RPC, Needham-Schroeder asymmetric key, and Beller-Chang-Yacobi MSR...

  6. Summary Report on Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Salvail, Louis; Cachin, Christian

    This document describes the state of the art snd some of the main open problems in the area of unconditionally secure cryptographic protocols. The most essential part of a cryptographic protocol is not its being secure. Imagine a cryptographic protocol which is secure, but where we do not know...... that it is secure. Such a protocol would do little in providing security. When all comes to all, cryptographic security is done for the sake of people, and the essential part of security is for people what it has always been, namely to feel secure. To feel secure employing a given cryptographic protocol we need...... to know that is is secure. I.e. we need a proof that it is secure. Today the proof of security of essentially all practically employed cryptographic protocols relies on computational assumptions. To prove that currently employed ways to communicate securely over the Internet are secure we e.g. need...

  7. Bundle Security Protocol for ION

    Science.gov (United States)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  8. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...

  9. Secure Multi-Player Protocols

    DEFF Research Database (Denmark)

    Fehr, Serge

    While classically cryptography is concerned with the problem of private communication among two entities, say players, in modern cryptography multi-player protocols play an important role. And among these, it is probably fair to say that secret sharing, and its stronger version verifiable secret...... sharing (VSS), as well as multi-party computation (MPC) belong to the most appealing and/or useful ones. The former two are basic tools to achieve better robustness of cryptographic schemes against malfunction or misuse by “decentralizing” the security from one single to a whole group of individuals...... (captured by the term threshold cryptography). The latter allows—at least in principle—to execute any collaboration among a group of players in a secure way that guarantees the correctness of the outcome but simultaneously respects the privacy of the participants. In this work, we study three aspects...

  10. Efficient secure two-party protocols

    CERN Document Server

    Hazay, Carmit

    2010-01-01

    The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation -- both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, the authors study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.The book opens with a general introduction to secure computation and then presents definitions of security for a

  11. Bioinspired Security Analysis of Wireless Protocols

    DEFF Research Database (Denmark)

    Petrocchi, Marinella; Spognardi, Angelo; Santi, Paolo

    2016-01-01

    work, this paper investigates feasibility of adopting fraglets as model for specifying security protocols and analysing their properties. In particular, we give concrete sample analyses over a secure RFID protocol, showing evolution of the protocol run as chemical dynamics and simulating an adversary...

  12. Analysis of a security protocol in ?CRL

    NARCIS (Netherlands)

    J. Pang

    2002-01-01

    textabstractNeedham-Schroeder public-key protocol; With the growth and commercialization of the Internet, the security of communication between computers becomes a crucial point. A variety of security protocols based on cryptographic primitives are used to establish secure communication over

  13. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  14. Security analysis of session initiation protocol

    OpenAIRE

    Dobson, Lucas E.

    2010-01-01

    Approved for public release; distribution is unlimited The goal of this thesis is to investigate the security of the Session Initiation Protocol (SIP). This was accomplished by researching previously discovered protocol and implementation vulnerabilities, evaluating the current state of security tools and using those tools to discover new vulnerabilities in SIP software. The CVSS v2 system was used to score protocol and implementation vulnerabilities to give them a meaning that was us...

  15. Live chat alternative security protocol

    Science.gov (United States)

    Rahman, J. P. R.; Nugraha, E.; Febriany, A.

    2018-05-01

    Indonesia is one of the largest e-commerce markets in Southeast Asia, as many as 5 million people do transactions in e-commerce, therefore more and more people use live chat service to communicate with customer service. In live chat, the customer service often asks customers’ data such as, full name, address, e-mail, transaction id, which aims to verify the purchase of the product. One of the risks that will happen is sniffing which will lead to the theft of confidential information that will cause huge losses to the customer. The anticipation that will be done is build an alternative security protocol for user interaction in live chat by using a cryptographic algorithm that is useful for protecting confidential messages. Live chat requires confidentiality and data integration with encryption and hash functions. The used algorithm are Rijndael 256 bits, RSA, and SHA256. To increase the complexity, the Rijndael algorithm will be modified in the S-box and ShiftRow sections based on the shannon principle rule, the results show that all pass the Randomness test, but the modification in Shiftrow indicates a better avalanche effect. Therefore the message will be difficult to be stolen or changed.

  16. Security Protocols: Specification, Verification, Implementation, and Composition

    DEFF Research Database (Denmark)

    Almousa, Omar

    An important aspect of Internet security is the security of cryptographic protocols that it deploys. We need to make sure that such protocols achieve their goals, whether in isolation or in composition, i.e., security protocols must not suffer from any aw that enables hostile intruders to break...... results. The most important generalization is the support for all security properties of the geometric fragment proposed by [Gut14]....... their security. Among others, tools like OFMC [MV09b] and Proverif [Bla01] are quite efficient for the automatic formal verification of a large class of protocols. These tools use different approaches such as symbolic model checking or static analysis. Either approach has its own pros and cons, and therefore, we...

  17. Adaptive security protocol selection for mobile computing

    NARCIS (Netherlands)

    Pontes Soares Rocha, B.; Costa, D.N.O.; Moreira, R.A.; Rezende, C.G.; Loureiro, A.A.F.; Boukerche, A.

    2010-01-01

    The mobile computing paradigm has introduced new problems for application developers. Challenges include heterogeneity of hardware, software, and communication protocols, variability of resource limitations and varying wireless channel quality. In this scenario, security becomes a major concern for

  18. Secure E-Commerce Protocol

    OpenAIRE

    Khalid Haseeb, Muhammad Arshad, Shoukat Ali, Shazia Yasin

    2011-01-01

    E-commerce has presented a new way of doing business all over the world using internet.Organizations have changed their way of doing business from a traditional approach to embrace ecommerceprocesses. As individuals and businesses increase information sharing, a concernregarding the exchange of money securely and conveniently over the internet increases. Therefore,security is a necessity in an e-commerce transaction. The purpose of this paper is to present atoken based Secure E-commerce Proto...

  19. A Lightweight Protocol for Secure Video Streaming.

    Science.gov (United States)

    Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

    2018-05-14

    The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

  20. Analysis of Security Protocols by Annotations

    DEFF Research Database (Denmark)

    Gao, Han

    . The development of formal techniques, e.g. control flow analyses, that can check various security properties, is an important tool to meet this challenge. This dissertation contributes to the development of such techniques. In this dissertation, security protocols are modelled in the process calculus LYSA......The trend in Information Technology is that distributed systems and networks are becoming increasingly important, as most of the services and opportunities that characterise the modern society are based on these technologies. Communication among agents over networks has therefore acquired a great...... deal of research interest. In order to provide effective and reliable means of communication, more and more communication protocols are invented, and for most of them, security is a significant goal. It has long been a challenge to determine conclusively whether a given protocol is secure or not...

  1. Performance Evaluation of Security Protocols

    DEFF Research Database (Denmark)

    Bodei, Chiara; Buchholtz, Mikael; Curti, Michele

    2005-01-01

    We use a special operational semantics which drives us in inferring quantitative measures on systems describing cryptographis cryptographic protocols. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architecture running applications and the use...... of possibly different cryptosystems. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools....

  2. Language, Semantics, and Methods for Security Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico

    events. Methods like strand spaces and the inductive method of Paulson have been designed to support an intensional, event-based, style of reasoning. These methods have successfully tackled a number of protocols though in an ad hoc fashion. They make an informal spring from a protocol to its......-nets. They have persistent conditions and as we show in this thesis, unfold under reasonable assumptions to a more basic kind of nets. We relate SPL-nets to strand spaces and inductive rules, as well as trace languages and event structures so unifying a range of approaches, as well as providing conditions under...... reveal. The last few years have seen the emergence of successful intensional, event-based, formal approaches to reasoning about security protocols. The methods are concerned with reasoning about the events that a security protocol can perform, and make use of a causal dependency that exists between...

  3. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...... the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... years the secure multiparty computation problem has been the subject of a large body of research, both research into the models of multiparty computation and research aimed at realizing general secure multiparty computation. The main approach to realizing secure multiparty computation has been based...

  4. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i.......e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful...... in this direction is to extend saturation-based techniques so that enough state information can be modelled and analysed. Finally, we present a methodology for proving the same security properties in the computational model, by means of typing protocol implementations....

  5. Security Protocol Review Method Analyzer(SPRMAN)

    OpenAIRE

    Navaz, A. S. Syed; Narayanan, H. Iyyappa; Vinoth, R.

    2013-01-01

    This Paper is designed using J2EE (JSP, SERVLET), HTML as front end and a Oracle 9i is back end. SPRMAN is been developed for the client British Telecom (BT) UK., Telecom company. Actually the requirement of BT is, they are providing Network Security Related Products to their IT customers like Virtusa,Wipro,HCL etc., This product is framed out by set of protocols and these protocols are been associated with set of components. By grouping all these protocols and components together, product is...

  6. Analyzing security protocols in hierarchical networks

    DEFF Research Database (Denmark)

    Zhang, Ye; Nielson, Hanne Riis

    2006-01-01

    Validating security protocols is a well-known hard problem even in a simple setting of a single global network. But a real network often consists of, besides the public-accessed part, several sub-networks and thereby forms a hierarchical structure. In this paper we first present a process calculus...... capturing the characteristics of hierarchical networks and describe the behavior of protocols on such networks. We then develop a static analysis to automate the validation. Finally we demonstrate how the technique can benefit the protocol development and the design of network systems by presenting a series...

  7. On BAN logics for industrial security protocols

    NARCIS (Netherlands)

    Agray, N.; Hoek, van der W.; Vink, de E.P.; Dunin-Keplicz, B.; Nawarecki, E.

    2002-01-01

    This paper reports on two case-studies of applying BAN logic to industrial strength security protocols. These studies demonstrate the flexibility of the BAN language, as it caters for the addition of appropriate constructs and rules. We argue that, although a semantical foundation of the formalism

  8. Semantics and logic for security protocols

    NARCIS (Netherlands)

    Jacobs, B.P.F.; Hasuo, I.

    2009-01-01

    This paper presents a sound BAN-like logic for reasoning about security protocols with theorem prover support. The logic has formulas for sending and receiving messages (with nonces, public and private encryptions, etc.), and has both temporal and epistemic operators (describing the knowledge of

  9. Performance comparison of secure comparison protocols

    NARCIS (Netherlands)

    Kerschbaum, F.; Biswas, D.; Hoogh, de S.J.A.

    2009-01-01

    Secure multiparty computation (SMC) has gained tremendous importance with the growth of the Internet and e-commerce, where mutually untrusted parties need to jointly compute a function of their private inputs. However, SMC protocols usually have very high computational complexities, rendering them

  10. Analysis of Security Protocols for Mobile Healthcare.

    Science.gov (United States)

    Wazid, Mohammad; Zeadally, Sherali; Das, Ashok Kumar; Odelu, Vanga

    2016-11-01

    Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

  11. Effectiveness and Limitations of E-Mail Security Protocols

    OpenAIRE

    M. Tariq Banday

    2011-01-01

    Simple Mail Transport Protocol is the most widely adopted protocol for e-mail delivery. However, it lackssecurity features for privacy, authentication of sending party, integrity of e-mail message, nonrepudiationand consistency of e-mail envelope. To make e-mail communication secure and private,e-mail servers incorporate one or more security features using add-on security protocols. The add-onsecurity protocols provide a reasonable security but have several limitations. This paper discussesli...

  12. A model based security testing method for protocol implementation.

    Science.gov (United States)

    Fu, Yu Long; Xin, Xiao Long

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  13. Simulation and Evaluation of CTP and Secure-CTP Protocols

    Directory of Open Access Journals (Sweden)

    P. Pecho

    2010-04-01

    Full Text Available The paper discusses characteristics and qualities of two routing protocols – Collection Tree Protocol and its secure modification. The original protocol, as well as other protocols for wireless sensors, solves only problems of ra- dio communication and limited resources. Our design of the secure protocol tries to solve also the essential security ob- jectives. For the evaluation of properties of our protocol in large networks, a TOSSIM simulator was used. Our effort was to show the influence of the modification of the routing protocol to its behavior and quality of routing trees. We have proved that adding security into protocol design does not necessarily mean higher demands for data transfer, power consumption or worse protocol efficiency. In the paper, we manifest that security in the protocol may be achieved with low cost and may offer similar performance as the original protocol.

  14. Sufficient Conditions for Vertical Composition of Security Protocols (Extended Version)

    DEFF Research Database (Denmark)

    Mödersheim, Sebastian Alexander; Viganò, Luca

    a certain kind of channel as a goal and another secure protocol P2 that assumes this kind of channel, can we then derive that their vertical composition P2[P1] is secure? It is well known that protocol composition can lead to attacks even when the individual protocols are all secure in isolation......Vertical composition of security protocols means that an application protocol (e.g., a banking service) runs over a channel established by another protocol (e.g., a secure channel provided by TLS). This naturally gives rise to a compositionality question: given a secure protocol P1 that provides....... In this paper, we formalize seven easy-to-check static conditions that support a large class of channels and applications and that we prove to be su_cient for vertical security protocol composition....

  15. A STRONG SECURITY PROTOCOL AGAINST FINGERPRINT DATABASE ATTACKS

    Directory of Open Access Journals (Sweden)

    U. Latha

    2013-08-01

    Full Text Available The Biometric data is subject to on-going changes and create a crucial problem in fingerprint database. To deal with this, a security protocol is proposed to protect the finger prints information from the prohibited users. Here, a security protocol is proposed to protect the finger prints information. The proposed system comprised of three phases namely, fingerprint reconstruction, feature extraction and development of trigon based security protocol. In fingerprint reconstruction, the different crack variance level finger prints images are reconstructed by the M-band Dual Tree Complex Wavelet Transform (DTCWT. After that features are extracted by binarization. A set of finger print images are utilized to evaluate the performance of security protocol and the result from this process guarantees the healthiness of the proposed trigon based security protocol. The implementation results show the effectiveness of proposed trigon based security protocol in protecting the finger print information and the achieved improvement in image reconstruction and the security process.

  16. Feeling Is Believing: A Secure Template Exchange Protocol

    NARCIS (Netherlands)

    Buhan, I.R.; Doumen, J.M.; Hartel, Pieter H.; Veldhuis, Raymond N.J.; Lee, Seong-Whan; Li, Stan Z.

    We use grip pattern based biometrics as a secure side channel to achieve pre-authentication in a protocol that sets up a secure channel between two hand held devices. The protocol efficiently calculates a shared secret key from biometric data. The protocol is used in an application where grip

  17. A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

    Science.gov (United States)

    Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

    2013-09-02

    Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

  18. On the Security of the Ping-Pong Protocol

    OpenAIRE

    Bostroem, Kim; Felbinger, Timo

    2007-01-01

    We briefly review the security of the ping-pong protocol in light of several attack scenarios suggested by various authors since the proposal of the protocol. We refute one recent attack on an ideal quantum channel, and show that a recent claim of falseness of our original security proof is erroneous.

  19. New View of Ping-Pong Protocol Security

    International Nuclear Information System (INIS)

    Zawadzki Piotr

    2012-01-01

    The ping-pong protocol offers confidential transmission of classic information without a prior key agreement. It is believed that it is quasi secure in lossless quantum channels. Serious doubts related to the analysis paradigm which has been used so far are presented in the study. The security of the protocol is reconsidered. (general)

  20. On the security of the ping-pong protocol

    International Nuclear Information System (INIS)

    Bostroem, Kim; Felbinger, Timo

    2008-01-01

    We briefly review the security of the ping-pong protocol in light of several attack scenarios suggested by various authors since the proposal of the protocol. We refute one recent attack on an ideal quantum channel, and show that a recent claim of falseness of our original security proof is erroneous

  1. On the security of the ping-pong protocol

    Energy Technology Data Exchange (ETDEWEB)

    Bostroem, Kim [Psychologisches Institut II, Universitaet Muenster, 48149 Muenster (Germany); Felbinger, Timo [Institut fuer Physik, Universitaet Potsdam, 14469 Potsdam (Germany)], E-mail: tjf@qipc.org

    2008-05-26

    We briefly review the security of the ping-pong protocol in light of several attack scenarios suggested by various authors since the proposal of the protocol. We refute one recent attack on an ideal quantum channel, and show that a recent claim of falseness of our original security proof is erroneous.

  2. Maximally efficient protocols for direct secure quantum communication

    Energy Technology Data Exchange (ETDEWEB)

    Banerjee, Anindita [Department of Physics and Materials Science Engineering, Jaypee Institute of Information Technology, A-10, Sector-62, Noida, UP-201307 (India); Department of Physics and Center for Astroparticle Physics and Space Science, Bose Institute, Block EN, Sector V, Kolkata 700091 (India); Pathak, Anirban, E-mail: anirban.pathak@jiit.ac.in [Department of Physics and Materials Science Engineering, Jaypee Institute of Information Technology, A-10, Sector-62, Noida, UP-201307 (India); RCPTM, Joint Laboratory of Optics of Palacky University and Institute of Physics of Academy of Science of the Czech Republic, Faculty of Science, Palacky University, 17. Listopadu 12, 77146 Olomouc (Czech Republic)

    2012-10-01

    Two protocols for deterministic secure quantum communication (DSQC) using GHZ-like states have been proposed. It is shown that one of these protocols is maximally efficient and that can be modified to an equivalent protocol of quantum secure direct communication (QSDC). Security and efficiency of the proposed protocols are analyzed and compared. It is shown that dense coding is sufficient but not essential for DSQC and QSDC protocols. Maximally efficient QSDC protocols are shown to be more efficient than their DSQC counterparts. This additional efficiency arises at the cost of message transmission rate. -- Highlights: ► Two protocols for deterministic secure quantum communication (DSQC) are proposed. ► One of the above protocols is maximally efficient. ► It is modified to an equivalent protocol of quantum secure direct communication (QSDC). ► It is shown that dense coding is sufficient but not essential for DSQC and QSDC protocols. ► Efficient QSDC protocols are always more efficient than their DSQC counterparts.

  3. A secure key agreement protocol based on chaotic maps

    International Nuclear Information System (INIS)

    Wang Xing-Yuan; Luan Da-Peng

    2013-01-01

    To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol

  4. Security Property Validation of the Sensor Network Encryption Protocol (SNEP

    Directory of Open Access Journals (Sweden)

    Salekul Islam

    2015-07-01

    Full Text Available Since wireless sensor networks (WSNs have been designed to be deployed in an unsecured, public environment, secured communication is really vital for their wide-spread use. Among all of the communication protocols developed for WSN, the Security Protocols for Sensor Networks (SPINS is exceptional, as it has been designed with security as a goal. SPINS is composed of two building blocks: Secure Network Encryption Protocol (SNEP and the “micro” version of the Timed Efficient Streaming Loss-tolerant Authentication (TESLA, named μTESLA. From the inception of SPINS, a number of efforts have been made to validate its security properties. In this paper, we have validated the security properties of SNEP by using an automated security protocol validation tool, named AVISPA. Using the protocol specification language, HLPSL, we model two combined scenarios—node to node key agreement and counter exchange protocols—followed by data transmission. Next, we validate the security properties of these combined protocols, using different AVISPA back-ends. AVISPA reports the models we have developed free from attacks. However, by analyzing the key distribution sub-protocol, we find one threat of a potential DoS attack that we have demonstrated by modeling in AVISPA. Finally, we propose a modification, and AVISPA reports this modified version free from the potential DoS attack.

  5. Securing statically-verified communications protocols against timing attacks

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Gilmore, Stephen; Hillston, Jane

    2004-01-01

    We present a federated analysis of communication protocols which considers both security properties and timing. These are not entirely independent observations of a protocol; by using timing observations of an executing protocol it is possible to deduce derived information about the nature...... of the communication even in the presence of unbreakable encryption. Our analysis is based on expressing the protocol as a process algebra model and deriving from this process models analysable by the Imperial PEPA Compiler and the LySatool....

  6. A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation

    Directory of Open Access Journals (Sweden)

    Triana Mugia Rahayu

    2015-06-01

    Full Text Available The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both.

  7. Database communication protocol analyses and security detection

    International Nuclear Information System (INIS)

    Luo Qun; Liu Qiushi

    2003-01-01

    In this paper we introduced the analysis of TDS protocol in the communication application between Client and Server about SYBASE and MICROSOFT SQL SERVER and do some test for some bugs existed in the protocol. (authors)

  8. A Calculus for Control Flow Analysis of Security Protocols

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Nielson, Hanne Riis; Nielson, Flemming

    2004-01-01

    The design of a process calculus for anaysing security protocols is governed by three factors: how to express the security protocol in a precise and faithful manner, how to accommodate the variety of attack scenarios, and how to utilise the strengths (and limit the weaknesses) of the underlying...... analysis methodology. We pursue an analysis methodology based on control flow analysis in flow logic style and we have previously shown its ability to analyse a variety of security protocols. This paper develops a calculus, LysaNS that allows for much greater control and clarity in the description...

  9. Design and Implementation of a Secure Modbus Protocol

    Science.gov (United States)

    Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

    The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

  10. Bidirectional Quantum Secure Direct Communication Network Protocol with Hyperentanglement

    International Nuclear Information System (INIS)

    Gu Bin; Chen Yulin; Huang Yugai; Fang Xia

    2011-01-01

    We propose a bidirectional quantum secure direct communication (QSDC) network protocol with the hyperentanglment in both the spatial-mode ad the polarization degrees of freedom of photon pairs which can in principle be produced with a beta barium borate crystal. The secret message can be encoded on the photon pairs with unitary operations in these two degrees of freedom independently. Compared with other QSDC network protocols, our QSDC network protocol has a higher capacity as each photon pair can carry 4 bits of information. Also, we discuss the security of our QSDC network protocol and its feasibility with current techniques. (general)

  11. A Secure and Efficient Handover Authentication Protocol for Wireless Networks

    Directory of Open Access Journals (Sweden)

    Weijia Wang

    2014-06-01

    Full Text Available Handover authentication protocol is a promising access control technology in the fields of WLANs and mobile wireless sensor networks. In this paper, we firstly review an effcient handover authentication protocol, named PairHand, and its existing security attacks and improvements. Then, we present an improved key recovery attack by using the linearly combining method and reanalyze its feasibility on the improved PairHand protocol. Finally, we present a new handover authentication protocol, which not only achieves the same desirable effciency features of PairHand, but enjoys the provable security in the random oracle model.

  12. A New Secure Pairing Protocol using Biometrics

    NARCIS (Netherlands)

    Buhan, I.R.

    2008-01-01

    Secure Pairing enables two devices, which share no prior context with each other, to agree upon a security association that they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping or to a

  13. Efficient and secure authentication protocol for roaming user in ...

    Indian Academy of Sciences (India)

    BALU L PARNE

    2018-05-29

    May 29, 2018 ... 1 Department of Computer Science and Engineering, Visvesvaraya National Institute of Technology (VNIT), ... proposed protocol is presented by BAN logic and the security ..... with session key Sk of the HLR to protect from.

  14. Security Threats on Wireless Sensor Network Protocols

    OpenAIRE

    H. Gorine; M. Ramadan Elmezughi

    2016-01-01

    In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issue...

  15. Analysing Password Protocol Security Against Off-line Dictionary Attacks

    NARCIS (Netherlands)

    Corin, R.J.; Doumen, J.M.; Etalle, Sandro; Busi, Nadia; Gorrieri, Roberto; Martinelli, Fabio

    We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We

  16. Secure Protocol for “Host — NFC Reader” Communication

    Directory of Open Access Journals (Sweden)

    A. O. Menshenin

    2012-06-01

    Full Text Available The paper presents a secure protocol for communication between host and NFC reader. The protocol protection scheme uses symmetric cipher with cyclic session key generation and provides confidentiality, integrity, end parties authentication and resistance to replay attacks. Deployment scenario in a typical electronic payment system is also presented.

  17. RSRP: A Robust Secure Routing Protocol in MANET

    Directory of Open Access Journals (Sweden)

    Sinha Ditipriya

    2014-05-01

    Full Text Available In this paper, we propose a novel algorithm RSRP to build a robust secure routing protocol in mobile ad-hoc networks (MANETs. This algorithm is based on some basic schemes such as RSA_CRT for encryption and decryption of messages; CRT for safety key generation, Shamir’s secret sharing principle for generation of secure routes. Those routes which are free from any malicious node and which belong to the set of disjoint routes between a source-destination pair are considered as probable routes. Shamir’s secret sharing principle is applied on those probable routes to obtain secure routes. Finally, most trustworthy and stable route is selected among those secure routes. Selection of the final route depends on some criteria of the nodes present in a route e.g.: battery power, mobility and trust value. In addition, complexity of key generation is reduced to a large extent by using RSA-CRT instead of RSA. In turn, the routing becomes less expensive and most secure and robust one. Performance of this routing protocol is then compared with non-secure routing protocols (AODV and DSR, secure routing scheme using secret sharing, security routing protocol using ZRP and SEAD depending on basic characteristics of these protocols. All such comparisons show that RSRP shows better performance in terms of computational cost, end-to-end delay and packet dropping in presence of malicious nodes in the MANET, keeping the overhead in terms of control packets same as other secure routing protocols.

  18. A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography

    Science.gov (United States)

    Chen, Tien-Ho; Yeh, Hsiu-Lien; Liu, Pin-Chuan; Hsiang, Han-Chen; Shih, Wei-Kuan

    Session initiation protocol (SIP) is a technology regularly performed in Internet Telephony, and Hyper Text Transport Protocol (HTTP) as digest authentication is one of the major methods for SIP authentication mechanism. In 2005, Yang et al. pointed out that HTTP could not resist server spoofing attack and off-line guessing attack and proposed a secret authentication with Diffie-Hellman concept. In 2009, Tsai proposed a nonce based authentication protocol for SIP. In this paper, we demonstrate that their protocol could not resist the password guessing attack and insider attack. Furthermore, we propose an ECC-based authentication mechanism to solve their issues and present security analysis of our protocol to show that ours is suitable for applications with higher security requirement.

  19. Sessions and Separability in Security Protocols

    DEFF Research Database (Denmark)

    Carbone, Marco; Guttman, Joshua

    2013-01-01

    Despite much work on sessions and session types in non- adversarial contexts, session-like behavior given an active adversary has not received an adequate definition and proof methods. We provide a syntactic property that guarantees that a protocol has session-respecting executions. Any uncomprom......Despite much work on sessions and session types in non- adversarial contexts, session-like behavior given an active adversary has not received an adequate definition and proof methods. We provide a syntactic property that guarantees that a protocol has session-respecting executions. Any...

  20. Toward Synthesis, Analysis, and Certification of Security Protocols

    Science.gov (United States)

    Schumann, Johann

    2004-01-01

    Implemented security protocols are basically pieces of software which are used to (a) authenticate the other communication partners, (b) establish a secure communication channel between them (using insecure communication media), and (c) transfer data between the communication partners in such a way that these data only available to the desired receiver, but not to anyone else. Such an implementation usually consists of the following components: the protocol-engine, which controls in which sequence the messages of the protocol are sent over the network, and which controls the assembly/disassembly and processing (e.g., decryption) of the data. the cryptographic routines to actually encrypt or decrypt the data (using given keys), and t,he interface to the operating system and to the application. For a correct working of such a security protocol, all of these components must work flawlessly. Many formal-methods based techniques for the analysis of a security protocols have been developed. They range from using specific logics (e.g.: BAN-logic [4], or higher order logics [12] to model checking [2] approaches. In each approach, the analysis tries to prove that no (or at least not a modeled intruder) can get access to secret data. Otherwise, a scenario illustrating the &tack may be produced. Despite the seeming simplicity of security protocols ("only" a few messages are sent between the protocol partners in order to ensure a secure communication), many flaws have been detected. Unfortunately, even a perfect protocol engine does not guarantee flawless working of a security protocol, as incidents show. Many break-ins and security vulnerabilities are caused by exploiting errors in the implementation of the protocol engine or the underlying operating system. Attacks using buffer-overflows are a very common class of such attacks. Errors in the implementation of exception or error handling can open up additional vulnerabilities. For example, on a website with a log-in screen

  1. Domain Name Server Security (DNSSEC) Protocol Deployment

    Science.gov (United States)

    2014-10-01

    Platform How IPv6 and DNSSEC Change the Intranets OARC Workshop San Francisco, March 2011 Materials available at: https://indico.dns-oarc.net...DNSSEC In Operation NIC .sn The Mensa project - Measuring DNS Health and Security How IPv6 and DNSSEC change the Intranets DNSSEC Update for DE...Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill Global IPv6 Summit, Taipei, Taiwan, November 2011 TWCERT/CC

  2. Security of the arbitrated quantum signature protocols revisited

    International Nuclear Information System (INIS)

    Kejia, Zhang; Dan, Li; Qi, Su

    2014-01-01

    Recently, much attention has been paid to the study of arbitrated quantum signature (AQS). Among these studies, the cryptanalysis of some AQS protocols and a series of improved ideas have been proposed. Compared with the previous analysis, we present a security criterion, which can judge whether an AQS protocol is able to prevent the receiver (i.e. one participant in the signature protocol) from forging a legal signature. According to our results, it can be seen that most AQS protocols which are based on the Zeng and Keitel (ZK) model are susceptible to a forgery attack. Furthermore, we present an improved idea of the ZK protocol. Finally, some supplement discussions and several interesting topics are provided. (paper)

  3. A Hybrid Analysis for Security Protocols with State

    Science.gov (United States)

    2014-07-16

    http://www.mitre.org/publications/ technical-papers/completeness-of-cpsa. [19] Simon Meier, Cas Cremers , and David Basin. Efficient construction of...7] Cas Cremers and Sjouke Mauw. Operational semantics and verification of security protocols. Springer, 2012. [8] Anupam Datta, Ante Derek, John C

  4. Invariant-based reasoning about parameterized security protocols

    NARCIS (Netherlands)

    Mooij, A.J.

