6,156 research outputs found
Watchword-Oriented and Time-Stamped Algorithms for Tamper-Proof Cloud Provenance Cognition
Provenance is derivative journal information about the origin and activities
of system data and processes. For a highly dynamic system like the cloud,
provenance can be accurately detected and securely used in cloud digital
forensic investigation activities. This paper proposes watchword oriented
provenance cognition algorithm for the cloud environment. Additionally
time-stamp based buffer verifying algorithm is proposed for securing the access
to the detected cloud provenance. Performance analysis of the novel algorithms
proposed here yields a desirable detection rate of 89.33% and miss rate of
8.66%. The securing algorithm successfully rejects 64% of malicious requests,
yielding a cumulative frequency of 21.43 for MR
ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys
Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limited
resources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.Les xarxes de sensors tenen moltes aplicacions en el control i la monitorització de les propietats del medi ambient, com ara el so, l¿acceleració, la vibració i la temperatura. A causa dels limitats recursos en la capacitat de càlcul, la memòria i l'energia són vulnerables a molts tipus d'atacs. L'especificació ZigBee basada en l'estàndard 802.15.4, defineix un conjunt de capes, adaptada específicament per a xarxes de sensors. Aquestes capes suporten missatgeria segura mitjançant criptografia simètrica. Aquest article presenta dues formes diferents per agafar la clau de xifrat en ZigBee: atac a distància i atacs físics. També les enquesta i classifica alguns atacs addicionals que es poden realitzar en les xarxes ZigBee: espionatge, falsificació, reproducció i atacs DoS en les diferents capes. A partir d'aquesta anàlisi, es demostren algunes vulnerabilitats existents en l'esquema de seguretat en tecnologia ZigBee.Las redes de sensores tienen muchas aplicaciones en el control y la monitorización de las propiedades del medio ambiente, como el sonido, la aceleración, la vibración y la temperatura. Debido a los limitados recursos en la capacidad de cálculo, la memoria y la energía son vulnerables a muchos tipos de ataques. La especificación ZigBee basada en el estándar 802.15.4, define un conjunto de capas, adaptada específicamente para redes de sensores. Estas capas soportan mensajería segura mediante criptografía simétrica. Este artículo presenta dos formas diferentes para coger la clave de cifrado en ZigBee: ataque a distancia y ataques físicos. También las encuesta y clasifica algunos ataques adicionales que se pueden realizar en las redes ZigBee: espionaje, falsificación, reproducción y ataques DoS en las diferentes capas. A partir de este análisis, se demuestran algunas vulnerabilidades existentes en el esquema de seguridad en tecnología ZigBee
Interest-Based Access Control for Content Centric Networks (extended version)
Content-Centric Networking (CCN) is an emerging network architecture designed
to overcome limitations of the current IP-based Internet. One of the
fundamental tenets of CCN is that data, or content, is a named and addressable
entity in the network. Consumers request content by issuing interest messages
with the desired content name. These interests are forwarded by routers to
producers, and the resulting content object is returned and optionally cached
at each router along the path. In-network caching makes it difficult to enforce
access control policies on sensitive content outside of the producer since
routers only use interest information for forwarding decisions. To that end, we
propose an Interest-Based Access Control (IBAC) scheme that enables access
control enforcement using only information contained in interest messages,
i.e., by making sensitive content names unpredictable to unauthorized parties.
Our IBAC scheme supports both hash- and encryption-based name obfuscation. We
address the problem of interest replay attacks by formulating a mutual trust
framework between producers and consumers that enables routers to perform
authorization checks when satisfying interests from their cache. We assess the
computational, storage, and bandwidth overhead of each IBAC variant. Our design
is flexible and allows producers to arbitrarily specify and enforce any type of
access control on content, without having to deal with the problems of content
encryption and key distribution. This is the first comprehensive design for CCN
access control using only information contained in interest messages.Comment: 11 pages, 2 figure
Dark clouds on the horizon:the challenge of cloud forensics
We introduce the challenges to digital forensics introduced by the advent and adoption of technologies, such as encryption, secure networking, secure processors and anonymous routing. All potentially render current approaches to digital forensic investigation unusable. We explain how the Cloud, due to its global distribution and multi-jurisdictional nature, exacerbates these challenges. The latest developments in the computing milieu threaten a complete “evidence blackout” with severe implications for the detection, investigation and prosecution of cybercrime. In this paper, we review the current landscape of cloud-based forensics investigations. We posit a number of potential solutions. Cloud forensic difficulties can only be addressed if we acknowledge its socio-technological nature, and design solutions that address both human and technological dimensions. No firm conclusion is drawn; rather the objective is to present a position paper, which will stimulate debate in the area and move the discipline of digital cloud forensics forward. Thus, the paper concludes with an invitation to further informed debate on this issue
Hardware architecture implemented on FPGA for protecting cryptographic keys against side-channel attacks
This paper presents a new hardware architecture designed for protecting the key of cryptographic algorithms against attacks by side-channel analysis (SCA). Unlike previous approaches already published, the fortress of the proposed architecture is based on revealing a false key. Such a false key is obtained when the leakage information, related to either the power consumption or the electromagnetic radiation (EM) emitted by the hardware device, is analysed by means of a classical statistical method. In fact, the trace of power consumption (or the EM) does not reveal any significant sign of protection in its behaviour or shape. Experimental results were obtained by using a Virtex 5 FPGA, on which a 128-bit version of the standard AES encryption algorithm was implemented. The architecture could easily be extrapolated to an ASIC device based on standard cell libraries. The system is capable of concealing the real key when various attacks are performed on the AES algorithm, using two statistical methods which are based on correlation, the Welch’s t-test and the difference of means.Peer ReviewedPostprint (author's final draft
- …