Theses and Dissertations

Permanent URI for this collectionhttp://ir.daiict.ac.in/handle/123456789/1

Browse

Has files: YesSubject: search.filters.subject.Security measures

Search Results

Now showing 1 - 10 of 11
  • Thumbnail Image
    ItemOpen Access
    Enhancement of misbehavior detection scheme for vehicular ad-hoc networks
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2012) Jain, Shefali; Mathuria, Anish M.
    Vehicular ad hoc networks (VANETs) will facilitate various safety and non-safety applications to be deployed in the future. A vehicle in a VANET can misbehave by sending false or inaccurate information to other vehicles. Detection of such misbehavior is an important research problem. In this thesis, we study and improve an existing scheme for misbehavior detection. In that scheme, if a vehicle X generates an incorrect alert, then the nearby vehicles report the misbehavior of X to Road side unit (RSU). Upon receiving such a report, RSU imposes a fine on vehicle X. It is possible for a malicious vehicle to send a false report implicating X, even if X has generated a correct alert. As a result, the RSU may inadvertently fine an honest vehicle, potentially discouraging it from sending true alerts in the future. In this thesis, we propose a modified RSU detection algorithm to avoid honest vehicles from being fined due to malicious reports. We perform a simulation of the modified scheme and show that it identifies misbehaving vehicles with high accuracy
  • Thumbnail Image
    ItemOpen Access
    Modeling and detecting attacks against key agreement protocols
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2012) Yadav, Anshu; Mathuria, Anish M.
    Key agreement protocols establish a shared secret key between two or more communicating parties willing to exchange data over insecure channels using symmetric key cryptography. Based on the number of members involved in the communication these protocols can be classied as a two party or group key agreement protocols. Various formal methods are available in the literature to analyze the security of such protocols. This helps in establishing the validity of any attacks, if found, or to prove the security of the protocols under given adversarial assumptions. In this thesis we analyze the security of several existing two party and group key agreement protocols. We used provable security models like eCK'08 and enhanced eCK and the DS model given as an algebraic approach by Delicata and Schneider to analyze a class of DH based key agreement protocols. The distinguishing feature of key agreement protocols from key transport protocols is that the former aims to ensure the contribution of all the honest participants so that no one can predetermine the key. In a poorly designed protocol, an insider adversary can control the key in different forms as dened by Pieprzyk and Wang. This type of attack is termed as key control. We also dene ephemeral key control w.r.t. dishonest insider where it is assumed that the adversary also knows the ephemeral secret of the victim honest participants. This assumption is based on several advanced attributes that assume ephemeral leakage. We analyze this attack on MTI protocols using DS model. We have shown weakness in some provably secure two party implicitly authenticated protocols and modeled the attacks in provable security model. We also analyzed key control in some group key agreement protocols. We have used the DS model to formally derive an attack shown by Pieprzyk on Burmester-Desmedt protocol and have also proposed attacks on static version of the group key agreement protocol proposed by Dutta and Barua.
  • Thumbnail Image
    ItemOpen Access
    Collusion resistant fingerprinting
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Juneja, Sandeep; Raval, Mehul S.
    Digital watermarking is used to carry information by embedding information into the cover data in a perceptually visible or non visible manner. In today's sea of digital information, there are many problems associated like identi cation of the owner of content, and detection of authorized content receivers. Digital ngerprinting, one of the application of watermarking, is one way to detect authorized content receivers from illegally redistributed media. One powerful scheme to broke digital ngerprint scenario is `collusion attack' in which users share information to remove their embed- ded ngerprint. In this research work, we have proposed a ngerprint technique that is robust against average collusion attack and has capability to trace colluders for images. Independent ngerprints are randomly generated using independent and identically distributed (IID) Gaussian source. We proposed two schemes. In rst scheme, n- gerprints were embedded using additive embedding rule and spread spectrum (SS) technique. This scheme is based on embedding ngerprint in di erent block of discrete cosine transformation (DCT). In second, ngerprints were embedded in independent components (ICs) generated by applying independent component analysis (ICA) on cover image. In both schemes, we used non-blind watermarking and correlation based detector. The result shows that the schemes are robust against average collusion at- tack.
  • Thumbnail Image
    ItemOpen Access
    Secure data delivery in mobile ad hoc network using multiple paths
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Maheshwari, Mayur; Das, Manik Lal
