Copyright Notice

This document specifies a set of cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher. It amends the cipher suites originally specified in RFC 4132 by introducing counterparts using the newer cryptographic hash algorithms from the SHA-2 family. This document obsoletes RFC 4132. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by th

Vulnerability-Tolerant Transport Layer Security

SSL/TLS communication channels play a very important role in Internet security, including cloud computing and server infrastructures. There are often concerns about the strength of the encryption mechanisms used in TLS channels. Vulnerabilities can lead to some of the cipher suites once thought to be secure to become insecure and no longer recommended for use or in urgent need of a software update. However, the deprecation/update process is very slow and weeks or months can go by before most web servers and clients are protected, and some servers and clients may never be updated. In the meantime, the communications are at risk of being intercepted and tampered by attackers. In this paper we propose an alternative to TLS to mitigate the problem of secure commu- nication channels being susceptible to attacks due to unexpected vulnerabilities in its mechan- isms. Our solution, called Vulnerability-Tolerant Transport Layer Security (vtTLS), is based on diversity and redundancy of cryptographic mechanisms and certificates to ensure a secure communication even when one or more mechanisms are vulnerable. Our solution relies on a combination of k cipher suites which ensure that even if k ? 1 cipher suites are insecure or vul- nerable, the remaining cipher suite keeps the communication channel secure. The performance and cost of vtTLS were evaluated and compared with OpenSSL, one of the most widely used implementations of TLS

Towards a Secure Smart Grid Storage Communications Gateway

This research in progress paper describes the role of cyber security measures undertaken in an ICT system for integrating electric storage technologies into the grid. To do so, it defines security requirements for a communications gateway and gives detailed information and hands-on configuration advice on node and communication line security, data storage, coping with backend M2M communications protocols and examines privacy issues. The presented research paves the road for developing secure smart energy communications devices that allow enhancing energy efficiency. The described measures are implemented in an actual gateway device within the HORIZON 2020 project STORY, which aims at developing new ways to use storage and demonstrating these on six different demonstration sites.Comment: 6 pages, 2 figure

Informática forense: auditoría de seguridad

En este proyecto se muestra el proceso de realización de una auditoría de seguridad a una red empresarial para cumplir con la normativa establecida para los organismos oficiales del estado. Debido a que para la realización de la auditoría se debe contar con una red empresarial, también se realiza el diseño e implementación de la misma. Por lo tanto el presente proyecto consta de dos partes bien diferenciadas. En la primera parte del proyecto, se parte de una política establecida por una empresa para realizar el diseño de la red y su posterior implantación. A lo largo de la misma, se explican los diferentes procedimientos realizados para la toma de decisiones. Posteriormente, partiendo del diseño establecido se realiza la implementación de la red empresarial explicando los diferentes programas utilizados y las configuraciones utilizadas. De esta manera, se realiza la implementación de la red para la realización de la auditoría. Una vez se cuenta con la red empresarial, se procede a la realización de la auditoría. En ésta se realiza, tanto una revisión de la normativa que se aplica a los organismos oficiales del estado, como una revisión de la seguridad de la empresa, tanto de la seguridad física como de las posibles vulnerabilidades existentes en los diferentes equipos. Para la realización de esta auditoría se utilizan las herramientas actuales como son Kali™ o Metasploit . Por último, se presenta un informe en el que se resumen los diferentes incumplimientos de la normativa y su solución, así como, un resumen de las diferentes brechas de seguridad existentes en la empresa. Este informe sería el informe a presentar a la empresa tras la realización de la auditoría para que corrija sus problemas de seguridad.This project shows the process of a security audit to a business net to accomplish the fulfilment of the official security normative. Due to a network is needed to make a security audit, the design of the net and its implementation would also be done. Therefore, the project consists of two distinct parts. In the first part of the project, it begins from a policy established by the company to realize the design and implementation of the network. Along this part, the different procedures to take decisions are explained. Later, starting with the established design the implementation of the network is realized, showing the different programs and configurations used. In this way, the implementation of the net is done preparing it to the security audit. Once a business network have been design, it proceed to the security audit realization. On the security audit it realizes a normative revision and a business security revision, reviewing both physical security and possible vulnerabilities. For this realization some actual auditing tools will be used such as Kali™ or Metasploit . In the end, it presents a report where it resume the different violations of the normative and its solution, as well as, an abstract with the different security breaches that exist on the company. This report would be the one that will be given to the client company after the security audit, so it can solves its security breaches

