Theses and Dissertations

Permanent URI for this collectionhttp://ir.daiict.ac.in/handle/123456789/1

Browse

Subject: search.filters.subject.Computer security

Search Results

Now showing 1 - 10 of 15
  • Thumbnail Image
    ItemOpen Access
    Automatic Compact Alphanumeric Encoding of Shellcode
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2016) Patel, Arohi; Anish Mathuria
    Shellcode is a machine code that is injected in the form of a string to exploit buffer overflows. It generally contains non-ASCII bytes as not all machine instructions have their encoding bytes in ASCII range. To mitigate shellcode injection, there are some filtering techniques that only accepts set of ASCII bytes as an input string. Alphanumeric shellcode helps attackers to bypass this filtering. It is a tedious task to generate alphanumeric shellcode manually from any arbitrary shellcode. There exist tools to automate this process. Existing tools to automatically generate alphanumeric shellcode works as follows : the bytes of shellcode are placed in encoded form and then recovered at runtime using selfmodifying code (also called as decoder). The alphanumeric shellcode generated using such tools has a larger size than original shellcode. The small shellcodes are useful as they fit into the small buffers and are more useful when there is a size restriction on input string. In this work, we present optimization techniques that focuses on optimizing the encoded form as well as decoding loop. One of the technique named as Dynamic Encoding, results into compact size of encodedshellcode, while another technique - Generating Alphanumeric Decoder - focuses onmaking decoding loop more compact. And by combining these two techniques,it produces more compact alphanumeric shellcode (decoder + encoded shellcode)than existing schemes for some shellcode with larger size (greater than 200 bytes).However, the size of output is bigger for some small shellcodes due to larger sizeof decoding loop.
  • Thumbnail Image
    ItemOpen Access
    Multipath verification defense against SSL stripping attack
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2013) Arora, Sunil; Mathuria, Anish M.
    SSL stripping attack is a man- in- the- middle attack which poses a serious threat to the security of secure socket layer protocol. In SSL stripping attack the attacker has ability to downgrade security of SSL protected connection, and view web traffic of the user in clear text. The attack is based on the fact that user rarely request for secure connection explicitly but rely on the web server to redirect them to secure version of the particular website. An attacker, after becoming man- in- the- middle can suppress such messages and provide the user with stripped version of the requested website and forcing him to communicate over insecure HTTP channel. There are several solutions recently proposed to solve the problem of SSL stripping attack, however all solutions have some limitations. In this thesis work we address the limitations of the existing solutions and proposed a new method using idea of multipath verification to detect SSL stripping attack. We establish multiple connection with the remote server using alternate paths, and compare security of them (server support HTTP or HTTPS). We accept the connection with the remote server if securities of the connection established over various paths match, otherwise we block the connection.
  • Thumbnail Image
    ItemOpen Access
    Modeling and detecting attacks against key agreement protocols
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2012) Yadav, Anshu; Mathuria, Anish M.
    Key agreement protocols establish a shared secret key between two or more communicating parties willing to exchange data over insecure channels using symmetric key cryptography. Based on the number of members involved in the communication these protocols can be classied as a two party or group key agreement protocols. Various formal methods are available in the literature to analyze the security of such protocols. This helps in establishing the validity of any attacks, if found, or to prove the security of the protocols under given adversarial assumptions. In this thesis we analyze the security of several existing two party and group key agreement protocols. We used provable security models like eCK'08 and enhanced eCK and the DS model given as an algebraic approach by Delicata and Schneider to analyze a class of DH based key agreement protocols. The distinguishing feature of key agreement protocols from key transport protocols is that the former aims to ensure the contribution of all the honest participants so that no one can predetermine the key. In a poorly designed protocol, an insider adversary can control the key in different forms as dened by Pieprzyk and Wang. This type of attack is termed as key control. We also dene ephemeral key control w.r.t. dishonest insider where it is assumed that the adversary also knows the ephemeral secret of the victim honest participants. This assumption is based on several advanced attributes that assume ephemeral leakage. We analyze this attack on MTI protocols using DS model. We have shown weakness in some provably secure two party implicitly authenticated protocols and modeled the attacks in provable security model. We also analyzed key control in some group key agreement protocols. We have used the DS model to formally derive an attack shown by Pieprzyk on Burmester-Desmedt protocol and have also proposed attacks on static version of the group key agreement protocol proposed by Dutta and Barua.
  • Thumbnail Image
    ItemOpen Access
    Collusion resistant fingerprinting
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Juneja, Sandeep; Raval, Mehul S.