    2010-01-01

    We explore the applicability of the programming method of Feijen and van Gasteren to the domain of security protocols. This method addresses the derivation of concurrent programs from a formal specification, and it is based on common notions like invariants and pre- and post-conditions. We show that

  5. Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols

    NARCIS (Netherlands)

    Pettorossi, Alberto; Delzanno, Giorgio; Etalle, Sandro

    2001-01-01

    We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder

  6. 3D Digital Legos for Teaching Security Protocols

    Science.gov (United States)

    Yu, Li; Harrison, L.; Lu, Aidong; Li, Zhiwei; Wang, Weichao

    2011-01-01

    We have designed and developed a 3D digital Lego system as an education tool for teaching security protocols effectively in Information Assurance courses (Lego is a trademark of the LEGO Group. Here, we use it only to represent the pieces of a construction set.). Our approach applies the pedagogical methods learned from toy construction sets by…

  7. On Adaptive vs. Non-adaptive Security of Multiparty Protocols

    DEFF Research Database (Denmark)

    Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

    2001-01-01

    highlights of our results are: – - According to the definition of Dodis-Micali-Rogaway (which is set in the information-theoretic model), adaptive and non-adaptive security are equivalent. This holds for both honest-but-curious and Byzantine adversaries, and for any number of parties. – - According......Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarialsettings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during...... the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some...

  8. Study on Cloud Security Based on Trust Spanning Tree Protocol

    Science.gov (United States)

    Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

    2015-09-01

    Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

  9. Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    B. Paramasivan

    2014-01-01

    Full Text Available Mobile ad hoc networks (MANETs are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  10. Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

    Science.gov (United States)

    Paramasivan, B; Kaliappan, M

    2014-01-01

    Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  11. A Secure Cluster-Based Multipath Routing Protocol for WMSNs

    Directory of Open Access Journals (Sweden)

    Jamal N. Al-Karaki

    2011-04-01

    Full Text Available The new characteristics of Wireless Multimedia Sensor Network (WMSN and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

  12. Secure Group Formation Protocol for a Medical Sensor Network Prototype

    DEFF Research Database (Denmark)

    Andersen, Jacob

    2009-01-01

    , and experience from user workshops and observations of clinicians at work on a hospital ward show that if the security mechanisms are not well designed, the technology is either rejected altogether, or they are circumvented leaving the system wide open to attacks. Our work targets the problem of designing......Designing security mechanisms such as privacy and access control for medical sensor networks is a challenging task; as such systems may be operated very frequently, at a quick pace, and at times in emergency situations. Understandably, clinicians hold extra unproductive tasks in low regard...... wireless sensors to be both secure and usable by exploring different solutions on a fully functional prototype platform. In this paper, we present an Elliptic Curve Cryptography (ECC) based protocol, which offers fully secure sensor set-up in a few seconds on standard (Telos) hardware. We evaluate...

  13. A Comparison of Internet Protocol (IPv6 Security Guidelines

    Directory of Open Access Journals (Sweden)

    Steffen Hermann

    2014-01-01

    Full Text Available The next generation of the Internet Protocol (IPv6 is currently about to be introduced in many organizations. However, its security features are still a very novel area of expertise for many practitioners. This study evaluates guidelines for secure deployment of IPv6, published by the U.S. NIST and the German federal agency BSI, for topicality, completeness and depth. The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey. Both guides turn out to be of practical value, but have a specific focus and are directed towards different audiences. Moreover, recommendations for possible improvements are presented. Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.

  14. On the security of an anonymous roaming protocol in UMTS mobile networks

    Directory of Open Access Journals (Sweden)

    Shuhua Wu

    2012-02-01

    Full Text Available In this communication, we first show that the privacy-preserving roaming protocol recently proposed for mobile networks cannot achieve the claimed security level. Then we suggest an improved protocol to remedy its security problems.

  15. A secure medical data exchange protocol based on cloud environment.

    Science.gov (United States)

    Chen, Chin-Ling; Yang, Tsai-Tung; Shih, Tzay-Farn

    2014-09-01

    In recent years, health care technologies already became matured such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concern issue. In spite of many literatures discussed about medical systems, but these literatures should face many security challenges. The most important issue is patients' privacy. Therefore, we propose a secure medical data exchange protocol based on cloud environment. In our scheme, we use mobile device's characteristics, allowing peoples use medical resources on the cloud environment to seek medical advice conveniently.

  16. Secure Handshake in Wi-Fi Connection (A Secure and Enhanced Communication Protocol)

    OpenAIRE

    Ranbir Sinha; Nishant Behar; Devendra Singh

    2012-01-01

    This paper presents a concept of enhancing the security in wireless communication. A Computer Network is an interconnected group of autonomous computing nodes, which use a well-defined, mutually agreed set of rules and conventions known as protocols, interact with one-another meaningfully and allow resource sharing preferably in a predictable and controllable manner. Communication has a major impact on today’s business. It is desired to communicate data with high security. These days wireless...

  17. Secure Certificateless Authentication and Road Message Dissemination Protocol in VANETs

    Directory of Open Access Journals (Sweden)

    Haowen Tan

    2018-01-01

    Full Text Available As a crucial component of Internet-of-Thing (IoT, vehicular ad hoc networks (VANETs have attracted increasing attentions from both academia and industry fields in recent years. With the extensive VANETs deployment in transportation systems of more and more countries, drivers’ driving experience can be drastically improved. In this case, the real-time road information needs to be disseminated to the correlated vehicles. However, due to inherent wireless communicating characteristics of VANETs, authentication and group key management strategies are indispensable for security assurance. Furthermore, effective road message dissemination mechanism is of significance. In this paper, we address the above problems by developing a certificateless authentication and road message dissemination protocol. In our design, certificateless signature and the relevant feedback mechanism are adopted for authentication and group key distribution. Subsequently, message evaluating and ranking strategy is introduced. Security analysis shows that our protocol achieves desirable security properties. Additionally, performance analysis demonstrates that the proposed protocol is efficient compared with the state of the art.

  18. On the security of semi-device-independent QKD protocols

    Science.gov (United States)

    Chaturvedi, Anubhav; Ray, Maharshi; Veynar, Ryszard; Pawłowski, Marcin

    2018-06-01

    While fully device-independent security in (BB84-like) prepare-and-measure quantum key distribution (QKD) is impossible, it can be guaranteed against individual attacks in a semi-device-independent (SDI) scenario, wherein no assumptions are made on the characteristics of the hardware used except for an upper bound on the dimension of the communicated system. Studying security under such minimal assumptions is especially relevant in the context of the recent quantum hacking attacks wherein the eavesdroppers can not only construct the devices used by the communicating parties but are also able to remotely alter their behavior. In this work, we study the security of a SDIQKD protocol based on the prepare-and-measure quantum implementation of a well-known cryptographic primitive, the random access code (RAC). We consider imperfect detectors and establish the critical values of the security parameters (the observed success probability of the RAC and the detection efficiency) required for guaranteeing security against eavesdroppers with and without quantum memory. Furthermore, we suggest a minimal characterization of the preparation device in order to lower the requirements for establishing a secure key.

  19. Improved security detection strategy in quantum secure direct communication protocol based on four-particle Green-Horne-Zeilinger state

    Energy Technology Data Exchange (ETDEWEB)

    Li, Jian; Nie, Jin-Rui; Li, Rui-Fan [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Jing, Bo [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Beijing Institute of Applied Meteorology, Beijing (China). Dept. of Computer Science

    2012-06-15

    To enhance the efficiency of eavesdropping detection in the quantum secure direct communication protocol, an improved quantum secure direct communication protocol based on a four-particle Green-Horne-Zeilinger (GHZ) state is presented. In the protocol, the four-particle GHZ state is used to detect eavesdroppers, and quantum dense coding is used to encode the message. In the security analysis, the method of entropy theory is introduced, and two detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference that has been introduced. If the eavesdropper wants to obtain all the information, the detection rate of the quantum secure direct communication using an Einstein-Podolsky-Rosen (EPR) pair block will be 50% and the detection rate of the presented protocol will be 87%. At last, the security of the proposed protocol is discussed. The analysis results indicate that the protocol proposed is more secure than the others. (orig.)

  20. Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

    Science.gov (United States)

    2010-09-01

    motivated research in behavior grading systems [56]. Peer-to-peer eCommerce appli- cations such as eBay, Amazon, uBid, and Yahoo have performed research that...Security in Mobile Ad Hoc Networks”. IEEE Security & Privacy , 72–75, 2008. 15. Chakeres, ID and EM Belding-Royer. “AODV Routing Protocol Implementa...Detection System”. Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy , 240–250. 1992. 21. Devore, J.L. and N.R. Farnum

  1. Security Enhanced EMV-Based Mobile Payment Protocol

    Directory of Open Access Journals (Sweden)

    Ming-Hour Yang

    2014-01-01

    Full Text Available Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant’s reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer’s credits for risk control, and users can have online-equivalent credits in offline transactions.

  2. A new method for improving security in MANETs AODV Protocol

    Directory of Open Access Journals (Sweden)

    Zahra Alishahi

    2012-10-01

    Full Text Available In mobile ad hoc network (MANET, secure communication is more challenging task due to its fundamental characteristics like having less infrastructure, wireless link, distributed cooperation, dynamic topology, lack of association, resource constrained and physical vulnerability of node. In MANET, attacks can be broadly classified in two categories: routing attacks and data forwarding attacks. Any action not following rules of routing protocols belongs to routing attacks. The main objective of routing attacks is to disrupt normal functioning of network by advertising false routing updates. On the other hand, data forwarding attacks include actions such as modification or dropping data packet, which does not disrupt routing protocol. In this paper, we address the “Packet Drop Attack”, which is a serious threat to operational mobile ad hoc networks. The consequence of not forwarding other packets or dropping other packets prevents any kind of communication to be established in the network. Therefore, there is a need to address the packet dropping event takes higher priority for the mobile ad hoc networks to emerge and to operate, successfully. In this paper, we propose a method to secure ad hoc on-demand distance vector (AODV routing protocol. The proposed method provides security for routing packets where the malicious node acts as a black-hole and drops packets. In this method, the collaboration of a group of nodes is used to make accurate decisions. Validating received RREPs allows the source to select trusted path to its destination. The simulation results show that the proposed mechanism is able to detect any number of attackers.

  3. Security protocol specification and verification with AnBx

    DEFF Research Database (Denmark)

    Bugliesi, Michele; Calzavara, Stefano; Mödersheim, Sebastian Alexander

    2016-01-01

    Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose...... with a novel notion of forwarding channels, enforcing specific security guarantees from the message originator to the final recipient along a number of intermediate forwarding agents. We give a formal semantics of AnBx in terms of a state transition system expressed in the AVISPA Intermediate Format. We devise...

  4. E-mail security: mail clients must use encrypted protocols

    CERN Multimedia

    2006-01-01

    In the coming weeks, users of mail clients other than Outlook (e.g. Pine, Mozilla, Mac Mail, etc.) may receive an e-mail from Mail-service@cern.ch with instructions to update the security settings of their mail client. The aim of this campaign is to enforce the use of encrypted and authenticated mail protocols in order to prevent the propagation of viruses and protect passwords from theft. As a first step, from 6 June 2006 onwards, access to mail servers from outside CERN will require a securely configured mail client as described in the help page http://cern.ch/mmmservices/Help/?kbid=191040. On this page most users will also find tools that will update their mail client settings automatically. Note that Outlook clients and WebMail access are not affected. The Mail Team

  5. Improving the security of quantum protocols via commit-and-open

    NARCIS (Netherlands)

    I.B. Damgård (Ivan); S. Fehr (Serge); C. Luneman; L. Salvail (Louis); C. Schaffner (Christian)

    2009-01-01

    htmlabstractWe consider two-party quantum protocols starting with a transmission of some random BB84 qubits followed by classical messages. We show a general compiler improving the security of such protocols: if the original protocol is secure against an almost honest adversary, then the

  6. A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography.

    Science.gov (United States)

    Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Zhao, Jining

    2015-03-01

    Radio Frequency Identification(RFID) is an automatic identification technology, which can be widely used in healthcare environments to locate and track staff, equipment and patients. However, potential security and privacy problems in RFID system remain a challenge. In this paper, we design a mutual authentication protocol for RFID based on elliptic curve cryptography(ECC). We use pre-computing method within tag's communication, so that our protocol can get better efficiency. In terms of security, our protocol can achieve confidentiality, unforgeability, mutual authentication, tag's anonymity, availability and forward security. Our protocol also can overcome the weakness in the existing protocols. Therefore, our protocol is suitable for healthcare environments.

  7. A Forward-secure Grouping-proof Protocol for Multiple RFID Tags

    Directory of Open Access Journals (Sweden)

    Liu Ya-li

    2012-09-01

    Full Text Available Designing secure and robust grouping-proof protocols based on RFID characteristics becomes a hotspot in the research of security in Internet of Things (IOT. The proposed grouping-proof protocols recently have security and/or privacy omission and these schemes afford order-dependence by relaying message among tags through an RFID reader. In consequence, aiming at enhancing the robustness, improving scalability, reducing the computation costs on resource-constrained devices, and meanwhile combing Computational Intelligence (CI with Secure Multi-party Communication (SMC, a Forward-Secure Grouping-Proof Protocol (FSGP for multiple RFID tags based on Shamir's (, secret sharing is proposed. In comparison with the previous grouping-proof protocols, FSGP has the characteristics of forward-security and order-independence addressing the scalability issue by avoiding relaying message. Our protocol provides security enhancement, performance improvement, and meanwhile controls the computation cost, which equilibrates both security and low cost requirements for RFID tags.

  8. Simple algorithm for improved security in the FDDI protocol

    Science.gov (United States)

    Lundy, G. M.; Jones, Benjamin

    1993-02-01

    We propose a modification to the Fiber Distributed Data Interface (FDDI) protocol based on a simple algorithm which will improve confidential communication capability. This proposed modification provides a simple and reliable system which exploits some of the inherent security properties in a fiber optic ring network. This method differs from conventional methods in that end to end encryption can be facilitated at the media access control sublayer of the data link layer in the OSI network model. Our method is based on a variation of the bit stream cipher method. The transmitting station takes the intended confidential message and uses a simple modulo two addition operation against an initialization vector. The encrypted message is virtually unbreakable without the initialization vector. None of the stations on the ring will have access to both the encrypted message and the initialization vector except the transmitting and receiving stations. The generation of the initialization vector is unique for each confidential transmission and thus provides a unique approach to the key distribution problem. The FDDI protocol is of particular interest to the military in terms of LAN/MAN implementations. Both the Army and the Navy are considering the standard as the basis for future network systems. A simple and reliable security mechanism with the potential to support realtime communications is a necessary consideration in the implementation of these systems. The proposed method offers several advantages over traditional methods in terms of speed, reliability, and standardization.

  9. Security of Semi-Device-Independent Random Number Expansion Protocols.

    Science.gov (United States)

    Li, Dan-Dan; Wen, Qiao-Yan; Wang, Yu-Kun; Zhou, Yu-Qian; Gao, Fei

    2015-10-27

    Semi-device-independent random number expansion (SDI-RNE) protocols require some truly random numbers to generate fresh ones, with making no assumptions on the internal working of quantum devices except for the dimension of the Hilbert space. The generated randomness is certified by non-classical correlation in the prepare-and-measure test. Until now, the analytical relations between the amount of the generated randomness and the degree of non-classical correlation, which are crucial for evaluating the security of SDI-RNE protocols, are not clear under both the ideal condition and the practical one. In the paper, first, we give the analytical relation between the above two factors under the ideal condition. As well, we derive the analytical relation under the practical conditions, where devices' behavior is not independent and identical in each round and there exists deviation in estimating the non-classical behavior of devices. Furthermore, we choose a different randomness extractor (i.e., two-universal random function) and give the security proof.

  10. Privacy-Enhancing Security Protocol in LTE Initial Attack

    Directory of Open Access Journals (Sweden)

    Uijin Jang

    2014-12-01

    Full Text Available Long-Term Evolution (LTE is a fourth-generation mobile communication technology implemented throughout the world. It is the communication means of smartphones that send and receive all of the private date of individuals. M2M, IOT, etc., are the base technologies of mobile communication that will be used in the future cyber world. However, identification parameters, such as International Mobile Subscriber Identity (IMSI, Radio Network Temporary Identities (RNTI, etc., in the initial attach section for accessing the LTE network are presented with the vulnerability of being exposed as clear text. Such vulnerability does not end in a mere identification parameter, but can lead to a secondary attack using the identification parameter, such as replication of the smartphone, illegal use of the mobile communication network, etc. This paper proposes a security protocol to safely transmit identification parameters in different cases of the initial attach. The proposed security protocol solves the exposed vulnerability by encrypting the parameters in transmission. Using an OPNET simulator, it is shown that the average rate of delay and processing ratio are efficient in comparison to the existing process.

  11. The ultimate security bounds of quantum key distribution protocols

    International Nuclear Information System (INIS)

    Nikolopoulos, G.M.; Alber, G.

    2005-01-01

    Full text: Quantum key distribution (QKD) protocols exploit quantum correlations in order to establish a secure key between two legitimate users. Recent work on QKD has revealed a remarkable link between quantum and secret correlations. In this talk we report on recent results concerning the ultimate upper security bounds of various QKD schemes (i.e., the maximal disturbance up to which the two legitimate users share quantum correlations) under the assumption of general coherent attacks. In particular, we derive an analytic expression for the ultimate upper security bound of QKD schemes that use two mutually unbiased bases. As long as the two legitimate users focus on the sifted key and treat each pair of data independently during the post processing, our results are valid for arbitrary dimensions of the information carriers. The bound we have derived is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is also discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions, however, such equivalence is generally no longer valid. (author)

  12. Authentication Test-Based the RFID Authentication Protocol with Security Analysis

    Directory of Open Access Journals (Sweden)

    Minghui Wang

    2014-08-01

    Full Text Available To the problem of many recently proposed RFID authentication protocol was soon find security holes, we analyzed the main reason, which is that protocol design is not rigorous, and the correctness of the protocol cannot be guaranteed. To this end, authentication test method was adopted in the process of the formal analysis and strict proof to the proposed RFID protocol in this paper. Authentication Test is a new type of analysis and design method of security protocols based on Strand space model, and it can be used for most types of the security protocols. After analysis the security, the proposed protocol can meet the RFID security demand: information confidentiality, data integrity and identity authentication.

  13. A Secure Simplification of the PKMv2 Protocol in IEEE 802.16e-2005

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielsen, Christoffer Rosenkilde

    2007-01-01

    Static analysis is successfully used for automatically validating security properties of classical cryptographic protocols. In this paper, we shall employ the same technique to a modern security protocol for wireless networks, namely the latest version of the Privacy and Key Management protocol...... for IEEE 802.16e, PKMv2. This protocol seems to have an exaggerated mixture of security features. Thus, we iteratively investigate which components are necessary for upholding the security properties and which can be omitted safely. This approach is based on the LySa process calculus and employs...

  14. Secure and Efficient Protocol for Vehicular Ad Hoc Network with Privacy Preservation

    Directory of Open Access Journals (Sweden)

    Choi Hyoung-Kee

    2011-01-01

    Full Text Available Security is a fundamental issue for promising applications in a VANET. Designing a secure protocol for a VANET that accommodates efficiency, privacy, and traceability is difficult because of the contradictions between these qualities. In this paper, we present a secure yet efficient protocol for a VANET that satisfies these security requirements. Although much research has attempted to address similar issues, we contend that our proposed protocol outperforms other proposals that have been advanced. This claim is based on observations that show that the proposed protocol has such strengths as light computational load, efficient storage management, and dependability.

  15. Analysis of security protocols based on challenge-response

    Institute of Scientific and Technical Information of China (English)

    LUO JunZhou; YANG Ming

    2007-01-01

    Security protocol is specified as the procedure of challenge-response, which uses applied cryptography to confirm the existence of other principals and fulfill some data negotiation such as session keys. Most of the existing analysis methods,which either adopt theorem proving techniques such as state exploration or logic reasoning techniques such as authentication logic, face the conflicts between analysis power and operability. To solve the problem, a new efficient method is proposed that provides SSM semantics-based definition of secrecy and authentication goals and applies authentication logic as fundamental analysis techniques,in which secrecy analysis is split into two parts: Explicit-Information-Leakage and Implicit-Information-Leakage, and correspondence analysis is concluded as the analysis of the existence relationship of Strands and the agreement of Strand parameters. This new method owns both the power of the Strand Space Model and concision of authentication logic.

  16. Protocol and the post-human performativity of security techniques.

    Science.gov (United States)

    O'Grady, Nathaniel

    2016-07-01

    This article explores the deployment of exercises by the United Kingdom Fire and Rescue Service. Exercises stage, simulate and act out potential future emergencies and in so doing help the Fire and Rescue Service prepare for future emergencies. Specifically, exercises operate to assess and develop protocol; sets of guidelines which plan out the actions undertaken by the Fire and Rescue Service in responding to a fire. In the article I outline and assess the forms of knowledge and technologies, what I call the 'aesthetic forces', by which the exercise makes present and imagines future emergencies. By critically engaging with Karen Barad's notion of post-human performativity, I argue that exercises provide a site where such forces can entangle with one another; creating a bricolage through which future emergencies are evoked sensually and representatively, ultimately making it possible to experience emergencies in the present. This understanding of exercises allows also for critical appraisal of protocol both as phenomena that are produced through the enmeshing of different aesthetic forces and as devices which premise the operation of the security apparatus on contingency.

  17. A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

    Science.gov (United States)

    Amin, Ruhul; Biswas, G P

    2015-08-01

    Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

  18. Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

    Directory of Open Access Journals (Sweden)

    Jongho Moon

    2017-01-01

    Full Text Available Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

  19. Selection application for platforms and security protocols suitable for wireless sensor networks

    International Nuclear Information System (INIS)

    Moeller, S; Newe, T; Lochmann, S

    2009-01-01

    There is a great number of platforms and security protocols which can be used for wireless sensor networks (WSN). All these platforms and protocols have different properties with certain advantages and disadvantages. For a good choice of platform and an associated protocol, these advantages and disadvantages should be compared and the best for the appropriate WSN chosen. To select a Security protocol and a wireless platform suitable for a specific application a software tool will be developed. That tool will enable wireless network deployment engineers to easily select a suitable wireless platform for their application based on their network needs and application security requirements.

  20. Cryptanalysis and improvement of quantum secure communication network protocol with entangled photons for mobile communications

    International Nuclear Information System (INIS)

    Gao, Gan

    2014-01-01

    Recently, a communication protocol called controlled bidirectional quantum secret direct communication for mobile networks was proposed by Chou et al (2014 Mobile Netw. Appl. 19 121). We study the security of the proposed communication protocol and find that it is not secure. The controller, Telecom Company, may eavesdrop secret messages from mobile devices without being detected. Finally, we give a possible improvement of the communication protocol. (paper)

  1. A Protocol for Bidirectional Quantum Secure Communication Based on Genuine Four-Particle Entangled States

    International Nuclear Information System (INIS)

    Gao Gan; Wang Liping

    2010-01-01

    By swapping the entanglement of genuine four-particle entangled states, we propose a bidirectional quantum secure communication protocol. The biggest merit of this protocol is that the information leakage does not exist. In addition, the ideas of the 'two-step' transmission and the block transmission are employed in this protocol. In order to analyze the security of the second sequence transmission, decoy states are used. (general)

  2. Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

    Science.gov (United States)

    Amerimehr, Ali; Hadain Dehkordi, Massoud

    2018-03-01

    We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

  3. Asynchronous transfer mode and Local Area Network emulation standards, protocols, and security implications

    OpenAIRE

    Kirwin, John P.

    1999-01-01

    A complex networking technology called Asynchronous Transfer Mode (ATM) and a networking protocol called Local Area Network Emulation (LANE) are being integrated into many naval networks without any security-driven naval configuration guidelines. No single publication is available that describes security issues of data delivery and signaling relating to the transition of Ethernet to LANE and ATM. The thesis' focus is to provide: (1) an overview and security analysis of standardized protocols ...

  4. On the implementation of a deterministic secure coding protocol using polarization entangled photons

    OpenAIRE

    Ostermeyer, Martin; Walenta, Nino

    2007-01-01

    We demonstrate a prototype-implementation of deterministic information encoding for quantum key distribution (QKD) following the ping-pong coding protocol [K. Bostroem, T. Felbinger, Phys. Rev. Lett. 89 (2002) 187902-1]. Due to the deterministic nature of this protocol the need for post-processing the key is distinctly reduced compared to non-deterministic protocols. In the course of our implementation we analyze the practicability of the protocol and discuss some security aspects of informat...

  5. Re-examining the security of blind quantum signature protocols

    International Nuclear Information System (INIS)

    Wang Mingming; Chen Xiubo; Niu Xinxin; Yang Yixian

    2012-01-01

    Recently, blind quantum signature (BQS) protocols have been proposed with the help of a third-party verifier. However, our research shows that some of the BQS protocols are unable to complete the blind signature task fairly if the verifier is dishonest. Indeed, these protocols can be viewed as variants of the classical digital signature scheme of symmetric-key cryptography. If nobody is trusted in such protocols, digital signature cannot be implemented since disagreements cannot be solved fairly.

  6. Researches on the Security of Cluster-based Communication Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yanhong Sun

    2014-08-01

    Full Text Available Along with the in-depth application of sensor networks, the security issues have gradually become the bottleneck of wireless sensor applications. To provide a solution for security scheme is a common concern not only of researchers but also of providers, integrators and users of wireless sensor networks. Based on this demand, this paper focuses on the research of strengthening the security of cluster-based wireless sensor networks. Based on the systematic analysis of the clustering protocol and its security enhancement scheme, the paper introduces the broadcast authentication scheme, and proposes an SA-LEACH network security enhancement protocol. The performance analysis and simulation experiments prove that the protocol consumes less energy with the same security requirements, and when the base station is comparatively far from the network deployment area, it is more advantageous in terms of energy consumption and t more suitable for wireless sensor networks.

  7. Adaptive versus Non-Adaptive Security of Multi-Party Protocols

    DEFF Research Database (Denmark)

    Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

    2004-01-01

    Security analysis of multi-party cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting the adversary chooses who to corrupt during...... the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and nonadaptive security, according to two definitions and in several models of computation....

  8. A Protocol for Provably Secure Authentication of a Tiny Entity to a High Performance Computing One

    Directory of Open Access Journals (Sweden)

    Siniša Tomović

    2016-01-01

    Full Text Available The problem of developing authentication protocols dedicated to a specific scenario where an entity with limited computational capabilities should prove the identity to a computationally powerful Verifier is addressed. An authentication protocol suitable for the considered scenario which jointly employs the learning parity with noise (LPN problem and a paradigm of random selection is proposed. It is shown that the proposed protocol is secure against active attacking scenarios and so called GRS man-in-the-middle (MIM attacking scenarios. In comparison with the related previously reported authentication protocols the proposed one provides reduction of the implementation complexity and at least the same level of the cryptographic security.

  9. Security of modified Ping-Pong protocol in noisy and lossy channel.

    Science.gov (United States)

    Han, Yun-Guang; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Guo, Guang-Can; Han, Zheng-Fu

    2014-05-12

    The "Ping-Pong" (PP) protocol is a two-way quantum key protocol based on entanglement. In this protocol, Bob prepares one maximally entangled pair of qubits, and sends one qubit to Alice. Then, Alice performs some necessary operations on this qubit and sends it back to Bob. Although this protocol was proposed in 2002, its security in the noisy and lossy channel has not been proven. In this report, we add a simple and experimentally feasible modification to the original PP protocol, and prove the security of this modified PP protocol against collective attacks when the noisy and lossy channel is taken into account. Simulation results show that our protocol is practical.

  10. Multi-party quantum key agreement protocol secure against collusion attacks

    Science.gov (United States)

    Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

    2017-07-01

    The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

  11. Simple proof of the unconditional security of the Bennett 1992 quantum key distribution protocol

    International Nuclear Information System (INIS)

    Zhang Quan; Tang Chaojing

    2002-01-01

    It is generally accepted that quantum key distribution (QKD) could supply legitimate users with unconditional security during their communication. Quite a lot of satisfactory efforts have been achieved on experimentations with quantum cryptography. However, when the eavesdropper has extra-powerful computational ability, has access to a quantum computer, for example, and can carry into execution any eavesdropping measurement that is allowed by the laws of physics, the security against such attacks has not been widely studied and rigorously proved for most QKD protocols. Quite recently, Shor and Preskill proved concisely the unconditional security of the Bennett-Brassard 1984 (BB84) protocol. Their method is highly valued for its clarity of concept and concision of form. In order to take advantage of the Shor-Preskill technique in their proof of the unconditional security of the BB84 QKD protocol, we introduced in this paper a transformation that can translate the Bennett 1992 (B92) protocol into the BB84 protocol. By proving that the transformation leaks no more information to the eavesdropper, we proved the unconditional security of the B92 protocol. We also settled the problem proposed by Lo about how to prove the unconditional security of the B92 protocol with the Shor-Preskill method

  12. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    Science.gov (United States)

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  13. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.

    Science.gov (United States)

    Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

    2011-01-01

    User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.

  14. Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

    Directory of Open Access Journals (Sweden)

    Aamir Shahzad

    2015-07-01

    Full Text Available Information technology (IT security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods.

  15. Improving the security of the Hwang-Su protocol for mobile networks

    African Journals Online (AJOL)

    user

    Improving the security of the Hwang-Su protocol for mobile networks. Miloud Ait ... But, it is threatened by weak ... Wireless networks (IEEE standard 802.11 1996, Gast 2005) have allowed computer systems to exchange data without cable.

  16. Typing and compositionality for security protocols: A generalization to the geometric fragment

    DEFF Research Database (Denmark)

    Almousa, Omar; Mödersheim, Sebastian Alexander; Modesti, Paolo

    2015-01-01

    We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that any security protocol that fulfils a number of sufficient conditions has an attack if it has a well-typed attack. The second kind considers the parallel composition of pro...... of protocols, showing that when running two protocols in parallel allows for an attack, then at least one of the protocols has an attack in isolation. The most important generalization over previous work is the support for all security properties of the geometric fragment.......We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that any security protocol that fulfils a number of sufficient conditions has an attack if it has a well-typed attack. The second kind considers the parallel composition...