    A mobile ad hoc network (MANET) is a self configurable, self organized, infrastructure less multi hop mobile wireless network.Characteristics of ad hoc network make security a critical issue i.e. any node can join the network without revealing its presence as well as any node can behave in either a passive way (eavesdropping the message) or in an active way (manipulating the message, signal interference or jamming the network). When a node has some confidential information needed to transmit to other node, it needs some secure data delivery protocols such that, information can reach to intended node confidentially without tempered. We have studied two secure data delivery protocols namely SPREAD and Xia et al‟s scheme. These protocols focus on how to deliver a secret message over insecure MANET using multiple paths. These protocols provide confidentiality and robustness but don‟t focus on authentication and integrity. Due to the lack of authentication, any node can impersonate the good node or the intermediate node can manipulate message and no one can detect this misbehaviour. We have proposed a scheme that aims to provide confidentiality, authentication, and robustness for a message when they are delivered across the insecure MANET. We have used the concept of SPREAD, where message transforms into multiple shares and then delivers the shares via multiple independent paths to the destination, so that if a small number of nodes that are used to relay the message shares are compromised, the whole message is not compromised. We are using basic idea of TESLA to provide authentication. Finally, when we analyzed our proposed protocol and compared it with SPREAD. Our analysis showed that the proposed scheme provides all basic security objectives as well as it protects against data tempering, impersonation, replay and known session key attacks.
  • Thumbnail Image
    ItemOpen Access
    Wireless LAN 802.11 security using elliptic curve cryptography
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Singh, Saurabh; Das, Manik Lal
    IEEE 802.11 is a standard defines the specification of Wireless Local Area Network (WLAN), came into existence in 1997. As communication medium is wireless, security is a major concern to protect the data from adversary. Existing WLAN security is primarily based on Symmetric Key Cryptography (SKC). But, major disadvantage with SKC is establishment of secret key for secure data delivery. Public key cryptography(PKC) has many advantages over Symmetric key cryptography like key management key distribution over insecure channel etc. However, PKC requires a large key size in comparison to SKC to provide same level of security. This makes PKC costly operation and not suitable for the environment like WLAN where limited memory is available for WLAN devices. In recent years, Elliptic Curve Cryptography (ECC) has gained a lot of attention from research communities, because ECC seems to promise simillar or a better level of security with smaller key size in comparison with conventional PKC (e.g. RSA, DSS). These features make them workable under constraint environment. In this thesis, we have studied the security evolution of WLAN 802.11 with Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). We have observed some limitations of WEP and WPA. We, then, present a new protocol using ECC for mutual authentication and session key establishment. We compare our protocol with simillar protocols for wireless security and show that the proposed protocol is efficient w.r.t. space, bandwidth and computational cost at Client side. The security analysis of proposed protocol shows that it may achieve forward secrecy with respect to Client, joint key control, key integrity and resists guessing, replay, impersonantion attacks. A thorough forrmal security analysis is required to be done.
  • Thumbnail Image
    ItemOpen Access
    Performance evaluation of kerberos cross-realm authentication using SIMNET
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Sethi, Ankit Kumar; Mathuria, Anish M.
    Today, the network is being implemented in such a manner that consist of geographi- cally diverse clients and distributed as well as centralized servers. To prevent unauthorized access to system resources such as servers, authentication is required. Kerberos is a trusted third party network authentication protocol which securely authenticates the users over insecure communication channel. Due to change in requirements and better utilization of resources, the client and server may reside across organizational boundary. To access such resources, a user has to authenticate itself. Cross-realm authentication is such a technique which facilitates authentication across the realms. In Cross-realm authentication, initially a user has to authenticate to it local Authentication Server (AS) and get the credentials. Acquired credentials are used to authenticate the user to the application server which resides over destination realm. Crescenzo and Kornievskaia designed an e cient protocol for cross-realm authentica- tion that decreases communication over the internet. They considered an extension to the original Kerberos protocol that enables cross-realm operations, identi ed its ine ciencies and proposed an alternative protocol called Fake Ticket Protocol (FTP). In FTP, local AS generates a ticket for the user to access the application server in destination realm and instead of sending it to destination AS, it is forwarded to the application server directly by user. Because application server cannot determine the legitimacy of ticket, it was named as Fake Ticket and so the protocol as Fake Ticket Protocol. Simnet is a network simulator which provides the functionality to simulate network security protocols. Using Simnet, we implemented Kerberos and FTP with their full capabilities. The aim of this thesis is to do the performance evaluation of the kerberos protocol vi and Fake Ticket Protocol for the Cross-Realm approach using Simnet. The simulation results show that in the scenario where a client repeatedly authen ticates to a stateless server using the same ticket, the original Kerberos cross-realm protocol performs better than FTP. In the case that the client authenticates to the server only once, FTP does better.
  • Thumbnail Image
    ItemOpen Access
    Queueing-theoretic framework for perfermance analysis of mobile ad hoc networks with finite buffer nodes
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Shah, Sapan; Lenin, R. B.; Srivastava, Sanjay