    Digital watermarking is used to carry information by embedding information into the cover data in a perceptually visible or non visible manner. In today's sea of digital information, there are many problems associated like identi cation of the owner of content, and detection of authorized content receivers. Digital ngerprinting, one of the application of watermarking, is one way to detect authorized content receivers from illegally redistributed media. One powerful scheme to broke digital ngerprint scenario is `collusion attack' in which users share information to remove their embed- ded ngerprint. In this research work, we have proposed a ngerprint technique that is robust against average collusion attack and has capability to trace colluders for images. Independent ngerprints are randomly generated using independent and identically distributed (IID) Gaussian source. We proposed two schemes. In rst scheme, n- gerprints were embedded using additive embedding rule and spread spectrum (SS) technique. This scheme is based on embedding ngerprint in di erent block of discrete cosine transformation (DCT). In second, ngerprints were embedded in independent components (ICs) generated by applying independent component analysis (ICA) on cover image. In both schemes, we used non-blind watermarking and correlation based detector. The result shows that the schemes are robust against average collusion at- tack.
  • Thumbnail Image
    ItemOpen Access
    Performance evaluation of kerberos cross-realm authentication using SIMNET
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2011) Sethi, Ankit Kumar; Mathuria, Anish M.
    Today, the network is being implemented in such a manner that consist of geographi- cally diverse clients and distributed as well as centralized servers. To prevent unauthorized access to system resources such as servers, authentication is required. Kerberos is a trusted third party network authentication protocol which securely authenticates the users over insecure communication channel. Due to change in requirements and better utilization of resources, the client and server may reside across organizational boundary. To access such resources, a user has to authenticate itself. Cross-realm authentication is such a technique which facilitates authentication across the realms. In Cross-realm authentication, initially a user has to authenticate to it local Authentication Server (AS) and get the credentials. Acquired credentials are used to authenticate the user to the application server which resides over destination realm. Crescenzo and Kornievskaia designed an e cient protocol for cross-realm authentica- tion that decreases communication over the internet. They considered an extension to the original Kerberos protocol that enables cross-realm operations, identi ed its ine ciencies and proposed an alternative protocol called Fake Ticket Protocol (FTP). In FTP, local AS generates a ticket for the user to access the application server in destination realm and instead of sending it to destination AS, it is forwarded to the application server directly by user. Because application server cannot determine the legitimacy of ticket, it was named as Fake Ticket and so the protocol as Fake Ticket Protocol. Simnet is a network simulator which provides the functionality to simulate network security protocols. Using Simnet, we implemented Kerberos and FTP with their full capabilities. The aim of this thesis is to do the performance evaluation of the kerberos protocol vi and Fake Ticket Protocol for the Cross-Realm approach using Simnet. The simulation results show that in the scenario where a client repeatedly authen ticates to a stateless server using the same ticket, the original Kerberos cross-realm protocol performs better than FTP. In the case that the client authenticates to the server only once, FTP does better.
  • Thumbnail Image
    ItemOpen Access
    Efficient ASIC implementation of advanced encryption standard
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Joshi, Ashwini Kumar; Nagchoudhuri, Dipankar
    In spite of the many defense techniques, software vulnerabilities like buffer overflow, format string vulnerability and integer vulnerability is still exploited by attackers. These software vulnerabilities arise due to programming mistakes which allows security bugs to be exploited. Buffer overflow occurs when buffer is given more data than the capacity of it. Format string vulnerability arises when data supplied by attacker is passed to formatting functions as format string argument. Integer vulnerability occurs when program evaluates an integer to unexpected value due to integer overflows, underflows, truncation errors or signed conversion errors. The hardware based solution called tagged architecture protects a system against mentioned vulnerabilities. In tagged architecture, each memory byte is appended with one tag bit to mark data that comes from I/O. Whenever I/O supplied data is used to transfer control of a system or to access memory, an alert is raised and program is terminated. This thesis proposes a weakness of tagged architecture by finding false positives and false negatives on it. It also proposes the improvements to the tagged architecture to avoid found false positives on it. The prototype implementation of improved tagged architecture is done in SimpleScalar simulator. The SimpleScalar simulator is a architectural simulator. The security evaluation is done for tagged architecture and improved tagged architecture through benchmarks and synthetic vulnerable programs.
  • Thumbnail Image
    ItemOpen Access
    Web services policy in grid
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Desai, Amee Anilbhai; Chaudhary, Sanjay
    Service-oriented computing enables service providers to publish their business functionalities in the form of abstract contracts, which can be discovered by service consumers based on open and standard protocols. Enterprise may be running a number of multiple business processes in parallel, which may require different services to fulfil the functionality. There are number of factors that both service provider and service consumer should consider before they interact with each other. Web services standards are used for acquiring interoperability among services for large scale adoption of architecture. In Web service selection phase without the use of policy, a service consumer selects the Web service which matches the functional requirements. For satisfying non-functional requirements of a service consumer, policy is used in Web service selection phase. This thesis proposes an approach and architecture to select Web services based on WS-Policy in grid. Service selection depends on metadata and policy. There is a need for dynamic selection services based on runtime environment such as content (semantics), and contract (policy). This thesis proposes an approach and architecture for dynamic selection of services based on policy and semantic .To provide better search, query, composition, and management, there is a need for mechanism to group these services based on the requirements of clients and business processes. This thesis proposes context and location based approach for service grouping and group notification. Context and location provide powerful mechanism for the better search, query, grouping and group notification to the services, and it allows customization based on user preferences, role, and location to improve personalization. The thesis proposes context and location driven grid business process to aggregate information from multiple sources according to the preferences of clients. A policy based service grouping approach is used to aggregate services. For achieving location driven approach, this thesis develops virtual organization and for specifying preferences in virtual organization, a policy is used.
  • Thumbnail Image
    ItemOpen Access
    Formal analysis of two standardized protocols using standard spaces
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Soni, Shraddha; Mathuria, Anish M.
    To achieve secure communication it is critical to provide protocols which are secure against attacks. Formal methods are helpful in finding whether or not a protocol is secure. The first formal method for this task, namely BAN logic was proposed by Burrows, Abadi and Needham. However, it is well known to have deficiencies. The most recent deficiency was found by Teepe who showed that the hash inference rule of BAN logic is unsound. This rule was first used in the analysis of CCITT by Burrows, Abadi and Needham. Later it was also used in the analysis of SET by Agray, Hoek and Vink. This thesis proposes a simple modification to the BAN hash rule to remove its unsoundness. We demonstrate that the modified rule captures the inference that the original rule intended to capture for the above protocols. The deficiency of BAN in proving security guarantees cannot be overcome by just modifying the rules. It would therefore be preferable to have proof of security using alternate methods which are more rigorous than BAN logic. To this end, we provide proofs of correctness of the above protocols using the strand space technique proposed by Fabrega, Herzog and Guttman.
  • Thumbnail Image
    ItemOpen Access
    Effect of channel asymmetry on reputation based cooperation mechanisms in mobile ad-hoc networks
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2008) Vasavada, Tejas; Srivastava, Sanjay
    Enforced cooperation among MANET nodes is an active research issue. In applications, where the users have different goals and there is no central authority to control them, users may become selfish. These nodes may not forward packets sent by others and thus affect the basic functionality of the network. One proposed class of protocols to handle such scenarios is based on reputation functions. In reputation based schemes, nodes maintain reputation values of other nodes. Reputation value of a node is high for nodes that forward the received packets and low otherwise. Nodes with very low reputation values are identified as selfish nodes and isolated from network operations. In such schemes, every node has to observe whether its neighbour is forwarding packets or not. A node after sending a packet to its neighbour to forward further, increases reputation of neighbour if it overhears the same packet from the neighbour. If it does not overhear the packet, reputation of neighbour is reduced. This is the basic method to observe whether neighbour node is cooperative or not. Here basic assumption is that the channel between two neighbour nodes is always symmetric. This assumption does not hold true due to two reasons: (1) Nodes are moving. Neighbour node may have forwarded the packet but by the time it forwards, either observing node or neighbour or both might move out of each others range. (2) Even if both are in each others range, due to multipath fading, observing node may not overhear the packets forwarded by neighbour node. Thus sometimes even honest nodes may be considered selfish and isolated due to this asymmetry. This reduces throughput of honest nodes. In this thesis work we have examined the probability of channel asymmetry as a function of ratio r(of inter node distance and transmission range), for given values of relative average velocity of nodes V and Ricean parameter K. Ricean parameter K represents type of the environment i.e. obstructed or unobstructed. We have proposed an enhancement of existing reputation protocol OCEAN. In the enhanced protocol, observing node probabilistically updates reputation of neighbour when it does not overhear. This probabilistic update takes into account probability of channel asymmetry. We have tried to minimize false positives, i.e. honest nodes being detected as selfish. We have shown through simulations that false negatives, i.e. selfish nodes being detected as honest, do not increase much. We have also shown that how false positives and false negatives change as degree of dishonesty of selfish nodes change. At last, we have shown that throughput levels of honest nodes in original OCEAN protocol and modified OCEAN protocol are almost same.
  • Thumbnail Image
    ItemOpen Access
    Security analysis of two fair exchange protocols
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2007) Gahlot, Jai; Mathuria, Anish M.
    E-commerce applications enable two parties to exchange digital items electronically. It is critical for such applications that the underlying protocols ensure the fairness requirement: no honest participant should suffer any loss of significant value. It is important to verify that an e-commerce protocol satisfies its fairness goal. Formal methods such as model checking can be helpful in this regard. To this end, it is essential to develop a model of the protocol under realistic assumptions. Using the NetBill protocol as an example this work shows how improper modelling can lead to incorrect claims about the protocol. It also shows how a carefully developed formal model can be successfully used to discover previously unknown flaws in an existing protocol.