  17. Typing and Compositionality for Security Protocols: A Generalization to the Geometric Fragment (Extended Version)

    DEFF Research Database (Denmark)

    Almousa, Omar; Mödersheim, Sebastian Alexander; Modesti, Paolo

    We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that if any security protocol that fulfils a number of sufficient conditions has an attack then it has a well-typed attack. The second kind considers the parallel composition o...... of protocols, showing that when running two protocols in parallel allows for an attack, then at least one of the protocols has an attack in isolation. The most important generalization over previous work is the support for all security properties of the geometric fragment.......We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that if any security protocol that fulfils a number of sufficient conditions has an attack then it has a well-typed attack. The second kind considers the parallel composition...

  18. Security of a single-state semi-quantum key distribution protocol

    Science.gov (United States)

    Zhang, Wei; Qiu, Daowen; Mateus, Paulo

    2018-06-01

    Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

  19. A Secure Protocol Based on a Sedentary Agent for Mobile Agent Environments

    OpenAIRE

    Abdelmorhit E. Rhazi; Samuel Pierre; Hanifa Boucheneb

    2007-01-01

    The main challenge when deploying mobile agent environments pertains to security issues concerning mobile agents and their executive platform. This paper proposes a secure protocol which protects mobile agents against attacks from malicious hosts in these environments. Protection is based on the perfect cooperation of a sedentary agent running inside a trusted third host. Results show that the protocol detects several attacks, such as denial of service, incorrect execution and re-execution of...

  20. On the security of a novel key agreement protocol based on chaotic maps

    International Nuclear Information System (INIS)

    Xiang Tao; Wong, K.-W.; Liao Xiaofeng

    2009-01-01

    Recently, Xiao et al. proposed a novel key agreement protocol based on Chebyshev chaotic map. In this paper, the security of the protocol is analyzed, and two attack methods can be found in different scenarios. The essential principle of Xiao et al.'s scheme is summarized. It is also pointed out with proof that any attempt along this line to improve the security of Chebyshev map is redundant.

  1. A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem.

    Science.gov (United States)

    Zhao, Zhenguo

    2014-05-01

    With the fast advancement of the wireless communication technology and the widespread use of medical systems, the radio frequency identification (RFID) technology has been widely used in healthcare environments. As the first important protocol for ensuring secure communication in healthcare environment, the RFID authentication protocols derive more and more attentions. Most of RFID authentication protocols are based on hash function or symmetric cryptography. To get more security properties, elliptic curve cryptosystem (ECC) has been used in the design of RFID authentication protocol. Recently, Liao and Hsiao proposed a new RFID authentication protocol using ECC and claimed their protocol could withstand various attacks. In this paper, we will show that their protocol suffers from the key compromise problem, i.e. an adversary could get the private key stored in the tag. To enhance the security, we propose a new RFID authentication protocol using ECC. Detailed analysis shows the proposed protocol not only could overcome weaknesses in Liao and Hsiao's protocol but also has the same performance. Therefore, it is more suitable for healthcare environments.

  2. Final report for the protocol extensions for ATM Security Laboratory Directed Research and Development Project

    Energy Technology Data Exchange (ETDEWEB)

    Tarman, T.D.; Pierson, L.G.; Brenkosh, J.P. [and others

    1996-03-01

    This is the summary report for the Protocol Extensions for Asynchronous Transfer Mode project, funded under Sandia`s Laboratory Directed Research and Development program. During this one-year effort, techniques were examined for integrating security enhancements within standard ATM protocols, and mechanisms were developed to validate these techniques and to provide a basic set of ATM security assurances. Based on our experience during this project, recommendations were presented to the ATM Forum (a world-wide consortium of ATM product developers, service providers, and users) to assist with the development of security-related enhancements to their ATM specifications. As a result of this project, Sandia has taken a leading role in the formation of the ATM Forum`s Security Working Group, and has gained valuable alliances and leading-edge experience with emerging ATM security technologies and protocols.

  3. Security of modified Ping-Pong protocol in noisy and lossy channel

    OpenAIRE

    Han, Yun-Guang; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Guo, Guang-Can; Han, Zheng-Fu

    2014-01-01

    The “Ping-Pong” (PP) protocol is a two-way quantum key protocol based on entanglement. In this protocol, Bob prepares one maximally entangled pair of qubits, and sends one qubit to Alice. Then, Alice performs some necessary operations on this qubit and sends it back to Bob. Although this protocol was proposed in 2002, its security in the noisy and lossy channel has not been proven. In this report, we add a simple and experimentally feasible modification to the original PP protocol, and prove ...

  4. Cryptographic protocol security analysis based on bounded constructing algorithm

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    An efficient approach to analyzing cryptographic protocols is to develop automatic analysis tools based on formal methods. However, the approach has encountered the high computational complexity problem due to reasons that participants of protocols are arbitrary, their message structures are complex and their executions are concurrent. We propose an efficient automatic verifying algorithm for analyzing cryptographic protocols based on the Cryptographic Protocol Algebra (CPA) model proposed recently, in which algebraic techniques are used to simplify the description of cryptographic protocols and their executions. Redundant states generated in the analysis processes are much reduced by introducing a new algebraic technique called Universal Polynomial Equation and the algorithm can be used to verify the correctness of protocols in the infinite states space. We have implemented an efficient automatic analysis tool for cryptographic protocols, called ACT-SPA, based on this algorithm, and used the tool to check more than 20 cryptographic protocols. The analysis results show that this tool is more efficient, and an attack instance not offered previously is checked by using this tool.

  5. Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

    Science.gov (United States)

    Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

    2017-12-01

    Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

  6. Shor-Preskill-type security proof for concatenated Bennett-Brassard 1984 quantum-key-distribution protocol

    International Nuclear Information System (INIS)

    Hwang, Won-Young; Matsumoto, Keiji; Imai, Hiroshi; Kim, Jaewan; Lee, Hai-Woong

    2003-01-01

    We discuss a long code problem in the Bennett-Brassard 1984 (BB84) quantum-key-distribution protocol and describe how it can be overcome by concatenation of the protocol. Observing that concatenated modified Lo-Chau protocol finally reduces to the concatenated BB84 protocol, we give the unconditional security of the concatenated BB84 protocol

  7. Improving the security of the Hwang-Su protocol for mobile networks

    African Journals Online (AJOL)

    user

    Improving the security of the Hwang-Su protocol for mobile networks. Miloud Ait Hemad, My ... Furthermore, the wireless data channel is low data rate. These restrictions have an ..... Research in Security and Privacy. Wu T. Y. and Tsen Y. M., ...

  8. Can the use of the Leggett-Garg inequality enhance security of the BB84 protocol?

    Science.gov (United States)

    Shenoy H., Akshata; Aravinda, S.; Srikanth, R.; Home, Dipankar

    2017-08-01

    Prima facie, there are good reasons to answer in the negative the question posed in the title: the Bennett-Brassard 1984 (BB84) protocol is provably secure subject to the assumption of trusted devices, while the Leggett-Garg-type inequality (LGI) does not seem to be readily adaptable to the device independent (DI) or semi-DI scenario. Nevertheless, interestingly, here we identify a specific device attack, which has been shown to render the standard BB84 protocol completely insecure, but against which our formulated LGI-assisted BB84 protocol (based on an appropriate form of LGI) is secure.

  9. Network Based Intrusion Detection and Prevention Systems in IP-Level Security Protocols

    OpenAIRE

    R. Kabila

    2008-01-01

    IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture that takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension headers (AH&ESP), key exchange and authentication protocols. It is also working on l...

  10. Design and Analysis of Secure Routing Protocol for Wireless Sensor Networks

    Science.gov (United States)

    Wang, Jiong; Zhang, Hua

    2017-09-01

    In recent years, with the development of science and technology and the progress of the times, China's wireless network technology has become increasingly prosperous and it plays an important role in social production and life. In this context, in order to further to enhance the stability of wireless network data transmission and security enhancements, the staff need to focus on routing security and carry out related work. Based on this, this paper analyzes the design of wireless sensor based on secure routing protocol.

  11. An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

    Science.gov (United States)

    Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

    2018-03-01

    In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

  12. An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

    Science.gov (United States)

    Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

    2018-06-01

    In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

  13. Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

    Directory of Open Access Journals (Sweden)

    Younsung Choi

    2014-06-01

    Full Text Available Wireless sensor networks (WSNs consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC for WSNs. However, it turned out that Yeh et al.’s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.’s protocol. However, Shi et al.’s improvement introduces other security weaknesses. In this paper, we show that Shi et al.’s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

  14. Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

    Science.gov (United States)

    Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

    2014-06-10

    Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

  15. Security analysis of the “Ping–Pong” quantum communication protocol in the presence of collective-rotation noise

    International Nuclear Information System (INIS)

    Li, Jian; Li, Lingyun; Jin, Haifei; Li, Ruifan

    2013-01-01

    Environmental noise is inevitable in non-isolated systems. It is, therefore, necessary to analyze the security of the “Ping–Pong” protocol in a noisy environment. An excellent model for collective-rotation noise is introduced, and information theoretical methods are applied to analyze the security of this protocol. If noise level ε is lower than 11%, an eavesdropper can gain some, but not all, information freely without being detected. Otherwise, the protocol becomes insecure. We conclude that the use of ‘Ping–Pong’ protocol as a quantum secure direct communication (QSDC) protocol is quasi-secure, as declared by the original author when ε⩽11%.

  16. Security analysis of the “Ping–Pong” quantum communication protocol in the presence of collective-rotation noise

    Energy Technology Data Exchange (ETDEWEB)

    Li, Jian; Li, Lingyun, E-mail: lilingyun@bupt.edu.cn; Jin, Haifei; Li, Ruifan

    2013-11-22

    Environmental noise is inevitable in non-isolated systems. It is, therefore, necessary to analyze the security of the “Ping–Pong” protocol in a noisy environment. An excellent model for collective-rotation noise is introduced, and information theoretical methods are applied to analyze the security of this protocol. If noise level ε is lower than 11%, an eavesdropper can gain some, but not all, information freely without being detected. Otherwise, the protocol becomes insecure. We conclude that the use of ‘Ping–Pong’ protocol as a quantum secure direct communication (QSDC) protocol is quasi-secure, as declared by the original author when ε⩽11%.

  17. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2009-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4’s physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular we show that the End-to-End Application Key Establishment Protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

  18. A system architecture, processor, and communication protocol for secure implants

    NARCIS (Netherlands)

    C. Strydis (Christos); R.M. Seepers (Robert); P. Peris-Lopez (Pedro); D. Siskos (Dimitrios); I. Sourdis (Ioannis)

    2013-01-01

    textabstractSecure and energy-efficient communication between Implantable Medical Devices (IMDs) and authorized external users is attracting increasing attention these days. However, there currently exists no systematic approach to the problem, while solutions from neighboring fields, such as

  19. Improved Security Models & Protocols in Online Mobile Business Financial Transactions

    OpenAIRE

    Sreeramana Aithal

    2017-01-01

    Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

  20. A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

    Directory of Open Access Journals (Sweden)

    Naif Alsharabi

    2008-12-01

    Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

  1. A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

    Science.gov (United States)

    Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

    2008-01-01

    This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

  2. A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

    Science.gov (United States)

    Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

    2008-12-04

    This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

  3. Dual watermarking scheme for secure buyer-seller watermarking protocol

    Science.gov (United States)

    Mehra, Neelesh; Shandilya, Madhu

    2012-04-01

    A buyer-seller watermarking protocol utilize watermarking along with cryptography for copyright and copy protection for the seller and meanwhile it also preserve buyers rights for privacy. It enables a seller to successfully identify a malicious seller from a pirated copy, while preventing the seller from framing an innocent buyer and provide anonymity to buyer. Up to now many buyer-seller watermarking protocols have been proposed which utilize more and more cryptographic scheme to solve many common problems such as customer's rights, unbinding problem, buyer's anonymity problem and buyer's participation in the dispute resolution. But most of them are infeasible since the buyer may not have knowledge of cryptography. Another issue is the number of steps to complete the protocols are large, a buyer needs to interact with different parties many times in these protocols, which is very inconvenient for buyer. To overcome these drawbacks, in this paper we proposed dual watermarking scheme in encrypted domain. Since neither of watermark has been generated by buyer so a general layman buyer can use the protocol.

  4. Design and Research of a New secure Authentication Protocol in GSM networks

    Directory of Open Access Journals (Sweden)

    Qi Ai-qin

    2016-01-01

    Full Text Available As the first line of defense in the security application system, Authentication is an important security service. Its typical scheme is challenge/response mechanism and this scheme which is simple-structured and easy to realize has been used worldwide. But these protocols have many following problems In the GSM networks such as the leakage of user indentity privacy, no security protection between home registers and foreign registers and the vicious intruders’ information stealing and so on. This paper presents an authentication protocol in GSM networks based on maths operation and modular square root technique . The analysis of the security and performance has also been done. The results show that it is more robust and secure compared to the previous agreements.

  5. Security Protocol Verification and Optimization by Epistemic Model Checking

    Science.gov (United States)

    2010-11-05

    Three cryptographers are sitting down to dinner at their favourite restau- rant. Their waiter informs them that arrangements have been made with the...Unfortunately, the protocol cannot be expected to satisfy this: suppose that all agents manage to broadcast their mes- sage and all messages have the

  6. On the security of the Mobile IP protocol family

    NARCIS (Netherlands)

    Meyer, Ulrike; Tschofenig, Hannes; Karagiannis, Georgios; Devetsikiotis, M.; Michailidis, G.

    2007-01-01

    The Internet Engineering Task Force (IETF) has worked on network layer mobility for more than 10 years and a number of RFCs are available by now. Although the IETF mobility protocols are not present in the Internet infrastructure as of today, deployment seems to be imminent since a number of

  7. Formal Security Analysis of the MaCAN Protocol

    DEFF Research Database (Denmark)

    Bruni, Alessandro; Sojka, Michal; Nielson, Flemming

    2014-01-01

    analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus...

  8. Concrete Security for Entity Recognition: The Jane Doe Protocol

    DEFF Research Database (Denmark)

    Lucks, Stefan; Zenner, Erik; Weimerskirch, Andre

    2008-01-01

    Entity recognition does not ask whether the message is from some entity X, just whether a message is from the same entity as a previous message. This turns turns out to be very useful for low-end devices. The current paper proposes a new protocol – the “Jane Doe Protocol” –, and provides a formal...

  9. Performance Evaluation of Security Protocols Specified in LySa

    DEFF Research Database (Denmark)

    Bodei, Chiara; Curti, Michele; Degano, Pierpaolo

    2005-01-01

    We use a special operational semantics which drives us in inferring quantitative measures on system describing cryptographic protocols. The transitions of the system carry enhanced labels. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architectu...

  10. A Source Anonymity-Based Lightweight Secure AODV Protocol for Fog-Based MANET.

    Science.gov (United States)

    Fang, Weidong; Zhang, Wuxiong; Xiao, Jinchao; Yang, Yang; Chen, Wei

    2017-06-17

    Fog-based MANET (Mobile Ad hoc networks) is a novel paradigm of a mobile ad hoc network with the advantages of both mobility and fog computing. Meanwhile, as traditional routing protocol, ad hoc on-demand distance vector (AODV) routing protocol has been applied widely in fog-based MANET. Currently, how to improve the transmission performance and enhance security are the two major aspects in AODV's research field. However, the researches on joint energy efficiency and security seem to be seldom considered. In this paper, we propose a source anonymity-based lightweight secure AODV (SAL-SAODV) routing protocol to meet the above requirements. In SAL-SAODV protocol, source anonymous and secure transmitting schemes are proposed and applied. The scheme involves the following three parts: the source anonymity algorithm is employed to achieve the source node, without being tracked and located; the improved secure scheme based on the polynomial of CRC-4 is applied to substitute the RSA digital signature of SAODV and guarantee the data integrity, in addition to reducing the computation and energy consumption; the random delayed transmitting scheme (RDTM) is implemented to separate the check code and transmitted data, and achieve tamper-proof results. The simulation results show that the comprehensive performance of the proposed SAL-SAODV is a trade-off of the transmission performance, energy efficiency, and security, and better than AODV and SAODV.

  11. Efficient Security Mechanisms for the Border Gateway Routing Protocol

    Science.gov (United States)

    1997-08-22

    Finding Algorithm for Loop- Free Routing. IEEE/ACM Transactions on Networking, 5(1):148{160, Feb. 1997. [7] International Standards Organization. ISO/IEC...Jersey 07974, Feb. 1985. ftp://netlib.att.com/netlib/att/cs/ cstr /117.ps.Z. [16] S. L. Murphy. Presentation in Panel on \\Security Architecture for the

  12. Secure Group Formation Protocol for a Medical Sensor Network Prototype

    DEFF Research Database (Denmark)

    Andersen, Jacob

    2009-01-01

    , and experience from user workshops and observations of clinicians at work on a hospital ward show that if the security mechanisms are not well designed, the technology is either rejected altogether, or they are circumvented leaving the system wide open to attacks. Our work targets the problem of designing...

  13. Threats and trusted countermeasures using a security protocol in the ...

    African Journals Online (AJOL)

    Mobile Agent computing is a paradigm of distributed computing, that has generated considerable excitement in the research community. Despite that, it has not been translated into a significant number of real-world applications due to a new dimensionality of security problem it brings along with it. In this paper ...

  14. A two-step quantum secure direct communication protocol with hyperentanglement

    International Nuclear Information System (INIS)

    Gu Bin; Zhang Cheng-Yi; Huang Yu-Gai; Fang Xia

    2011-01-01

    We propose a two-step quantum secure direct communication (QSDC) protocol with hyperentanglement in both the spatial-mode and the polarization degrees of freedom of photon pairs which can in principle be produced with a beta barium borate crystal. The secret message can be encoded on the photon pairs with unitary operations in these two degrees of freedom independently. This QSDC protocol has a higher capacity than the original two-step QSDC protocol as each photon pair can carry 4 bits of information. Compared with the QSDC protocol based on hyperdense coding, this QSDC protocol has the immunity to Trojan horse attack strategies with the process for determining the number of the photons in each quantum signal as it is a one-way quantum communication protocol. (general)

  15. Optimal and secure measurement protocols for quantum sensor networks

    Science.gov (United States)

    Eldredge, Zachary; Foss-Feig, Michael; Gross, Jonathan A.; Rolston, S. L.; Gorshkov, Alexey V.

    2018-04-01

    Studies of quantum metrology have shown that the use of many-body entangled states can lead to an enhancement in sensitivity when compared with unentangled states. In this paper, we quantify the metrological advantage of entanglement in a setting where the measured quantity is a linear function of parameters individually coupled to each qubit. We first generalize the Heisenberg limit to the measurement of nonlocal observables in a quantum network, deriving a bound based on the multiparameter quantum Fisher information. We then propose measurement protocols that can make use of Greenberger-Horne-Zeilinger (GHZ) states or spin-squeezed states and show that in the case of GHZ states the protocol is optimal, i.e., it saturates our bound. We also identify nanoscale magnetic resonance imaging as a promising setting for this technology.

  16. Protocols development for security and privacy of radio frequency identification systems

    Science.gov (United States)

    Sabbagha, Fatin

    There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

  17. Upper bounds for the security of two distributed-phase reference protocols of quantum cryptography

    International Nuclear Information System (INIS)

    Branciard, Cyril; Gisin, Nicolas; Scarani, Valerio

    2008-01-01

    The differential-phase-shift (DPS) and the coherent-one-way (COW) are among the most practical protocols for quantum cryptography, and are therefore the object of fast-paced experimental developments. The assessment of their security is also a challenge for theorists: the existing tools, that allow to prove security against the most general attacks, do not apply to these two protocols in any straightforward way. We present new upper bounds for their security in the limit of large distances (d∼>50 km with typical values in optical fibers) by considering a large class of collective attacks, namely those in which the adversary attaches ancillary quantum systems to each pulse or to each pair of pulses. We introduce also two modified versions of the COW protocol, which may prove more robust than the original one

  18. Security of a practical semi-device-independent quantum key distribution protocol against collective attacks

    International Nuclear Information System (INIS)

    Wang Yang; Bao Wan-Su; Li Hong-Wei; Zhou Chun; Li Yuan

    2014-01-01

    Similar to device-independent quantum key distribution (DI-QKD), semi-device-independent quantum key distribution (SDI-QKD) provides secure key distribution without any assumptions about the internal workings of the QKD devices. The only assumption is that the dimension of the Hilbert space is bounded. But SDI-QKD can be implemented in a one-way prepare-and-measure configuration without entanglement compared with DI-QKD. We propose a practical SDI-QKD protocol with four preparation states and three measurement bases by considering the maximal violation of dimension witnesses and specific processes of a QKD protocol. Moreover, we prove the security of the SDI-QKD protocol against collective attacks based on the min-entropy and dimension witnesses. We also show a comparison of the secret key rate between the SDI-QKD protocol and the standard QKD. (general)

  19. A secure distributed logistic regression protocol for the detection of rare adverse drug events.

    Science.gov (United States)

    El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

    2013-05-01

    There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through

  20. Secure energy efficient routing protocol for wireless sensor network

    OpenAIRE

    Das Ayan Kumar; Chaki Rituparna; Dey Kashi Nath

    2016-01-01

    The ease of deployment of economic sensor networks has always been a boon to disaster management applications. However, their vulnerability to a number of security threats makes communication a challenging task. This paper proposes a new routing technique to prevent from both external threats and internal threats like hello flooding, eavesdropping and wormhole attack. In this approach one way hash chain is used to reduce the energy drainage. Level based event driven clustering also helps to s...

  1. Establishing rational networking using the DL04 quantum secure direct communication protocol

    Science.gov (United States)

    Qin, Huawang; Tang, Wallace K. S.; Tso, Raylin

    2018-06-01

    The first rational quantum secure direct communication scheme is proposed, in which we use the game theory with incomplete information to model the rational behavior of the participant, and give the strategy space and utility function. The rational participant can get his maximal utility when he performs the protocol faithfully, and then the Nash equilibrium of the protocol can be achieved. Compared to the traditional schemes, our scheme will be more practical in the presence of rational participant.

  2. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

    Science.gov (United States)

    2018-01-01

    Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. PMID:29702675

  3. Secure and Lightweight Cloud-Assisted Video Reporting Protocol over 5G-Enabled Vehicular Networks.

    Science.gov (United States)

    Nkenyereye, Lewis; Kwon, Joonho; Choi, Yoon-Ho

    2017-09-23

    In the vehicular networks, the real-time video reporting service is used to send the recorded videos in the vehicle to the cloud. However, when facilitating the real-time video reporting service in the vehicular networks, the usage of the fourth generation (4G) long term evolution (LTE) was proved to suffer from latency while the IEEE 802.11p standard does not offer sufficient scalability for a such congested environment. To overcome those drawbacks, the fifth-generation (5G)-enabled vehicular network is considered as a promising technology for empowering the real-time video reporting service. In this paper, we note that security and privacy related issues should also be carefully addressed to boost the early adoption of 5G-enabled vehicular networks. There exist a few research works for secure video reporting service in 5G-enabled vehicular networks. However, their usage is limited because of public key certificates and expensive pairing operations. Thus, we propose a secure and lightweight protocol for cloud-assisted video reporting service in 5G-enabled vehicular networks. Compared to the conventional public key certificates, the proposed protocol achieves entities' authorization through anonymous credential. Also, by using lightweight security primitives instead of expensive bilinear pairing operations, the proposed protocol minimizes the computational overhead. From the evaluation results, we show that the proposed protocol takes the smaller computation and communication time for the cryptographic primitives than that of the well-known Eiza-Ni-Shi protocol.

  4. BROSMAP: A Novel Broadcast Based Secure Mobile Agent Protocol for Distributed Service Applications

    Directory of Open Access Journals (Sweden)

    Dina Shehada

    2017-01-01

    Full Text Available Mobile agents are smart programs that migrate from one platform to another to perform the user task. Mobile agents offer flexibility and performance enhancements to systems and service real-time applications. However, security in mobile agent systems is a great concern. In this paper, we propose a novel Broadcast based Secure Mobile Agent Protocol (BROSMAP for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality. The proposed system also provides protection from man in the middle, replay, repudiation, and modification attacks. We proved the efficiency of the proposed protocol through formal verification with Scyther verification tool.

  5. An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

    Science.gov (United States)

    Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

    2018-01-01

    Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

  6. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks.

    Science.gov (United States)

    Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A; Al-Muhtadi, Jalal; Rodrigues, Joel J P C; Khalil, Mohammed Sayim; Ali Ahmed, Adel

    2016-03-31

    The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

  7. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks

    Science.gov (United States)

    Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A.; Al-Muhtadi, Jalal; Rodrigues, Joel J. P. C.; Khalil, Mohammed Sayim; Ali Ahmed, Adel

    2016-01-01

    The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks. PMID:27043572

  8. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

    Directory of Open Access Journals (Sweden)

    Aamir Shahzad

    2016-06-01

    Full Text Available Substantial changes have occurred in the Information Technology (IT sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

  9. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols.

    Science.gov (United States)

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-06-14

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

  10. Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol

    International Nuclear Information System (INIS)

    Hirota, Osamu

    2007-01-01

    There exists a great gap between one-time pad with perfect secrecy and conventional mathematical encryption. The Yuen 2000 (Y00) protocol or αη scheme may provide a protocol which covers from the conventional security to the ultimate one, depending on implementations. This paper presents the complexity-theoretic security analysis on some models of the Y00 protocol with nonlinear pseudo-random-number-generator and quantum noise diffusion mapping (QDM). Algebraic attacks and fast correlation attacks are applied with a model of the Y00 protocol with nonlinear filtering like the Toyocrypt stream cipher as the running key generator, and it is shown that these attacks in principle do not work on such models even when the mapping between running key and quantum state signal is fixed. In addition, a security property of the Y00 protocol with QDM is clarified. Consequently, we show that the Y00 protocol has a potential which cannot be realized by conventional cryptography and that it goes beyond mathematical encryption with physical encryption

  11. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

    Science.gov (United States)

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-01-01

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network. PMID:27314351

  12. Are wearable devices ready for HTTPS? Measuring the cost of secure communication protocols on wearable devices

    OpenAIRE

    Kolamunna, Harini; Chauhan, Jagmohan; Hu, Yining; Thilakarathna, Kanchana; Perino, Diego; Makaroff, Dwight; Seneviratne, Aruna

    2016-01-01

    The majority of available wearable devices require communication with Internet servers for data analysis and storage, and rely on a paired smartphone to enable secure communication. However, wearable devices are mostly equipped with WiFi network interfaces, enabling direct communication with the Internet. Secure communication protocols should then run on these wearables itself, yet it is not clear if they can be efficiently supported. In this paper, we show that wearable devices are ready for...

  13. Secure energy efficient routing protocol for wireless sensor network

    Directory of Open Access Journals (Sweden)

    Das Ayan Kumar

    2016-03-01

    Full Text Available The ease of deployment of economic sensor networks has always been a boon to disaster management applications. However, their vulnerability to a number of security threats makes communication a challenging task. This paper proposes a new routing technique to prevent from both external threats and internal threats like hello flooding, eavesdropping and wormhole attack. In this approach one way hash chain is used to reduce the energy drainage. Level based event driven clustering also helps to save energy. The simulation results show that the proposed scheme extends network lifetime even when the cluster based wireless sensor network is under attack.

  14. Improving the security of a quantum secret sharing protocol between multiparty and multiparty without entanglement

    International Nuclear Information System (INIS)

    Han Lianfang; Liu Yimin; Shi Shouhua; Zhang Zhanjun

    2007-01-01

    Recently Yan and Gao [F.L. Yan, T. Gao, Phys. Rev. A 72 (2005) 012304] have proposed a quantum secret sharing protocol which allows a secret message to be shared between one group of m parties and another group of n parties. The protocol is claimed to be secure. In this Letter, first we show that any subgroup consisting of evil cooperative parties (or one and only one evil party) can successfully cheat other parties to obtain the secret message without being detected. Then we improve the original Yan-Gao protocol such that the insider's cheats are prevented

  15. A Secure and Effective Anonymous Integrity Checking Protocol for Data Storage in Multicloud

    Directory of Open Access Journals (Sweden)

    Lingwei Song

    2015-01-01

    Full Text Available How to verify the integrity of outsourced data is an important problem in cloud storage. Most of previous work focuses on three aspects, which are providing data dynamics, public verifiability, and privacy against verifiers with the help of a third party auditor. In this paper, we propose an identity-based data storage and integrity verification protocol on untrusted cloud. And the proposed protocol can guarantee fair results without any third verifying auditor. The theoretical analysis and simulation results show that our protocols are secure and efficient.

  16. On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

  17. A Secure Network Coding-based Data Gathering Model and Its Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qian Xiao

    2012-09-01

    Full Text Available To provide security for data gathering based on network coding in wireless sensor networks (WSNs, a secure network coding-based data gathering model is proposed, and a data-privacy preserving and pollution preventing (DPPaamp;PP protocol using network coding is designed. DPPaamp;PP makes use of a new proposed pollution symbol selection and pollution (PSSP scheme based on a new obfuscation idea to pollute existing symbols. Analyses of DPPaamp;PP show that it not only requires low overhead on computation and communication, but also provides high security on resisting brute-force attacks.