    Wireless Ad Hoc network is a decentralized wireless network which allows nodes to join and create networks without any infrastructure. These kinds of networks are advantageous because they can be readily deployed anywhere, anytime. Mobile Ad Hoc Network (MANET) is a special type of ad hoc network where nodes are mobile. Due to mobility of the nodes, network topology may change rapidly and unpredictably. MANETs are expected to plat a vital role in a variety of applications and are therefore studied extensively. It is imperative to analyze these networks, to assess the suitability of their use in different scenarios and to identify the techniques to improve their performance. In last few years, many models have been proposed to analyze MANETs. Many of then have an unrealistic assumption of an infinite buffer in each node. Moreover, in MANETs, as nodes are mobile, a packet may revisit the same node which creates feedback loops of a packet. These loops make modeling and analysis of MANETs difficult as the network becomes cyclic. This work analyzes MANET with finite buffer nodes. Open finite queuing network with gated queue, intermittent links and servers is used. The expansion method technique has been used to study the open finite queuing network with stable links and servers. We modify the method for intermittency. Numerical results are derived and compared with simulation results to show effectiveness of the method.
  • Thumbnail Image
    ItemOpen Access
    Web services policy in grid
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Desai, Amee Anilbhai; Chaudhary, Sanjay
    Service-oriented computing enables service providers to publish their business functionalities in the form of abstract contracts, which can be discovered by service consumers based on open and standard protocols. Enterprise may be running a number of multiple business processes in parallel, which may require different services to fulfil the functionality. There are number of factors that both service provider and service consumer should consider before they interact with each other. Web services standards are used for acquiring interoperability among services for large scale adoption of architecture. In Web service selection phase without the use of policy, a service consumer selects the Web service which matches the functional requirements. For satisfying non-functional requirements of a service consumer, policy is used in Web service selection phase. This thesis proposes an approach and architecture to select Web services based on WS-Policy in grid. Service selection depends on metadata and policy. There is a need for dynamic selection services based on runtime environment such as content (semantics), and contract (policy). This thesis proposes an approach and architecture for dynamic selection of services based on policy and semantic .To provide better search, query, composition, and management, there is a need for mechanism to group these services based on the requirements of clients and business processes. This thesis proposes context and location based approach for service grouping and group notification. Context and location provide powerful mechanism for the better search, query, grouping and group notification to the services, and it allows customization based on user preferences, role, and location to improve personalization. The thesis proposes context and location driven grid business process to aggregate information from multiple sources according to the preferences of clients. A policy based service grouping approach is used to aggregate services. For achieving location driven approach, this thesis develops virtual organization and for specifying preferences in virtual organization, a policy is used.
  • Thumbnail Image
    ItemOpen Access
    Improvement of tagged architecture for preventing software vulnerabilities
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Shah, Tejaskumar; Mathuria, Anish M.
    In spite of the many defense techniques, software vulnerabilities like buffer overflow, format string vulnerability and integer vulnerability is still exploited by attackers. These software vulnerabilities arise due to programming mistakes which allows security bugs to be exploited. Buffer overflow occurs when buffer is given more data than the capacity of it. Format string vulnerability arises when data supplied by attacker is passed to formatting functions as format string argument. Integer vulnerability occurs when program evaluates an integer to unexpected value due to integer overflows, underflows, truncation errors or signed conversion errors. The hardware based solution called tagged architecture protects a system against mentioned vulnerabilities. In tagged architecture, each memory byte is appended with one tag bit to mark data that comes from I/O. Whenever I/O supplied data is used to transfer control of a system or to access memory, an alert is raised and program is terminated. This thesis proposes a weakness of tagged architecture by finding false positives and false negatives on it. It also proposes the improvements to the tagged architecture to avoid found false positives on it. The prototype implementation of improved tagged architecture is done in SimpleScalar simulator. The SimpleScalar simulator is a architectural simulator. The security evaluation is done for tagged architecture and improved tagged architecture through benchmarks and synthetic vulnerable programs.
  • Thumbnail Image
    ItemOpen Access
    Security analysis of two fair exchange protocols
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2007) Gahlot, Jai; Mathuria, Anish M.
    E-commerce applications enable two parties to exchange digital items electronically. It is critical for such applications that the underlying protocols ensure the fairness requirement: no honest participant should suffer any loss of significant value. It is important to verify that an e-commerce protocol satisfies its fairness goal. Formal methods such as model checking can be helpful in this regard. To this end, it is essential to develop a model of the protocol under realistic assumptions. Using the NetBill protocol as an example this work shows how improper modelling can lead to incorrect claims about the protocol. It also shows how a carefully developed formal model can be successfully used to discover previously unknown flaws in an existing protocol.