Developed security and privacy algorithms for cyber physical system

Cyber-physical system (CPS) is a modern technology in the cyber world, and it integrates with wireless sensor network (WSN). This system is widely used in many applications such as a smart city, greenhouse, healthcare, and power grid. Therefore, the data security and integrity are necessary to ensure the highest level of protection and performance for such systems. In this paper, two sides security system for cyber-physical level is proposed to obtain security, privacy, and integrity. The first side is applied the secure sockets layer (SSL)/transport layer security (TLS) encryption protocol with the internet of things (IoT) based message queuing telemetry transport (MQTT) protocol to secure the connection and encrypt the data exchange between the system's parties. The second side proposes an algorithm to detect and prevent a denial of service (DoS) attack (hypertext transfer protocol (HTTP) post request) on a Web server. The experiment results show the superior performance of the proposed method to secure the CPS by detecting and preventing the cyber-attacks, which infect the Web servers. They also prove the implementation of security, privacy and integrity aspects on the CPS

Supporting NAT traversal and secure communications in a protocol implementation framework

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para obtenção do Grau de Mestre em Engenharia Electrotécnica e de ComputadoresThe DOORS framework is a versatile, lightweight message-based framework developed in ANSI C++. It builds upon research experience and subsequent knowledge garnered from the use and development of CVOPS and OVOPS, two well known protocol development frameworks that have obtained widespread acceptance and use in both the Finnish industry and academia. It conceptually resides between the operating system and the application, and provides a uniform development environment shielding the developer from operating system speci c issues. It can be used for developing network services, ranging from simple socket-based systems, to protocol implementations, to CORBA-based applications and object-based gateways. Originally, DOORS was conceived as a natural extension from the OVOPS framework to support generic event-based, distributed and client-server network applications. However, DOORS since then has evolved as a platform-level middleware solution for researching the provision of converged services to both packet-based and telecommunications networks, enterprise-level integration and interoperability in future networks, as well as studying application development, multi-casting and service discovery protocols in heterogeneous IPv6 networks. In this thesis, two aspects of development work with DOORS take place. The rst is the investigation of the Network Address Translation (NAT) traversal problem to give support to applications in the DOORS framework that are residing in private IP networks to interwork with those in public IP networks. For this matter this rst part focuses on the development of a client in the DOORS framework for the Session Traversal Utilities for NAT (STUN) protocol, to be used for IP communications behind a NAT. The second aspect involves secure communications. Application protocols in communication networks are easily intercepted and need security in various layers. For this matter the second part focuses on the investigation and development of a technique in the DOORS framework to support the Transport Layer Security (TLS) protocol, giving the ability to application protocols to rely on secure transport layer services

PRISEC: Comparison of Symmetric Key Algorithms for IoT Devices

With the growing number of heterogeneous resource-constrained devices connected to the Internet, it becomes increasingly challenging to secure the privacy and protection of data. Strong but efficient cryptography solutions must be employed to deal with this problem, along with methods to standardize secure communications between these devices. The PRISEC module of the UbiPri middleware has this goal. In this work, we present the performance of the AES (Advanced Encryption Standard), RC6 (Rivest Cipher 6), Twofish, SPECK128, LEA, and ChaCha20-Poly1305 algorithms in Internet of Things (IoT) devices, measuring their execution times, throughput, and power consumption, with the main goal of determining which symmetric key ciphers are best to be applied in PRISEC. We verify that ChaCha20-Poly1305 is a very good option for resource constrained devices, along with the lightweight block ciphers SPECK128 and LEA.info:eu-repo/semantics/publishedVersio