  18. Toward protocols for quantum-ensured privacy and secure voting

    International Nuclear Information System (INIS)

    Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

    2011-01-01

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  19. Toward protocols for quantum-ensured privacy and secure voting

    Energy Technology Data Exchange (ETDEWEB)

    Bonanome, Marianna [Department of Applied Mathematics and Computer Science, New York City College of Technology, 300 Jay Street, Brooklyn, New York 11201 (United States); Buzek, Vladimir; Ziman, Mario [Research Center for Quantum Information, Slovak Academy of Sciences, Dubravska cesta 9, 845 11 Bratislava (Slovakia); Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno (Czech Republic); Hillery, Mark [Department of Physics, Hunter College of CUNY, 695 Park Avenue, New York, New York 10021 (United States)

    2011-08-15

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  20. An Improved Constraint-Based System for the Verification of Security Protocols

    NARCIS (Netherlands)

    Corin, R.J.; Etalle, Sandro

    We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov [30]. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect flaws associated to partial

  1. An Improved Constraint-based system for the verification of security protocols

    NARCIS (Netherlands)

    Corin, R.J.; Etalle, Sandro; Hermenegildo, Manuel V.; Puebla, German

    We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs

  2. Security analysis of standards-driven communication protocols for healthcare scenarios.

    Science.gov (United States)

    Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

    2012-12-01

    The importance of the Electronic Health Record (EHR), that stores all healthcare-related data belonging to a patient, has been recognised in recent years by governments, institutions and industry. Initiatives like the Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large scale projects have been set up for enabling healthcare professionals to handle patients' EHRs. The success of applications developed in these contexts crucially depends on ensuring such security properties as confidentiality, authentication, and authorization. In this paper, we first propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety. By means of a formal analysis carried out by using the specification language COWS and the model checker CMC, we reveal a security flaw in the protocol thus demonstrating that to simply adopt the international standards does not guarantee the absence of such type of flaws. We then propose how to emend the IHE specifications and modify the protocol accordingly. Finally, we show how to tailor our protocol for application to more critical scenarios with no assumptions on the communication channels. To demonstrate feasibility and effectiveness of our protocols we have fully implemented them.

  3. FuGeF: A Resource Bound Secure Forwarding Protocol for Wireless Sensor Networks.

    Science.gov (United States)

    Umar, Idris Abubakar; Mohd Hanapi, Zurina; Sali, A; Zulkarnain, Zuriati A

    2016-06-22

    Resource bound security solutions have facilitated the mitigation of spatio-temporal attacks by altering protocol semantics to provide minimal security while maintaining an acceptable level of performance. The Dynamic Window Secured Implicit Geographic Forwarding (DWSIGF) routing protocol for Wireless Sensor Network (WSN) has been proposed to achieve a minimal selection of malicious nodes by introducing a dynamic collection window period to the protocol's semantics. However, its selection scheme suffers substantial packet losses due to the utilization of a single distance based parameter for node selection. In this paper, we propose a Fuzzy-based Geographic Forwarding protocol (FuGeF) to minimize packet loss, while maintaining performance. The FuGeF utilizes a new form of dynamism and introduces three selection parameters: remaining energy, connectivity cost, and progressive distance, as well as a Fuzzy Logic System (FLS) for node selection. These introduced mechanisms ensure the appropriate selection of a non-malicious node. Extensive simulation experiments have been conducted to evaluate the performance of the proposed FuGeF protocol as compared to DWSIGF variants. The simulation results show that the proposed FuGeF outperforms the two DWSIGF variants (DWSIGF-P and DWSIGF-R) in terms of packet delivery.

  4. Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

    Science.gov (United States)

    Ivancic, William D.

    2009-01-01

    A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

  5. DICOM image secure communications with Internet protocols IPv6 and IPv4.

    Science.gov (United States)

    Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

    2007-01-01

    Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

  6. An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks

    Science.gov (United States)

    Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

    2013-01-01

    Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks. PMID:23710147

  7. Enhanced Secure Trusted AODV (ESTA Protocol to Mitigate Blackhole Attack in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Dilraj Singh

    2015-09-01

    Full Text Available The self-organizing nature of the Mobile Ad hoc Networks (MANETs provide a communication channel anywhere, anytime without any pre-existing network infrastructure. However, it is exposed to various vulnerabilities that may be exploited by the malicious nodes. One such malicious behavior is introduced by blackhole nodes, which can be easily introduced in the network and, in turn, such nodes try to crumble the working of the network by dropping the maximum data under transmission. In this paper, a new protocol is proposed which is based on the widely used Ad hoc On-Demand Distance Vector (AODV protocol, Enhanced Secure Trusted AODV (ESTA, which makes use of multiple paths along with use of trust and asymmetric cryptography to ensure data security. The results, based on NS-3 simulation, reveal that the proposed protocol is effectively able to counter the blackhole nodes in three different scenarios.

  8. Information-theoretic security proof for quantum-key-distribution protocols

    International Nuclear Information System (INIS)

    Renner, Renato; Gisin, Nicolas; Kraus, Barbara

    2005-01-01

    We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel

  9. Information-theoretic security proof for quantum-key-distribution protocols

    Science.gov (United States)

    Renner, Renato; Gisin, Nicolas; Kraus, Barbara

    2005-07-01

    We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel.

  10. [A security protocol for the exchange of personal medical data via Internet: monitoring treatment and drug effects].

    Science.gov (United States)

    Viviani, R; Fischer, J; Spitzer, M; Freudenmann, R W

    2004-04-01

    We present a security protocol for the exchange of medical data via the Internet, based on the type/domain model. We discuss two applications of the protocol: in a system for the exchange of data for quality assurance, and in an on-line database of adverse reactions to drug use. We state that a type/domain security protocol can successfully comply with the complex requirements for data privacy and accessibility typical of such applications.

  11. Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

    Science.gov (United States)

    Pathak, Rohit; Joshi, Satyadhar

    Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

  12. An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

    2014-01-01

    Recent developments in Multi-party Computation (MPC) has resulted in very efficient protocols for dishonest majority in the preprocessing model. In particular, two very promising protocols for Boolean circuits have been proposed by Nielsen et al. (nicknamed TinyOT) and by Damg˚ard and Zakarias...... suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...... of a large number of AES encryptions and find that it performs better than results reported so far on TinyOT, on the same hardware.p...

  13. Strong Authentication Protocol based on Java Crypto Chip as a Secure Element

    Directory of Open Access Journals (Sweden)

    Majid Mumtaz

    2016-10-01

    Full Text Available Smart electronic devices and gadgets and their applications are becoming more and more popular. Most of those devices and their applications handle personal, financial, medical and other sensitive data that require security and privacy protection. In this paper we describe one aspect of such protection – user authentication protocol based on the use of X.509 certificates. The system uses Public Key Infrastructure (PKI, challenge/response protocol, mobile proxy servers, and Java cards with crypto capabilities used as a Secure Element. Innovative design of the protocol, its implementation, and evaluation results are described. In addition to end-user authentication, the described solution also supports the use of X.509 certificates for additional security services – confidentiality, integrity, and non-repudiation of transactions and data in an open network environment. The system uses Application Programming Interfaces (APIs to access Java cards functions and credentials that can be used as add-ons to enhance any mobile application with security features and services.

  14. Modification of CAS-protocol for improvement of security web-applications from unauthorized access

    Directory of Open Access Journals (Sweden)

    Alexey I Igorevich Alexandrov

    2017-07-01

    Full Text Available Dissemination of information technologies and the expansion of their application demand constantly increasing security level for users, operating with confidential information and personal data. The problem of setting up secure user identification is probably one of the most common tasks, which occur in the process of software development. Today, despite the availability of a large amount of authentication tools, new solutions, mechanisms and technologies are being introduced regularly. Primarily, it is done to increase the security level of data protection against unauthorized access. This article describes the experience of using central user authentication service based on CAS-protocol (CAS – Central Authentication Service and free open source software, analyzing its main advantages and disadvantages and describing the possibility of its modification, which would increase security of web-based information systems from being accessed illegally. The article contains recommendations for setting a maximum time limit for users working on services, integrated with central authentication; and, analyses the research of implementing modern web-technologies while using user authentication system based on CAS-protocol. In addition, it describes the ways of CAS-server modernization for developing additional modules: a module for collecting and analyzing the use of information systems, and another one, for a user management system. Furthermore, CAS-protocol can be used at universities and other organizations for creating a unified information environment in education.

  15. Three-pass protocol scheme for bitmap image security by using vernam cipher algorithm

    Science.gov (United States)

    Rachmawati, D.; Budiman, M. A.; Aulya, L.

    2018-02-01

    Confidentiality, integrity, and efficiency are the crucial aspects of data security. Among the other digital data, image data is too prone to abuse of operation like duplication, modification, etc. There are some data security techniques, one of them is cryptography. The security of Vernam Cipher cryptography algorithm is very dependent on the key exchange process. If the key is leaked, security of this algorithm will collapse. Therefore, a method that minimizes key leakage during the exchange of messages is required. The method which is used, is known as Three-Pass Protocol. This protocol enables message delivery process without the key exchange. Therefore, the sending messages process can reach the receiver safely without fear of key leakage. The system is built by using Java programming language. The materials which are used for system testing are image in size 200×200 pixel, 300×300 pixel, 500×500 pixel, 800×800 pixel and 1000×1000 pixel. The result of experiments showed that Vernam Cipher algorithm in Three-Pass Protocol scheme could restore the original image.

  16. Performance Analysis of Secure and Private Billing Protocols for Smart Metering

    Directory of Open Access Journals (Sweden)

    Tom Eccles

    2017-11-01

    Full Text Available Traditional utility metering is to be replaced by smart metering. Smart metering enables fine-grained utility consumption measurements. These fine-grained measurements raise privacy concerns due to the lifestyle information which can be inferred from the precise time at which utilities were consumed. This paper outlines and compares two privacy-respecting time of use billing protocols for smart metering and investigates their performance on a variety of hardware. These protocols protect the privacy of customers by never transmitting the fine-grained utility readings outside of the customer’s home network. One protocol favors complexity on the trusted smart meter hardware while the other uses homomorphic commitments to offload computation to a third device. Both protocols are designed to operate on top of existing cryptographic secure channel protocols in place on smart meters. Proof of concept software implementations of these protocols have been written and their suitability for real world application to low-performance smart meter hardware is discussed. These protocols may also have application to other privacy conscious aggregation systems, such as electronic voting.

  17. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kashif Saleem

    2016-03-01

    Full Text Available The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP involves an artificial immune system (AIS that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2 and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

  18. Hardening CISCO Devices based on Cryptography and Security Protocols - Part One: Background Theory

    Directory of Open Access Journals (Sweden)

    Faisal Waheed

    2018-07-01

    Full Text Available Network Security is a vital part of any corporate and enterprise network. Network attacks greatly compromise not only the sensitive data of the consumers but also cause outages to these networks. Thus inadequately protected networks need to be “hardened”. The hardening of network devices refers to the hardware and software components, device operating system’s features, management controls, access-list restrictions, operational configurations and above all making sure that the data and credentials are not stored or transferred in ‘plaintext’ over the network. This article investigates the use of cryptography and network protocols based on encryption, to meet the need for essential security requirements. Use of non-secure protocols, underrating and misconfigurations of management protection are reasons behind network devices not properly being hardened; hence leaving vulnerabilities for the intruders. The gap identified after conducting intense search and review of past work is used as the foundation to present solutions. When performing cryptography techniques by encrypting packets using tunnelling and security protocols, management level credentials are encrypted. These include password encryption and exceptional analysis of the emulated IOS (Internetwork Operating System. Necessary testing is carried out to evaluate an acceptable level of protection of these devices. In a virtual testing environment, security flaws are found mainly in the emulated IOS. The discoveries does not depend on the hardware or chassis of a networking device. Since routers primarily rely on its Operating System (OS, attackers focus on manipulating the command line configuration before initiating an attack. Substantial work is devoted to implementation and testing of a router based on Cryptography and Security Protocols in the border router. This is deployed at the core layer and acts as the first point of entry of any trusted and untrusted traffic. A step

  19. Backup key generation model for one-time password security protocol

    Science.gov (United States)

    Jeyanthi, N.; Kundu, Sourav

    2017-11-01

    The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

  20. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    Science.gov (United States)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  1. Meta-Key: A Secure Data-Sharing Protocol under Blockchain-Based Decentralised Storage Architecture

    OpenAIRE

    Fu, Yue

    2017-01-01

    In this paper a secure data-sharing protocol under blockchain-based decentralised storage architecture is proposed, which fulfils users who need to share their encrypted data on-cloud. It implements a remote data-sharing mechanism that enables data owners to share their encrypted data to other users without revealing the original key. Nor do they have to download on-cloud data with re-encryption and re-uploading. Data security as well as efficiency are ensured by symmetric encryption, whose k...

  2. Design and Analysis of a secure multi-party communication protocol

    OpenAIRE

    Herberth, Klaus

    2016-01-01

    In the past years digital communication became an important aspect in every day life. Everything is shared and discussed in groups of friends, family or business part- ners without a proper way to protect that information. This master thesis introduces the first secure robust multi-party communication protocol which mimics a physical conversation with the help of a Diffie-Hellman key tree and social behaviours. Robust- ness against offline group members is reached by taking advantage of trans...

  3. Secure Protocol and IP Core for Configuration of Networking Hardware IPs in the Smart Grid

    Directory of Open Access Journals (Sweden)

    Marcelo Urbina

    2018-02-01

    Full Text Available Nowadays, the incorporation and constant evolution of communication networks in the electricity sector have given rise to the so-called Smart Grid, which is why it is necessary to have devices that are capable of managing new communication protocols, guaranteeing the strict requirements of processing required by the electricity sector. In this context, intelligent electronic devices (IEDs with network architectures are currently available to meet the communication, real-time processing and interoperability requirements of the Smart Grid. The new generation IEDs include an Field Programmable Gate Array (FPGA, to support specialized networking switching architectures for the electric sector, as the IEEE 1588-aware High-availability Seamless Redundancy/Parallel Redundancy Protocol (HSR/PRP. Another advantage to using an FPGA is the ability to update or reconfigure the design to support new requirements that are being raised to the standards (IEC 61850. The update of the architecture implemented in the FPGA can be done remotely, but it is necessary to establish a cyber security mechanism since the communication link generates vulnerability in the case the attacker gains physical access to the network. The research presented in this paper proposes a secure protocol and Intellectual Property (IP core for configuring and monitoring the networking IPs implemented in a Field Programmable Gate Array (FPGA. The FPGA based implementation proposed overcomes this issue using a light Layer-2 protocol fully implemented on hardware and protected by strong cryptographic algorithms (AES-GCM, defined in the IEC 61850-90-5 standard. The proposed secure protocol and IP core are applicable in any field where remote configuration over Ethernet is required for IP cores in FPGAs. In this paper, the proposal is validated in communications hardware for Smart Grids.

  4. A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

    Science.gov (United States)

    Bishop, Matt

    1991-01-01

    The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

  5. Delay-Tolerant, Low-Power Protocols for Large Security-Critical Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Claudio S. Malavenda

    2012-01-01

    Full Text Available This paper reports the analysis, implementation, and experimental testing of a delay-tolerant and energy-aware protocol for a wireless sensor node, oriented to security applications. The solution proposed takes advantages from different domains considering as a guideline the low power consumption and facing the problems of seamless and lossy connectivity offered by the wireless medium along with very limited resources offered by a wireless network node. The paper is organized as follows: first we give an overview on delay-tolerant wireless sensor networking (DTN; then we perform a simulation-based comparative analysis of state-of-the-art DTN approaches and illustrate the improvement offered by the proposed protocol; finally we present experimental data gathered from the implementation of the proposed protocol on a proprietary hardware node.

  6. A protocol for the secure two-party quantum scalar product

    Energy Technology Data Exchange (ETDEWEB)

    He, Li-Bao, E-mail: helibao@mail.ustc.edu.cn [National High Performance Computing Center, Department of Computer Science and Technology, USTC, Hefei 230027 (China); Suzhou Institute for Advanced Study, USTC, Suzhou 215123 (China); Huang, Liu-Sheng; Yang, Wei; Xu, Rui [National High Performance Computing Center, Department of Computer Science and Technology, USTC, Hefei 230027 (China); Suzhou Institute for Advanced Study, USTC, Suzhou 215123 (China)

    2012-03-19

    Secure scalar product serves as an important primitive for secure multi-party computation and has a wide application in different areas, such as statistical analysis, data mining, computational geometry, etc. How to collaboratively compute the correct scalar product result without leaking any participants' private information becomes the primary principle of designing secure scalar product schemes. In this Letter, we present a secure two-party quantum scalar product scheme via quantum entanglement and quantum measurement with the help of a non-colluding third party (TP). Furthermore, the scheme is proven to be secure under various kinds of outside attacks and participant attacks. -- Highlights: ► We extend the secure two-party scalar product to the quantum field. ► Our protocol is built upon quantum entanglement and quantum measurement. ► Communication cost is acceptable if the elements of participants' private vectors are not too sparse. ► Participants will leak no private information under the no-collusion model.

  7. Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment.

    Science.gov (United States)

    Das, Ashok Kumar; Wazid, Mohammad; Kumar, Neeraj; Khan, Muhammad Khurram; Choo, Kim-Kwang Raymond; Park, YoungHo

    2017-09-18

    Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly-accepted Real-Or-Random model, as well as using the popular formal security verification tool, known as the Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.

  8. A protocol for the secure two-party quantum scalar product

    International Nuclear Information System (INIS)

    He, Li-Bao; Huang, Liu-Sheng; Yang, Wei; Xu, Rui

    2012-01-01

    Secure scalar product serves as an important primitive for secure multi-party computation and has a wide application in different areas, such as statistical analysis, data mining, computational geometry, etc. How to collaboratively compute the correct scalar product result without leaking any participants' private information becomes the primary principle of designing secure scalar product schemes. In this Letter, we present a secure two-party quantum scalar product scheme via quantum entanglement and quantum measurement with the help of a non-colluding third party (TP). Furthermore, the scheme is proven to be secure under various kinds of outside attacks and participant attacks. -- Highlights: ► We extend the secure two-party scalar product to the quantum field. ► Our protocol is built upon quantum entanglement and quantum measurement. ► Communication cost is acceptable if the elements of participants' private vectors are not too sparse. ► Participants will leak no private information under the no-collusion model.

  9. Cyber Security in Industrial Control Systems and SCADA Applications: Modbus TCP Protocol Example

    Directory of Open Access Journals (Sweden)

    Erdal IRMAK

    2017-12-01

    Full Text Available Electrical energy generation, transmission and distribution systems are evaluated in terms of national security dimension and defined as critical infrastructures. Monitoring and controlling of these systems is provided by Industrial Control Systems (ICS or Supervisory Control and Data Acquisition (SCADA systems. According to the latest advances in communication and internet technology, ICS/SCADA systems have started to become integrated with these systems. As a result of this situation, current or existing vulnerabilities in information and communication technology affect to SCADA systems directly. Therefore, this paper focuses on the cyber security of ICS/SCADA systems. It has been proved that the lack of authentication detected in Modbus TCP protocol, one of the most used in ICS/SCADA systems, can be exploited. In order to solve this security issue, a software is developed using the Python programming language for blocking or mitigating the cyber attacks. The proposed solution is subjected to several tests and results show that the attacks can be prevented successfully. Thus, it is considered that the proposed work will contribute to the security of ICS/SCADA systems and the industrial protocols using for communicating these systems.

  10. A quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation

    International Nuclear Information System (INIS)

    Li Jian; Song Danjie; Guo Xiaojing; Jing Bo

    2012-01-01

    In order to transmit secure messages, a quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation is presented. The five-particle cluster state is used to detect eavesdroppers, and the classical XOR operation serving as a one-time-pad is used to ensure the security of the protocol. In the security analysis, the entropy theory method is introduced, and three detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference introduced. If the eavesdroppers intend to obtain all the information, the detection rate of the original ping-pong protocol is 50%; the second protocol, using two particles of the Einstein-Podolsky-Rosen pair as detection particles, is also 50%; while the presented protocol is 89%. Finally, the security of the proposed protocol is discussed, and the analysis results indicate that the protocol in this paper is more secure than the other two. (authors)

  11. Analysis of the End-by-Hop Protocol for Secure Aggregation in Sensor Networks

    DEFF Research Database (Denmark)

    Zenner, Erik

    In order to save bandwidth and thus battery power, sensor network measurements are sometimes aggregated en-route while being reported back to the querying server. Authentication of the measurements then becomes a challenge if message integrity is important for the application. At ESAS 2007, the End......-by-Hop protocol for securing in-network aggregation for sensor nodes was presented. The solution was claimed to be secure and efficient and to provide the possibility of trading off bandwidth against computation time on the server. In this paper, we disprove these claims. We describe several attacks against...... the proposed solution and point out shortcomings in the original complexity analysis. In particular, we show that the proposed solution is inferior to a naive solution without in-network aggregation both in security and in efficiency....

  12. SYMMETRIC ENCRYPTION USING PRE-SHARED PUBLIC PARAMETERS FOR A SECURE TFTP PROTOCOL

    Directory of Open Access Journals (Sweden)

    N. N. MOHAMED

    2017-01-01

    Full Text Available Advances in the communication technology of embedded systems have led to the situation where nowadays almost all systems should implement security for data safety. Trivial File Transfer Protocol (TFTP has advantages for use in embedded systems due to its speed and simplicity, however without security mechanisms, it is vulnerable to various attacks. As an example, during upgrading of Wireless Access Points (WAPs, attackers can access the information and modify it, and then install malicious code to interrupt the system. This work proposes security implementation of Diffie Hellman Key Exchange in TFTP by pre-sharing public parameters that enable two parties to achieve same secret key without the risk of Man-In-The-Middle (MITM attacks. The implementation is integrated with compression and encryption methods to significantly reduce computational requirements in TFTP communication.

  13. Correct mutual information, quantum bit error rate and secure transmission efficiency in Wojcik's eavesdropping scheme on ping-pong protocol

    OpenAIRE

    Zhang, Zhanjun

    2004-01-01

    Comment: The wrong mutual information, quantum bit error rate and secure transmission efficiency in Wojcik's eavesdropping scheme [PRL90(03)157901]on ping-pong protocol have been pointed out and corrected

  14. Quantum cryptography with finite resources: unconditional security bound for discrete-variable protocols with one-way postprocessing.

    Science.gov (United States)

    Scarani, Valerio; Renner, Renato

    2008-05-23

    We derive a bound for the security of quantum key distribution with finite resources under one-way postprocessing, based on a definition of security that is composable and has an operational meaning. While our proof relies on the assumption of collective attacks, unconditional security follows immediately for standard protocols such as Bennett-Brassard 1984 and six-states protocol. For single-qubit implementations of such protocols, we find that the secret key rate becomes positive when at least N approximately 10(5) signals are exchanged and processed. For any other discrete-variable protocol, unconditional security can be obtained using the exponential de Finetti theorem, but the additional overhead leads to very pessimistic estimates.

  15. An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6

    Directory of Open Access Journals (Sweden)

    Yiqin Lu

    2017-01-01

    Full Text Available The Neighbor Discovery Protocol (NDP is one of the main protocols in the Internet Protocol version 6 (IPv6 suite, and it provides many basic functions for the normal operation of IPv6 in a local area network (LAN, such as address autoconfiguration and address resolution. However, it has many vulnerabilities that can be used by malicious nodes to launch attacks, because the NDP messages are easily spoofed without protection. Surrounding this problem, many solutions have been proposed for securing NDP, but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes, which is inevitable in the traditional distributed networks. Nevertheless, Software-Defined Networking (SDN provides a new perspective to think about protecting NDP. In this paper, we proposed an SDN-based authentication mechanism to verify the identity of NDP packets transmitted in a LAN. Using the centralized control and programmability of SDN, it can effectively prevent the spoofing attacks and other derived attacks based on spoofing. In addition, this mechanism needs no additional protocol supporting or configuration at hosts and routers and does not introduce any dedicated devices.

  16. Formal Security-Proved Mobile Anonymous Authentication Protocols with Credit-Based Chargeability and Controllable Privacy

    Directory of Open Access Journals (Sweden)

    Chun-I Fan

    2016-06-01

    Full Text Available Smart mobile phones are widely popularized and advanced mobile communication services are provided increasingly often, such that ubiquitous computing environments will soon be a reality. However, there are many security threats to mobile networks and their impact on security is more serious than that in wireline networks owing to the features of wireless transmissions and the ubiquity property. The secret information which mobile users carry may be stolen by malicious entities. To guarantee the quality of advanced services, security and privacy would be important issues when users roam within various mobile networks. In this manuscript, an anonymous authentication scheme will be proposed to protect the security of the network system and the privacy of users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also each user’s identity is kept secret against anyone else, including the system. Although the system anonymously authenticates the users, it can still generate correct bills to charge these anonymous users via a credit-based solution instead of debit-based ones. Furthermore, our protocols also achieve fair privacy which allows the judge to revoke the anonymity and trace the illegal users when they have misused the anonymity property, for example, if they have committed crimes. Finally, in this paper, we also carry out complete theoretical proofs on each claimed security property.

  17. Modeling and Simulation of a Novel Relay Node Based Secure Routing Protocol Using Multiple Mobile Sink for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Madhumathy Perumal

    2015-01-01

    Full Text Available Data gathering and optimal path selection for wireless sensor networks (WSN using existing protocols result in collision. Increase in collision further increases the possibility of packet drop. Thus there is a necessity to eliminate collision during data aggregation. Increasing the efficiency is the need of the hour with maximum security. This paper is an effort to come up with a reliable and energy efficient WSN routing and secure protocol with minimum delay. This technique is named as relay node based secure routing protocol for multiple mobile sink (RSRPMS. This protocol finds the rendezvous point for optimal transmission of data using a “splitting tree” technique in tree-shaped network topology and then to determine all the subsequent positions of a sink the “Biased Random Walk” model is used. In case of an event, the sink gathers the data from all sources, when they are in the sensing range of rendezvous point. Otherwise relay node is selected from its neighbor to transfer packets from rendezvous point to sink. A symmetric key cryptography is used for secure transmission. The proposed relay node based secure routing protocol for multiple mobile sink (RSRPMS is experimented and simulation results are compared with Intelligent Agent-Based Routing (IAR protocol to prove that there is increase in the network lifetime compared with other routing protocols.

  18. Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols.

    Science.gov (United States)

    Sriram, Vinay K; Montgomery, Doug

    2017-07-01

    The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.

  19. Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

    Science.gov (United States)

    Pathak, Rohit; Joshi, Satyadhar

    With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP

  20. Improving Podcast Distribution on Gwanda using PrivHab: a Multiagent Secure Georouting Protocol.

    Directory of Open Access Journals (Sweden)

    Adrián SÁNCHEZ-CARMONA

    2015-12-01

    Full Text Available We present PrivHab, a multiagent secure georouting protocol that improves podcast distribution on Gwanda, Zimbabwe. PrivHab learns the whereabouts of the nodes of the network to select an itinerary for each agent carrying a piece of data. PrivHab makes use of cryptographic techniques to make the decisions while preserving nodes' privacy. PrivHab uses a waypoint-based georouting that achieves a high performance and low overhead in rugged terrain areas that are plenty of physical obstacles. The store-carry-and-forward approach used is based on mobile agents and is designed to operate in areas that lack network infrastructure. The PrivHab protocol is compared with a set of well-known delay-tolerant routing algorithms and shown to outperform them.

  1. Molecules for security measures: from keypad locks to advanced communication protocols.

    Science.gov (United States)

    Andréasson, J; Pischel, U

    2018-04-03

    The idea of using molecules in the context of information security has sparked the interest of researchers from many scientific disciplines. This is clearly manifested in the diversity of the molecular platforms and the analytical techniques used for this purpose, some of which we highlight in this Tutorial Review. Moreover, those molecular systems can be used to emulate a broad spectrum of security measures. For a long time, molecular keypad locks enjoyed a clear preference and the review starts off with a description of how these devices developed. In the last few years, however, the field has evolved into something larger. Examples include more complex authentication protocols (multi-factor authentication and one-time passwords), the recognition of erroneous procedures in data transmission (parity devices), as well as steganographic and cryptographic protection.

  2. Security bound of two-basis quantum-key-distribution protocols using qudits

    International Nuclear Information System (INIS)

    Nikolopoulos, Georgios M.; Alber, Gernot

    2005-01-01

    We investigate the security bounds of quantum-cryptographic protocols using d-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the Bennett-Brassard 1984 quantum-key-distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum-cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid

  3. Faithful deterministic secure quantum communication and authentication protocol based on hyperentanglement against collective noise

    International Nuclear Information System (INIS)

    Chang Yan; Zhang Shi-Bin; Yan Li-Li; Han Gui-Hua

    2015-01-01

    Higher channel capacity and security are difficult to reach in a noisy channel. The loss of photons and the distortion of the qubit state are caused by noise. To solve these problems, in our study, a hyperentangled Bell state is used to design faithful deterministic secure quantum communication and authentication protocol over collective-rotation and collective-dephasing noisy channel, which doubles the channel capacity compared with using an ordinary Bell state as a carrier; a logical hyperentangled Bell state immune to collective-rotation and collective-dephasing noise is constructed. The secret message is divided into several parts to transmit, however the identity strings of Alice and Bob are reused. Unitary operations are not used. (paper)

  4. Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

    Directory of Open Access Journals (Sweden)

    Zahid Mahmood

    2017-10-01

    Full Text Available Internet-of-Things (IoT include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS. Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

  5. FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

    Science.gov (United States)

    Sklavos, N.; Selimis, G.; Koufopavlou, O.

    2005-01-01

    The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given.

  6. A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

    Directory of Open Access Journals (Sweden)

    Chenyu Wang

    2018-01-01

    Full Text Available With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1 their description of the adversary’s abilities is inaccurate; (2 their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

  7. FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

    International Nuclear Information System (INIS)

    Sklavos, N; Selimis, G; Koufopavlou, O

    2005-01-01

    The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given

  8. Compact Extensible Authentication Protocol for the Internet of Things: Enabling Scalable and Efficient Security Commissioning

    Directory of Open Access Journals (Sweden)

    Marcin Piotr Pawlowski

    2015-01-01

    Full Text Available Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM with Extensible Authentication Protocol (EAP framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT.

  9. Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

    Science.gov (United States)

    Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

    2017-08-01

    We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

  10. On shaky ground - A study of security vulnerabilities in control protocols

    Energy Technology Data Exchange (ETDEWEB)

    Byres, E. J. [Wurldtech Research Inc., 7178 Lancrest Tr., Lantzville, BC V0R 2H0 (Canada); Huffman, D. [Wurldtech Analytics Inc., 208-1040 Hamilton St., Vancouver, BC V6B 2R9 (Canada); Kube, N. [Univ. of Victoria, Dept. of Computer Science, PO Box 3055 STN CSC, Victoria BC V8W 3P6 (Canada)

    2006-07-01

    The recent introduction of information technologies such as Ethernet R into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world. To help answer this question, a study was undertaken to test a representative control protocol to determine if it had vulnerabilities that could be exploited. A framework was created in which a test could express a large number of test cases in very compact formal language. This in turn, allowed for the economical automation of both the generation of selectively malformed protocol traffic and the measurement of device under test's (DUT) behavior in response to this traffic. Approximately 5000 protocol conformance tests were run against two major brands of industrial controller. More than 60 categories of errors were discovered, the majority of which were in the form of incorrect error responses to malformed traffic. Several malformed packets however, caused the device to respond or communicate in inappropriate ways. These would be relatively simple for an attacker to inject into a system and could result in the plant operator losing complete view or control of the control device. Based on this relatively small set of devices, we believe that the nuclear industry urgently needs to adopt better security robustness testing of control devices as standard practice. (authors)

  11. On shaky ground - A study of security vulnerabilities in control protocols

    International Nuclear Information System (INIS)

    Byres, E. J.; Huffman, D.; Kube, N.

    2006-01-01

    The recent introduction of information technologies such as Ethernet R into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world. To help answer this question, a study was undertaken to test a representative control protocol to determine if it had vulnerabilities that could be exploited. A framework was created in which a test could express a large number of test cases in very compact formal language. This in turn, allowed for the economical automation of both the generation of selectively malformed protocol traffic and the measurement of device under test's (DUT) behavior in response to this traffic. Approximately 5000 protocol conformance tests were run against two major brands of industrial controller. More than 60 categories of errors were discovered, the majority of which were in the form of incorrect error responses to malformed traffic. Several malformed packets however, caused the device to respond or communicate in inappropriate ways. These would be relatively simple for an attacker to inject into a system and could result in the plant operator losing complete view or control of the control device. Based on this relatively small set of devices, we believe that the nuclear industry urgently needs to adopt better security robustness testing of control devices as standard practice. (authors)

  12. Formalizing and proving a typing result for security protocols in Isabelle/HOL

    DEFF Research Database (Denmark)

    Hess, Andreas Viktor; Modersheim, Sebastian

    2017-01-01

    or the positive output of a verification tool. However several of these works have used a typed model, where the intruder is restricted to "well-typed" attacks. There also have been several works that show that this is actually not a restriction for a large class of protocols, but all these results so far...... are again pen-and-paper proofs. In this work we present a formalization of such a typing result in Isabelle/HOL. We formalize a constraint-based approach that is used in the proof argument of such typing results, and prove its soundness, completeness and termination. We then formalize and prove the typing...... result itself in Isabelle. Finally, to illustrate the real-world feasibility, we prove that the standard Transport Layer Security (TLS) handshake satisfies the main condition of the typing result....

  13. The Kyoto protocol - a victim of supply security? or: if Maslow were in energy politics

    Energy Technology Data Exchange (ETDEWEB)

    Frei, Christoph W. E-mail: christoph.frei@weforum.org

    2004-07-01

    History suggests that energy policy priorities can be stratified, similar to the way Maslow structured his famous pyramid of human needs. The essay below claims that access to energy, supply security, energy costs, environmental issues and social acceptance are not subject to trade-off, but to a hierarchy that underlies the importance of satisfying lower-order needs before addressing the higher-order needs. The essay demonstrates the hierarchy with an 'energy policy needs pyramid' based on historical evidence. The pyramid is used to analyze the viability of current items of the energy policy agenda. Conclusions indicate that the Kyoto protocol might be a victim of supply insecurity, that OPEC is good for the environment and that environmentalists should make the fight against energy poverty their first priority in order to achieve their overall goals.

  14. The Kyoto protocol - a victim of supply security? or: if Maslow were in energy politics

    International Nuclear Information System (INIS)

    Frei, Christoph W.

    2004-01-01

    History suggests that energy policy priorities can be stratified, similar to the way Maslow structured his famous pyramid of human needs. The essay below claims that access to energy, supply security, energy costs, environmental issues and social acceptance are not subject to trade-off, but to a hierarchy that underlies the importance of satisfying lower-order needs before addressing the higher-order needs. The essay demonstrates the hierarchy with an 'energy policy needs pyramid' based on historical evidence. The pyramid is used to analyze the viability of current items of the energy policy agenda. Conclusions indicate that the Kyoto protocol might be a victim of supply insecurity, that OPEC is good for the environment and that environmentalists should make the fight against energy poverty their first priority in order to achieve their overall goals

  15. Double C-NOT attack and counterattack on `Three-step semi-quantum secure direct communication protocol'

    Science.gov (United States)

    Gu, Jun; Lin, Po-hua; Hwang, Tzonelih

    2018-07-01

    Recently, Zou and Qiu (Sci China Phys Mech Astron 57:1696-1702, 2014) proposed a three-step semi-quantum secure direct communication protocol allowing a classical participant who does not have a quantum register to securely send his/her secret message to a quantum participant. However, this study points out that an eavesdropper can use the double C-NOT attack to obtain the secret message. To solve this problem, a modification is proposed.

  16. Wireless networking for the dental office: current wireless standards and security protocols.

    Science.gov (United States)

    Mupparapu, Muralidhar; Arora, Sarika

    2004-11-15

    Digital radiography has gained immense popularity in dentistry today in spite of the early difficulty for the profession to embrace the technology. The transition from film to digital has been happening at a faster pace in the fields of Orthodontics, Oral Surgery, Endodontics, Periodontics, and other specialties where the radiographic images (periapical, bitewing, panoramic, cephalometric, and skull radiographs) are being acquired digitally, stored within a server locally, and eventually accessed for diagnostic purposes, along with the rest of the patient data via the patient management software (PMS). A review of the literature shows the diagnostic performance of digital radiography is at least comparable to or even better than that of conventional radiography. Similarly, other digital diagnostic tools like caries detectors, cephalometric analysis software, and digital scanners were used for many years for the diagnosis and treatment planning purposes. The introduction of wireless charged-coupled device (CCD) sensors in early 2004 (Schick Technologies, Long Island City, NY) has moved digital radiography a step further into the wireless era. As with any emerging technology, there are concerns that should be looked into before adapting to the wireless environment. Foremost is the network security involved in the installation and usage of these wireless networks. This article deals with the existing standards and choices in wireless technologies that are available for implementation within a contemporary dental office. The network security protocols that protect the patient data and boost the efficiency of modern day dental clinics are enumerated.

  17. STFTP: Secure TFTP Protocol for Embedded Multi-Agent Systems Communication

    Directory of Open Access Journals (Sweden)

    ZAGAR, D.

    2013-05-01

    Full Text Available Today's embedded systems have evolved into multipurpose devices moving towards an embedded multi-agent system (MAS infrastructure. With the involvement of MAS in embedded systems, one remaining issues is establishing communication between agents in low computational power and low memory embedded systems without present Embedded Operating System (EOS. One solution is the extension of an outdated Trivial File Transfer Protocol (TFTP. The main advantage of using TFTP in embedded systems is the easy implementation. However, the problem at hand is the overall lack of security mechanisms in TFTP. This paper proposes an extension to the existing TFTP in a form of added security mechanisms: STFTP. The authentication is proposed using Digest Access Authentication process whereas the data encryption can be performed by various cryptographic algorithms. The proposal is experimentally tested using two embedded systems based on micro-controller architecture. Communication is analyzed for authentication, data rate and transfer time versus various data encryption ciphers and files sizes. STFTP results in an expected drop in performance, which is in the range of similar encryption algorithms. The system could be improved by using embedded systems of higher computational power or by the use of hardware encryption modules.

  18. Host based internet protocol (IP) packet analysis to enhance network security

    International Nuclear Information System (INIS)

    Ahmad, T.; Ahmad, S.Z.; Yasin, M.M.

    2007-01-01

    Data communication in a computer network environment is facing serious security threats from numerous sources such as viruses, worms, Zombies etc. These threats can be broadly characterized as internal or external security threats. Internal threats are mainly attributed to sneaker-nets, utility modems and unauthorized users, which can be minimized by skillful network administration, password management and optimum usage policy definition. The external threats need more serious attention as these attacks are mostly coming from public networks such as Internet. Frequency and complexity of such attacks is much higher as compared to internal attacks. This paper presents a host based network layer screening of external and internal IP packets for logging, analyzing and real-time detection of possible IP spoofing and Denial of Service attacks. This work can also be used in tuning security rules definition for gateway firewalls. Software has been developed which intercepts IP traffic and analyses it with respect to integrity and origin of I P packet. The received IP packets are parsed and analyzed for possible signs of intrusion. The results show that by watching and categorizing composition of various transport protocol such as TCP, UDP, ICMP and others along with verifying the origin of received IP packet can help in devising real-time firewall rule and blocking possible external attack. This is highly desirable for fighting against zero day attacks and can result in a better Mean Time between Failures (MTBF) to increase the survivability of computer network. Used in a right context, packet screening and filtering can be a useful tool for provision of reliable and stable network services. (author)

  19. GUI implementation of image encryption and decryption using Open CV-Python script on secured TFTP protocol

    Science.gov (United States)

    Reddy, K. Rasool; Rao, Ch. Madhava

    2018-04-01

    Currently safety is one of the primary concerns in the transmission of images due to increasing the use of images within the industrial applications. So it's necessary to secure the image facts from unauthorized individuals. There are various strategies are investigated to secure the facts. In that encryption is certainly one of maximum distinguished method. This paper gives a sophisticated Rijndael (AES) algorithm to shield the facts from unauthorized humans. Here Exponential Key Change (EKE) concept is also introduced to exchange the key between client and server. The things are exchange in a network among client and server through a simple protocol is known as Trivial File Transfer Protocol (TFTP). This protocol is used mainly in embedded servers to transfer the data and also provide protection to the data if protection capabilities are integrated. In this paper, implementing a GUI environment for image encryption and decryption. All these experiments carried out on Linux environment the usage of Open CV-Python script.

  20. Secure Border Gateway Protocol and the External Routing Intrusion Detection System

    National Research Council Canada - National Science Library

    Kent, Stephen

    2000-01-01

    .... The Secure BGP projects designed a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP...

  1. [Protocols of health security in the light of some examples of risk management].

    Science.gov (United States)

    Postel-Vinay, Nicolas; Coquin, Yves

    2005-11-30

    Throughout medical training, medical risk management is a subject that has been insufficiently addressed and treated without a global vision. Yet the different dangers often make the front page of a media that addresses the question of health security when there is a failure of the system or new legal developments. Added to this disequilibrium of communication and training is the great complexity of risk management. Not only is the nature of the potentially dangerous agents extraordinarily varied but also the entity that detects the risk is sometimes a stranger to the causes of its appearance. The surrounding regulations are themselves complex and dense. Using the examples that have arisen over the last 2 or 3 years, this article describes the current French protocols in risk management, that rely upon the agencies delivering their expertise, certain of which are endowed with the power of policing these regulations. In practice, the doctor should understand the role of these agencies, know how to find the validated information that they can provide, and understand his role in this picture. A role that is perceived as far away as long as the risk has not emerged, but is in the forefront once the event arises.

  2. RFID protocol design, optimization, and security for the Internet of Things

    CERN Document Server

    Liu, Alex X; Liu, Xiulong; Li, Keqiu

    2017-01-01

    This book covers the topic of RFID protocol design and optimization and the authors aim to demystify complicated RFID protocols and explain in depth the principles, techniques, and practices in designing and optimizing them.

  3. Denial of Service Attacks on 802.1X Security Protocol

    National Research Council Canada - National Science Library

    Ozan, Orhan

    2004-01-01

    ... infrastructure, such as military and administrative government LANs. The IEEE 802.11 wireless standard specifies both an authentication service and encryption protocol, but research has demonstrated that these protocols are severely flawed...

  4. Security analysis of the decoy method with the Bennett–Brassard 1984 protocol for finite key lengths

    International Nuclear Information System (INIS)

    Hayashi, Masahito; Nakayama, Ryota

    2014-01-01

    This paper provides a formula for the sacrifice bit-length for privacy amplification with the Bennett–Brassard 1984 protocol for finite key lengths, when we employ the decoy method. Using the formula, we can guarantee the security parameter for a realizable quantum key distribution system. The key generation rates with finite key lengths are numerically evaluated. The proposed method improves the existing key generation rate even in the asymptotic setting. (paper)

  5. A randomized controlled trial comparing Circle of Security Intervention and treatment as usual as interventions to increase attachment security in infants of mentally ill mothers: Study Protocol.

    Science.gov (United States)

    Ramsauer, Brigitte; Lotzin, Annett; Mühlhan, Christine; Romer, Georg; Nolte, Tobias; Fonagy, Peter; Powell, Bert

    2014-01-30

    Psychopathology in women after childbirth represents a significant risk factor for parenting and infant mental health. Regarding child development, these infants are at increased risk for developing unfavorable attachment strategies to their mothers and for subsequent behavioral, emotional and cognitive impairments throughout childhood. To date, the specific efficacy of an early attachment-based parenting group intervention under standard clinical outpatient conditions, and the moderators and mediators that promote attachment security in infants of mentally ill mothers, have been poorly evaluated. This randomized controlled clinical trial tests whether promoting attachment security in infancy with the Circle of Security (COS) Intervention will result in a higher rate of securely attached children compared to treatment as usual (TAU). Furthermore, we will determine whether the distributions of securely attached children are moderated or mediated by variations in maternal sensitivity, mentalizing, attachment representations, and psychopathology obtained at baseline and at follow-up. We plan to recruit 80 mother-infant dyads when infants are aged 4-9 months with 40 dyads being randomized to each treatment arm. Infants and mothers will be reassessed when the children are 16-18 months of age. Methodological aspects of the study are systematic recruitment and randomization, explicit inclusion and exclusion criteria, research assessors and coders blinded to treatment allocation, advanced statistical analysis, manualized treatment protocols and assessments of treatment adherence and integrity. The aim of this clinical trial is to determine whether there are specific effects of an attachment-based intervention that promotes attachment security in infants. Additionally, we anticipate being able to utilize data on maternal and child outcome measures to obtain preliminary indications about potential moderators of the intervention and inform hypotheses about which intervention

  6. to the Question of IPv6-protocol Logical Characteristics Properties Using in order to Increase of the Security Level of the Russian Federation National Information Technology Infrastructure

    Directory of Open Access Journals (Sweden)

    Dmitry Anatolevich Melnikov

    2014-02-01

    Full Text Available This paper proposes a method of IPv6-protocol logical characteristics using in order to increase the security level of the Russian Federation national information technology infrastructure and the global information society.

  7. PERFORMANCE ANALYSIS OF DISTINCT SECURED AUTHENTICATION PROTOCOLS USED IN THE RESOURCE CONSTRAINED PLATFORM

    Directory of Open Access Journals (Sweden)

    S. Prasanna

    2014-03-01

    Full Text Available Most of the e-commerce and m-commerce applications in the current e-business world, has adopted asymmetric key cryptography technique in their authentication protocol to provide an efficient authentication of the involved parties. This paper exhibits the performance analysis of distinct authentication protocol which implements the public key cryptography like RSA, ECC and HECC. The comparison is made based on key generation, sign generation and sign verification processes. The results prove that the performance achieved through HECC based authentication protocol is better than the ECC- and RSA based authentication protocols.

  8. An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System.

    Science.gov (United States)

    You, Ilsun; Kwon, Soonhyun; Choudhary, Gaurav; Sharma, Vishal; Seo, Jung Taek

    2018-06-08

    The Internet of Things (IoT) utilizes algorithms to facilitate intelligent applications across cities in the form of smart-urban projects. As the majority of devices in IoT are battery operated, their applications should be facilitated with a low-power communication setup. Such facility is possible through the Low-Power Wide-Area Network (LPWAN), but at a constrained bit rate. For long-range communication over LPWAN, several approaches and protocols are adopted. One such protocol is the Long-Range Wide Area Network (LoRaWAN), which is a media access layer protocol for long-range communication between the devices and the application servers via LPWAN gateways. However, LoRaWAN comes with fewer security features as a much-secured protocol consumes more battery because of the exorbitant computational overheads. The standard protocol fails to support end-to-end security and perfect forward secrecy while being vulnerable to the replay attack that makes LoRaWAN limited in supporting applications where security (especially end-to-end security) is important. Motivated by this, an enhanced LoRaWAN security protocol is proposed, which not only provides the basic functions of connectivity between the application server and the end device, but additionally averts these listed security issues. The proposed protocol is developed with two options, the Default Option (DO) and the Security-Enhanced Option (SEO). The protocol is validated through Burrows⁻Abadi⁻Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The proposed protocol is also analyzed for overheads through system-based and low-power device-based evaluations. Further, a case study on a smart factory-enabled parking system is considered for its practical application. The results, in terms of network latency with reliability fitting and signaling overheads, show paramount improvements and better performance for the proposed protocol compared with the two

  9. An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System

    Directory of Open Access Journals (Sweden)

    Ilsun You

    2018-06-01

    Full Text Available The Internet of Things (IoT utilizes algorithms to facilitate intelligent applications across cities in the form of smart-urban projects. As the majority of devices in IoT are battery operated, their applications should be facilitated with a low-power communication setup. Such facility is possible through the Low-Power Wide-Area Network (LPWAN, but at a constrained bit rate. For long-range communication over LPWAN, several approaches and protocols are adopted. One such protocol is the Long-Range Wide Area Network (LoRaWAN, which is a media access layer protocol for long-range communication between the devices and the application servers via LPWAN gateways. However, LoRaWAN comes with fewer security features as a much-secured protocol consumes more battery because of the exorbitant computational overheads. The standard protocol fails to support end-to-end security and perfect forward secrecy while being vulnerable to the replay attack that makes LoRaWAN limited in supporting applications where security (especially end-to-end security is important. Motivated by this, an enhanced LoRaWAN security protocol is proposed, which not only provides the basic functions of connectivity between the application server and the end device, but additionally averts these listed security issues. The proposed protocol is developed with two options, the Default Option (DO and the Security-Enhanced Option (SEO. The protocol is validated through Burrows–Abadi–Needham (BAN logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA tool. The proposed protocol is also analyzed for overheads through system-based and low-power device-based evaluations. Further, a case study on a smart factory-enabled parking system is considered for its practical application. The results, in terms of network latency with reliability fitting and signaling overheads, show paramount improvements and better performance for the proposed protocol compared with

  10. The Security Analysis of Two-Step Quantum Direct Communication Protocol in Collective-Rotation Noise Channel

    International Nuclear Information System (INIS)

    Li Jian; Sun Feng-Qi; Pan Ze-Shi; Nie Jin-Rui; Chen Yan-Hua; Yuan Kai-Guo

    2015-01-01

    To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein–Podolsky–Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003) 042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Q 0 (M : (Q 0 , 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ϵ is, the larger the error rate Q is. When the noise level ϵ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q < 0.153. Similarly, if error rate Q > 0.153 = Q 0 , eavesdropping information I > 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore. (paper)

  11. A Security plan for LMOs - concentrated on environmental policy of Biosafety Protocol

    Energy Technology Data Exchange (ETDEWEB)

    Park, Yong Ha [Korea Environment Institute, Seoul (Korea)

    1998-12-01

    Biotechnology industry in Korea is raised by the national support. Also, Korea imports 70% of entire agricultural products. Considering the present situation in Korea, signing a Biosafety Protocol is necessary to prevent harm by LMOs and to protect associated biotechnological industry. Therefore, the problems on signing Biosafety Protocol were analyzed and the environmental policy to be pursued was proposed. This study result will be a cornerstone to prepare a definite environmental policy by government. 54 refs., 7 figs., 27 tabs.

  12. Experimental Platform for Usability Testing of Secure Medical Sensor Network Protocols

    DEFF Research Database (Denmark)

    Andersen, Jacob; Lo, Benny P.; Yang, Guang-Zhong

    2008-01-01

    designed security mechanisms are essential. Several experimental sensor network platforms have emerged in recent years targeted for clinical use. However, few of them consider the importance of security issues such as privacy and access control, and how these can impact the usability of the platform, while......Implementing security mechanisms such as access control for clinical use is a challenging research issue in BSN due to its required heterogeneous operating responses ranging from chronic diseases management to emergency care. To ensure the clinical uptake of the BSN technology, appropriately...... others develop BSN security without considering how a prototype implementation would be received by clinicians in real-life situations. The purpose of this paper is to present our initial effort in building a flexible experimental platform for providing a basic infrastructure with symmetric AES...

  13. Robust quantum secure direct communication and authentication protocol against decoherence noise based on six-qubit DF state

    International Nuclear Information System (INIS)

    Chang Yan; Zhang Shi-Bin; Yan Li-Li; Han Gui-Hua

    2015-01-01

    By using six-qubit decoherence-free (DF) states as quantum carriers and decoy states, a robust quantum secure direct communication and authentication (QSDCA) protocol against decoherence noise is proposed. Four six-qubit DF states are used in the process of secret transmission, however only the |0′〉 state is prepared. The other three six-qubit DF states can be obtained by permuting the outputs of the setup for |0′〉. By using the |0′〉 state as the decoy state, the detection rate and the qubit error rate reach 81.3%, and they will not change with the noise level. The stability and security are much higher than those of the ping–pong protocol both in an ideal scenario and a decoherence noise scenario. Even if the eavesdropper measures several qubits, exploiting the coherent relationship between these qubits, she can gain one bit of secret information with probability 0.042. (paper)

  14. (In-)Secure messaging with the Silent Circle instant messaging protocol

    NARCIS (Netherlands)

    Verschoor, S.R.; Lange, T.

    2016-01-01

    Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to

  15. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2010-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4's physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist...

  16. Improving the security of the Hwang-Su protocol for mobile networks ...

    African Journals Online (AJOL)

    The mobile networks are experiencing a growing success. This success is mainly due to the fact that these networks providing the mobility of users, the transmission of data through open air and the requirement of low power. But, it is threatened by weak security, especially at the level of authentication. Hwang and Su have ...

  17. On privacy-preserving protocols for smart metering systems security and privacy in smart grids

    CERN Document Server

    Borges de Oliveira, Fábio

    2017-01-01

    This book presents current research in privacy-preserving protocols for smart grids. It contains several approaches and compares them analytically and by means of simulation. In particular, the book introduces asymmetric DC-Nets, which offer an ideal combination of performance and features in comparison with homomorphic encryption; data anonymization via cryptographic protocols; and data obfuscation by means of noise injection or by means of the installation of storage banks. The author shows that this theory can be leveraged into several application scenarios, and how asymmetric DC-Nets are generalizations of additive homomorphic encryption schemes and abstractions of symmetric DC-Nets. The book provides the reader with an understanding about smart grid scenarios, the privacy problem, and the mathematics and algorithms used to solve it.

  18. Dynamic Auditing Protocol for Efficient and Secure Data Storage in Cloud Computing

    OpenAIRE

    J. Noorul Ameen; J. Jamal Mohamed; N. Nilofer Begam

    2014-01-01

    Cloud computing, where the data has been stored on cloud servers and retrieved by users (data consumers) the data from cloud servers. However, there are some security challenges which are in need of independent auditing services to verify the data integrity and safety in the cloud. Until now a numerous methods has been developed for remote integrity checking whichever only serve for static archive data and cannot be implemented to the auditing service if the data in the cloud is being dynamic...

  19. Security Architecture and Protocol for Trust Verifications Regarding the Integrity of Files Stored in Cloud Services

    Directory of Open Access Journals (Sweden)

    Alexandre Pinheiro

    2018-03-01

    Full Text Available Cloud computing is considered an interesting paradigm due to its scalability, availability and virtually unlimited storage capacity. However, it is challenging to organize a cloud storage service (CSS that is safe from the client point-of-view and to implement this CSS in public clouds since it is not advisable to blindly consider this configuration as fully trustworthy. Ideally, owners of large amounts of data should trust their data to be in the cloud for a long period of time, without the burden of keeping copies of the original data, nor of accessing the whole content for verifications regarding data preservation. Due to these requirements, integrity, availability, privacy and trust are still challenging issues for the adoption of cloud storage services, especially when losing or leaking information can bring significant damage, be it legal or business-related. With such concerns in mind, this paper proposes an architecture for periodically monitoring both the information stored in the cloud and the service provider behavior. The architecture operates with a proposed protocol based on trust and encryption concepts to ensure cloud data integrity without compromising confidentiality and without overloading storage services. Extensive tests and simulations of the proposed architecture and protocol validate their functional behavior and performance.

  20. Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way

    Science.gov (United States)

    Cui, Yank; Kobara, Kazukuni; Matsuura, Kanta; Imai, Hideki

    As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

  1. Security Architecture and Protocol for Trust Verifications Regarding the Integrity of Files Stored in Cloud Services.

    Science.gov (United States)

    Pinheiro, Alexandre; Dias Canedo, Edna; de Sousa Junior, Rafael Timoteo; de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Kim, Tai-Hoon

    2018-03-02

    Cloud computing is considered an interesting paradigm due to its scalability, availability and virtually unlimited storage capacity. However, it is challenging to organize a cloud storage service (CSS) that is safe from the client point-of-view and to implement this CSS in public clouds since it is not advisable to blindly consider this configuration as fully trustworthy. Ideally, owners of large amounts of data should trust their data to be in the cloud for a long period of time, without the burden of keeping copies of the original data, nor of accessing the whole content for verifications regarding data preservation. Due to these requirements, integrity, availability, privacy and trust are still challenging issues for the adoption of cloud storage services, especially when losing or leaking information can bring significant damage, be it legal or business-related. With such concerns in mind, this paper proposes an architecture for periodically monitoring both the information stored in the cloud and the service provider behavior. The architecture operates with a proposed protocol based on trust and encryption concepts to ensure cloud data integrity without compromising confidentiality and without overloading storage services. Extensive tests and simulations of the proposed architecture and protocol validate their functional behavior and performance.

  2. Implementing voice over Internet protocol in mobile ad hoc network – analysing its features regarding efficiency, reliability and security

    Directory of Open Access Journals (Sweden)

    Naveed Ahmed Sheikh

    2014-05-01

    Full Text Available Providing secure and efficient real-time voice communication in mobile ad hoc network (MANET environment is a challenging problem. Voice over Internet protocol (VoIP has originally been developed over the past two decades for infrastructure-based networks. There are strict timing constraints for acceptable quality VoIP services, in addition to registration and discovery issues in VoIP end-points. In MANETs, ad hoc nature of networks and multi-hop wireless environment with significant packet loss and delays present formidable challenges to the implementation. Providing a secure real-time VoIP service on MANET is the main design objective of this paper. The authors have successfully developed a prototype system that establishes reliable and efficient VoIP communication and provides an extremely flexible method for voice communication in MANETs. The authors’ cooperative mesh-based MANET implementation can be used for rapidly deployable VoIP communication with survivable and efficient dynamic networking using open source software.

  3. A Secure ECC-based RFID Mutual Authentication Protocol to Enhance Patient Medication Safety.

    Science.gov (United States)

    Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Li, Fagen

    2016-01-01

    Patient medication safety is an important issue in patient medication systems. In order to prevent medication errors, integrating Radio Frequency Identification (RFID) technology into automated patient medication systems is required in hospitals. Based on RFID technology, such systems can provide medical evidence for patients' prescriptions and medicine doses, etc. Due to the mutual authentication between the medication server and the tag, RFID authentication scheme is the best choice for automated patient medication systems. In this paper, we present a RFID mutual authentication scheme based on elliptic curve cryptography (ECC) to enhance patient medication safety. Our scheme can achieve security requirements and overcome various attacks existing in other schemes. In addition, our scheme has better performance in terms of computational cost and communication overhead. Therefore, the proposed scheme is well suitable for patient medication systems.

  4. Non-proliferation of nuclear weapons and nuclear security. IAEA safeguards agreements and additional protocols

    International Nuclear Information System (INIS)

    Lodding, Jan; Kinley, David III

    2002-09-01

    One of the most urgent challenges facing the International Atomic Energy Agency (IAEA) is to strengthen the Agency's safeguards system for verification in order to increase the likelihood of detecting any clandestine nuclear weapons programme in breach of international obligations. The IAEA should be able to provide credible assurance not only about declared nuclear material in a State but also about the absence of undeclared material and activities. Realising the full potential of the strengthened system will require that all States bring into force their relevant safeguards agreements, as well as additional protocols thereto. Today, 45 years after the Agency's foundation, its verification mission is as relevant as ever. This is illustrated by the special challenges encountered with regard to verification in Iraq and North Korea in the past decade. Moreover, the horrifying events of 11 September 2001 demonstrated all too well the urgent need to strengthen worldwide control of nuclear and other radioactive material. The IAEA will continue to assist States in their efforts to counter the spread of nuclear weapons and to prevent, detect and respond to illegal uses of nuclear and radioactive material. Adherence by as many States as possible to the strengthened safeguards system is a crucial component in this endeavour

  5. Performance analysis and implementation of proposed mechanism for detection and prevention of security attacks in routing protocols of vehicular ad-hoc network (VANET

    Directory of Open Access Journals (Sweden)

    Parul Tyagi

    2017-07-01

    Full Text Available Next-generation communication networks have become widely popular as ad-hoc networks, broadly categorized as the mobile nodes based on mobile ad-hoc networks (MANET and the vehicular nodes based vehicular ad-hoc networks (VANET. VANET is aimed at maintaining safety to vehicle drivers by begin autonomous communication with the nearby vehicles. Each vehicle in the ad-hoc network performs as an intelligent mobile node characterized by high mobility and formation of dynamic networks. The ad-hoc networks are decentralized dynamic networks that need efficient and secure communication requirements due to the vehicles being persistently in motion. These networks are more susceptible to various attacks like Warm Hole attacks, denial of service attacks and Black Hole Attacks. The paper is a novel attempt to examine and investigate the security features of the routing protocols in VANET, applicability of AODV (Ad hoc On Demand protocol to detect and tackle a particular category of network attacks, known as the Black Hole Attacks. A new algorithm is proposed to enhance the security mechanism of AODV protocol and to introduce a mechanism to detect Black Hole Attacks and to prevent the network from such attacks in which source node stores all route replies in a look up table. This table stores the sequences of all route reply, arranged in ascending order using PUSH and POP operations. The priority is calculated based on sequence number and discard the RREP having presumably very high destination sequence number. The result show that proposed algorithm for detection and prevention of Black Hole Attack increases security in Intelligent Transportation System (ITS and reduces the effect of malicious node in the VANET. NCTUNs simulator is used in this research work.

  6. Cassandra - D6.3 - final protocol : Seventh Framework Programme THEME Monitoring and Tracking of Shipping Containers Security

    NARCIS (Netherlands)

    Malenstein, J.; Schewe, W.; Zomer, G.; Klievink, A.J.; Nijdam, M.; Visscher, W.

    2014-01-01

    The Cassandra project addressed procedures and methods (protocols) for government supervision of international trade lanes. Specifically, it looked at the impact of the Cassandra innovations on the procedures and methods to assess risks (risk assessment protocols). This covers the way in which the

  7. Virtual Private Networks for mobile environments. Development of protocol for mobile security and algorithms for location update.

    OpenAIRE

    Tzvetkov, Vesselin Dimitrov

    2010-01-01

    The classical networks for broadcast, telephony and data are converging to services on the Next Generation Networks (NGN), which are introduced by all major Service Providers (SP). Major requirements on the future IP network are security and mobility, which are reflection of the Internet’s importance and wide use of portable smart devices. Secure IP mobility is the focus of this thesis, i.e. how the user can move through different access networks whilst maintaining uninterrupted and secure IP...

  8. Vertical Protocol Composition

    DEFF Research Database (Denmark)

    Groß, Thomas; Mödersheim, Sebastian Alexander

    2011-01-01

    The security of key exchange and secure channel protocols, such as TLS, has been studied intensively. However, only few works have considered what happens when the established keys are actually used—to run some protocol securely over the established “channel”. We call this a vertical protocol.......e., that the combination cannot introduce attacks that the individual protocols in isolation do not have. In this work, we prove a composability result in the symbolic model that allows for arbitrary vertical composition (including self-composition). It holds for protocols from any suite of channel and application...

  9. Protocols for Detection and Removal of Wormholes for Secure Routing and Neighborhood Creation in Wireless Ad Hoc Networks

    Science.gov (United States)

    Hayajneh, Thaier Saleh

    2009-01-01

    Wireless ad hoc networks are suitable and sometimes the only solution for several applications. Many applications, particularly those in military and critical civilian domains (such as battlefield surveillance and emergency rescue) require that ad hoc networks be secure and stable. In fact, security is one of the main barriers to the extensive use…

  10. A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

    Science.gov (United States)

    Lang, Jun

    2012-01-30

    In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

  11. Cryptographic Protocols:

    DEFF Research Database (Denmark)

    Geisler, Martin Joakim Bittel

    cryptography was thus concerned with message confidentiality and integrity. Modern cryptography cover a much wider range of subjects including the area of secure multiparty computation, which will be the main topic of this dissertation. Our first contribution is a new protocol for secure comparison, presented...... implemented the comparison protocol in Java and benchmarks show that is it highly competitive and practical. The biggest contribution of this dissertation is a general framework for secure multiparty computation. Instead of making new ad hoc implementations for each protocol, we want a single and extensible...... in Chapter 2. Comparisons play a key role in many systems such as online auctions and benchmarks — it is not unreasonable to say that when parties come together for a multiparty computation, it is because they want to make decisions that depend on private information. Decisions depend on comparisons. We have...

  12. Security Architecture and Protocol for Trust Verifications Regarding the Integrity of Files Stored in Cloud Services †

    Science.gov (United States)

    2018-01-01

    Cloud computing is considered an interesting paradigm due to its scalability, availability and virtually unlimited storage capacity. However, it is challenging to organize a cloud storage service (CSS) that is safe from the client point-of-view and to implement this CSS in public clouds since it is not advisable to blindly consider this configuration as fully trustworthy. Ideally, owners of large amounts of data should trust their data to be in the cloud for a long period of time, without the burden of keeping copies of the original data, nor of accessing the whole content for verifications regarding data preservation. Due to these requirements, integrity, availability, privacy and trust are still challenging issues for the adoption of cloud storage services, especially when losing or leaking information can bring significant damage, be it legal or business-related. With such concerns in mind, this paper proposes an architecture for periodically monitoring both the information stored in the cloud and the service provider behavior. The architecture operates with a proposed protocol based on trust and encryption concepts to ensure cloud data integrity without compromising confidentiality and without overloading storage services. Extensive tests and simulations of the proposed architecture and protocol validate their functional behavior and performance. PMID:29498641

  13. [Food Security in Europe: comparison between the "Hygiene Package" and the British Retail Consortium (BRC) & International Food Standard (IFS) protocols].

    Science.gov (United States)

    Stilo, A; Parisi, S; Delia, S; Anastasi, F; Bruno, G; Laganà, P

    2009-01-01

    The birth of Hygiene Package and of the Reg. CE no 2073/2005 in the food production field signalled a change in Italy. This process started in Italy in 1997 with the legislative decree no 155 on Self-control but in reality, it was implemented in the UK in 1990 with the promulgation of the Food Safety Act. This legal act was influenced by some basic rules corresponding to the application of HACCP standards. Since 1990 the British chains of distribution (Retailers) have involved all aspects of the food line in this type of responsibility. Due to this growing awareness for a need for greater regulation, a protocol, edited by British Retail Consortium was created in 1998. This protocol acted as a "stamp" of approval for food products and it is now known as the BRC Global Food Standard. In July 2008, this protocol became effective in its fifth version. After the birth of BRC, also French and German Retailers have established a standard practically equivalent and perhaps more pertinent to safety food, that is International Food Standard (IFS). The new approach is specific to the food field and strictly applies criteria which will ensure "safety, quality and legality" of food products, similarly to ISO 22000:2005 (mainly based on BRC & IFS past experiences). New standards aim to create a sort of green list with fully "proper and fit" Suppliers only, because of comprehensible exigencies of Retailers. It is expected, as we have shown, that Auditor authorities who are responsible for ensuring that inspections are now carried out like the Hygiene Package, will find these new standards useful. The advantages of streamlining this system is that it will allow enterprises to diligently enforce food safety practices without fear of upset or legal consequence, to improve the quality (HACCP) of management & traceability system; to restrict wastes, reprocessing and withdrawal of products. However some discordances about the interpretation of certain sub-field norms (e.g., water

  14. Secure Distributed Time for Secure Distributed Protocols

    Science.gov (United States)

    1994-09-01

    minimal generating set of X = UV (A) AEY Implications Suppose (M, M’) is an acyclic Typ, -tent and independent) parallel pair. A timeslice containing...compromise the system if the attacker is willing to pay tremendous amounts of money . (For a detailed analysis of the cost, see [Wein9l 1.) What do we do...example, suppose auditor Alice is asking for a snapshot to verify that the electronic currency in circulation sums correctly. If counterfeiter Bad

  15. Secure E-payment Protocol

    OpenAIRE

    Sattar J Aboud

    2009-01-01

    The vast spreading of information in the last decade has led to greatdevelopment in e-commerce. For instance, e-trade and e-bank are two mainInternet services that implement e-transaction from anyplace in the world. Thishelps merchant and bank to ease the financial transaction process and to giveuser friendly services at any time. However, the cost of workers andcommunications falls down considerably while the cost of trusted authority andprotecting information is increased. E-payment is now ...

  16. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an

  17. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  18. Universally composable protocols with relaxed set-up assumptions

    DEFF Research Database (Denmark)

    Barak, Boaz; Canetti, Ran; Nielsen, Jesper Buus

    2004-01-01

    A desirable goal for cryptographic protocols is to guarantee security when the protocol is composed with other protocol instances. Universally composable (UC) protocols provide this guarantee in a strong sense: A protocol remains secure even when composed concurrently with an unbounded number of ...

  19. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t ... in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the trade-off between robustness and privacy shown by Ishai et al. [CRYPTO'06] and Katz [STOC'07], the bound on fairness shown by Cleve [STOC'86...

  20. Cloud security mechanisms

    OpenAIRE

    2014-01-01

    Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...

  1. EPICS: Channel Access security design

    International Nuclear Information System (INIS)

    Kraimer, M.; Hill, J.

    1994-05-01

    This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer's interface is given. Security protocol is described and finally aids for reading the access security code are provided

  2. Turismo Activo y Protocolos de Seguridad: BTT en la Vía Verde de Morata de Tajuña. Active Tourism and Security Protocols: BTT at Tajuña´S Green Way

    Directory of Open Access Journals (Sweden)

    Jiménez Martín, Pedro Jesús

    2006-01-01

    Full Text Available ResumenLa normativa actual referente al turismo activo en España ha establecido que para poder darse de alta en el registro oficial las empresas del sector están obligadas a presentar un protocolo de seguridad para el desarrollo de sus actividades. Sin embargo, en la normativa no se especifica en qué debe consistir el citado protocolo dejando la iniciativa totalmente abierta. Este artículo presenta una propuesta de cómo podría establecerse un protocolo de seguridad para una actividad: excursión en bicicleta de montaña por la vía verde de Tajuña en la Comunidad de Madrid. Hemos elegido como entorno de trabajo el Programa Vías Verdes por el gran potencial recreativo y medioambiental que nos brinda para las empresas de turismo activo y los profesionales de la actividad física y el deporte, así como por las ventajas de: oportunidades laborales, seguridad y fácil acceso.AbstractActive tourism regulations currently in force in Spain establish that companies must present a security protocol for the performance of their activities to become officially registered. However, normative does not specify what this protocol entails keeping opened the initiative. This paper proposes the way a security protocol could be designed for a certain activity: mountain-bike at Tajuña´s Green Way, located at Madrid Community. We have chosen the Program Green Routes as framework due to the great recreational and environmental potential they offer to companies of active tourism and professionals of the physical activity and sport, as well as good labour opportunities, high security and easy access.

  3. A Survey of E-Commerce Security

    Institute of Scientific and Technical Information of China (English)

    QIN Zhiguang; LUO Xucheng; GAO Rong

    2004-01-01

    E-commerce is a very active field of Intemet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies,protocols and techniques are involved in the deployment of the security. The related standards and protocols ofe-commerce are studied in this paper. The general model of e-commerce security is set forth.In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.

  4. Homomorphic encryption and secure comparison

    NARCIS (Netherlands)

    Damgard, Ivan; Geisler, M.; Kroigaard, M.

    2008-01-01

    We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty

  5. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  6. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  7. Homomorphic encryption and secure comparison

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Geisler, Martin; Krøigaard, Mikkel

    2008-01-01

    Computation (MPC). We show how our comparison protocol can be used to improve security of online auctions, and demonstrate that it is efficient enough to be used in practice. For comparison of 16 bits numbers with security based on 1024 bits RSA (executed by two parties), our implementation takes 0.28 sec......We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty...

  8. Quantum Secure Group Communication.

    Science.gov (United States)

    Li, Zheng-Hong; Zubairy, M Suhail; Al-Amri, M

    2018-03-01

    We propose a quantum secure group communication protocol for the purpose of sharing the same message among multiple authorized users. Our protocol can remove the need for key management that is needed for the quantum network built on quantum key distribution. Comparing with the secure quantum network based on BB84, we show our protocol is more efficient and securer. Particularly, in the security analysis, we introduce a new way of attack, i.e., the counterfactual quantum attack, which can steal information by "invisible" photons. This invisible photon can reveal a single-photon detector in the photon path without triggering the detector. Moreover, the photon can identify phase operations applied to itself, thereby stealing information. To defeat this counterfactual quantum attack, we propose a quantum multi-user authorization system. It allows us to precisely control the communication time so that the attack can not be completed in time.

  9. Group covariant protocols for quantum string commitment

    International Nuclear Information System (INIS)

    Tsurumaru, Toyohiro

    2006-01-01

    We study the security of quantum string commitment (QSC) protocols with group covariant encoding scheme. First we consider a class of QSC protocol, which is general enough to incorporate all the QSC protocols given in the preceding literatures. Then among those protocols, we consider group covariant protocols and show that the exact upperbound on the binding condition can be calculated. Next using this result, we prove that for every irreducible representation of a finite group, there always exists a corresponding nontrivial QSC protocol which reaches a level of security impossible to achieve classically

  10. Secure Architectures for Mobile Applications

    OpenAIRE

    Cristian TOMA

    2007-01-01

    The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet)

  11. Secure Architectures for Mobile Applications

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet

  12. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  13. Cognitive Communications Protocols for SATCOM

    Science.gov (United States)

    2017-10-20

    communications protocols for satellite and space communications with possible broad applications in defense, homeland-security as well as consumer ...communications with possible broad applications in defense, homeland-security, and civilian as well as consumer telecommunications. Such cognitive...vulnerable against smart jammers that may attempt to learn the cognitive radios own behavior . In response, our second class of proposed algorithms

  14. Collective Study On Security Threats In VOIP Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Zulkifl Hasan

    2017-01-01

    Full Text Available The Collective study will critically evaluate the voice over internet protocol VOIP Security threats issues amp challenges in the communication over the network the solution provided by different vendors. Authors will be discussing all security issues different protocols but main focus will be on SIP protocol its implementation and vendors VOIP security system.

  15. VoIP Security

    OpenAIRE

    Fontanini, Piero

    2008-01-01

    VOIP or Voice Over Internet Protocol is a common term for phone service over IP based networks. There are much information about VoIP and some of how VoIP can be secured. There is however no standard for VoIP and no general solution for VoIP Security. The security in VoIP systems today are often non existing or in best case weak and often based on proprietary solutions. This master thesis investigates threats to VoIP system and describes existing alternatives for securing Vo...

  16. An one-time-pad key communication protocol with entanglement

    OpenAIRE

    Cai, Qing-yu

    2003-01-01

    We present an one-time-pad key communication protocol that allows secure direct communication with entanglement. Alice can send message to Bob in a deterministic manner by using local measurements and public communication. The theoretical efficiency of this protocol is double compared with BB84 protocol. We show this protocol is unconditional secure under arbitrary quantum attack. And we discuss that this protocol can be perfectly implemented with current technologies.

  17. New optimized DNA extraction protocol for fingerprints deposited on a special self-adhesive security seal and other latent samples used for human identification.

    Science.gov (United States)

    Kopka, Julieta; Leder, Monika; Jaureguiberry, Stella M; Brem, Gottfried; Boselli, Gabriel O

    2011-09-01

    Obtaining complete short tandem repeat (STR) profiles from fingerprints containing minimal amounts of DNA, using standard extraction techniques, can be difficult. The aim of this study was to evaluate a new kit, Fingerprint DNA Finder (FDF Kit), recently launched for the extraction of DNA and STR profiling from fingerprints placed on a special device known as Self-Adhesive Security Seal Sticker(®) and other latent fingerprints on forensic evidentiary material like metallic guns. The DNA extraction system is based on a reversal of the silica principle, and all the potential inhibiting substances are retained on the surface of a special adsorbent, while nucleic acids are not bound and remain in solution dramatically improving DNA recovery. DNA yield was quite variable among the samples tested, rendering in most of the cases (>90%) complete STR profiles, free of PCR inhibitors, and devoid of artifacts. Even samples with DNA amount below 100 pg could be successfully analyzed. © 2011 American Academy of Forensic Sciences.

  18. Efficient Secure Multiparty Subset Computation

    Directory of Open Access Journals (Sweden)

    Sufang Zhou

    2017-01-01

    Full Text Available Secure subset problem is important in secure multiparty computation, which is a vital field in cryptography. Most of the existing protocols for this problem can only keep the elements of one set private, while leaking the elements of the other set. In other words, they cannot solve the secure subset problem perfectly. While a few studies have addressed actual secure subsets, these protocols were mainly based on the oblivious polynomial evaluations with inefficient computation. In this study, we first design an efficient secure subset protocol for sets whose elements are drawn from a known set based on a new encoding method and homomorphic encryption scheme. If the elements of the sets are taken from a large domain, the existing protocol is inefficient. Using the Bloom filter and homomorphic encryption scheme, we further present an efficient protocol with linear computational complexity in the cardinality of the large set, and this is considered to be practical for inputs consisting of a large number of data. However, the second protocol that we design may yield a false positive. This probability can be rapidly decreased by reexecuting the protocol with different hash functions. Furthermore, we present the experimental performance analyses of these protocols.

  19. Mitigating Docker Security Issues

    OpenAIRE

    Yasrab, Robail

    2018-01-01

    It is very easy to run applications in Docker. Docker offers an ecosystem that offers a platform for application packaging, distributing and managing within containers. However, Docker platform is yet not matured. Presently, Docker is less secured as compare to virtual machines (VM) and most of the other cloud technologies. The key of reason of Docker inadequate security protocols is containers sharing of Linux kernel, which can lead to risk of privileged escalations. This research is going t...

  20. Credit Card Security

    OpenAIRE

    G.C., Anup

    2013-01-01

    Author: Anup G.C. Year: 2013 Subject of thesis: Credit Card Security Number of pages: 36+2 Credit Card is a widely used electronic chip for easy transactions. The main purpose of the report was to show the security measures of transaction by credit cards. The purpose was to give information about credit cards and how they were introduced. The thesis reportcontained the types of card theft with examples and sited the various protocols used for online ...

  1. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  2. Convention on the establishment of a security control in the field of nuclear energy. Protocol on the tribunal established by the convention on the establishment of a security control in the field of nuclear energy

    International Nuclear Information System (INIS)

    1957-01-01

    The governments of Germany, Austria, Belgium, Denmark, France, Greece, Ireland, Iceland, Italy, Luxembourg, Norway, Netherlands, Portugal, United Kingdom, Sweden, Switzerland and Turkey, having resolved to promote the development of the production and uses of nuclear energy in the Member countries of the Organisation for European Economic Co-operation between these countries and the harmonisation of national measures; considering that the joint action undertaken to this end in the Organisation is intended to develop the European nuclear industry for purely peaceful ends and must not further any military purpose; considering that at its meeting of' 18 July, 1956, the Council of the Organisation decided to establish to this effect an international security control; considering that by a Decision dated this day the Council has established, within the Organisation, a European Nuclear Energy Agency with the task of pursuing the joint action undertaken; have agreed the present convention. The governments party to the Convention, desirous of determining in accordance with Article 12 of the Convention the organisation of the Tribunal established by the said Article and the status of its judges; have agreed upon the provisions which are annexed to the Convention

  3. Distributed Network Protocols

    Science.gov (United States)

    1980-07-01

    MONITORING AGENCY NAME & ADDRESS(II different from Controlting Office) IS. SECURITY CLASS. (of this report) S Office of Naval Research Unclassified...All protocols are extended to networks with changing. topology. S80 8 4 246 DD0I iA 1473 EDITION OF INOV 65 IS OBSOLETE 8 0 24 SECURITY CLASSIFICATION...to the netowrk . f) Each node knows its adjacent links, but not necessarily the identity of its neighbors, i.e. the nodes at the other end of the links

  4. Bioremediation protocols

    National Research Council Canada - National Science Library

    Sheehan, David

    1997-01-01

    ..., .. . . . . .. ,. . . .. . . . . . . . .. . . . . .. . . .. . .. 3 2 Granular Nina Sludge Christiansen, Consortia lndra for Bioremediation, M. Mathrani, and Birgitte K. Ahring . 23 PART II PROTOCOLS...

  5. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  6. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  7. Secure Multiparty AES

    Science.gov (United States)

    Damgård, Ivan; Keller, Marcel

    We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

  8. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  9. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  10. Security Analysis of Parlay/OSA Framework

    NARCIS (Netherlands)

    Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.; Villain, B.

    2004-01-01

    This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,

  11. Security Analysis of Parlay/OSA Framework

    NARCIS (Netherlands)

    Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.

    This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,

  12. Secure quantum private comparison

    International Nuclear Information System (INIS)

    Yang Yuguang; Cao Weifeng; Wen Qiaoyan

    2009-01-01

    We propose a two-party quantum private comparison protocol using single photons, in which two distrustful parties can compare whether their secrets are equal with the help of a third party (TP). Any information about the values of their respective secrets will not be leaked out even with a compromised TP. Security is also discussed.

  13. Secure quantum private comparison

    Energy Technology Data Exchange (ETDEWEB)

    Yang Yuguang [College of Computer Science and Technology, Beijing University of Technology, Beijing 100124 (China); Cao Weifeng [College of Electric and Information Engineering, Zhengzhou University of Light Industry, Zhengzhou 450002 (China); Wen Qiaoyan [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876 (China)], E-mail: yangyang7357@bjut.edu.cn

    2009-12-15

    We propose a two-party quantum private comparison protocol using single photons, in which two distrustful parties can compare whether their secrets are equal with the help of a third party (TP). Any information about the values of their respective secrets will not be leaked out even with a compromised TP. Security is also discussed.

  14. Wireless network security theories and applications

    CERN Document Server

    Chen, Lei; Zhang, Zihong

    2013-01-01

    Wireless Network Security Theories and Applications discusses the relevant security technologies, vulnerabilities, and potential threats, and introduces the corresponding security standards and protocols, as well as provides solutions to security concerns. Authors of each chapter in this book, mostly top researchers in relevant research fields in the U.S. and China, presented their research findings and results about the security of the following types of wireless networks: Wireless Cellular Networks, Wireless Local Area Networks (WLANs), Wireless Metropolitan Area Networks (WMANs), Bluetooth

  15. Superposition Attacks on Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

    2011-01-01

    of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold $t$ in the standard model is secure against superposition attacks if and only if the threshold is lowered to $t/2$. We use this result to give zero-knowledge proofs for all of NP in the common reference...

  16. Quantum Security of Cryptographic Primitives

    OpenAIRE

    Gagliardoni, Tommaso

    2017-01-01

    We call quantum security the area of IT security dealing with scenarios where one or more parties have access to quantum hardware. This encompasses both the fields of post-quantum cryptography (that is, traditional cryptography engineered to be resistant against quantum adversaries), and quantum cryptography (that is, security protocols designed to be natively run on a quantum infrastructure, such as quantum key distribution). Moreover, there exist also hybrid models, where traditional crypto...

  17. Weaknesses of a dynamic identity based authentication protocol for multi-server architecture

    OpenAIRE

    Han, Weiwei

    2012-01-01

    Recently, Li et al. proposed a dynamic identity based authentication protocol for multi-server architecture. They claimed their protocol is secure and can withstand various attacks. But we found some security loopholes in the protocol. Accordingly, the current paper demonstrates that Li et al.'s protocol is vulnerable to the replay attack, the password guessing attack and the masquerade attack.

  18. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  19. Smart grid security

    Energy Technology Data Exchange (ETDEWEB)

    Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

    2013-11-01

    The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

  20. An Authentication Protocol for Future Sensor Networks.

    Science.gov (United States)

    Bilal, Muhammad; Kang, Shin-Gak

    2017-04-28

    Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN

  1. A Review of Fair Exchange Protocols

    OpenAIRE

    Abdullah AlOtaibi; Hamza Aldabbas

    2012-01-01

    Recently, the Internet has become an essential business platform, aiding trading, distribution and sales between organisations, consumers and even between consumers themselves. This technology revolution has brought e-commerce to an entirely new level, which therefore has raised some new security issues. Security protocols in e-commerce are required to manage the transactions between buyers and sellers. In order to engage customers in e-commerce, these protocols should be well formulated and ...

  2. Research on Lightweight Information Security System of the Internet of Things

    OpenAIRE

    Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

    2013-01-01

    In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

  3. Typed Multiset Rewriting Specifications of Security Protocols

    Science.gov (United States)

    2011-10-01

    how to determine a specific set pAq of Dolev-Yao intruder roles from any given derivation A of Σ R. It does so by mapping each rule instance...occurring in A to zero or more intruder roles from Section 8.1. We then define pRq as pAq . This definition entails that the encoding of any active role...privK k,Σ3); ∆ a A k (∆, k′) with ∆′ = (∆, k′). Recall that pAq = (IPV,DUP). E0 :: · . [p∆q] IPV,DUP Σ⊕ΣDY −→ [p∆q] (·→I(k′))I,DUP Σ⊕ΣDY by rule

  4. Security in the internet

    International Nuclear Information System (INIS)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P.

    2000-01-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [de

  5. Petri Nets in Cryptographic Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Winskel, Glynn

    2001-01-01

    A process language for security protocols is presented together with a semantics in terms of sets of events. The denotation of process is a set of events, and as each event specifies a set of pre and postconditions, this denotation can be viewed as a Petri net. By means of an example we illustrate...

  6. Deterministic Secure Direct Communication Using Mixed state

    OpenAIRE

    Cai, Qing-yu

    2003-01-01

    We show an improved ping-pong protocol which is based on the protocol showed by Kim Bostrom and Timo Felbinger [Phys. Rev. Lett. 89, 187902 (2002); quant-ph/0209040]. We show that our protocol is asymptotically secure key distribution and quasisecure direct communication using a single photon resource. And this protocol can be can be carried out with great efficiency and speed using today's technology.

  7. The Simplest Protocol for Oblivious Transfer

    DEFF Research Database (Denmark)

    Chou, Tung; Orlandi, Claudio

    2015-01-01

    Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1-out-of-n OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol achieves UC-security against...... active and adaptive corruptions in the random oracle model. Due to its simplicity, the protocol is extremely efficient and it allows to perform m 1-out-of-n OTs using only: - Computation: (n+1)m+2 exponentiations (mn for the receiver, mn+2 for the sender) and - Communication: 32(m+1) bytes (for the group...... optimizations) is at least one order of magnitude faster than previous work. Category / Keywords: cryptographic protocols / Oblivious Transfer, UC Security, Elliptic Curves, Efficient Implementation...

  8. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  9. High-Capacity Quantum Secure Communication with Authentication Using Einstein-Podolsky-Rosen Pairs

    International Nuclear Information System (INIS)

    Xiao Min; Xu Hong-Wei

    2015-01-01

    A new protocol for quantum secure communication with authentication is proposed. The proposed protocol has a higher capacity as each EPR pair can carry four classical bits by the XOR operation and an auxiliary photon. The security and efficiency are analyzed in detail and the major advantage of this protocol is that it is more efficient without losing security. (paper)

  10. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  11. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  12. IPv6 Security

    Science.gov (United States)

    Babik, M.; Chudoba, J.; Dewhurst, A.; Finnern, T.; Froy, T.; Grigoras, C.; Hafeez, K.; Hoeft, B.; Idiculla, T.; Kelsey, D. P.; López Muñoz, F.; Martelli, E.; Nandakumar, R.; Ohrenberg, K.; Prelz, F.; Rand, D.; Sciabà, A.; Tigerstedt, U.; Traynor, D.; Wartel, R.

    2017-10-01

    IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.

  13. Symmetric cryptographic protocols

    CERN Document Server

    Ramkumar, Mahalingam

    2014-01-01

    This book focuses on protocols and constructions that make good use of symmetric pseudo random functions (PRF) like block ciphers and hash functions - the building blocks for symmetric cryptography. Readers will benefit from detailed discussion of several strategies for utilizing symmetric PRFs. Coverage includes various key distribution strategies for unicast, broadcast and multicast security, and strategies for constructing efficient digests of dynamic databases using binary hash trees.   •        Provides detailed coverage of symmetric key protocols •        Describes various applications of symmetric building blocks •        Includes strategies for constructing compact and efficient digests of dynamic databases

  14. Securing Distributed Research

    CERN Multimedia

    CERN. Geneva

    2018-01-01

    Global science calls for global infrastructure. A typical large-scale research group will use a suite of international services and involve hundreds of collaborating institutes and users from around the world. How can these users access those services securely? How can their digital identities be established, verified and maintained? We will explore the motivation for distributed authentication and the ways in which research communities are addressing the challenges. We will discuss security incident response in distributed environments - a particular challenge for the operators of these infrastructures. Through this course you should gain an overview of federated identity technologies and protocols, including x509 certificates, SAML and OIDC.

  15. Ancestors protocol for scalable key management

    Directory of Open Access Journals (Sweden)

    Dieter Gollmann

    2010-06-01

    Full Text Available Group key management is an important functional building block for secure multicast architecture. Thereby, it has been extensively studied in the literature. The main proposed protocol is Adaptive Clustering for Scalable Group Key Management (ASGK. According to ASGK protocol, the multicast group is divided into clusters, where each cluster consists of areas of members. Each cluster uses its own Traffic Encryption Key (TEK. These clusters are updated periodically depending on the dynamism of the members during the secure session. The modified protocol has been proposed based on ASGK with some modifications to balance the number of affected members and the encryption/decryption overhead with any number of the areas when a member joins or leaves the group. This modified protocol is called Ancestors protocol. According to Ancestors protocol, every area receives the dynamism of the members from its parents. The main objective of the modified protocol is to reduce the number of affected members during the leaving and joining members, then 1 affects n overhead would be reduced. A comparative study has been done between ASGK protocol and the modified protocol. According to the comparative results, it found that the modified protocol is always outperforming the ASGK protocol.

  16. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  17. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  18. Experimental eavesdropping attack against Ekert's protocol based on Wigner's inequality

    International Nuclear Information System (INIS)

    Bovino, F. A.; Colla, A. M.; Castagnoli, G.; Castelletto, S.; Degiovanni, I. P.; Rastello, M. L.

    2003-01-01

    We experimentally implemented an eavesdropping attack against the Ekert protocol for quantum key distribution based on the Wigner inequality. We demonstrate a serious lack of security of this protocol when the eavesdropper gains total control of the source. In addition we tested a modified Wigner inequality which should guarantee a secure quantum key distribution

  19. ZigBee-2007 Security Essentials

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2008-01-01

    ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

  20. Secure IP mobility management for VANET

    CERN Document Server

    Taha, Sanaa

    2013-01-01

    This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

  1. Quantum Secure Direct Communication Using W State

    International Nuclear Information System (INIS)

    Dong Li; Xiu Xiaoming; Gao Yajun; Chi Feng

    2008-01-01

    A theoretical scheme of quantum secure direct communication using teleportation is proposed. In the scheme, the sender needs to prepare a class of three-particle W states to use as quantum channel. The two communicators may communicate after they test the security of the quantum channel. The security of the protocol is ensured by quantum entanglement and quantum no-cloning theorem. The receiver can obtain the secret message determinately if the quantum channel is secure

  2. Secure ICCP Final Report

    Energy Technology Data Exchange (ETDEWEB)

    Rice, Mark J.; Bonebrake, Christopher A.; Dayley, Greg K.; Becker, Larry J.

    2017-06-30

    Inter-Control Center Communications Protocol (ICCP), defined by the IEC 60870-6 TASE.2 standard, was developed to enable data exchange over wide area networks between electric system entities, including utility control centers, Independent System Operators (ISOs), Regional Transmission Operators (RTOs) and Independent Power Producers (IPP) also known as Non-Utility Generators (NUG). ICCP is an unprotected protocol, and as a result is vulnerable to such actions as integrity violation, interception or alteration, spoofing, and eavesdropping. Because of these vulnerabilities with unprotected ICCP communication, security enhancements, referred to as Secure ICCP, have been added and are included in the ICCP products that utilities have received since 2003 when the standard was defined. This has resulted in an ICCP product whose communication can be encrypted and authenticated to address these vulnerabilities.

  3. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  4. A Scenario-Based Protocol Checker for Public-Key Authentication Scheme

    Science.gov (United States)

    Saito, Takamichi

    Security protocol provides communication security for the internet. One of the important features of it is authentication with key exchange. Its correctness is a requirement of the whole of the communication security. In this paper, we introduce three attack models realized as their attack scenarios, and provide an authentication-protocol checker for applying three attack-scenarios based on the models. We also utilize it to check two popular security protocols: Secure SHell (SSH) and Secure Socket Layer/Transport Layer Security (SSL/TLS).

  5. A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

    OpenAIRE

    Zhang, Liping; Tang, Shanyu; Zhu, Shaohui

    2016-01-01

    Session Initiation Protocol (SIP) is an essential part of most Voice over Internet Protocol (VoIP) architecture. Although SIP provides attractive features, it is exposed to various security threats, and so an efficient and secure authentication scheme is sought to enhance the security of SIP. Several attempts have been made to address the tradeoff problem between security and efficiency, but designing a successful authenticated key agreement protocol for SIP is still a challenging task from t...

  6. A Weak Value Based QKD Protocol Robust Against Detector Attacks

    Science.gov (United States)

    Troupe, James

    2015-03-01

    We propose a variation of the BB84 quantum key distribution protocol that utilizes the properties of weak values to insure the validity of the quantum bit error rate estimates used to detect an eavesdropper. The protocol is shown theoretically to be secure against recently demonstrated attacks utilizing detector blinding and control and should also be robust against all detector based hacking. Importantly, the new protocol promises to achieve this additional security without negatively impacting the secure key generation rate as compared to that originally promised by the standard BB84 scheme. Implementation of the weak measurements needed by the protocol should be very feasible using standard quantum optical techniques.

  7. Copenhagen infant mental health project: study protocol for a randomized controlled trial comparing circle of security –parenting and care as usual as interventions targeting infant mental health risks

    Directory of Open Access Journals (Sweden)

    Mette Skovgaard Væver

    2016-11-01

    Full Text Available Abstract Background Infant mental health is a significant public health issue as early adversity and exposure to early childhood stress are significant risk factors that may have detrimental long-term developmental consequences for the affected children. Negative outcomes are seen on a range of areas such as physical and mental health, educational and labor market success, social network and establishing of family. Secure attachment is associated with optimal outcomes in all developmental domains in childhood, and both insecure and disorganized attachment are associated with a range of later problems and psychopathologies. In disadvantaged populations insecure and disorganized attachment are common, which points to the need of identifying early risk and effective methods of addressing such problems. This protocol describes an experimental evaluation of an indicated group-based parental educational program, Circle of Security–Parenting (COS-P, currently being conducted in Denmark. Methods/design In a parallel randomized controlled trial of two intervention groups this study tests the efficacy of COS-P compared to Care as Usual (CAU in enhancing maternal sensitivity and child attachment in a community sample in the City of Copenhagen, Denmark. During the project a general population of an estimated 17.600 families with an infant aged 2–12 months are screened for two known infant mental health risks, maternal postnatal depression and infant social withdrawal. Eligible families (N = 314, who agree to participate, will be randomly allocated with a ratio of 2:1 into the COS-P intervention arm and into CAU. Data will be obtained at inclusion (baseline and at follow-up when the child is 12–16 months. The primary outcome is maternal sensitivity. Secondary outcomes include quality of infant attachment, language, cognitive and socioemotional development, family functioning, parental stress, parental mentalizing and maternal mental wellbeing

  8. Calling Out Cheaters : Covert Security with Public VerifiabilitySecurity

    DEFF Research Database (Denmark)

    Asharov, Gilad; Orlandi, Claudio

    2012-01-01

    We introduce the notion of covert security with public verifiability, building on the covert security model introduced by Aumann and Lindell (TCC 2007). Protocols that satisfy covert security guarantee that the honest parties involved in the protocol will notice any cheating attempt with some...... constant probability ε. The idea behind the model is that the fear of being caught cheating will be enough of a deterrent to prevent any cheating attempt. However, in the basic covert security model, the honest parties are not able to persuade any third party (say, a judge) that a cheating occurred. We...... propose (and formally define) an extension of the model where, when an honest party detects cheating, it also receives a certificate that can be published and used to persuade other parties, without revealing any information about the honest party’s input. In addition, malicious parties cannot create fake...

  9. Authentication Protocol using Quantum Superposition States

    Energy Technology Data Exchange (ETDEWEB)

    Kanamori, Yoshito [University of Alaska; Yoo, Seong-Moo [University of Alabama, Huntsville; Gregory, Don A. [University of Alabama, Huntsville; Sheldon, Frederick T [ORNL

    2009-01-01

    When it became known that quantum computers could break the RSA (named for its creators - Rivest, Shamir, and Adleman) encryption algorithm within a polynomial-time, quantum cryptography began to be actively studied. Other classical cryptographic algorithms are only secure when malicious users do not have sufficient computational power to break security within a practical amount of time. Recently, many quantum authentication protocols sharing quantum entangled particles between communicators have been proposed, providing unconditional security. An issue caused by sharing quantum entangled particles is that it may not be simple to apply these protocols to authenticate a specific user in a group of many users. An authentication protocol using quantum superposition states instead of quantum entangled particles is proposed. The random number shared between a sender and a receiver can be used for classical encryption after the authentication has succeeded. The proposed protocol can be implemented with the current technologies we introduce in this paper.

  10. A Cryptographic Moving-Knife Cake-Cutting Protocol

    Directory of Open Access Journals (Sweden)

    Yoshifumi Manabe

    2012-02-01

    Full Text Available This paper proposes a cake-cutting protocol using cryptography when the cake is a heterogeneous good that is represented by an interval on a real line. Although the Dubins-Spanier moving-knife protocol with one knife achieves simple fairness, all players must execute the protocol synchronously. Thus, the protocol cannot be executed on asynchronous networks such as the Internet. We show that the moving-knife protocol can be executed asynchronously by a discrete protocol using a secure auction protocol. The number of cuts is n-1 where n is the number of players, which is the minimum.

  11. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  12. Immunochemical protocols

    National Research Council Canada - National Science Library

    Pound, John D

    1998-01-01

    ... easy and important refinements often are not published. This much anticipated 2nd edition of Immunochemzcal Protocols therefore aims to provide a user-friendly up-to-date handbook of reliable techniques selected to suit the needs of molecular biologists. It covers the full breadth of the relevant established immunochemical methods, from protein blotting and immunoa...

  13. Strategy to Enhance International Supply Chain Security

    National Research Council Canada - National Science Library

    2007-01-01

    .... at 1901, 1903, October 13, 2006) which require the development of a strategic plan to enhance the security of the international supply chain, including protocols for the expeditious resumption of the flow of trade following...

  14. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  15. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  16. Method of Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

    Science.gov (United States)

    Roy-Chowdhury, Ayan (Inventor); Baras, John S. (Inventor)

    2014-01-01

    A method and apparatus utilizes Layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security including a modification to the Internet Key Exchange protocol. For application-level security of web browsing with acceptable end-to-end delay, the Dual-mode SSL protocol (DSSL) is used instead of SSL. The LES and DSSL protocols achieve desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly.

  17. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  18. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  19. Protocol Programmability

    Science.gov (United States)

    2013-12-01

    First, any subproject that involved an implementation shared some implementation infrastructure with other subprojects. For example, the Plaid backend ...very same language. We followed this advice in Plaid, and we therefore implemented the compiler backend in Plaid (code generation, type checker, Æminim...programming language aimed at enforcing security properties in web and mobile applications [Nistor et al., 2013]. Wyvern therefore provides an excellent

  20. Secure Two-Party Computation with Low Communication

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Faust, Sebastian; Hazay, Carmit

    2011-01-01

    We propose a 2-party UC-secure computation protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic...

  1. From Passive to Covert Security at Low Cost

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Geisler, Martin; Nielsen, Jesper Buus

    2010-01-01

    . In this paper, we show how to compile a passively secure protocol for honest majority into one that is secure against covert attacks, again for honest majority and catches cheating with probability 1/4. The cost of the modified protocol is essentially twice that of the original plus an overhead that only...

  2. Secure multiparty computation goes live

    NARCIS (Netherlands)

    Bogetoft, P.; Christensen, D.L.; Damgard, Ivan; Geisler, M.; Jakobsen, T.; Kroigaard, M.; Nielsen, J.D.; Nielsen, J.B.; Nielsen, K.; Pagter, J.; Schwartzbach, M.; Toft, T.; Dingledine, R.; Golle, Ph.

    2009-01-01

    In this note, we report on the first large-scale and practical application of secure multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. This work was supported by the Danish Strategic Research Council and the European

  3. Secure multiparty computation goes live

    DEFF Research Database (Denmark)

    Bogetoft, Peter; Christensen, Dan Lund; Damgård, Ivan Bjerre

    2009-01-01

    In this note, we report on the first large-scale and practical application of secure multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. This work was supported by the Danish Strategic Research Council and the European...

  4. Computational security of quantum encryption

    NARCIS (Netherlands)

    Alagic, G.; Broadbent, A.; Fefferman, B.; Gagliardoni, T.; Schaffner, C.; St. Jules, M.; Nascimento, A.C.A.; Barreto, P.

    2016-01-01

    Quantum-mechanical devices have the potential to transform cryptography. Most research in this area has focused either on the information-theoretic advantages of quantum protocols or on the security of classical cryptographic schemes against quantum attacks. In this work, we initiate the study of

  5. Security Theorems via Model Theory

    Directory of Open Access Journals (Sweden)

    Joshua Guttman

    2009-11-01

    Full Text Available A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi. Models (interpretations for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. *Realized* skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1 If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2 A protocol enforces for all xs . (phi implies for some ys . psi iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007 to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

  6. A review of IPv6 security concerns

    CSIR Research Space (South Africa)

    Van Heerden, RP

    2012-08-01

    Full Text Available This study focuses on the security concerns of IPv6. We make a broad introduction to IPv6 then briefly look at the differences between the IPv6 and IPv4 protocols, their known vulnerabilities and identify some security concerns when implementing IPv...

  7. Mobility Helps Peer-to-Peer Security

    DEFF Research Database (Denmark)

    Capkun, Srdjan; Hubaux, Jean-Pierre; Buttyan, Levente

    2006-01-01

    We propose a straightforward technique to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols...

  8. A review of IPv6 security concerns

    CSIR Research Space (South Africa)

    Van Heerden, RP

    2012-11-01

    Full Text Available This study focuses on the security concerns of IPv6. A broad introduction to IPv6 is made then briefly the differences between the IPv6 and IPv4 protocols are looked at, their known vulnerabilities and this identifies some security concerns when...

  9. Study protocol

    DEFF Research Database (Denmark)

    Smith, Benjamin E; Hendrick, Paul; Bateman, Marcus

    2017-01-01

    avoidance behaviours, catastrophising, self-efficacy, sport and leisure activity participation, and general quality of life. Follow-up will be 3 and 6 months. The analysis will focus on descriptive statistics and confidence intervals. The qualitative components will follow a thematic analysis approach....... DISCUSSION: This study will evaluate the feasibility of running a definitive large-scale trial on patients with patellofemoral pain, within the NHS in the UK. We will identify strengths and weaknesses of the proposed protocol and the utility and characteristics of the outcome measures. The results from...... this study will inform the design of a multicentre trial. TRIAL REGISTRATION: ISRCTN35272486....

  10. Secure direct communication based on secret transmitting order of particles

    International Nuclear Information System (INIS)

    Zhu Aidong; Zhang Shou; Xia Yan; Fan Qiubo

    2006-01-01

    We propose the schemes of quantum secure direct communication based on a secret transmitting order of particles. In these protocols, the secret transmitting order of particles ensures the security of communication, and no secret messages are leaked even if the communication is interrupted for security. This strategy of security for communication is also generalized to a quantum dialogue. It not only ensures the unconditional security but also improves the efficiency of communication

  11. On the Connection between Leakage Tolerance and Adaptive Security

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus; Venturi, Daniele; Zottarel, Angela

    2013-01-01

    We revisit the context of leakage-tolerant interactive protocols as defined by Bitanski, Canetti and Halevi (TCC 2012). Our contributions can be summarized as follows: For the purpose of secure message transmission, any encryption protocol with message space M and secret key space SK tolerating...... at the end of the protocol execution, if and only if the protocol has passive adaptive security against an adaptive corruption of one party at the end of the protocol execution. This shows that as soon as a little leakage is tolerated, one needs full adaptive security. In case more than one party can...... be corrupted, we get that leakage tolerance is equivalent to a weaker form of adaptivity, which we call semi-adaptivity. Roughly, a protocol has semi-adaptive security if there exist a simulator which can simulate the internal state of corrupted parties, however, such a state is not required...

  12. Review: Security in Wireless Technologies in Business

    Science.gov (United States)

    Sattarova, F. Y.; Kim, Tai-Hoon

    Wireless technology seems to be everywhere now - but it is still relatively in its infancy. New standards and protocols continue to emerge and problems and bugs are discovered. Nevertheless, wireless networks make many things much more convenient and it appears that wireless networks are here to stay. The differences and similarities of wireless and wired security, the new threats brought by mobility, the security of networks and devices and effects of security, or lack of it are shortly discussed in this review paper.

  13. IP Security für Linux

    OpenAIRE

    Parthey, Mirko

    2001-01-01

    Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IP...

  14. Technical Analysis of SSP-21 Protocol

    Energy Technology Data Exchange (ETDEWEB)

    Bromberger, S. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2017-06-09

    As part of the California Energy Systems for the Twenty-First Century (CES-21) program, in December 2016 San Diego Gas and Electric (SDG&E) contracted with Lawrence Livermore National Laboratory (LLNL) to perform an independent verification and validation (IV&V) of a white paper describing their Secure SCADA Protocol for the Twenty-First Century (SSP-21) in order to analyze the effectiveness and propriety of cryptographic protocol use within the SSP-21 specification. SSP-21 is designed to use cryptographic protocols to provide (optional) encryption, authentication, and nonrepudiation, among other capabilities. The cryptographic protocols to be used reflect current industry standards; future versions of SSP-21 will use other advanced technologies to provide a subset of security services.

  15. Compiling symbolic attacks to protocol implementation tests

    Directory of Open Access Journals (Sweden)

    Michael Rusinowitch

    2013-07-01

    Full Text Available Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.

  16. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  17. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  18. Quantum bit string commitment protocol using polarization of mesoscopic coherent states

    International Nuclear Information System (INIS)

    Mendonca, Fabio Alencar; Ramos, Rubens Viana

    2008-01-01

    In this work, we propose a quantum bit string commitment protocol using polarization of mesoscopic coherent states. The protocol is described and its security against brute force and quantum cloning machine attack is analyzed

  19. Quantum bit string commitment protocol using polarization of mesoscopic coherent states

    Science.gov (United States)

    Mendonça, Fábio Alencar; Ramos, Rubens Viana

    2008-02-01

    In this work, we propose a quantum bit string commitment protocol using polarization of mesoscopic coherent states. The protocol is described and its security against brute force and quantum cloning machine attack is analyzed.

  20. Network Security via Biometric Recognition of Patterns of Gene Expression

    Science.gov (United States)

    Shaw, Harry C.

    2016-01-01

    Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time expression and assay of gene expression products.

  1. Network Security via Biometric Recognition of Patterns of Gene Expression

    Science.gov (United States)

    Shaw, Harry C.

    2016-01-01

    Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT (Information Technology) organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time assays of gene expression products.

  2. Communication security in open health care networks.

    Science.gov (United States)

    Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

    1999-01-01

    Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

  3. Control system security in nuclear power plant

    International Nuclear Information System (INIS)

    Li Jianghai; Huang Xiaojin

    2012-01-01

    The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

  4. Efficient and secure comparison for on-line auctions

    NARCIS (Netherlands)

    Damgard, Ivan; Geisler, M.; Kroigaard, M.; Pieprzyk, J.; Ghodosi, H.; Dawson, E.

    2007-01-01

    We propose a protocol for secure comparison of integers based on homomorphic encryption. We also propose a homomorphic encryption scheme that can be used in our protocol and makes it more efficient than previous solutions. Our protocol is well-suited for application in on-line auctions, both with

  5. Beyond protocols

    DEFF Research Database (Denmark)

    Vanderhoeven, Sonia; Branquart, Etienne; Casaer, Jim

    2017-01-01

    Risk assessment tools for listing invasive alien species need to incorporate all available evidence and expertise. Beyond the wealth of protocols developed to date, we argue that the current way of performing risk analysis has several shortcomings. In particular, lack of data on ecological impact...... information on risk and the exploration of improved methods for decision making on biodiversity management. This is crucial for efficient conservation resource allocation and uptake by stakeholders and the public......., transparency and repeatability of assessments as well as the incorporation of uncertainty should all be explicitly considered. We recommend improved quality control of risk assessments through formalized peer review with clear feedback between assessors and reviewers. Alternatively, a consensus building...

  6. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  7. Instant Spring security starter

    CERN Document Server

    Jagielski, Piotr

    2013-01-01

    Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itsel

  8. Quantum deterministic key distribution protocols based on the authenticated entanglement channel

    International Nuclear Information System (INIS)

    Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua

    2010-01-01

    Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

  9. Quantum deterministic key distribution protocols based on the authenticated entanglement channel

    Energy Technology Data Exchange (ETDEWEB)

    Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua [Department of Electronic Information Engineering, Nanchang University, Nanchang 330031 (China)], E-mail: znr21@163.com, E-mail: znr21@hotmail.com

    2010-04-15

    Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

  10. A new quantum sealed-bid auction protocol with secret order in post-confirmation

    Science.gov (United States)

    Wang, Jing-Tao; Chen, Xiu-Bo; Xu, Gang; Meng, Xiang-Hua; Yang, Yi-Xian

    2015-10-01

    A new security protocol for quantum sealed-bid auction is proposed to resist the collusion attack from some malicious bidders. The most significant feature of this protocol is that bidders prepare their particles with secret order in post-confirmation for encoding bids. In addition, a new theorem and its proof are given based on the theory of combinatorial mathematics, which can be used as evaluation criteria for the collusion attack. It is shown that the new protocol is immune to the collusion attack and meets the demand for a secure auction. Compared with those previous protocols, the security, efficiency and availability of the proposed protocol are largely improved.

  11. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  12. Quantum secure direct communication with high-dimension quantum superdense coding

    International Nuclear Information System (INIS)

    Wang Chuan; Li Yansong; Liu Xiaoshu; Deng Fuguo; Long Guilu

    2005-01-01

    A protocol for quantum secure direct communication with quantum superdense coding is proposed. It combines the ideas of block transmission, the ping-pong quantum secure direct communication protocol, and quantum superdense coding. It has the advantage of being secure and of high source capacity

  13. Unconditionally Secure Quantum Signatures

    Directory of Open Access Journals (Sweden)

    Ryan Amiri

    2015-08-01

    Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

  14. Cryptographic Combinatorial Securities Exchanges

    Science.gov (United States)

    Thorpe, Christopher; Parkes, David C.

    We present a useful new mechanism that facilitates the atomic exchange of many large baskets of securities in a combinatorial exchange. Cryptography prevents information about the securities in the baskets from being exploited, enhancing trust. Our exchange offers institutions who wish to trade large positions a new alternative to existing methods of block trading: they can reduce transaction costs by taking advantage of other institutions’ available liquidity, while third party liquidity providers guarantee execution—preserving their desired portfolio composition at all times. In our exchange, institutions submit encrypted orders which are crossed, leaving a “remainder”. The exchange proves facts about the portfolio risk of this remainder to third party liquidity providers without revealing the securities in the remainder, the knowledge of which could also be exploited. The third parties learn either (depending on the setting) the portfolio risk parameters of the remainder itself, or how their own portfolio risk would change if they were to incorporate the remainder into a portfolio they submit. In one setting, these third parties submit bids on the commission, and the winner supplies necessary liquidity for the entire exchange to clear. This guaranteed clearing, coupled with external price discovery from the primary markets for the securities, sidesteps difficult combinatorial optimization problems. This latter method of proving how taking on the remainder would change risk parameters of one’s own portfolio, without revealing the remainder’s contents or its own risk parameters, is a useful protocol of independent interest.

  15. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  16. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  17. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  18. Advanced Internet Protocols, Services, and Applications

    CERN Document Server

    Oki, Eiji; Tatipamula, Mallikarjun; Vogt, Christian

    2012-01-01

    Today, the internet and computer networking are essential parts of business, learning, and personal communications and entertainment. Virtually all messages or transactions sent over the internet are carried using internet infrastructure- based on advanced internet protocols. Advanced internet protocols ensure that both public and private networks operate with maximum performance, security, and flexibility. This book is intended to provide a comprehensive technical overview and survey of advanced internet protocols, first providing a solid introduction and going on to discu

  19. The Singapore protocol [for quantum cryptography

    International Nuclear Information System (INIS)

    Englert, B.

    2005-01-01

    The qubit protocol for quantum key distribution presented in this talk is fully tomographic and more efficient than other tomographic protocols. Under ideal circumstances the efficiency is log 2 (4/3) = 0.415 key bits per qubit sent, which is 25% more than the efficiency of 1/3 = 0.333 for the standard 6-state protocol. One can extract 0.4 key bits per qubit by a simple two-way communication scheme, and can so get close to the information-theoretical limit. The noise thresholds for secure key bit generation in the presence of unbiased noise will be reported and discussed. (author)

  20. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  1. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  2. Eavesdropping on the "ping-pong" quantum communication protocol

    OpenAIRE

    Wojcik, Antoni

    2002-01-01

    The proposed eavesdropping scheme reveals that the quantum communication protocol recently presented by Bostrom and Felbinger [Phys. Rev. Lett. 89, 187902 (2002)] is not secure as far as quantum channel losses are taken into account.

  3. A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

    Science.gov (United States)

    Mehmood, Zahid; Chen, Gongliang; Li, Jianhua; Li, Linsen; Alzahrani, Bander

    2017-01-01

    Over the past few years, Session Initiation Protocol (SIP) is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

  4. A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

    Directory of Open Access Journals (Sweden)

    Zahid Mehmood

    Full Text Available Over the past few years, Session Initiation Protocol (SIP is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

  5. Quantum Communication Attacks on Classical Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre

    , one can show that the protocol remains secure even under such an attack. However, there are also cases where the honest players are quantum as well, even if the protocol uses classical communication. For instance, this is the case when classical multiparty computation is used as a “subroutine......In the literature on cryptographic protocols, it has been studied several times what happens if a classical protocol is attacked by a quantum adversary. Usually, this is taken to mean that the adversary runs a quantum algorithm, but communicates classically with the honest players. In several cases......” in quantum multiparty computation. Furthermore, in the future, players in a protocol may employ quantum computing simply to improve efficiency of their local computation, even if the communication is supposed to be classical. In such cases, it no longer seems clear that a quantum adversary must be limited...

  6. Quantum Communication Attacks on Classical Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre

    , one can show that the protocol remains secure even under such an attack. However, there are also cases where the honest players are quantum as well, even if the protocol uses classical communication. For instance, this is the case when classical multiparty computation is used as a “subroutine......” in quantum multiparty computation. Furthermore, in the future, players in a protocol may employ quantum computing simply to improve efficiency of their local computation, even if the communication is supposed to be classical. In such cases, it no longer seems clear that a quantum adversary must be limited......In the literature on cryptographic protocols, it has been studied several times what happens if a classical protocol is attacked by a quantum adversary. Usually, this is taken to mean that the adversary runs a quantum algorithm, but communicates classically with the honest players. In several cases...

  7. Internetting tactical security sensor systems

    Science.gov (United States)

    Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

    1998-08-01

    The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

  8. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  9. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  10. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  11. [Security aspects on the Internet].

    Science.gov (United States)

    Seibel, R M; Kocher, K; Landsberg, P

    2000-04-01

    Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet.

  12. A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

    Science.gov (United States)

    Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

    2017-04-01

    Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

  13. Fundamental quantitative security in quantum key generation

    International Nuclear Information System (INIS)

    Yuen, Horace P.

    2010-01-01

    We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

  14. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed disinclination to accept that the collective security concept and international treaties and accords signed by Denmark should necessitate credible...... and other international treaties provided arguments for adjusting the foreign and security policy ambitions, and since the general flux in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...

  15. Security Transformation

    National Research Council Canada - National Science Library

    Metz, Steven

    2003-01-01

    ... adjustment. With American military forces engaged around the world in both combat and stabilization operations, the need for rigorous and critical analysis of security transformation has never been greater...

  16. An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography.

    Science.gov (United States)

    Zhang, Zezhong; Qi, Qingqing

    2014-05-01

    Medication errors are very dangerous even fatal since it could cause serious even fatal harm to patients. In order to reduce medication errors, automated patient medication systems using the Radio Frequency Identification (RFID) technology have been used in many hospitals. The data transmitted in those medication systems is very important and sensitive. In the past decade, many security protocols have been proposed to ensure its secure transition attracted wide attention. Due to providing mutual authentication between the medication server and the tag, the RFID authentication protocol is considered as the most important security protocols in those systems. In this paper, we propose a RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography (ECC). The analysis shows the proposed protocol could overcome security weaknesses in previous protocols and has better performance. Therefore, the proposed protocol is very suitable for automated patient medication systems.

  17. Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    achieve only a subset of all fine level goals. We believe that these flexible choices of attackers and security goals are more practical in many real world scenarios. An applications may require the protection against a weaker attacker and may require to achieve fewer security goals....... of communication security. One potent argument often presented is we keep designing new protocols due the demand of new type of applications and due to the discovery of flaws in existing protocols. While designing new protocols for new type of applications, such as RFID, is definitely an important driving factor....... In fact, the most of the published protocols are considered insecure from this point of view. In practice, however, this approach has a side effect, namely, we rarely bother to explore how much insecure is the protocol. This question asks us to explore the area between security and insecurity; after all...

  18. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  19. Data Security

    OpenAIRE

    Lopez, Diego

    2013-01-01

    Training specialists in the field of data security and security administrators for the information systems represents a significant priority demanded by both governmental environments and the central and local administrations, as well as by the private sector - companies, banks. They are responsible for implementing information services and systems, but they are also their beneficiaries, with applicability in fields such as: e government, e-administration, e-banking, e-commerce, e-payment, wh...

  20. Quantitative Safety and Security Analysis from a Communication Perspective

    Directory of Open Access Journals (Sweden)

    Boris Malinowsky

    2015-12-01

    Full Text Available This paper introduces and exemplifies a trade-off analysis of safety and security properties in distributed systems. The aim is to support analysis for real-time communication and authentication building blocks in a wireless communication scenario. By embedding an authentication scheme into a real-time communication protocol for safety-critical scenarios, we can rely on the protocol’s individual safety and security properties. The resulting communication protocol satisfies selected safety and security properties for deployment in safety-critical use-case scenarios with security requirements. We look at handover situations in a IEEE 802.11 wireless setup between mobile nodes and access points. The trade-offs involve application-layer data goodput, probability of completed handovers, and effect on usable protocol slots, to quantify the impact of security from a lower-layer communication perspective on the communication protocols. The results are obtained using the network simulator ns-3.

  1. Nuclear security

    International Nuclear Information System (INIS)

    1991-12-01

    This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

  2. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  3. Common Operating Picture: UAV Security Study

    Science.gov (United States)

    2004-01-01

    This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.

  4. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  5. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  6. Efficient quantum secure communication with a publicly known key

    International Nuclear Information System (INIS)

    Li Chunyan; Li Xihan; Deng Fuguo; Zhou Hongyu

    2008-01-01

    This paper presents a simple way for an eavesdropper to eavesdrop freely the secret message in the experimental realization of quantum communication protocol proposed by Beige et al (2002 Acta Phys. Pol. A 101 357). Moreover, it introduces an efficient quantum secure communication protocol based on a publicly known key with decoy photons and two biased bases by modifying the original protocol. The total efficiency of this new protocol is double that of the original one. With a low noise quantum channel, this protocol can be used for transmitting a secret message. At present, this protocol is good for generating a private key efficiently. (general)

  7. Zero-Knowledge Protocols and Multiparty Computation

    DEFF Research Database (Denmark)

    Pastro, Valerio

    majority, in which all players but one are controlled by the adversary. In Chapter 5 we present both the preprocessing and the online phase of [DKL+ 13], while in Chapter 2 we describe only the preprocessing phase of [DPSZ12] since the combination of this preprocessing phase with the online phase of [DKL...... on information-theoretic message authentication codes, requires only a linear amount of data from the preprocessing, and improves on the number of field multiplications needed to perform one secure multiplication (linear, instead of quadratic as in earlier work). The preprocessing phase in Chapter 5 comes...... in an actively secure flavour and in a covertly secure one, both of which compare favourably to previous work in terms of efficiency and provable security. Moreover, the covertly secure solution includes a key generation protocol that allows players to obtain a public key and shares of a corresponding secret key...

  8. Cloud Computing Security Issue: Survey

    Science.gov (United States)

    Kamal, Shailza; Kaur, Rajpreet

    2011-12-01

    Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

  9. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi

  10. Password Authenticated Key Exchange and Protected Password Change Protocols

    Directory of Open Access Journals (Sweden)

    Ting-Yi Chang

    2017-07-01

    Full Text Available In this paper, we propose new password authenticated key exchange (PAKE and protected password change (PPC protocols without any symmetric or public-key cryptosystems. The security of the proposed protocols is based on the computational Diffie-Hellman assumption in the random oracle model. The proposed scheme can resist both forgery server and denial of service attacks.

  11. An Agent-Based Auction Protocol on Mobile Devices

    Directory of Open Access Journals (Sweden)

    Yu-Fang Chung

    2014-01-01

    Full Text Available This paper proposes an English auction protocol to preserve a secure, fair, and effective online auction environment, where the operations are integrated with mobile agent technology for bidders participating in online auctions. The protocol consists of four participants, namely, registration manager, agent house, auction house, and bidder.

  12. Breaking Megrelishvili protocol using matrix diagonalization

    Science.gov (United States)

    Arzaki, Muhammad; Triantoro Murdiansyah, Danang; Adi Prabowo, Satrio

    2018-03-01

    In this article we conduct a theoretical security analysis of Megrelishvili protocol—a linear algebra-based key agreement between two participants. We study the computational complexity of Megrelishvili vector-matrix problem (MVMP) as a mathematical problem that strongly relates to the security of Megrelishvili protocol. In particular, we investigate the asymptotic upper bounds for the running time and memory requirement of the MVMP that involves diagonalizable public matrix. Specifically, we devise a diagonalization method for solving the MVMP that is asymptotically faster than all of the previously existing algorithms. We also found an important counterintuitive result: the utilization of primitive matrix in Megrelishvili protocol makes the protocol more vulnerable to attacks.

  13. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

  14. Biometrics based authentication scheme for session initiation protocol

    OpenAIRE

    Xie, Qi; Tang, Zhixiong

    2016-01-01

    Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when co...

  15. Quantum protocol for cheat-sensitive weak coin flipping.

    Science.gov (United States)

    Spekkens, R W; Rudolph, Terry

    2002-11-25

    We present a quantum protocol for the task of weak coin flipping. We find that, for one choice of parameters in the protocol, the maximum probability of a dishonest party winning the coin flip if the other party is honest is 1/sqrt[2]. We also show that if parties restrict themselves to strategies wherein they cannot be caught cheating, their maximum probability of winning can be even smaller. As such, the protocol offers additional security in the form of cheat sensitivity.

  16. Quantum secret sharing protocol using modulated doubly entangled photons

    International Nuclear Information System (INIS)

    Chuan, Wang; Yong, Zhang

    2009-01-01

    In this paper, we propose a quantum secret sharing protocol utilizing polarization modulated doubly entangled photon pairs. The measurement devices are constructed. By modulating the polarizations of entangled photons, the boss could encode secret information on the initial state and share the photons with different members to realize the secret sharing process. This protocol shows the security against intercept-resend attack and dishonest member cheating. The generalized quantum secret sharing protocol is also discussed. (general)

  17. Comparative Analysis of Different Protocols to Manage Large Scale Networks

    OpenAIRE

    Anil Rao Pimplapure; Dr Jayant Dubey; Prashant Sen

    2013-01-01

    In recent year the numbers, complexity and size is increased in Large Scale Network. The best example of Large Scale Network is Internet, and recently once are Data-centers in Cloud Environment. In this process, involvement of several management tasks such as traffic monitoring, security and performance optimization is big task for Network Administrator. This research reports study the different protocols i.e. conventional protocols like Simple Network Management Protocol and newly Gossip bas...

  18. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  19. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  20. On the security of SSL/TLS-enabled applications

    OpenAIRE

    Das, Manik Lal; Samdaria, Navkar

    2014-01-01

    SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of...

  1. Simplified Threshold RSA with Adaptive and Proactive Security

    DEFF Research Database (Denmark)

    Almansa Guerra, Jesus Fernando; Damgård, Ivan Bjerre; Nielsen, Jesper Buus

    2006-01-01

    We present the currently simplest, most efficient, optimally resilient, adaptively secure, and proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive security...... of a proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework....

  2. On Cryptographic Information Security in Cloud Infrastructures: PKI and IBE Methods

    Directory of Open Access Journals (Sweden)

    Konstantin Grigorevich Kogos

    2014-05-01

    Full Text Available The application of cryptographic security methods in cloud infrastructure information security is analyzed. The cryptographic problems in cloudy infrastructures are chosen; the appropriate protocols are investigated; the appropriate mathematical problems are examined.

  3. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  4. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  5. Actively Secure Two-Party Evaluation of Any Quantum Operation

    DEFF Research Database (Denmark)

    Dupuis, Frédéric; Nielsen, Jesper Buus; Salvail, Louis

    2012-01-01

    We provide the first two-party protocol allowing Alice and Bob to evaluate privately even against active adversaries any completely positive, trace-preserving map , given as a quantum circuit, upon their joint quantum input state . Our protocol leaks no more to any active adversary than an ideal ...... functionality for provided Alice and Bob have the cryptographic resources for active secure two-party classical computation. Our protocol is constructed from the protocol for the same task secure against specious adversaries presented in [4]....

  6. Optical protocols for terabit networks

    Science.gov (United States)

    Chua, P. L.; Lambert, J. L.; Morookian, J. M.; Bergman, L. A.

    1991-01-01

    This paper describes a new fiber-optic local area network technology providing 100X improvement over current technology, has full crossbar funtionality, and inherent data security. Based on optical code-division multiple access (CDMA), using spectral phase encoding/decoding of optical pulses, networking protocols are implemented entirely in the optical domain and thus conventional networking bottlenecks are avoided. Component and system issues for a proof-of-concept demonstration are discussed, as well as issues for a more practical and commercially exploitable system. Possible terrestrial and aerospace applications of this technology, and its impact on other technologies are explored. Some initial results toward realization of this concept are also included.

  7. Multiparty quantum secret sharing of secure direct communication

    International Nuclear Information System (INIS)

    Zhang Zhanjun

    2005-01-01

    Based on the two-step protocol [F.G. Deng, G.L. Long, X.S. Liu, Phys. Rev. A 68 (2003) 042317], we propose a (n,n)-threshold multiparty quantum secret sharing protocol of secure direct communication. In our protocol, the sender's secure direct communication message can be extracted only if all the sharers collaborate. We show a variant version of this protocol based on the variant two-step protocol. This variant version can considerably reduce the realization difficulty in experiment. In contrast to the use of multi-particle GHZ states in the case that the sharer number is larger than 3, the use and identification of Bell states are enough in our two protocols disregarding completely the sharer number, hence, our protocols are more feasible in technique

  8. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  9. Entanglement generation secure against general attacks

    Science.gov (United States)

    Pirker, Alexander; Dunjko, Vedran; Dür, Wolfgang; Briegel, Hans J.

    2017-11-01

    We present a security proof for establishing private entanglement by means of recurrence-type entanglement distillation protocols over noisy quantum channels. We consider protocols where the local devices are imperfect, and show that nonetheless a confidential quantum channel can be established, and used to e.g. perform distributed quantum computation in a secure manner. While our results are not fully device independent (which we argue to be unachievable in settings with quantum outputs), our proof holds for arbitrary channel noise and noisy local operations, and even in the case where the eavesdropper learns the noise. Our approach relies on non-trivial properties of distillation protocols which are used in conjunction with de-Finetti and post-selection-type techniques to reduce a general quantum attack in a non-asymptotic scenario to an i.i.d. setting. As a side result, we also provide entanglement distillation protocols for non-i.i.d. input states.

  10. Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

    Directory of Open Access Journals (Sweden)

    Anup Kumar Maurya

    2017-10-01

    Full Text Available To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs and the Internet of Things (IoT. Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das’s user authentication scheme (given in 2015, Choi et al.’s scheme (given in 2016, and Park et al.’s scheme (given in 2016. The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

  11. Analysis of the differential-phase-shift-keying protocol in the quantum-key-distribution system

    International Nuclear Information System (INIS)

    Rong-Zhen, Jiao; Chen-Xu, Feng; Hai-Qiang, Ma

    2009-01-01

    The analysis is based on the error rate and the secure communication rate as functions of distance for three quantum-key-distribution (QKD) protocols: the Bennett–Brassard 1984, the Bennett–Brassard–Mermin 1992, and the coherent differential-phase-shift keying (DPSK) protocols. We consider the secure communication rate of the DPSK protocol against an arbitrary individual attack, including the most commonly considered intercept-resend and photon-number splitting attacks, and concluded that the simple and efficient differential-phase-shift-keying protocol allows for more than 200 km of secure communication distance with high communication rates. (general)

  12. Routing architecture and security for airborne networks

    Science.gov (United States)

    Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

    2009-05-01

    Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

  13. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    Moore, G.M.

    2010-01-01

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  14. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  15. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no

  16. Entanglement distillation protocols and number theory

    International Nuclear Information System (INIS)

    Bombin, H.; Martin-Delgado, M.A.

    2005-01-01

    We show that the analysis of entanglement distillation protocols for qudits of arbitrary dimension D benefits from applying basic concepts from number theory, since the set Z D n associated with Bell diagonal states is a module rather than a vector space. We find that a partition of Z D n into divisor classes characterizes the invariant properties of mixed Bell diagonal states under local permutations. We construct a very general class of recursion protocols by means of unitary operations implementing these local permutations. We study these distillation protocols depending on whether we use twirling operations in the intermediate steps or not, and we study them both analytically and numerically with Monte Carlo methods. In the absence of twirling operations, we construct extensions of the quantum privacy algorithms valid for secure communications with qudits of any dimension D. When D is a prime number, we show that distillation protocols are optimal both qualitatively and quantitatively

  17. Practical Computer Security through Cryptography

    Science.gov (United States)

    McNab, David; Twetev, David (Technical Monitor)

    1998-01-01

    The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

  18. Campus Area Network Wi-Fi Security

    Directory of Open Access Journals (Sweden)

    Arjun K. Pillay

    2017-07-01

    Full Text Available Wireless connectivity devices such as mobile phones and laptops are being increasingly used by University students to access learning resources on campus networks and the Internet. Each of the mobile devices offers security protocols for connection to a Wi-Fi router. This paper presents an overview of Wi-Fi security and recommendations in relation to free Wi-Fi service at The University of Fiji.

  19. Quantum Secure Direct Communication Based on Authentication

    International Nuclear Information System (INIS)

    Min-Jie, Wang; Wei, Pan

    2008-01-01

    We propose two schemes of quantum secure direct communication (QSDC) combined ideas of user authentication [Phys. Rev. A 73 (2006) 042305] and direct communication with dense coding [Phys. Rev. A. 68 (2003) 042317]. In these protocols, the privacy of authentication keys and the properties of the EPR pairs not only ensure the realization of identity authentication but also further improve the security of communication, and no secret messages are leaked even if the messages were broken. (general)

  20. Impossibility of secure two-party classical computation

    International Nuclear Information System (INIS)

    Colbeck, Roger

    2007-01-01

    We present attacks that show that unconditionally secure two-party classical computation is impossible for many classes of function. Our analysis applies to both quantum and relativistic protocols. We illustrate our results by showing the impossibility of oblivious transfer

  1. development of an integrated campus security alerting system

    African Journals Online (AJOL)

    user

    Keywords: Campus Security, Microcontroller, Internet Protocol Camera, Integrated system, Micro-switches. 1. INTRODUCTION .... personnel can fall back to the information captured/stored ...... Adetoba A. O. "Design and Construction of a Car.

  2. Monitoring System with Two Central Facilities Protocol

    Directory of Open Access Journals (Sweden)

    Caesar Firdaus

    2017-03-01

    Full Text Available The security of data and information on government’s information system required proper way of defending against threat. Security aspect can be achieved by using cryptography algorithm, applying information hiding concept, and implementing security protocol. In this research, two central facilities protocol was implemented on Research and Development Center of Mineral and Coal Technology’s Cooperation Contract Monitoring System by utilizing AES and whitespace manipulation algorithm. Adjustment on the protocol by creating several rule of validation ID’s generation and checking processes could fulfill two of four cryptography objectives, consist of authentication and non-repudiation. The solid collaboration between central legitimization agency (CLA, central tabulating facility (CTF, and client is the main idea in two central facilities protocol. The utilization of AES algorithm could defend the data on transmission from man in the middle attack scenario. On the other hand, whitespace manipulation algorithm provided data integrity aspect of the document that is uploaded to the system itself. Both of the algorithm fulfill confidentiality, data integrity, and authentication.

  3. On the Composition of Public-Coin Zero-Knowledge Protocols

    Science.gov (United States)

    2011-05-31

    only languages in BPP have public-coin black-box zero-knowledge protocols that are secure under an unbounded (polynomial) number of parallel...only languages in BPP have public-coin black-box zero-knowledge protocols that are secure under an unbounded (polynomial) number of parallel repetitions...and Krawczyk [GK96b] show that only languages in BPP have constant-round public-coin (stand-alone) black-box ZK protocols with negligible soundness

  4. Terrorist fraud resistance of distance bounding protocols employing physical unclonable functions

    NARCIS (Netherlands)

    Kleber, Stephan; van der Heijden, Rens W.; Kopp, Henning; Kargl, Frank

    Distance bounding protocols (DBPs) are security protocols that aim to limit the maximum possible distance between two partners in a wireless communication. This enables to ensure locality of interaction between two devices. Despite numerous proposed protocols, recent analyses of DBPs have shown the

  5. Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

    2014-01-01

    While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

  6. Secure Execution of Distributed Session Programs

    Directory of Open Access Journals (Sweden)

    Nuno Alves

    2011-10-01

    Full Text Available The development of the SJ Framework for session-based distributed programming is part of recent and ongoing research into integrating session types and practical, real-world programming languages. SJ programs featuring session types (protocols are statically checked by the SJ compiler to verify the key property of communication safety, meaning that parties engaged in a session only communicate messages, including higher-order communications via session delegation, that are compatible with the message types expected by the recipient. This paper presents current work on security aspects of the SJ Framework. Firstly, we discuss our implementation experience from improving the SJ Runtime platform with security measures to protect and augment communication safety at runtime. We implement a transport component for secure session execution that uses a modified TLS connection with authentication based on the Secure Remote Password (SRP protocol. The key technical point is the delicate treatment of secure session delegation to counter a previous vulnerability. We find that the modular design of the SJ Runtime, based on the notion of an Abstract Transport for session communication, supports rapid extension to utilise additional transports whilst separating this concern from the application-level session programming task. In the second part of this abstract, we formally prove the target security properties by modelling the extended SJ delegation protocols in the pi-calculus.

  7. Secure Skyline Queries on Cloud Platform.

    Science.gov (United States)

    Liu, Jinfei; Yang, Juncheng; Xiong, Li; Pei, Jian

    2017-04-01

    Outsourcing data and computation to cloud server provides a cost-effective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and efficient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multi-criteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semantically-secure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of efficiency and scalability under different parameter settings, verifying the feasibility of our proposed solutions.

  8. Security Administration Reports Application

    Data.gov (United States)

    Social Security Administration — Contains SSA Security Reports that allow Information Security Officers (ISOs) to access, review and take appropriate action based on the information contained in the...

  9. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  10. Quantitative analysis of the security performance in wireless LANs

    Directory of Open Access Journals (Sweden)

    Poonam Jindal

    2017-07-01

    Full Text Available A comprehensive experimental study to analyze the security performance of a WLAN based on IEEE 802.11 b/g/n standards in various network scenarios is presented in this paper. By setting-up an experimental testbed we have measured results for a layered security model in terms of throughput, response time, encryption overheads, frame loss and jitter. Through numerical results obtained from the testbed, we have presented quantitative as well as realistic findings for both security mechanisms and network performance. It establishes the fact that there is always a tradeoff between the security strength and the associated network performance. It is observed that the non-roaming network always performs better than the roaming network under all network scenarios. To analyze the benefits offered by a particular security protocol a relative security strength index model is demonstrated. Further we have presented the statistical analysis of our experimental data. We found that different security protocols have different robustness against mobility. By choosing the robust security protocol, network performance can be improved. The presented analysis is significant and useful with reference to the assessment of the suitability of security protocols for given real time application.

  11. Authentication Protocols for Internet of Things: A Comprehensive Survey

    Directory of Open Access Journals (Sweden)

    Mohamed Amine Ferrag

    2017-01-01

    Full Text Available In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1 Machine to Machine Communications (M2M, (2 Internet of Vehicles (IoV, (3 Internet of Energy (IoE, and (4 Internet of Sensors (IoS. Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed.

  12. Quantum-key-distribution protocol with pseudorandom bases

    Science.gov (United States)

    Trushechkin, A. S.; Tregubov, P. A.; Kiktenko, E. O.; Kurochkin, Y. V.; Fedorov, A. K.

    2018-01-01

    Quantum key distribution (QKD) offers a way for establishing information-theoretical secure communications. An important part of QKD technology is a high-quality random number generator for the quantum-state preparation and for post-processing procedures. In this work, we consider a class of prepare-and-measure QKD protocols, utilizing additional pseudorandomness in the preparation of quantum states. We study one of such protocols and analyze its security against the intercept-resend attack. We demonstrate that, for single-photon sources, the considered protocol gives better secret key rates than the BB84 and the asymmetric BB84 protocols. However, the protocol strongly requires single-photon sources.

  13. Performance Analysis of Untraceability Protocols for Mobile Agents Using an Adaptable Framework

    OpenAIRE

    LESZCZYNA RAFAL; GORSKI Janusz Kazimierz

    2006-01-01

    Recently we had proposed two untraceability protocols for mobile agents and began investigating their quality. We believe that quality evaluation of security protocols should extend a sole validation of their security and cover other quality aspects, primarily their efficiency. Thus after conducting a security analysis, we wanted to complement it with a performance analysis. For this purpose we developed a performance evaluation framework, which, as we realised, with certain adjustments, can ...

  14. Nuclear security

    International Nuclear Information System (INIS)

    1991-07-01

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  15. Secure Two-Party Computation with Low Communication

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Kölker, Jonas; Faust, Sebastian

    2012-01-01

    We propose a 2-party UC-secure protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic in the size...... on the knowledge of exponent in an RSA group, and build succinct zero-knowledge arguments in the CRS model....

  16. Security seal

    Science.gov (United States)

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  17. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  18. Secure Multicast Routing Algorithm for Wireless Mesh Networks

    Directory of Open Access Journals (Sweden)

    Rakesh Matam

    2016-01-01

    Full Text Available Multicast is an indispensable communication technique in wireless mesh network (WMN. Many applications in WMN including multicast TV, audio and video conferencing, and multiplayer social gaming use multicast transmission. On the other hand, security in multicast transmissions is crucial, without which the network services are significantly disrupted. Existing secure routing protocols that address different active attacks are still vulnerable due to subtle nature of flaws in protocol design. Moreover, existing secure routing protocols assume that adversarial nodes cannot share an out-of-band communication channel which rules out the possibility of wormhole attack. In this paper, we propose SEMRAW (SEcure Multicast Routing Algorithm for Wireless mesh network that is resistant against all known active threats including wormhole attack. SEMRAW employs digital signatures to prevent a malicious node from gaining illegitimate access to the message contents. Security of SEMRAW is evaluated using the simulation paradigm approach.

  19. Controlled Delegation Protocol in Mobile RFID Networks

    Directory of Open Access Journals (Sweden)

    Yang MingHour

    2010-01-01

    Full Text Available To achieve off-line delegation for mobile readers, we propose a delegation protocol for mobile RFID allowing its readers access to specific tags through back-end server. That is to say, reader-tag mutual authentication can be performed without readers being connected to back-end server. Readers are also allowed off-line access to tags' data. Compared with other delegation protocols, our scheme uniquely enables back-end server to limit each reader's reading times during delegation. Even in a multireader situation, our protocol can limit reading times and reading time periods for each of them and therefore makes back-end server's delegation more flexible. Besides, our protocol can prevent authorized readers from transferring their authority to the unauthorized, declining invalid access to tags. Our scheme is proved viable and secure with GNY logic; it is against certain security threats, such as replay attacks, denial of service (DoS attacks, Man-in-the-Middle attacks, counterfeit tags, and breaches of location and data privacy. Also, the performance analysis of our protocol proves that current tags can afford the computation load required in this scheme.

  20. Practical Secure Computation with Pre-Processing

    DEFF Research Database (Denmark)

    Zakarias, Rasmus Winther

    Secure Multiparty Computation has been divided between protocols best suited for binary circuits and protocols best suited for arithmetic circuits. With their MiniMac protocol in [DZ13], Damgård and Zakarias take an important step towards bridging these worlds with an arithmetic protocol tuned...... space for pre-processing material than computing the non-linear parts online (depends on the quality of circuit of course). Surprisingly, even for our optimized AES-circuit this is not the case. We further improve the design of the pre-processing material and end up with only 10 megabyes of pre...... a protocol for small field arithmetic to do fast large integer multipli- cations. This is achieved by devising pre-processing material that allows the Toom-Cook multiplication algorithm to run between the parties with linear communication complexity. With this result computation on the CPU by the parties...

  1. Biometrics based authentication scheme for session initiation protocol.

    Science.gov (United States)

    Xie, Qi; Tang, Zhixiong

    2016-01-01

    Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

  2. Security studies

    International Nuclear Information System (INIS)

    Venot, R.

    2001-01-01

    Full text: Security studies constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control Nuclear Material against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of NM. The paper presents the context of security studies carried out in France. The philosophy of these studies is based on a postulated unauthorized removal of NM and the study of the behavior of the systems implemented to control and protect NM in a facility. The potential unauthorized removal of NM usually may take place in two stages. The first stage involves the sequence leading to handling of the NM. It occurs inside the physical barriers of a facility and may include action involving the documents corresponding to Material Control and Accounting systems. At this stage it is possible to limit the risk of unauthorized removal of NM by means of detection capabilities of the MC and A systems. The second stage is more specific to theft and involves removing the NM out of the physical barriers of a facility in which they are being held, notably by affecting the Physical Protection System. Operators have to study, from a quantity and time lapse point of view, the ability of the installed systems to detect unauthorized removal, as well as the possibility of tampering with the systems to mask unlawful operations. Operators have also to analyze the sequences during which NM are accessed, removed from their containment and further removed from the facility in which they are stored. At each stage in the process, the probability of detection and the time taken to carry out the above actions have to be estimated. Of course, these two types of studies complement each other. Security studies have begun, in France, for more than fifteen years. Up to now more than fifty security studies are available in the

  3. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  4. Scalable and Unconditionally Secure Multiparty Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Nielsen, Jesper Buus

    2007-01-01

    We present a multiparty computation protocol that is unconditionally secure against adaptive and active adversaries, with communication complexity O(Cn)k+O(Dn^2)k+poly(nk), where C is the number of gates in the circuit, n is the number of parties, k is the bit-length of the elements of the field...... over which the computation is carried out, D is the multiplicative depth of the circuit, and κ is the security parameter. The corruption threshold is t passive security the corruption threshold is t 

  5. Deciding Security for a Fragment of ASLan

    DEFF Research Database (Denmark)

    Mödersheim, Sebastian Alexander

    situations in security such as the interaction between the work ow of a system with its access control policies. While even the transition relation is undecidable for ASLan in general, we show the security problem is decidable for a large and useful fragment that we call TASLan, as long as we bound...... the number of steps of honest participants. The restriction of TASLan is that all messages and predicates must be in a certain sense unambiguous in their interpretation, excluding \\type-confusions" similar to some tagging results for security protocols....

  6. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  7. Agents Based e-Commerce and Securing Exchanged Information

    Science.gov (United States)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  8. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  9. Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems.

    Science.gov (United States)

    Li, Chun-Ta; Shih, Dong-Her; Wang, Chun-Cheng

    2018-04-01

     With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated.  Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks.  The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS.  We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features

  10. Convention on the establishment of a security control in the field of nuclear energy. Protocol on the tribunal established by the convention on the establishment of a security control in the field of nuclear energy; Convention sur l'etablissement d'un controle de securite dans le domaine de l'energie nucleaire. Protocole relatif au tribunal cree par la Convention sur l'etablissement d'un controle de securite dans le domaine de l'energie nucleaire

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1957-12-20

    The governments of Germany, Austria, Belgium, Denmark, France, Greece, Ireland, Iceland, Italy, Luxembourg, Norway, Netherlands, Portugal, United Kingdom, Sweden, Switzerland and Turkey, having resolved to promote the development of the production and uses of nuclear energy in the Member countries of the Organisation for European Economic Co-operation between these countries and the harmonisation of national measures; considering that the joint action undertaken to this end in the Organisation is intended to develop the European nuclear industry for purely peaceful ends and must not further any military purpose; considering that at its meeting of' 18 July, 1956, the Council of the Organisation decided to establish to this effect an international security control; considering that by a Decision dated this day the Council has established, within the Organisation, a European Nuclear Energy Agency with the task of pursuing the joint action undertaken; have agreed the present convention. The governments party to the Convention, desirous of determining in accordance with Article 12 of the Convention the organisation of the Tribunal established by the said Article and the status of its judges; have agreed upon the provisions which are annexed to the Convention.

  11. The research and application of the NDP protocol vulnerability attack and the defense technology based on SEND

    Science.gov (United States)

    Xi, Huixing

    2017-05-01

    Neighbor discovery protocol (NDP) is the underlying protocol in the IPv6 protocol, which is mainly used to solve the problem of interconnection between nodes on the same link. But with wide use of IPV6, NDP becomes the main objects of a variety of attacks due to a lack of security mechanism. The paper introduces the working principle of the NDP and methods of how the SEND protocol to enhance NDP security defense. It also analyzes and summarizes the security threats caused by the defects of the protocol itself. On the basis of the SEND protocol, the NDP data packet structure is modified to enhance the security of the SEND. An improved NDP cheating defense technology is put forward to make up the defects of the SEND protocol which can't verify the correctness of the public key and cannot bind the MAC address.

  12. New Approaches to Practical Secure Two-Party Computation

    DEFF Research Database (Denmark)

    Nordholt, Peter Sebastian

    all practical protocols with malicious security were based on Yao’s garbled circuits. We report on an implementation of this protocol demonstrating its high efficiency. For larger circuits it evaluates 20000 Boolean gates per second. As an example, evaluating one oblivious AES encryption (around 34000...

  13. Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System.

    Science.gov (United States)

    Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Obaidat, Mohammad S

    2015-11-01

    In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

  14. Robust Quantum Secure Direct Communication over Collective Rotating Channel

    International Nuclear Information System (INIS)

    Qin Sujuan; Gao Fei; Wen Qiaoyan; Zhu Fuchen

    2010-01-01

    A quantum secure direct communication protocol over a collective rotating channel is proposed. The protocol encodes logical bits in noiseless subspaces, and so it can function over a quantum channel subjected to an arbitrary degree of collective rotating noise. Although entangled states are used, both the sender and receiver are only required to perform single-particle product measurement or Pauli operations. The protocol is feasible with present-day technique. (general)

  15. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  16. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  17. Multiparty-controlled quantum secure direct communication

    International Nuclear Information System (INIS)

    Xiu, X.-M.; Dong, L.; Gao, Y.-J.; Chi, F.

    2007-01-01

    A theoretical scheme of a multiparty-controlled quantum secure direct communication is proposed. The supervisor prepares a communication network with Einstein-Podolsky-Rosen pairs and auxiliary particles. After passing a security test of the communication network, a supervisor tells the users the network is secure and they can communicate. If the controllers allow the communicators to communicate, the controllers should perform measurements and inform the communicators of the outcomes. The communicators then begin to communicate after they perform a security test of the quantum channel and verify that it is secure. The recipient can decrypt the secret message in a classical message from the sender depending on the protocol. Any two users in the network can communicate through the above processes under the control of the supervisor and the controllers

  18. Secure Path Selection under Random Fading

    Directory of Open Access Journals (Sweden)

    Furqan Jameel

    2017-05-01

    Full Text Available Application-oriented Wireless Sensor Networks (WSNs promises to be one of the most useful technologies of this century. However, secure communication between nodes in WSNs is still an unresolved issue. In this context, we propose two protocols (i.e. Optimal Secure Path (OSP and Sub-optimal Secure Path (SSP to minimize the outage probability of secrecy capacity in the presence of multiple eavesdroppers. We consider dissimilar fading at the main and wiretap link and provide detailed evaluation of the impact of Nakagami-m and Rician-K factors on the secrecy performance of WSNs. Extensive simulations are performed to validate our findings. Although the optimal scheme ensures more security, yet the sub-optimal scheme proves to be a more practical approach to secure wireless links.

  19. Computer-aided proofs for multiparty computation with active security

    DEFF Research Database (Denmark)

    Spitters, Bas

    2018-01-01

    public-key encryption, signatures, garbled circuits and differential privacy. Here we show for the first time that it can also be used to prove security of MPC against a malicious adversary. We formalize additive and replicated secret sharing schemes and apply them to Maurer’s MPC protocol for secure...

  20. The use of crypto-analysis techniques for securing internet ...

    African Journals Online (AJOL)

    ... recommended to be combined with other techniques, such as client-side software, data transaction protocols, web server software, and the network server operating system involved in handling e-commerce, for securing internet transaction. This recommendation will invariable ensure that internet transaction is secured.